diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/admin.php | 4 | ||||
-rw-r--r-- | mod/message.php | 34 | ||||
-rwxr-xr-x | mod/setup.php | 2 |
3 files changed, 4 insertions, 36 deletions
diff --git a/mod/admin.php b/mod/admin.php index 9a6aea35a..91dd0b56e 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -425,7 +425,7 @@ function admin_page_site(&$a) { '$baseurl' => $a->get_baseurl(true), // name, label, value, help string, extra data... - '$sitename' => array('sitename', t("Site name"), htmlentities(get_config('system','sitename'), ENT_QUOTES), ""), + '$sitename' => array('sitename', t("Site name"), htmlspecialchars(get_config('system','sitename'), ENT_QUOTES, 'UTF-8'),''), '$banner' => array('banner', t("Banner/Logo"), $banner, ""), '$language' => array('language', t("System language"), get_config('system','language'), "", $lang_choices), '$theme' => array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles - <a href='#' id='cnftheme'>change theme settings</a>"), $theme_choices), @@ -436,7 +436,7 @@ function admin_page_site(&$a) { '$maximagesize' => array('maximagesize', t("Maximum image size"), get_config('system','maximagesize'), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")), '$register_policy' => array('register_policy', t("Register policy"), get_config('system','register_policy'), "", $register_choices), '$access_policy' => array('access_policy', t("Access policy"), get_config('system','access_policy'), "", $access_choices), - '$register_text' => array('register_text', t("Register text"), htmlentities(get_config('system','register_text'), ENT_QUOTES, 'UTF-8'), t("Will be displayed prominently on the registration page.")), + '$register_text' => array('register_text', t("Register text"), htmlspecialchars(get_config('system','register_text'), ENT_QUOTES, 'UTF-8'), t("Will be displayed prominently on the registration page.")), '$abandon_days' => array('abandon_days', t('Accounts abandoned after x days'), get_config('system','account_abandon_days'), t('Will not waste system resources polling external sites for abandonded accounts. Enter 0 for no time limit.')), '$allowed_sites' => array('allowed_sites', t("Allowed friend domains"), get_config('system','allowed_sites'), t("Comma separated list of domains which are allowed to establish friendships with this site. Wildcards are accepted. Empty to allow any domains")), '$allowed_email' => array('allowed_email', t("Allowed email domains"), get_config('system','allowed_email'), t("Comma separated list of domains which are allowed in email addresses for registrations to this site. Wildcards are accepted. Empty to allow any domains")), diff --git a/mod/message.php b/mod/message.php index a0382f63d..bee3b68f3 100644 --- a/mod/message.php +++ b/mod/message.php @@ -425,39 +425,7 @@ function message_content(&$a) { foreach($messages as $message) { - $s = $arr = ''; - - if($message['attach']) - $arr = json_decode_plus($message['attach']); - if($arr) { - $s .= '<div class="body-attach">'; - foreach($arr as $r) { - $matches = false; - $icon = ''; - $icontype = substr($r['type'],0,strpos($r['type'],'/')); - - switch($icontype) { - case 'video': - case 'audio': - case 'image': - case 'text': - $icon = '<div class="attachtype icon s22 type-' . $icontype . '"></div>'; - break; - default: - $icon = '<div class="attachtype icon s22 type-unkn"></div>'; - break; - } - - $title = htmlentities($r['title'], ENT_COMPAT,'UTF-8'); - if(! $title) - $title = t('unknown.???'); - $title .= ' ' . $r['length'] . ' ' . t('bytes'); - - $url = $a->get_baseurl() . '/magic?f=&hash=' . $message['from_xchan'] . '&dest=' . $r['href'] . '/' . $r['revision']; - $s .= '<a href="' . $url . '" title="' . $title . '" class="attachlink" >' . $icon . '</a>'; - } - $s .= '<div class="clear"></div></div>'; - } + $s = theme_attachments($message); $mails[] = array( 'id' => $message['id'], diff --git a/mod/setup.php b/mod/setup.php index 429be43af..0198f1f09 100755 --- a/mod/setup.php +++ b/mod/setup.php @@ -543,7 +543,7 @@ function check_htaccess(&$checks) { function manual_config(&$a) { - $data = htmlentities($a->data['txt']); + $data = htmlspecialchars($a->data['txt'],ENT_COMPAT,'UTF-8'); $o = t('The database configuration file ".htconfig.php" could not be written. Please use the enclosed text to create a configuration file in your web server root.'); $o .= "<textarea rows=\"24\" cols=\"80\" >$data</textarea>"; return $o; |