diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/bookmarks/actions/add.php | 2 | ||||
-rw-r--r-- | mod/embed/views/default/embed/media.php | 2 | ||||
-rw-r--r-- | mod/embed/views/default/embed/pagination.php | 4 | ||||
-rw-r--r-- | mod/file/actions/save.php | 2 | ||||
-rw-r--r-- | mod/groups/actions/edit.php | 3 | ||||
-rw-r--r-- | mod/groups/actions/forums/addtopic.php | 2 | ||||
-rw-r--r-- | mod/groups/actions/forums/edittopic.php | 2 | ||||
-rw-r--r-- | mod/members/index.php | 11 | ||||
-rw-r--r-- | mod/members/views/default/members/search.php | 2 | ||||
-rw-r--r-- | mod/messages/actions/send.php | 4 | ||||
-rw-r--r-- | mod/pages/actions/pages/edit.php | 3 |
11 files changed, 25 insertions, 12 deletions
diff --git a/mod/bookmarks/actions/add.php b/mod/bookmarks/actions/add.php index be2f79f82..6aa3bf889 100644 --- a/mod/bookmarks/actions/add.php +++ b/mod/bookmarks/actions/add.php @@ -12,7 +12,7 @@ gatekeeper(); action_gatekeeper(); //set some required variables -$title = get_input('title'); +$title = strip_tags(get_input('title')); $address = get_input('address'); $notes = get_input('notes'); $access = get_input('access'); diff --git a/mod/embed/views/default/embed/media.php b/mod/embed/views/default/embed/media.php index 25e63ce7d..ff0505466 100644 --- a/mod/embed/views/default/embed/media.php +++ b/mod/embed/views/default/embed/media.php @@ -7,7 +7,7 @@ <?php echo elgg_view('embed/pagination',array( 'offset' => $vars['offset'], - 'baseurl' => $vars['url'] . 'pg/embed/media?internalname=' . $vars['internalname'] . "&simpletype=" . $vars['simpletype'], + 'baseurl' => $vars['url'] . 'pg/embed/media?internalname=' . $vars['internalname'] . "&simpletype=" . $vars['simpletype'], 'limit' => $vars['limit'], 'count' => $vars['count'] )); diff --git a/mod/embed/views/default/embed/pagination.php b/mod/embed/views/default/embed/pagination.php index b5a741fcd..ded9f21e1 100644 --- a/mod/embed/views/default/embed/pagination.php +++ b/mod/embed/views/default/embed/pagination.php @@ -38,6 +38,8 @@ $nonefound = true; } + $baseurl = $vars['baseurl']; + $totalpages = ceil($count / $limit); $currentpage = ceil($offset / $limit) + 1; @@ -97,7 +99,7 @@ } $curoffset = (($i - 1) * $limit); - $counturl = elgg_http_add_url_query_elements($base_url, array($word => $curoffset)); + $counturl = elgg_http_add_url_query_elements($baseurl, array($word => $curoffset)); if ($curoffset != $offset) { echo " <a onclick=\"javascript:$('.popup .content').load('{$counturl}'); return false\" href=\"#\" class=\"pagination_number\">{$i}</a> "; diff --git a/mod/file/actions/save.php b/mod/file/actions/save.php index 038e61d83..e2f401e8d 100644 --- a/mod/file/actions/save.php +++ b/mod/file/actions/save.php @@ -11,7 +11,7 @@ global $CONFIG; // Get variables - $title = get_input("title"); + $title = strip_tags(get_input("title")); $desc = get_input("description"); $tags = get_input("tags"); $access_id = (int) get_input("access_id"); diff --git a/mod/groups/actions/edit.php b/mod/groups/actions/edit.php index b6eb3eb71..72cc66e85 100644 --- a/mod/groups/actions/edit.php +++ b/mod/groups/actions/edit.php @@ -16,6 +16,9 @@ $input = array(); foreach($CONFIG->group as $shortname => $valuetype) { $input[$shortname] = get_input($shortname); + if ($shortname == 'name') { + $input[$shortname] = strip_tags($input[$shortname]); + } if ($valuetype == 'tags') $input[$shortname] = string_to_tag_array($input[$shortname]); } diff --git a/mod/groups/actions/forums/addtopic.php b/mod/groups/actions/forums/addtopic.php index 740ea17aa..085e2196e 100644 --- a/mod/groups/actions/forums/addtopic.php +++ b/mod/groups/actions/forums/addtopic.php @@ -18,7 +18,7 @@ if (!