diff options
| author | Mario Vavti <mario@mariovavti.com> | 2019-03-18 12:19:24 +0000 |
|---|---|---|
| committer | Mario <mario@mariovavti.com> | 2019-03-18 13:31:03 +0100 |
| commit | 43753ec1133e1078f87cd609da008db9e935e998 (patch) | |
| tree | 80a91cd842f2885a4c516aaf6aa3fa0e6de6db0b /Zotlabs/Module/Photos.php | |
| parent | f1fee1239b57842f56c456b57f3e8910b0b5d6f7 (diff) | |
| download | volse-hubzilla-43753ec1133e1078f87cd609da008db9e935e998.tar.gz volse-hubzilla-43753ec1133e1078f87cd609da008db9e935e998.tar.bz2 volse-hubzilla-43753ec1133e1078f87cd609da008db9e935e998.zip | |
ENT_COMPAT will only take care of double-quotes. Use double-quotes here to prevent XSS
(cherry picked from commit a086745ec021add5638a0527d4e8e14835591e93)
Diffstat (limited to 'Zotlabs/Module/Photos.php')
| -rw-r--r-- | Zotlabs/Module/Photos.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index a761dbd14..161141c3b 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -848,7 +848,7 @@ class Photos extends \Zotlabs\Web\Controller { killme(); } else { - $o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; + $o .= '<script>var page_query = "' . escape_tags($_GET['q']) . '"; var extra_args = "' . extra_query_args() . '";</script>'; $tpl = get_markup_template('photo_album.tpl'); $o .= replace_macros($tpl, array( '$photos' => $photos, @@ -1396,7 +1396,7 @@ class Photos extends \Zotlabs\Web\Controller { killme(); } else { - $o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; + $o .= '<script>var page_query = "' . escape_tags($_GET['q']) . '"; var extra_args = "' . extra_query_args() . '";</script>'; $tpl = get_markup_template('photos_recent.tpl'); $o .= replace_macros($tpl, array( '$title' => t('Recent Photos'), |