From 854df586db9c1936cf3914073cce357e4df43159 Mon Sep 17 00:00:00 2001
From: chrisaga <chrisaga@piwigo.org>
Date: Sat, 22 Apr 2006 15:27:13 +0000
Subject: - merge trunk r1258:1259 into branch 1.6 (htmlentities())

git-svn-id: http://piwigo.org/svn/branches/branch-1_6@1260 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 include/category_subcats.inc.php | 8 ++++----
 include/functions_html.inc.php   | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

(limited to 'include')

diff --git a/include/category_subcats.inc.php b/include/category_subcats.inc.php
index 1fc6b2ac4..7c2f2bac0 100644
--- a/include/category_subcats.inc.php
+++ b/include/category_subcats.inc.php
@@ -149,7 +149,7 @@ SELECT id, path, tn_ext
         'categories.category',
         array(
           'SRC'   => $thumbnail_src_of[ $category['picture'] ],
-          'ALT'   => $category['name'],
+          'ALT'   => htmlentities($category['name'],ENT_QUOTES),
           'TITLE' => $lang['hint_category'],
           'ICON'  => get_icon(@$category['date_last']),
 
@@ -159,9 +159,9 @@ SELECT id, path, tn_ext
               'cat_name' => $category['name'],
               )
             ),
-          'NAME' => $category['name'],
+          'NAME' => htmlentities($category['name'],ENT_QUOTES),
           'CAPTION_NB_IMAGES' => (($category['nb_images'] == 0) ? '' : sprintf("%d ".l10n('pictures'), $category['nb_images'])),
-          'DESCRIPTION' => @$category['comment'],
+          'DESCRIPTION' => htmlentities(@$category['comment'],ENT_QUOTES),
           )
         );
     }
@@ -212,4 +212,4 @@ SELECT id, path, tn_ext
     }
   }
 }
-?>
\ No newline at end of file
+?>
diff --git a/include/functions_html.inc.php b/include/functions_html.inc.php
index 3afed2322..21784654b 100644
--- a/include/functions_html.inc.php
+++ b/include/functions_html.inc.php
@@ -450,7 +450,7 @@ function get_html_menu_category($categories)
     {
       $menu.= ' rel="up"';
     }
-    $menu.= '>'.$category['name'].'</a>';
+    $menu.= '>'.htmlentities($category['name'],ENT_QUOTES).'</a>';
 
     if ($category['nb_images'] > 0)
     {
@@ -500,7 +500,7 @@ function parse_comment_content($content)
   $replacement = '<span style="font-style:italic;">$1$2</span>';
   $content = preg_replace($pattern, $replacement, $content);
 
-  $content = '<div>'.$content.'</div>';
+  $content = '<div>'.htmlentities($content,ENT_QUOTES).'</div>';
   return $content;
 }
 
@@ -550,7 +550,7 @@ function get_html_tag_selection(
 
     $output.=
       ' />'
-      .' '.$tag['name']
+      .' '. htmlentities($tag['name'],ENT_QUOTES)
       .'</label>'
       .'</li>'
       ."\n"
-- 
cgit v1.2.3