diff options
| author | friendica <info@friendica.com> | 2013-12-12 02:15:02 -0800 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2013-12-12 02:15:02 -0800 |
| commit | 303324cdff3f7c8bc83fae89256a2133939944b2 (patch) | |
| tree | f6065af47bd6eaf35a8c220f5c082fec0fd49517 /include/widgets.php | |
| parent | 941f81eb300074b203dd480924f9cf8b9d41a08d (diff) | |
| download | volse-hubzilla-303324cdff3f7c8bc83fae89256a2133939944b2.tar.gz volse-hubzilla-303324cdff3f7c8bc83fae89256a2133939944b2.tar.bz2 volse-hubzilla-303324cdff3f7c8bc83fae89256a2133939944b2.zip | |
more htmlspecialchars sanitisation
Diffstat (limited to 'include/widgets.php')
| -rw-r--r-- | include/widgets.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/widgets.php b/include/widgets.php index 495ce74aa..f53998b23 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -219,7 +219,7 @@ function widget_savedsearch($arr) { 'term' => $rr['term'], 'dellink' => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&searchremove=1&search=' . urlencode($rr['term']), 'srchlink' => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&search=' . urlencode($rr['term']), - 'displayterm' => htmlspecialchars($rr['term']), + 'displayterm' => htmlspecialchars($rr['term'], ENT_COMPAT,'UTF-8'), 'encodedterm' => urlencode($rr['term']), 'delete' => t('Remove term'), 'selected' => ($search==$rr['term']), @@ -317,7 +317,7 @@ function widget_fullprofile($arr) { function widget_categories($arr) { $a = get_app(); - $cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat']) : ''); + $cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat'],ENT_COMPAT,'UTF-8') : ''); $srchurl = $a->query_string; $srchurl = rtrim(preg_replace('/cat\=[^\&].*?(\&|$)/is','',$srchurl),'&'); $srchurl = str_replace(array('?f=','&f='),array('',''),$srchurl); |