summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/SemanticScuttle/functions.php24
1 files changed, 24 insertions, 0 deletions
diff --git a/src/SemanticScuttle/functions.php b/src/SemanticScuttle/functions.php
index 663ed25..8823752 100644
--- a/src/SemanticScuttle/functions.php
+++ b/src/SemanticScuttle/functions.php
@@ -92,6 +92,30 @@ function createURL($page = '', $ending = '') {
return ROOT . $page;
}
}
+/**
+ * Creates a "vote for/against this bookmark" URL.
+ * Also runs htmlspecialchars() on them to prevent XSS.
+ * We need to use ENT_QUOTES since otherwise we would not be
+ * protected when the attribute is used in single quotes.
+ *
+ * @param boolean $for For the bookmark (true) or against (false)
+ * @param integer $bId Bookmark ID
+ *
+ * @return string URL to use
+ */
+function createVoteURL($for, $bId)
+{
+ //FIXME: we need a "current url" variable that is
+ //filled with a safe version of the current url.
+ //all this specialchars stuff is bit of a hack.
+ return htmlspecialchars(
+ createURL(
+ 'vote',
+ ($for ? 'for' : 'against') . '/' . $bId
+ ) . '?from=' . urlencode($_SERVER['REQUEST_URI']),
+ ENT_QUOTES
+ );
+}
/* Shorten a string like a URL for example by cutting the middle of it */
function shortenString($string, $maxSize=75) {