diff options
author | cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2009-10-26 21:55:43 +0000 |
---|---|---|
committer | cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2009-10-26 21:55:43 +0000 |
commit | af157c6bb72518f8ee3096f6370c920ef9b965a3 (patch) | |
tree | 74c2ef2e92825ac5b8bae214fb93680774733724 /src | |
parent | 44fd0e29f4d856058f3bac3a3581d00919420169 (diff) | |
download | semanticscuttle-af157c6bb72518f8ee3096f6370c920ef9b965a3.tar.gz semanticscuttle-af157c6bb72518f8ee3096f6370c920ef9b965a3.tar.bz2 |
basic voting system works; but layout is missing
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@432 b3834d28-1941-0410-a4f8-b48e95affb8f
Diffstat (limited to 'src')
-rw-r--r-- | src/SemanticScuttle/functions.php | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/src/SemanticScuttle/functions.php b/src/SemanticScuttle/functions.php index 663ed25..8823752 100644 --- a/src/SemanticScuttle/functions.php +++ b/src/SemanticScuttle/functions.php @@ -92,6 +92,30 @@ function createURL($page = '', $ending = '') { return ROOT . $page; } } +/** + * Creates a "vote for/against this bookmark" URL. + * Also runs htmlspecialchars() on them to prevent XSS. + * We need to use ENT_QUOTES since otherwise we would not be + * protected when the attribute is used in single quotes. + * + * @param boolean $for For the bookmark (true) or against (false) + * @param integer $bId Bookmark ID + * + * @return string URL to use + */ +function createVoteURL($for, $bId) +{ + //FIXME: we need a "current url" variable that is + //filled with a safe version of the current url. + //all this specialchars stuff is bit of a hack. + return htmlspecialchars( + createURL( + 'vote', + ($for ? 'for' : 'against') . '/' . $bId + ) . '?from=' . urlencode($_SERVER['REQUEST_URI']), + ENT_QUOTES + ); +} /* Shorten a string like a URL for example by cutting the middle of it */ function shortenString($string, $maxSize=75) { |