aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorchrisaga <chrisaga@piwigo.org>2006-04-22 15:25:59 +0000
committerchrisaga <chrisaga@piwigo.org>2006-04-22 15:25:59 +0000
commit456b2bda5a2c931646d537ca3202b25c78c14e16 (patch)
treeea87ae046347496096a7752f57ac1c1f71311dc8
parent5ee3924189668f7deee4c0e69dc9ed8c438e383c (diff)
- improve : add some htmlentities() to clean category names and descripion. Still more to do.
git-svn-id: http://piwigo.org/svn/trunk@1259 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--include/category_subcats.inc.php8
-rw-r--r--include/functions_html.inc.php6
2 files changed, 7 insertions, 7 deletions
diff --git a/include/category_subcats.inc.php b/include/category_subcats.inc.php
index 1fc6b2ac4..7c2f2bac0 100644
--- a/include/category_subcats.inc.php
+++ b/include/category_subcats.inc.php
@@ -149,7 +149,7 @@ SELECT id, path, tn_ext
'categories.category',
array(
'SRC' => $thumbnail_src_of[ $category['picture'] ],
- 'ALT' => $category['name'],
+ 'ALT' => htmlentities($category['name'],ENT_QUOTES),
'TITLE' => $lang['hint_category'],
'ICON' => get_icon(@$category['date_last']),
@@ -159,9 +159,9 @@ SELECT id, path, tn_ext
'cat_name' => $category['name'],
)
),
- 'NAME' => $category['name'],
+ 'NAME' => htmlentities($category['name'],ENT_QUOTES),
'CAPTION_NB_IMAGES' => (($category['nb_images'] == 0) ? '' : sprintf("%d ".l10n('pictures'), $category['nb_images'])),
- 'DESCRIPTION' => @$category['comment'],
+ 'DESCRIPTION' => htmlentities(@$category['comment'],ENT_QUOTES),
)
);
}
@@ -212,4 +212,4 @@ SELECT id, path, tn_ext
}
}
}
-?> \ No newline at end of file
+?>
diff --git a/include/functions_html.inc.php b/include/functions_html.inc.php
index 3afed2322..21784654b 100644
--- a/include/functions_html.inc.php
+++ b/include/functions_html.inc.php
@@ -450,7 +450,7 @@ function get_html_menu_category($categories)
{
$menu.= ' rel="up"';
}
- $menu.= '>'.$category['name'].'</a>';
+ $menu.= '>'.htmlentities($category['name'],ENT_QUOTES).'</a>';
if ($category['nb_images'] > 0)
{
@@ -500,7 +500,7 @@ function parse_comment_content($content)
$replacement = '<span style="font-style:italic;">$1$2</span>';
$content = preg_replace($pattern, $replacement, $content);
- $content = '<div>'.$content.'</div>';
+ $content = '<div>'.htmlentities($content,ENT_QUOTES).'</div>';
return $content;
}
@@ -550,7 +550,7 @@ function get_html_tag_selection(
$output.=
' />'
- .' '.$tag['name']
+ .' '. htmlentities($tag['name'],ENT_QUOTES)
.'</label>'
.'</li>'
."\n"