aboutsummaryrefslogtreecommitdiff
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/bookmarks/actions/add.php2
-rw-r--r--mod/embed/views/default/embed/media.php2
-rw-r--r--mod/embed/views/default/embed/pagination.php4
-rw-r--r--mod/file/actions/save.php2
-rw-r--r--mod/groups/actions/edit.php3
-rw-r--r--mod/groups/actions/forums/addtopic.php2
-rw-r--r--mod/groups/actions/forums/edittopic.php2
-rw-r--r--mod/members/index.php11
-rw-r--r--mod/members/views/default/members/search.php2
-rw-r--r--mod/messages/actions/send.php4
-rw-r--r--mod/pages/actions/pages/edit.php3
11 files changed, 25 insertions, 12 deletions
diff --git a/mod/bookmarks/actions/add.php b/mod/bookmarks/actions/add.php
index be2f79f82..6aa3bf889 100644
--- a/mod/bookmarks/actions/add.php
+++ b/mod/bookmarks/actions/add.php
@@ -12,7 +12,7 @@
gatekeeper();
action_gatekeeper();
//set some required variables
-$title = get_input('title');
+$title = strip_tags(get_input('title'));
$address = get_input('address');
$notes = get_input('notes');
$access = get_input('access');
diff --git a/mod/embed/views/default/embed/media.php b/mod/embed/views/default/embed/media.php
index 25e63ce7d..ff0505466 100644
--- a/mod/embed/views/default/embed/media.php
+++ b/mod/embed/views/default/embed/media.php
@@ -7,7 +7,7 @@
<?php
echo elgg_view('embed/pagination',array(
'offset' => $vars['offset'],
- 'baseurl' => $vars['url'] . 'pg/embed/media?internalname=' . $vars['internalname'] . "&amp;simpletype=" . $vars['simpletype'],
+ 'baseurl' => $vars['url'] . 'pg/embed/media?internalname=' . $vars['internalname'] . "&simpletype=" . $vars['simpletype'],
'limit' => $vars['limit'],
'count' => $vars['count']
));
diff --git a/mod/embed/views/default/embed/pagination.php b/mod/embed/views/default/embed/pagination.php
index b5a741fcd..ded9f21e1 100644
--- a/mod/embed/views/default/embed/pagination.php
+++ b/mod/embed/views/default/embed/pagination.php
@@ -38,6 +38,8 @@
$nonefound = true;
}
+ $baseurl = $vars['baseurl'];
+
$totalpages = ceil($count / $limit);
$currentpage = ceil($offset / $limit) + 1;
@@ -97,7 +99,7 @@
}
$curoffset = (($i - 1) * $limit);
- $counturl = elgg_http_add_url_query_elements($base_url, array($word => $curoffset));
+ $counturl = elgg_http_add_url_query_elements($baseurl, array($word => $curoffset));
if ($curoffset != $offset) {
echo " <a onclick=\"javascript:$('.popup .content').load('{$counturl}'); return false\" href=\"#\" class=\"pagination_number\">{$i}</a> ";
diff --git a/mod/file/actions/save.php b/mod/file/actions/save.php
index 038e61d83..e2f401e8d 100644
--- a/mod/file/actions/save.php
+++ b/mod/file/actions/save.php
@@ -11,7 +11,7 @@
global $CONFIG;
// Get variables
- $title = get_input("title");
+ $title = strip_tags(get_input("title"));
$desc = get_input("description");
$tags = get_input("tags");
$access_id = (int) get_input("access_id");
diff --git a/mod/groups/actions/edit.php b/mod/groups/actions/edit.php
index b6eb3eb71..72cc66e85 100644
--- a/mod/groups/actions/edit.php
+++ b/mod/groups/actions/edit.php
@@ -16,6 +16,9 @@
$input = array();
foreach($CONFIG->group as $shortname => $valuetype) {
$input[$shortname] = get_input($shortname);
+ if ($shortname == 'name') {
+ $input[$shortname] = strip_tags($input[$shortname]);
+ }
if ($valuetype == 'tags')
$input[$shortname] = string_to_tag_array($input[$shortname]);
}
diff --git a/mod/groups/actions/forums/addtopic.php b/mod/groups/actions/forums/addtopic.php
index 740ea17aa..085e2196e 100644
--- a/mod/groups/actions/forums/addtopic.php
+++ b/mod/groups/actions/forums/addtopic.php
@@ -18,7 +18,7 @@
