aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--admin/element_set_unit.php4
-rw-r--r--admin/picture_modify.php6
-rw-r--r--themes/default/template/header.tpl2
3 files changed, 8 insertions, 4 deletions
diff --git a/admin/element_set_unit.php b/admin/element_set_unit.php
index 5dbeb4f68..17b83dcef 100644
--- a/admin/element_set_unit.php
+++ b/admin/element_set_unit.php
@@ -67,7 +67,7 @@ SELECT id, date_creation
$data['author'] = $_POST['author-'.$row['id']];
$data['level'] = $_POST['level-'.$row['id']];
- foreach (array('name', 'author', 'level') as $field)
+ foreach (array('name', 'level') as $field)
{
if (!empty($_POST[$field.'-'.$row['id']]))
{
@@ -238,7 +238,7 @@ SELECT
PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
'&image_id='.$row['id'],
'NAME' => !empty($row['name'])?$row['name']:'',
- 'AUTHOR' => !empty($row['author'])?$row['author']:'',
+ 'AUTHOR' => !empty($row['author'])?htmlspecialchars($row['author']):'',
'LEVEL' => !empty($row['level'])?$row['level']:'0',
'DESCRIPTION' => !empty($row['comment'])?$row['comment']:'',
'DATE_CREATION_YEAR' => $year,
diff --git a/admin/picture_modify.php b/admin/picture_modify.php
index a764f0bdb..4d15a9206 100644
--- a/admin/picture_modify.php
+++ b/admin/picture_modify.php
@@ -236,7 +236,11 @@ $template->assign(
'REGISTRATION_DATE' => format_date($row['date_available']),
- 'AUTHOR' => isset($_POST['author']) ? $_POST['author'] : @$row['author'],
+ 'AUTHOR' => htmlspecialchars(
+ isset($_POST['author'])
+ ? stripslashes($_POST['author'])
+ : @$row['author']
+ ),
'DESCRIPTION' =>
htmlspecialchars( isset($_POST['description']) ?
diff --git a/themes/default/template/header.tpl b/themes/default/template/header.tpl
index 7073bf9ea..bb42c7289 100644
--- a/themes/default/template/header.tpl
+++ b/themes/default/template/header.tpl
@@ -5,7 +5,7 @@
<meta name="generator" content="Piwigo (aka PWG), see piwigo.org">
{if isset($meta_ref) }
{if isset($INFO_AUTHOR)}
-<meta name="author" content="{$INFO_AUTHOR|@replace:'"':' '}">
+<meta name="author" content="{$INFO_AUTHOR|@strip_tags:false|@replace:'"':' '}">
{/if}
{if isset($related_tags)}
<meta name="keywords" content="{foreach from=$related_tags item=tag name=tag_loop}{if !$smarty.foreach.tag_loop.first}, {/if}{$tag.name}{/foreach}">