diff options
Diffstat (limited to 'include')
-rwxr-xr-x | include/contact_widgets.php | 2 | ||||
-rw-r--r-- | include/text.php | 11 |
2 files changed, 5 insertions, 8 deletions
diff --git a/include/contact_widgets.php b/include/contact_widgets.php index 1f70e536f..7346b95af 100755 --- a/include/contact_widgets.php +++ b/include/contact_widgets.php @@ -87,7 +87,7 @@ function fileas_widget($baseurl,$selected = '') { $cnt = preg_match_all('/\[(.*?)\]/',$saved,$matches,PREG_SET_ORDER); if($cnt) { foreach($matches as $mtch) { - $unescaped = file_tag_decode($mtch[1]); + $unescaped = xmlify(file_tag_decode($mtch[1])); $terms[] = array('name' => $unescaped,'selected' => (($selected == $unescaped) ? 'selected' : '')); } } diff --git a/include/text.php b/include/text.php index 64f6f72a8..191f4fca8 100644 --- a/include/text.php +++ b/include/text.php @@ -920,7 +920,7 @@ function prepare_body($item,$attach = false) { foreach($matches as $mtch) { if(strlen($x)) $x .= ','; - $x .= file_tag_decode($mtch[1]); + $x .= xmlify(file_tag_decode($mtch[1])); } if(strlen($x)) $s .= '<div class="categorytags"><span>' . t('Categories:') . ' </span>' . $x . '</div>'; @@ -935,7 +935,7 @@ function prepare_body($item,$attach = false) { foreach($matches as $mtch) { if(strlen($x)) $x .= ' '; - $x .= file_tag_decode($mtch[1]). ' <a href="' . $a->get_baseurl() . '/filerm/' . $item['id'] . '?f=&term=' . file_tag_decode($mtch[1]) . '" title="' . t('remove') . '" >' . t('[remove]') . '</a>'; + $x .= xmlify(file_tag_decode($mtch[1])) . ' <a href="' . $a->get_baseurl() . '/filerm/' . $item['id'] . '?f=&term=' . xmlify(file_tag_decode($mtch[1])) . '" title="' . t('remove') . '" >' . t('[remove]') . '</a>'; } if(strlen($x) && (local_user() == $item['uid'])) $s .= '<div class="filesavetags"><span>' . t('Filed under:') . ' </span>' . $x . '</div>'; @@ -1307,13 +1307,10 @@ function file_tag_decode($s) { function file_tag_file_query($table,$s,$type = 'file') { - // this is ultimately going into a vsprintf - $s = str_replace('%','%%',$s); - if($type == 'file') - $str = preg_quote( '[' . file_tag_encode($s) . ']' ); + $str = preg_quote( '[' . str_replace('%','%%',file_tag_encode($s)) . ']' ); else - $str = preg_quote( '<' . file_tag_encode($s) . '>' ); + $str = preg_quote( '<' . str_replace('%','%%',file_tag_encode($s)) . '>' ); return " AND " . (($table) ? dbesc($table) . '.' : '') . "file regexp '" . dbesc($str) . "' "; } |