From 2dafe0c1880b922d75a288f371fa976066589fd7 Mon Sep 17 00:00:00 2001 From: marcus Date: Tue, 10 Feb 2009 18:36:31 +0000 Subject: Closes #756: htmlentities on all output forms git-svn-id: https://code.elgg.org/elgg/trunk@2711 36083f99-b078-4883-b0ff-0f9b5a30f544 --- views/default/output/calendar.php | 2 +- views/default/output/confirmlink.php | 2 +- views/default/output/email.php | 2 +- views/default/output/longtext.php | 4 +++- views/default/output/pulldown.php | 2 +- views/default/output/tagcloud.php | 2 +- views/default/output/tags.php | 4 ++-- views/default/output/text.php | 2 +- views/default/output/url.php | 2 +- 9 files changed, 12 insertions(+), 10 deletions(-) (limited to 'views/default') diff --git a/views/default/output/calendar.php b/views/default/output/calendar.php index cefe9577c..e31290e6a 100644 --- a/views/default/output/calendar.php +++ b/views/default/output/calendar.php @@ -18,7 +18,7 @@ if (is_int($vars['value'])) { echo date("F j, Y", $vars['value']); } else { - echo $vars['value']; + echo htmlentities($vars['value'], null, 'UTF-8'); } ?> \ No newline at end of file diff --git a/views/default/output/confirmlink.php b/views/default/output/confirmlink.php index fb6d5a893..2ef3ad14b 100644 --- a/views/default/output/confirmlink.php +++ b/views/default/output/confirmlink.php @@ -21,4 +21,4 @@ if (!$confirm) $confirm = elgg_echo('question:areyousure'); ?> - \ No newline at end of file + \ No newline at end of file diff --git a/views/default/output/email.php b/views/default/output/email.php index db3cdd6fa..e6b406507 100644 --- a/views/default/output/email.php +++ b/views/default/output/email.php @@ -16,6 +16,6 @@ */ if (!empty($vars['value'])) { - echo "". $vars['value'] .""; + echo "". htmlentities($vars['value'], null, 'UTF-8') .""; } ?> \ No newline at end of file diff --git a/views/default/output/longtext.php b/views/default/output/longtext.php index a240e3267..b35234350 100644 --- a/views/default/output/longtext.php +++ b/views/default/output/longtext.php @@ -15,5 +15,7 @@ * */ - echo autop($vars['value']); + global $CONFIG; + + echo autop(filter_tags($vars['value'], $CONFIG->allowedtags, $CONFIG->allowedprotocols)); ?> \ No newline at end of file diff --git a/views/default/output/pulldown.php b/views/default/output/pulldown.php index a743c4a05..8b1173842 100644 --- a/views/default/output/pulldown.php +++ b/views/default/output/pulldown.php @@ -15,5 +15,5 @@ * */ - echo $vars['value']; + echo htmlentities($vars['value'], null, 'UTF-8'); //$vars['value']; ?> \ No newline at end of file diff --git a/views/default/output/tagcloud.php b/views/default/output/tagcloud.php index e023b6311..43f7b80b0 100644 --- a/views/default/output/tagcloud.php +++ b/views/default/output/tagcloud.php @@ -43,7 +43,7 @@ if (!empty($cloud)) $cloud .= ", "; $size = round((log($tag->total) / log($max)) * 100) + 30; if ($size < 60) $size = 60; - $cloud .= "tag)." ({$tag->total})\" style=\"text-decoration:none;\">" .$tag->tag . ""; + $cloud .= "tag)." ({$tag->total})\" style=\"text-decoration:none;\">" . htmlentities($tag->tag, null, 'UTF-8') . ""; } echo $cloud; diff --git a/views/default/output/tags.php b/views/default/output/tags.php index 70e11ac82..d3d9522bc 100644 --- a/views/default/output/tags.php +++ b/views/default/output/tags.php @@ -45,8 +45,8 @@ } else { $type = ""; } - if (is_string($tag)) { - $tagstr .= "{$tag}"; + if (is_string($tag)) { + $tagstr .= "" . htmlentities($tag, null, 'UTF-8') . ""; } } echo $tagstr; diff --git a/views/default/output/text.php b/views/default/output/text.php index dfb1c8b0a..db7a5ea90 100644 --- a/views/default/output/text.php +++ b/views/default/output/text.php @@ -15,5 +15,5 @@ * */ - echo $vars['value']; + echo htmlentities($vars['value'], null, 'UTF-8'); // $vars['value']; ?> \ No newline at end of file diff --git a/views/default/output/url.php b/views/default/output/url.php index d4c6ce9fa..af4582fba 100644 --- a/views/default/output/url.php +++ b/views/default/output/url.php @@ -20,7 +20,7 @@ if ((substr_count($val, "http://") == 0) && (substr_count($val, "https://") == 0)) { $val = "http://" . $val; } - echo "{$val}"; + echo "". htmlentities($val, null, 'UTF-8'). ""; } ?> \ No newline at end of file -- cgit v1.2.3