diff options
-rw-r--r-- | admin/element_set_unit.php | 4 | ||||
-rw-r--r-- | admin/picture_modify.php | 6 | ||||
-rw-r--r-- | themes/default/template/header.tpl | 2 |
3 files changed, 8 insertions, 4 deletions
diff --git a/admin/element_set_unit.php b/admin/element_set_unit.php index 5dbeb4f68..17b83dcef 100644 --- a/admin/element_set_unit.php +++ b/admin/element_set_unit.php @@ -67,7 +67,7 @@ SELECT id, date_creation $data['author'] = $_POST['author-'.$row['id']]; $data['level'] = $_POST['level-'.$row['id']]; - foreach (array('name', 'author', 'level') as $field) + foreach (array('name', 'level') as $field) { if (!empty($_POST[$field.'-'.$row['id']])) { @@ -238,7 +238,7 @@ SELECT PHPWG_ROOT_PATH.'admin.php?page=picture_modify'. '&image_id='.$row['id'], 'NAME' => !empty($row['name'])?$row['name']:'', - 'AUTHOR' => !empty($row['author'])?$row['author']:'', + 'AUTHOR' => !empty($row['author'])?htmlspecialchars($row['author']):'', 'LEVEL' => !empty($row['level'])?$row['level']:'0', 'DESCRIPTION' => !empty($row['comment'])?$row['comment']:'', 'DATE_CREATION_YEAR' => $year, diff --git a/admin/picture_modify.php b/admin/picture_modify.php index a764f0bdb..4d15a9206 100644 --- a/admin/picture_modify.php +++ b/admin/picture_modify.php @@ -236,7 +236,11 @@ $template->assign( 'REGISTRATION_DATE' => format_date($row['date_available']), - 'AUTHOR' => isset($_POST['author']) ? $_POST['author'] : @$row['author'], + 'AUTHOR' => htmlspecialchars( + isset($_POST['author']) + ? stripslashes($_POST['author']) + : @$row['author'] + ), 'DESCRIPTION' => htmlspecialchars( isset($_POST['description']) ? diff --git a/themes/default/template/header.tpl b/themes/default/template/header.tpl index 7073bf9ea..bb42c7289 100644 --- a/themes/default/template/header.tpl +++ b/themes/default/template/header.tpl @@ -5,7 +5,7 @@ <meta name="generator" content="Piwigo (aka PWG), see piwigo.org"> {if isset($meta_ref) } {if isset($INFO_AUTHOR)} -<meta name="author" content="{$INFO_AUTHOR|@replace:'"':' '}"> +<meta name="author" content="{$INFO_AUTHOR|@strip_tags:false|@replace:'"':' '}"> {/if} {if isset($related_tags)} <meta name="keywords" content="{foreach from=$related_tags item=tag name=tag_loop}{if !$smarty.foreach.tag_loop.first}, {/if}{$tag.name}{/foreach}"> |