diff options
author | Mario Vavti <mario@mariovavti.com> | 2019-03-18 13:19:24 +0100 |
---|---|---|
committer | Mario Vavti <mario@mariovavti.com> | 2019-03-18 13:19:24 +0100 |
commit | a086745ec021add5638a0527d4e8e14835591e93 (patch) | |
tree | 092c099bf6c9f150bc88f966a824dd6b64cf694e | |
parent | 51156d058232969d55032f045859e46bb3a09162 (diff) | |
download | volse-hubzilla-a086745ec021add5638a0527d4e8e14835591e93.tar.gz volse-hubzilla-a086745ec021add5638a0527d4e8e14835591e93.tar.bz2 volse-hubzilla-a086745ec021add5638a0527d4e8e14835591e93.zip |
ENT_COMPAT will only take care of double-quotes. Use double-quotes here to prevent XSS
-rw-r--r-- | Zotlabs/Module/Connections.php | 2 | ||||
-rw-r--r-- | Zotlabs/Module/Directory.php | 2 | ||||
-rw-r--r-- | Zotlabs/Module/Photos.php | 4 | ||||
-rw-r--r-- | Zotlabs/Module/Viewconnections.php | 2 |
4 files changed, 5 insertions, 5 deletions
diff --git a/Zotlabs/Module/Connections.php b/Zotlabs/Module/Connections.php index 967e9521d..8e3730875 100644 --- a/Zotlabs/Module/Connections.php +++ b/Zotlabs/Module/Connections.php @@ -329,7 +329,7 @@ class Connections extends \Zotlabs\Web\Controller { killme(); } else { - $o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; + $o .= '<script>var page_query = "' . escape_tags($_GET['q']) . '"; var extra_args = "' . extra_query_args() . '";</script>'; $o .= replace_macros(get_markup_template('connections.tpl'),array( '$header' => t('Connections') . (($head) ? ': ' . $head : ''), '$tabs' => $tabs, diff --git a/Zotlabs/Module/Directory.php b/Zotlabs/Module/Directory.php index c29fa8326..04bcb7f0a 100644 --- a/Zotlabs/Module/Directory.php +++ b/Zotlabs/Module/Directory.php @@ -399,7 +399,7 @@ class Directory extends \Zotlabs\Web\Controller { $dirtitle = (($globaldir) ? t('Global Directory') : t('Local Directory')); - $o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; divmore_height = " . intval($maxheight) . "; </script>"; + $o .= '<script>var page_query = "' . escape_tags($_GET['q']) . '"; var extra_args = "' . extra_query_args() . '"; divmore_height = ' . intval($maxheight) . '; </script>'; $o .= replace_macros($tpl, array( '$search' => $search, '$desc' => t('Find'), diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index a761dbd14..161141c3b 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -848,7 +848,7 @@ class Photos extends \Zotlabs\Web\Controller { killme(); } else { - $o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; + $o .= '<script>var page_query = "' . escape_tags($_GET['q']) . '"; var extra_args = "' . extra_query_args() . '";</script>'; $tpl = get_markup_template('photo_album.tpl'); $o .= replace_macros($tpl, array( '$photos' => $photos, @@ -1396,7 +1396,7 @@ class Photos extends \Zotlabs\Web\Controller { killme(); } else { - $o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; + $o .= '<script>var page_query = "' . escape_tags($_GET['q']) . '"; var extra_args = "' . extra_query_args() . '";</script>'; $tpl = get_markup_template('photos_recent.tpl'); $o .= replace_macros($tpl, array( '$title' => t('Recent Photos'), diff --git a/Zotlabs/Module/Viewconnections.php b/Zotlabs/Module/Viewconnections.php index 0a5e86907..14a5ccb86 100644 --- a/Zotlabs/Module/Viewconnections.php +++ b/Zotlabs/Module/Viewconnections.php @@ -107,7 +107,7 @@ class Viewconnections extends \Zotlabs\Web\Controller { killme(); } else { - $o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; + $o .= '<script>var page_query = "' . escape_tags($_GET['q']) . '"; var extra_args = "' . extra_query_args() . '";</script>'; $tpl = get_markup_template("viewcontact_template.tpl"); $o .= replace_macros($tpl, array( '$title' => t('View Connections'), |