$group_entity->isMember($vars['user'])) forward(); // Get input data - $title = get_input('topictitle'); + $title = strip_tags(get_input('topictitle')); $message = get_input('topicmessage'); $tags = get_input('topictags'); $access = get_input('access_id'); diff --git a/mod/groups/actions/forums/edittopic.php b/mod/groups/actions/forums/edittopic.php index 2898c31dc..10b54ed61 100644 --- a/mod/groups/actions/forums/edittopic.php +++ b/mod/groups/actions/forums/edittopic.php @@ -19,7 +19,7 @@ // Get input data - $title = get_input('topictitle'); + $title = strip_tags(get_input('topictitle')); $message = get_input('topicmessage'); $message_id = get_input('message_id'); $tags = get_input('topictags'); diff --git a/mod/members/index.php b/mod/members/index.php index 5ad37aa70..1f3b984e5 100644 --- a/mod/members/index.php +++ b/mod/members/index.php @@ -60,8 +60,15 @@ switch($filter){ break; // search based on tags case "search_tags": - $filter_content = trigger_plugin_hook('search','',$tag,""); - $filter_content .= list_entities_from_metadata("", $tag, "user", "", "", 10, false, false); + $options = array(); + $options['query'] = $tag; + $options['type'] = "user"; + $options['offset'] = $offset; + $options['limit'] = $limit; + $results = trigger_plugin_hook('search', 'tags', $options, array()); + $count = $results['count']; + $users = $results['entities']; + $filter_content = elgg_view_entity_list($users, $count, $offset, $limit, false, false, true); break; case "newest": case 'default': diff --git a/mod/members/views/default/members/search.php b/mod/members/views/default/members/search.php index 819d8634a..44930ef53 100644 --- a/mod/members/views/default/members/search.php +++ b/mod/members/views/default/members/search.php @@ -14,8 +14,6 @@ <h3><?php echo elgg_echo('members:searchtag'); ?></h3> <form id="memberssearchform" action="<?php echo $vars['url']; ?>mod/members/index.php?" method="get"> <input type="text" name="tag" value="Member tags" onclick="if (this.value=='Member tags') { this.value='' }" class="search_input" /> - <input type="hidden" name="subtype" value="" /> - <input type="hidden" name="object" value="user" /> <input type="hidden" name="filter" value="search_tags" /> <input type="submit" value="<?php echo elgg_echo('go'); ?>" /> </form> diff --git a/mod/messages/actions/send.php b/mod/messages/actions/send.php index cf9de8ba5..314b01809 100644 --- a/mod/messages/actions/send.php +++ b/mod/messages/actions/send.php @@ -13,7 +13,7 @@ if (!isloggedin()) forward(); // Get input data -$title = get_input('title'); // message title +$title = strip_tags(get_input('title')); // message title $message_contents = get_input('message'); // the message $send_to = get_input('send_to'); // this is the user guid to whom the message is going to be sent $reply = get_input('reply',0); // this is the guid of the message replying to @@ -58,4 +58,4 @@ unset($_SESSION['msg_contents']); system_message(elgg_echo("messages:posted")); // Forward to the users inbox -forward('mod/messages/sent.php');
\ No newline at end of file +forward('mod/messages/sent.php'); diff --git a/mod/pages/actions/pages/edit.php b/mod/pages/actions/pages/edit.php index a966232a8..ba6d0acdc 100644 --- a/mod/pages/actions/pages/edit.php +++ b/mod/pages/actions/pages/edit.php @@ -22,6 +22,9 @@ $input = array(); foreach($CONFIG->pages as $shortname => $valuetype) { $input[$shortname] = get_input($shortname); + if ($shortname == 'title') { + $input[$shortname] = strip_tags($input[$shortname]); + } if ($valuetype == 'tags') $input[$shortname] = string_to_tag_array($input[$shortname]); } |