summaryrefslogtreecommitdiff
path: root/templates
diff options
context:
space:
mode:
authormensonge <mensonge@b3834d28-1941-0410-a4f8-b48e95affb8f>2008-11-14 14:38:55 +0000
committermensonge <mensonge@b3834d28-1941-0410-a4f8-b48e95affb8f>2008-11-14 14:38:55 +0000
commit8bc7ad4383452b2a3872aea3ef7c3eaef675af3b (patch)
treee53ab979893650a6b50074dbd09f69dd59743cc6 /templates
parent67a13f74ce1b51732a9b3f759ca956bd762b0c0b (diff)
downloadsemanticscuttle-8bc7ad4383452b2a3872aea3ef7c3eaef675af3b.tar.gz
semanticscuttle-8bc7ad4383452b2a3872aea3ef7c3eaef675af3b.tar.bz2
Bug fix: correct XSS problems (prevent username with non-alphanumeric characters, protect profile page)
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@157 b3834d28-1941-0410-a4f8-b48e95affb8f
Diffstat (limited to 'templates')
-rw-r--r--templates/editprofile.tpl.php2
-rw-r--r--templates/profile.tpl.php4
2 files changed, 3 insertions, 3 deletions
diff --git a/templates/editprofile.tpl.php b/templates/editprofile.tpl.php
index c9eb8a4..a38dbd8 100644
--- a/templates/editprofile.tpl.php
+++ b/templates/editprofile.tpl.php
@@ -40,7 +40,7 @@ $this->includeTemplate($GLOBALS['top_include']);
</tr>
<tr>
<th align="left"><?php echo T_('Homepage'); ?></th>
- <td><input type="text" name="pPage" size="75" value="<?php echo filter($row['homepage'], 'xml'); ?>" /></td>
+ <td><input type="text" name="pPage" size="75" value="<?php echo filter($row['homepage']); ?>" /></td>
</tr>
<tr>
<th align="left"><?php echo T_('Description'); ?></th>
diff --git a/templates/profile.tpl.php b/templates/profile.tpl.php
index d7ace7e..ecfadbb 100644
--- a/templates/profile.tpl.php
+++ b/templates/profile.tpl.php
@@ -10,13 +10,13 @@ $this->includeTemplate($GLOBALS['top_include']);
if ($row['name'] != "") {
?>
<dt><?php echo T_('Name'); ?></dt>
- <dd><?php echo $row['name']; ?></dd>
+ <dd><?php echo filter($row['name']); ?></dd>
<?php
}
if ($row['homepage'] != "") {
?>
<dt><?php echo T_('Homepage'); ?></dt>
- <dd><a href="<?php echo $row['homepage']; ?>"><?php echo $row['homepage']; ?></a></dd>
+ <dd><a href="<?php echo filter($row['homepage'], 'url'); ?>"><?php echo filter($row['homepage']); ?></a></dd>
<?php
}
?>