diff options
| -rw-r--r-- | admin/site_reader_remote.php | 3 | ||||
| -rw-r--r-- | include/functions_category.inc.php | 7 | ||||
| -rw-r--r-- | picture.php | 4 | ||||
| -rw-r--r-- | tools/create_listing_file.php | 4 |
4 files changed, 11 insertions, 7 deletions
diff --git a/admin/site_reader_remote.php b/admin/site_reader_remote.php index c76a37d04..bc4cefff0 100644 --- a/admin/site_reader_remote.php +++ b/admin/site_reader_remote.php @@ -152,7 +152,8 @@ function get_element_attributes($file, $attributes) {
if (getAttribute($xml_element, $att) != '')
{
- $data[$att] = getAttribute($xml_element, $att);
+ $val = html_entity_decode( getAttribute($xml_element, $att) );
+ $data[$att] = addslashes($val);
}
}
return $data;
diff --git a/include/functions_category.inc.php b/include/functions_category.inc.php index 548e5fe35..b3abce892 100644 --- a/include/functions_category.inc.php +++ b/include/functions_category.inc.php @@ -160,7 +160,12 @@ SELECT '.implode(',', $infos).' $cat[$info] = get_boolean( $cat[$info] ); } } - $cat['comment'] = nl2br($cat['comment']); + global $conf; + if ( !( $conf['allow_html_descriptions'] and + preg_match('/<(div|br|img).*>/i', $cat['comment']) ) ) + { + $cat['comment'] = nl2br($cat['comment']); + } $names = array(); $query = ' diff --git a/picture.php b/picture.php index 23716e4c5..e1ed3891c 100644 --- a/picture.php +++ b/picture.php @@ -529,17 +529,15 @@ if ( isset( $_GET['slideshow'] ) and isset($page['next_item']) ) } $title_img = $picture['current']['name']; -$title_nb = ''; if (is_numeric( $page['cat'] )) { $title_img = replace_space(get_cat_display_name($page['cat_name'])); - $n = $page['current_rank'] + 1; - $title_nb = $n.'/'.$page['cat_nb_images']; } else if ( $page['cat'] == 'search' ) { $title_img = replace_search( $title_img, $_GET['search'] ); } +$title_nb = ($page['current_rank'] + 1).'/'.$page['cat_nb_images']; // calculation of width and height if (empty($picture['current']['width'])) diff --git a/tools/create_listing_file.php b/tools/create_listing_file.php index 593cd8073..fb3786f11 100644 --- a/tools/create_listing_file.php +++ b/tools/create_listing_file.php @@ -460,7 +460,7 @@ function get_pictures($dir, $indent) { foreach (array_keys($iptc) as $key) { - $element[$key] = addslashes($iptc[$key]); + $element[$key] = $iptc[$key]; } } } @@ -540,7 +540,7 @@ switch ($page['action']) $listing = '<informations'; $listing.= ' generation_date="'.date('Y-m-d').'"'; - $listing.= ' phpwg_version="'.$conf{'version'}.'"'; + $listing.= ' phpwg_version="'.htmlentities($conf{'version'}).'"'; $attrs=array(); if ($conf['use_iptc']) |