From 597c0a4e519e14ba42c77b518a44789e3a8067b0 Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Tue, 5 Mar 2013 07:34:18 -0500 Subject: Fixes #5165 handling html tags passed as tags --- views/default/output/tag.php | 1 + 1 file changed, 1 insertion(+) (limited to 'views/default/output/tag.php') diff --git a/views/default/output/tag.php b/views/default/output/tag.php index 3c002a31b..3e1f1c320 100644 --- a/views/default/output/tag.php +++ b/views/default/output/tag.php @@ -20,6 +20,7 @@ if (!empty($vars['object'])) { } if (isset($vars['value'])) { + $vars['value'] = htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8', false); if (!empty($vars['type'])) { $type = "&type={$vars['type']}"; } else { -- cgit v1.2.3 From 0726860ca04b4f2ed9b010cc5c5692c23c32e2d2 Mon Sep 17 00:00:00 2001 From: cash Date: Thu, 2 May 2013 20:40:50 -0400 Subject: Fixes #5421 fixes some encoding issues where wrong context was used --- views/default/output/tag.php | 16 ++++++++-------- views/default/output/tags.php | 20 ++++++++++---------- 2 files changed, 18 insertions(+), 18 deletions(-) (limited to 'views/default/output/tag.php') diff --git a/views/default/output/tag.php b/views/default/output/tag.php index 3e1f1c320..6bd9a72a7 100644 --- a/views/default/output/tag.php +++ b/views/default/output/tag.php @@ -8,25 +8,25 @@ * */ +if (!empty($vars['type'])) { + $type = "&type=" . rawurlencode($vars['type']); +} else { + $type = ""; +} if (!empty($vars['subtype'])) { - $subtype = "&subtype=" . urlencode($vars['subtype']); + $subtype = "&subtype=" . rawurlencode($vars['subtype']); } else { $subtype = ""; } if (!empty($vars['object'])) { - $object = "&object=" . urlencode($vars['object']); + $object = "&object=" . rawurlencode($vars['object']); } else { $object = ""; } if (isset($vars['value'])) { + $url = elgg_get_site_url() . 'search?q=' . rawurlencode($vars['value']) . "&search_type=tags{$type}{$subtype}{$object}"; $vars['value'] = htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8', false); - if (!empty($vars['type'])) { - $type = "&type={$vars['type']}"; - } else { - $type = ""; - } - $url = elgg_get_site_url() . 'search?q=' . urlencode($vars['value']) . "&search_type=tags{$type}{$subtype}{$object}"; echo elgg_view('output/url', array( 'href' => $url, 'text' => $vars['value'], diff --git a/views/default/output/tags.php b/views/default/output/tags.php index 41fd5f168..db096a3be 100644 --- a/views/default/output/tags.php +++ b/views/default/output/tags.php @@ -17,13 +17,18 @@ if (isset($vars['entity'])) { unset($vars['entity']); } +if (!empty($vars['type'])) { + $type = "&type=" . rawurlencode($vars['type']); +} else { + $type = ""; +} if (!empty($vars['subtype'])) { - $subtype = "&subtype=" . urlencode($vars['subtype']); + $subtype = "&subtype=" . rawurlencode($vars['subtype']); } else { $subtype = ""; } if (!empty($vars['object'])) { - $object = "&object=" . urlencode($vars['object']); + $object = "&object=" . rawurlencode($vars['object']); } else { $object = ""; } @@ -53,16 +58,11 @@ if (!empty($vars['tags'])) { $icon_class = elgg_extract('icon_class', $vars); $list_items = '
  • ' . elgg_view_icon('tag', $icon_class) . '
    • '; - + foreach($vars['tags'] as $tag) { - $tag = htmlspecialchars($tag, ENT_QUOTES, 'UTF-8', false); - if (!empty($vars['type'])) { - $type = "&type={$vars['type']}"; - } else { - $type = ""; - } - $url = elgg_get_site_url() . 'search?q=' . urlencode($tag) . "&search_type=tags{$type}{$subtype}{$object}"; + $url = elgg_get_site_url() . 'search?q=' . rawurlencode($tag) . "&search_type=tags{$type}{$subtype}{$object}"; if (is_string($tag)) { + $tag = htmlspecialchars($tag, ENT_QUOTES, 'UTF-8', false); $list_items .= "
  • "; $list_items .= elgg_view('output/url', array('href' => $url, 'text' => $tag, 'rel' => 'tag')); $list_items .= '
    • '; -- cgit v1.2.3