From 540c1d5aa0eadcab446f6e71b5b25f8c9c165ac4 Mon Sep 17 00:00:00 2001 From: plegall Date: Fri, 26 Aug 2011 12:20:51 +0000 Subject: feature 1729: protect thumbnail title against HTML special chars git-svn-id: http://piwigo.org/svn/trunk@11998 68402e56-0260-453c-a942-63ccdbb3a9ee --- include/functions.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/functions.inc.php b/include/functions.inc.php index fb0671e6b..25cce8b70 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -818,7 +818,7 @@ function get_thumbnail_title($info) $title.= ' '.substr($info['comment'], 0, 100).'...'; } - $title = strip_tags($title); + $title = htmlspecialchars(strip_tags($title)); $title = trigger_event('get_thumbnail_title', $title, $info); -- cgit v1.2.3