diff options
| author | Friendika <info@friendika.com> | 2011-09-19 19:46:18 -0700 |
|---|---|---|
| committer | Friendika <info@friendika.com> | 2011-09-19 19:46:18 -0700 |
| commit | 63277b57fc6557c5f59fefd1ae738ad3c3e2a9f1 (patch) | |
| tree | 9c77d63b3081f379181cce1a1aad62b28cd94549 /mod/message.php | |
| parent | d6d24f3b6a2fcd853387ff5338a89687e498300c (diff) | |
| download | volse-hubzilla-63277b57fc6557c5f59fefd1ae738ad3c3e2a9f1.tar.gz volse-hubzilla-63277b57fc6557c5f59fefd1ae738ad3c3e2a9f1.tar.bz2 volse-hubzilla-63277b57fc6557c5f59fefd1ae738ad3c3e2a9f1.zip | |
template escapes
Diffstat (limited to 'mod/message.php')
| -rw-r--r-- | mod/message.php | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/mod/message.php b/mod/message.php index 165d63814..e031cdafa 100644 --- a/mod/message.php +++ b/mod/message.php @@ -159,10 +159,10 @@ function message_content(&$a) { '$from_url' => $a->get_baseurl() . '/redir/' . $rr['contact-id'], '$sparkle' => ' sparkle', '$from_photo' => $rr['thumb'], - '$subject' => (($rr['mailseen']) ? $rr['title'] : '<strong>' . $rr['title'] . '</strong>'), + '$subject' => template_escape((($rr['mailseen']) ? $rr['title'] : '<strong>' . $rr['title'] . '</strong>')), '$delete' => t('Delete conversation'), - '$body' => $rr['body'], - '$to_name' => $rr['name'], + '$body' => template_escape($rr['body']), + '$to_name' => template_escape($rr['name']), '$date' => datetime_convert('UTC',date_default_timezone_get(),$rr['mailcreated'], t('D, d M Y - g:i A')) )); } @@ -221,14 +221,14 @@ function message_content(&$a) { } $o .= replace_macros($tpl, array( '$id' => $message['id'], - '$from_name' =>$message['from-name'], + '$from_name' => template_escape($message['from-name']), '$from_url' => $from_url, '$sparkle' => $sparkle, '$from_photo' => $message['from-photo'], - '$subject' => $message['title'], - '$body' => smilies(bbcode($message['body'])), + '$subject' => template_escape($message['title']), + '$body' => template_escape(smilies(bbcode($message['body']))), '$delete' => t('Delete message'), - '$to_name' => $message['name'], + '$to_name' => template_escape($message['name']), '$date' => datetime_convert('UTC',date_default_timezone_get(),$message['created'],'D, d M Y - g:i A') )); @@ -240,7 +240,7 @@ function message_content(&$a) { '$header' => t('Send Reply'), '$to' => t('To:'), '$subject' => t('Subject:'), - '$subjtxt' => $message['title'], + '$subjtxt' => template_escape($message['title']), '$readonly' => ' readonly="readonly" style="background: #BBBBBB;" ', '$yourmessage' => t('Your message:'), '$select' => $select, |