diff options
author | plegall <plg@piwigo.org> | 2013-03-04 14:31:46 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2013-03-04 14:31:46 +0000 |
commit | c1f445f510cf82486044ea71764ef6253f5adff3 (patch) | |
tree | 7c25b97a482877fa2323d429db25e1d6e9e55046 /themes/default | |
parent | 6c1e393bea84b1e85dd87a49179bc91d06b96c08 (diff) |
bug 2859 fixed: sanitize of photo title before use in title/alt HTML attributes
git-svn-id: http://piwigo.org/svn/trunk@21175 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'themes/default')
-rw-r--r-- | themes/default/template/picture.tpl | 8 | ||||
-rw-r--r-- | themes/default/template/picture_content.tpl | 4 | ||||
-rw-r--r-- | themes/default/template/picture_nav_buttons.tpl | 4 |
3 files changed, 8 insertions, 8 deletions
diff --git a/themes/default/template/picture.tpl b/themes/default/template/picture.tpl index 5bf59be96..4d73ae389 100644 --- a/themes/default/template/picture.tpl +++ b/themes/default/template/picture.tpl @@ -134,15 +134,15 @@ y.callService( {if $DISPLAY_NAV_THUMB} <div class="navThumbs"> {if isset($previous)} - <a class="navThumb" id="linkPrev" href="{$previous.U_IMG}" title="{'Previous'|@translate} : {$previous.TITLE}" rel="prev"> + <a class="navThumb" id="linkPrev" href="{$previous.U_IMG}" title="{'Previous'|@translate} :: {$previous.TITLE|@escape}" rel="prev"> <span class="thumbHover prevThumbHover"></span> - <img src="{$previous.derivatives.square->get_url()}" alt="{$previous.TITLE}"> + <img src="{$previous.derivatives.square->get_url()}" alt="{$previous.TITLE|@escape}"> </a> {/if} {if isset($next)} - <a class="navThumb" id="linkNext" href="{$next.U_IMG}" title="{'Next'|@translate} : {$next.TITLE}" rel="next"> + <a class="navThumb" id="linkNext" href="{$next.U_IMG}" title="{'Next'|@translate} : {$next.TITLE|@escape}" rel="next"> <span class="thumbHover nextThumbHover"></span> - <img src="{$next.derivatives.square->get_url()}" alt="{$next.TITLE}"> + <img src="{$next.derivatives.square->get_url()}" alt="{$next.TITLE|@escape}"> </a> {/if} </div> diff --git a/themes/default/template/picture_content.tpl b/themes/default/template/picture_content.tpl index 2b745f65f..793c275ea 100644 --- a/themes/default/template/picture_content.tpl +++ b/themes/default/template/picture_content.tpl @@ -10,11 +10,11 @@ <map name="map{$derivative->get_type()}"> {assign var='size' value=$derivative->get_size()} {if isset($previous)} -<area shape=rect coords="0,0,{$size[0]/4|@intval},{$size[1]}" href="{$previous.U_IMG}" title="{'Previous'|@translate} : {$previous.TITLE}" alt="{$previous.TITLE}"> +<area shape=rect coords="0,0,{$size[0]/4|@intval},{$size[1]}" href="{$previous.U_IMG}" title="{'Previous'|@translate} : {$previous.TITLE|@escape}" alt="{$previous.TITLE|@escape}"> {/if} <area shape=rect coords="{$size[0]/4|@intval},0,{$size[0]/1.34|@intval},{$size[1]/4|@intval}" href="{$U_UP}" title="{'Thumbnails'|@translate}" alt="{'Thumbnails'|@translate}"> {if isset($next)} -<area shape=rect coords="{$size[0]/1.33|@intval},0,{$size[0]},{$size[1]}" href="{$next.U_IMG}" title="{'Next'|@translate} : {$next.TITLE}" alt="{$next.TITLE}"> +<area shape=rect coords="{$size[0]/1.33|@intval},0,{$size[0]},{$size[1]}" href="{$next.U_IMG}" title="{'Next'|@translate} : {$next.TITLE|@escape}" alt="{$next.TITLE|@escape}"> {/if} </map> {/strip}{/foreach}
\ No newline at end of file diff --git a/themes/default/template/picture_nav_buttons.tpl b/themes/default/template/picture_nav_buttons.tpl index fb6c0c7e9..6da241c51 100644 --- a/themes/default/template/picture_nav_buttons.tpl +++ b/themes/default/template/picture_nav_buttons.tpl @@ -45,7 +45,7 @@ </a> {/if}{/strip} {strip}{if isset($previous)} - <a href="{$previous.U_IMG}" title="{'Previous'|@translate} : {$previous.TITLE}" class="pwg-state-default pwg-button"> + <a href="{$previous.U_IMG}" title="{'Previous'|@translate} : {$previous.TITLE|@escape}" class="pwg-state-default pwg-button"> <span class="pwg-icon pwg-icon-arrow-w"> </span><span class="pwg-button-text">{'Previous'|@translate}</span> </a> {else} @@ -64,7 +64,7 @@ </a> {/if} {strip}{if isset($next)} - <a href="{$next.U_IMG}" title="{'Next'|@translate} : {$next.TITLE}" class="pwg-state-default pwg-button pwg-button-icon-right"> + <a href="{$next.U_IMG}" title="{'Next'|@translate} : {$next.TITLE|@escape}" class="pwg-state-default pwg-button pwg-button-icon-right"> <span class="pwg-icon pwg-icon-arrow-e"> </span><span class="pwg-button-text">{'Next'|@translate}</span> </a> {else} |