aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-12-12 02:01:42 -0800
committerfriendica <info@friendica.com>2013-12-12 02:01:42 -0800
commit941f81eb300074b203dd480924f9cf8b9d41a08d (patch)
tree0492f70620c1ed2001153632b95fa976bbe967fd
parentb3fe221b7fe9c6ecc151d9c00f36d3913526f6a3 (diff)
downloadvolse-hubzilla-941f81eb300074b203dd480924f9cf8b9d41a08d.tar.gz
volse-hubzilla-941f81eb300074b203dd480924f9cf8b9d41a08d.tar.bz2
volse-hubzilla-941f81eb300074b203dd480924f9cf8b9d41a08d.zip
check that every invocation of htmlspecialchars has the right arg list
-rw-r--r--mod/editblock.php2
-rw-r--r--mod/editlayout.php2
-rw-r--r--mod/editpost.php2
-rw-r--r--mod/editwebpage.php2
-rw-r--r--mod/message.php2
-rw-r--r--mod/network.php2
-rw-r--r--mod/search.php6
-rw-r--r--version.inc2
8 files changed, 10 insertions, 10 deletions
diff --git a/mod/editblock.php b/mod/editblock.php
index 9c691640b..8b5b2d16c 100644
--- a/mod/editblock.php
+++ b/mod/editblock.php
@@ -132,7 +132,7 @@ function editblock_content(&$a) {
'$pvisit' => 'none',
'$public' => t('Public post'),
'$jotnets' => $jotnets,
- '$title' => htmlspecialchars($itm[0]['title']),
+ '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'),
'$placeholdertitle' => t('Set title'),
'$category' => '',
'$placeholdercategory' => t('Categories (comma-separated list)'),
diff --git a/mod/editlayout.php b/mod/editlayout.php
index f8906d981..542bb8357 100644
--- a/mod/editlayout.php
+++ b/mod/editlayout.php
@@ -117,7 +117,7 @@ function editlayout_content(&$a) {
'$pvisit' => 'none',
'$public' => t('Public post'),
'$jotnets' => $jotnets,
- '$title' => htmlspecialchars($itm[0]['title']),
+ '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'),
'$placeholdertitle' => t('Set title'),
'$category' => '',
'$placeholdercategory' => t('Categories (comma-separated list)'),
diff --git a/mod/editpost.php b/mod/editpost.php
index f25d6d21d..e731c04fe 100644
--- a/mod/editpost.php
+++ b/mod/editpost.php
@@ -114,7 +114,7 @@ function editpost_content(&$a) {
'$pvisit' => 'none',
'$public' => t('Public post'),
'$jotnets' => $jotnets,
- '$title' => htmlspecialchars($itm[0]['title']),
+ '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'),
'$placeholdertitle' => t('Set title'),
'$category' => $category,
'$placeholdercategory' => t('Categories (comma-separated list)'),
diff --git a/mod/editwebpage.php b/mod/editwebpage.php
index 840bda336..85bd9e918 100644
--- a/mod/editwebpage.php
+++ b/mod/editwebpage.php
@@ -164,7 +164,7 @@ function editwebpage_content(&$a) {
'$jotnets' => $jotnets,
'$mimeselect' => $mimeselect,
'$layoutselect' => $layoutselect,
- '$title' => htmlspecialchars($itm[0]['title']),
+ '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'),
'$placeholdertitle' => t('Set title'),
'$category' => '',
'$placeholdercategory' => t('Categories (comma-separated list)'),
diff --git a/mod/message.php b/mod/message.php
index bee3b68f3..b5420e5b3 100644
--- a/mod/message.php
+++ b/mod/message.php
@@ -321,7 +321,7 @@ function message_content(&$a) {
'$preid' => $preid,
'$subject' => t('Subject:'),
'$subjtxt' => ((x($_REQUEST,'subject')) ? strip_tags($_REQUEST['subject']) : ''),
- '$text' => ((x($_REQUEST,'body')) ? escape_tags(htmlspecialchars($_REQUEST['body'])) : ''),
+ '$text' => ((x($_REQUEST,'body')) ? htmlspecialchars($_REQUEST['body'], ENT_COMPAT, 'UTF-8') : ''),
'$readonly' => '',
'$yourmessage' => t('Your message:'),
'$select' => $select,
diff --git a/mod/network.php b/mod/network.php
index 1da5524c9..072f718ec 100644
--- a/mod/network.php
+++ b/mod/network.php
@@ -115,7 +115,7 @@ function network_content(&$a, $update = 0, $load = false) {
// search terms header
if($search)
- $o .= '<h2>' . t('Search Results For:') . ' ' . htmlspecialchars($search) . '</h2>';
+ $o .= '<h2>' . t('Search Results For:') . ' ' . htmlspecialchars($search, ENT_COMPAT,'UTF-8') . '</h2>';
nav_set_selected('network');
diff --git a/mod/search.php b/mod/search.php
index 7651b3a4e..2b31002fa 100644
--- a/mod/search.php
+++ b/mod/search.php
@@ -17,7 +17,7 @@ function search_saved_searches() {
$o .= '<h3>' . t('Saved Searches') . '</h3>' . "\r\n";
$o .= '<ul id="saved-search-ul">' . "\r\n";
foreach($r as $rr) {
- $o .= '<li class="saved-search-li clear"><a href="search/?f=&remove=1&search=' . rawurlencode($rr['term']) . '" title="' . t('Remove term') . '" onclick="return confirmDelete();"><i class="icon-remove drop-icons"></i></a> <a href="search/?f=&search=' . $rr['term'] . '" class="savedsearchterm" >' . htmlspecialchars($rr['term']) . '</a></li>' . "\r\n";
+ $o .= '<li class="saved-search-li clear"><a href="search/?f=&remove=1&search=' . rawurlencode($rr['term']) . '" title="' . t('Remove term') . '" onclick="return confirmDelete();"><i class="icon-remove drop-icons"></i></a> <a href="search/?f=&search=' . $rr['term'] . '" class="savedsearchterm" >' . htmlspecialchars($rr['term'], ENT_COMPAT,'UTF-8') . '</a></li>' . "\r\n";
}
$o .= '</ul><div class="clear"></div></div>' . "\r\n";
}
@@ -272,9 +272,9 @@ function search_content(&$a,$update = 0, $load = false) {
if($tag)
- $o .= '<h2>Items tagged with: ' . htmlspecialchars($search) . '</h2>';
+ $o .= '<h2>Items tagged with: ' . htmlspecialchars($search, ENT_COMPAT,'UTF-8') . '</h2>';
else
- $o .= '<h2>Search results for: ' . htmlspecialchars($search) . '</h2>';
+ $o .= '<h2>Search results for: ' . htmlspecialchars($search, ENT_COMPAT,'UTF-8') . '</h2>';
$o .= conversation($a,$items,'search',$update,'client');
diff --git a/version.inc b/version.inc
index 7a72887e8..64336785f 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2013-12-11.524
+2013-12-12.525