if (!$group_entity->isMember($vars['user'])) forward();
// Get input data
- $title = get_input('topictitle');
+ $title = strip_tags(get_input('topictitle'));
$message = get_input('topicmessage');
$tags = get_input('topictags');
$access = get_input('access_id');
diff --git a/mod/groups/actions/forums/edittopic.php b/mod/groups/actions/forums/edittopic.php
index 2898c31dc..10b54ed61 100644
--- a/mod/groups/actions/forums/edittopic.php
+++ b/mod/groups/actions/forums/edittopic.php
@@ -19,7 +19,7 @@
// Get input data
- $title = get_input('topictitle');
+ $title = strip_tags(get_input('topictitle'));
$message = get_input('topicmessage');
$message_id = get_input('message_id');
$tags = get_input('topictags');
diff --git a/mod/members/index.php b/mod/members/index.php
index 5ad37aa70..1f3b984e5 100644
--- a/mod/members/index.php
+++ b/mod/members/index.php
@@ -60,8 +60,15 @@ switch($filter){
break;
// search based on tags
case "search_tags":
- $filter_content = trigger_plugin_hook('search','',$tag,"");
- $filter_content .= list_entities_from_metadata("", $tag, "user", "", "", 10, false, false);
+ $options = array();
+ $options['query'] = $tag;
+ $options['type'] = "user";
+ $options['offset'] = $offset;
+ $options['limit'] = $limit;
+ $results = trigger_plugin_hook('search', 'tags', $options, array());
+ $count = $results['count'];
+ $users = $results['entities'];
+ $filter_content = elgg_view_entity_list($users, $count, $offset, $limit, false, false, true);
break;
case "newest":
case 'default':
diff --git a/mod/members/views/default/members/search.php b/mod/members/views/default/members/search.php
index 819d8634a..44930ef53 100644
--- a/mod/members/views/default/members/search.php
+++ b/mod/members/views/default/members/search.php
@@ -14,8 +14,6 @@
<h3><?php echo elgg_echo('members:searchtag'); ?></h3>
<form id="memberssearchform" action="<?php echo $vars['url']; ?>mod/members/index.php?" method="get">
<input type="text" name="tag" value="Member tags" onclick="if (this.value=='Member tags') { this.value='' }" class="search_input" />
- <input type="hidden" name="subtype" value="" />
- <input type="hidden" name="object" value="user" />
<input type="hidden" name="filter" value="search_tags" />
<input type="submit" value="<?php echo elgg_echo('go'); ?>" />
</form>
diff --git a/mod/messages/actions/send.php b/mod/messages/actions/send.php
index cf9de8ba5..314b01809 100644
--- a/mod/messages/actions/send.php
+++ b/mod/messages/actions/send.php
@@ -13,7 +13,7 @@
if (!isloggedin()) forward();
// Get input data
-$title = get_input('title'); // message title
+$title = strip_tags(get_input('title')); // message title
$message_contents = get_input('message'); // the message
$send_to = get_input('send_to'); // this is the user guid to whom the message is going to be sent
$reply = get_input('reply',0); // this is the guid of the message replying to
@@ -58,4 +58,4 @@ unset($_SESSION['msg_contents']);
system_message(elgg_echo("messages:posted"));
// Forward to the users inbox
-forward('mod/messages/sent.php'); \ No newline at end of file
+forward('mod/messages/sent.php');
diff --git a/mod/pages/actions/pages/edit.php b/mod/pages/actions/pages/edit.php
index a966232a8..ba6d0acdc 100644
--- a/mod/pages/actions/pages/edit.php
+++ b/mod/pages/actions/pages/edit.php
@@ -22,6 +22,9 @@
$input = array();
foreach($CONFIG->pages as $shortname => $valuetype) {
$input[$shortname] = get_input($shortname);
+ if ($shortname == 'title') {
+ $input[$shortname] = strip_tags($input[$shortname]);
+ }
if ($valuetype == 'tags')
$input[$shortname] = string_to_tag_array($input[$shortname]);
}