aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMario Vavti <mario@mariovavti.com>2019-03-18 12:19:24 +0000
committerMario <mario@mariovavti.com>2019-03-18 13:31:03 +0100
commit43753ec1133e1078f87cd609da008db9e935e998 (patch)
tree80a91cd842f2885a4c516aaf6aa3fa0e6de6db0b
parentf1fee1239b57842f56c456b57f3e8910b0b5d6f7 (diff)
downloadvolse-hubzilla-43753ec1133e1078f87cd609da008db9e935e998.tar.gz
volse-hubzilla-43753ec1133e1078f87cd609da008db9e935e998.tar.bz2
volse-hubzilla-43753ec1133e1078f87cd609da008db9e935e998.zip
ENT_COMPAT will only take care of double-quotes. Use double-quotes here to prevent XSS
(cherry picked from commit a086745ec021add5638a0527d4e8e14835591e93)
-rw-r--r--Zotlabs/Module/Connections.php2
-rw-r--r--Zotlabs/Module/Directory.php2
-rw-r--r--Zotlabs/Module/Photos.php4
-rw-r--r--Zotlabs/Module/Viewconnections.php2
4 files changed, 5 insertions, 5 deletions
diff --git a/Zotlabs/Module/Connections.php b/Zotlabs/Module/Connections.php
index 967e9521d..8e3730875 100644
--- a/Zotlabs/Module/Connections.php
+++ b/Zotlabs/Module/Connections.php
@@ -329,7 +329,7 @@ class Connections extends \Zotlabs\Web\Controller {
killme();
}
else {
- $o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
+ $o .= '<script>var page_query = "' . escape_tags($_GET['q']) . '"; var extra_args = "' . extra_query_args() . '";</script>';
$o .= replace_macros(get_markup_template('connections.tpl'),array(
'$header' => t('Connections') . (($head) ? ': ' . $head : ''),
'$tabs' => $tabs,
diff --git a/Zotlabs/Module/Directory.php b/Zotlabs/Module/Directory.php
index c29fa8326..04bcb7f0a 100644
--- a/Zotlabs/Module/Directory.php
+++ b/Zotlabs/Module/Directory.php
@@ -399,7 +399,7 @@ class Directory extends \Zotlabs\Web\Controller {
$dirtitle = (($globaldir) ? t('Global Directory') : t('Local Directory'));
- $o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; divmore_height = " . intval($maxheight) . "; </script>";
+ $o .= '<script>var page_query = "' . escape_tags($_GET['q']) . '"; var extra_args = "' . extra_query_args() . '"; divmore_height = ' . intval($maxheight) . '; </script>';
$o .= replace_macros($tpl, array(
'$search' => $search,
'$desc' => t('Find'),
diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php
index a761dbd14..161141c3b 100644
--- a/Zotlabs/Module/Photos.php
+++ b/Zotlabs/Module/Photos.php
@@ -848,7 +848,7 @@ class Photos extends \Zotlabs\Web\Controller {
killme();
}
else {
- $o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
+ $o .= '<script>var page_query = "' . escape_tags($_GET['q']) . '"; var extra_args = "' . extra_query_args() . '";</script>';
$tpl = get_markup_template('photo_album.tpl');
$o .= replace_macros($tpl, array(
'$photos' => $photos,
@@ -1396,7 +1396,7 @@ class Photos extends \Zotlabs\Web\Controller {
killme();
}
else {
- $o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
+ $o .= '<script>var page_query = "' . escape_tags($_GET['q']) . '"; var extra_args = "' . extra_query_args() . '";</script>';
$tpl = get_markup_template('photos_recent.tpl');
$o .= replace_macros($tpl, array(
'$title' => t('Recent Photos'),
diff --git a/Zotlabs/Module/Viewconnections.php b/Zotlabs/Module/Viewconnections.php
index 0a5e86907..14a5ccb86 100644
--- a/Zotlabs/Module/Viewconnections.php
+++ b/Zotlabs/Module/Viewconnections.php
@@ -107,7 +107,7 @@ class Viewconnections extends \Zotlabs\Web\Controller {
killme();
}
else {
- $o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
+ $o .= '<script>var page_query = "' . escape_tags($_GET['q']) . '"; var extra_args = "' . extra_query_args() . '";</script>';
$tpl = get_markup_template("viewcontact_template.tpl");
$o .= replace_macros($tpl, array(
'$title' => t('View Connections'),