Adjust remaining htmlspecialchars() accordingly
This commit is contained in:
Garvin Hicking
@ -1057,7 +1057,7 @@ class XML_RPC_Response extends XML_RPC_Base
|
||||
{
|
||||
if ($fcode != 0) {
|
||||
$this->fn = $fcode;
|
||||
$this->fs = htmlspecialchars($fstr);
|
||||
$this->fs = serendipity_specialchars($fstr);
|
||||
} else {
|
||||
$this->xv = $val;
|
||||
}
|
||||
@ -1452,7 +1452,7 @@ class XML_RPC_Message extends XML_RPC_Base
|
||||
$hdrfnd = 0;
|
||||
if ($this->debug) {
|
||||
print "\n<pre>---GOT---\n";
|
||||
print isset($_SERVER['SERVER_PROTOCOL']) ? htmlspecialchars($data) : $data;
|
||||
print isset($_SERVER['SERVER_PROTOCOL']) ? serendipity_specialchars($data) : $data;
|
||||
print "\n---END---</pre>\n";
|
||||
}
|
||||
|
||||
@ -1704,7 +1704,7 @@ class XML_RPC_Value extends XML_RPC_Base
|
||||
$rs .= "<struct>\n";
|
||||
reset($val);
|
||||
foreach ($val as $key2 => $val2) {
|
||||
$rs .= "<member><name>" . htmlspecialchars($key2) . "</name>\n";
|
||||
$rs .= "<member><name>" . serendipity_specialchars($key2) . "</name>\n";
|
||||
$rs .= $this->serializeval($val2);
|
||||
$rs .= "</member>\n";
|
||||
}
|
||||
@ -1729,7 +1729,7 @@ class XML_RPC_Value extends XML_RPC_Base
|
||||
$rs .= "<${typ}>" . ($val ? '1' : '0') . "</${typ}>";
|
||||
break;
|
||||
case $GLOBALS['XML_RPC_String']:
|
||||
$rs .= "<${typ}>" . htmlspecialchars($val). "</${typ}>";
|
||||
$rs .= "<${typ}>" . serendipity_specialchars($val). "</${typ}>";
|
||||
break;
|
||||
default:
|
||||
$rs .= "<${typ}>${val}</${typ}>";
|
||||
|
||||
@ -282,7 +282,7 @@ if (empty($_SERVER['REQUEST_URI'])) {
|
||||
|
||||
// Some security issues
|
||||
if (isset($serendipity['GET']['searchTerm'])) {
|
||||
$serendipity['GET']['searchTerm'] = htmlspecialchars(strip_tags($serendipity['GET']['searchTerm']));
|
||||
$serendipity['GET']['searchTerm'] = serendipity_specialchars(strip_tags($serendipity['GET']['searchTerm']));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -316,7 +316,7 @@ class serendipity_event_entryproperties extends serendipity_event
|
||||
?>
|
||||
<div class="entryproperties_access_pw form_field">
|
||||
<label for="properties_access_pw"><?php echo PASSWORD; ?>:</label>
|
||||
<input id="properties_access_pw" name="serendipity[properties][entrypassword]" type="password" autocomplete="off" value="<?php echo htmlspecialchars($password); ?>">
|
||||
<input id="properties_access_pw" name="serendipity[properties][entrypassword]" type="password" autocomplete="off" value="<?php echo serendipity_specialchars($password); ?>">
|
||||
</div>
|
||||
<?php
|
||||
return true;
|
||||
@ -335,7 +335,7 @@ class serendipity_event_entryproperties extends serendipity_event
|
||||
$group['name'] = constant($group['confvalue']);
|
||||
}
|
||||
?>
|
||||
<option value="<?php echo $group['id']; ?>" <?php echo (in_array($group['id'], $access_groups) ? 'selected="selected"' : ''); ?>><?php echo htmlspecialchars($group['name']); ?></option>
|
||||
<option value="<?php echo $group['id']; ?>" <?php echo (in_array($group['id'], $access_groups) ? 'selected="selected"' : ''); ?>><?php echo serendipity_specialchars($group['name']); ?></option>
|
||||
<?php
|
||||
}
|
||||
echo '</select>';
|
||||
@ -355,7 +355,7 @@ class serendipity_event_entryproperties extends serendipity_event
|
||||
$users = serendipity_fetchUsers('', 'hidden');
|
||||
foreach($users AS $user) {
|
||||
?>
|
||||
<option value="<?php echo $user['authorid']; ?>" <?php echo (in_array($user['authorid'], $access_users) ? 'selected="selected"' : ''); ?>><?php echo htmlspecialchars($user['realname']); ?></option>
|
||||
<option value="<?php echo $user['authorid']; ?>" <?php echo (in_array($user['authorid'], $access_users) ? 'selected="selected"' : ''); ?>><?php echo serendipity_specialchars($user['realname']); ?></option>
|
||||
<?php
|
||||
}
|
||||
echo '</select>';
|
||||
@ -380,7 +380,7 @@ class serendipity_event_entryproperties extends serendipity_event
|
||||
}
|
||||
