bug 1757 fixed: ability to use HTML in author field

git-svn-id: http://piwigo.org/svn/branches/2.1@6713 68402e56-0260-453c-a942-63ccdbb3a9ee

admin/element_set_unit.php

@@ -67,7 +67,7 @@ SELECT id, date_creation
     $data['author'] = $_POST['author-'.$row['id']];
     $data['level'] = $_POST['level-'.$row['id']];
 
-    foreach (array('name', 'author', 'level') as $field)
+    foreach (array('name', 'level') as $field)
     {
       if (!empty($_POST[$field.'-'.$row['id']]))
       {
@@ -238,7 +238,7 @@ SELECT
             PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
             '&image_id='.$row['id'],
         'NAME' => !empty($row['name'])?$row['name']:'',
-        'AUTHOR' => !empty($row['author'])?$row['author']:'',
+        'AUTHOR' => !empty($row['author'])?htmlspecialchars($row['author']):'',
         'LEVEL' => !empty($row['level'])?$row['level']:'0',
         'DESCRIPTION' => !empty($row['comment'])?$row['comment']:'',
         'DATE_CREATION_YEAR' => $year,

admin/picture_modify.php

@@ -236,7 +236,11 @@ $template->assign(
 
     'REGISTRATION_DATE' => format_date($row['date_available']),
 
-    'AUTHOR' => isset($_POST['author']) ? $_POST['author'] : @$row['author'],
+    'AUTHOR' => htmlspecialchars(
+      isset($_POST['author'])
+        ? stripslashes($_POST['author'])
+        : @$row['author']
+      ),
 
     'DESCRIPTION' =>
       htmlspecialchars( isset($_POST['description']) ?

themes/default/template/header.tpl

@@ -5,7 +5,7 @@
 <meta name="generator" content="Piwigo (aka PWG), see piwigo.org">
 {if isset($meta_ref) } 
 {if isset($INFO_AUTHOR)}
-<meta name="author" content="{$INFO_AUTHOR|@replace:'"':' '}">
+<meta name="author" content="{$INFO_AUTHOR|@strip_tags:false|@replace:'"':' '}">
 {/if}
 {if isset($related_tags)}
 <meta name="keywords" content="{foreach from=$related_tags item=tag name=tag_loop}{if !$smarty.foreach.tag_loop.first}, {/if}{$tag.name}{/foreach}">