$avail_users =& $this->getValidAuthors();
|
||||
foreach($avail_users AS $user) {
|
||||
echo '<option value="' . $user['authorid'] . '" ' . ($selected_user == $user['authorid'] ? ' selected="selected"' : '') . '>' . htmlspecialchars($user['realname']) . '</option>' . "\n";
|
||||
echo '<option value="' . $user['authorid'] . '" ' . ($selected_user == $user['authorid'] ? ' selected="selected"' : '') . '>' . serendipity_specialchars($user['realname']) . '</option>' . "\n";
|
||||
}
|
||||
?>
|
||||
</select>
|
||||
@ -414,7 +414,7 @@ class serendipity_event_entryproperties extends serendipity_event
|
||||
$selected = false;
|
||||
}
|
||||
|
||||
echo '<option ' . ($selected ? 'selected="selected"' : '') . ' value="' . $plugin_data['p']->instance . '">' . htmlspecialchars($plugin_data['p']->title) . '</option>' . "\n";
|
||||
echo '<option ' . ($selected ? 'selected="selected"' : '') . ' value="' . $plugin_data['p']->instance . '">' . serendipity_specialchars($plugin_data['p']->title) . '</option>' . "\n";
|
||||
}
|
||||
}
|
||||
?>
|
||||
@ -447,7 +447,7 @@ class serendipity_event_entryproperties extends serendipity_event
|
||||
foreach($fields AS $fieldname) {
|
||||
$fieldparts = explode(':', $fieldname);
|
||||
$fieldname = $fieldparts[0];
|
||||
$fieldname = htmlspecialchars(trim($fieldname));
|
||||
$fieldname = serendipity_specialchars(trim($fieldname));
|
||||
|
||||
if (isset($serendipity['POST']['properties'][$fieldname])) {
|
||||
$value = $serendipity['POST']['properties'][$fieldname];
|
||||
@ -459,7 +459,7 @@ class serendipity_event_entryproperties extends serendipity_event
|
||||
?>
|
||||
<div id="ep_column_<?php echo $fieldname; ?>" class="clearfix form_area">
|
||||
<label for="prop<?php echo $fieldname; ?>"><?php echo $fieldname; ?></label>
|
||||
<textarea id="prop<?php echo $fieldname; ?>" name="serendipity[properties][<?php echo $fieldname; ?>]"><?php echo htmlspecialchars($value); ?></textarea>
|
||||
<textarea id="prop<?php echo $fieldname; ?>" name="serendipity[properties][<?php echo $fieldname; ?>]"><?php echo serendipity_specialchars($value); ?></textarea>
|
||||
<button class="customfieldMedia" type="button" name="insImage" title="<?php echo MEDIA ; ?>"><span class="icon-picture"></span><span class="visuallyhidden"><?php echo MEDIA ; ?></span></button>
|
||||
</div>
|
||||
<?php
|
||||
@ -610,7 +610,7 @@ class serendipity_event_entryproperties extends serendipity_event
|
||||
if (is_array($entries)) {
|
||||
echo '<ul class="plainList">';
|
||||
foreach($entries AS $idx => $entry) {
|
||||
printf('<li>' . PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_BUILDING, $entry['id'], htmlspecialchars($entry['title']));
|
||||
printf('<li>' . PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_BUILDING, $entry['id'], serendipity_specialchars($entry['title']));
|
||||
$this->updateCache($entry);
|
||||
echo ' ' . PLUGIN_EVENT_ENTRYPROPERTIES_CACHED . '</li>';
|
||||
}
|
||||
@ -620,10 +620,10 @@ class serendipity_event_entryproperties extends serendipity_event
|
||||
if ($to < $total) {
|
||||
?>
|
||||
<script>
|
||||
if (confirm("<?php echo htmlspecialchars(PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_FETCHNEXT); ?>")) {
|
||||
if (confirm("<?php echo serendipity_specialchars(PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_FETCHNEXT); ?>")) {
|
||||
location.href = "?serendipity[adminModule]=event_display&serendipity[adminAction]=buildcache&serendipity[page]=<?php echo ($page+1); ?>";
|
||||
} else {
|
||||
alert("<?php echo htmlspecialchars(PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_ABORTED); ?>");
|
||||
alert("<?php echo serendipity_specialchars(PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_ABORTED); ?>");
|
||||
}
|
||||
</script>
|
||||
<?php
|
||||
|
||||
@ -438,7 +438,7 @@ class serendipity_event_gravatar extends serendipity_event
|
||||
$title = '';
|
||||
$author = 'unknown';
|
||||
if (isset($eventData['author'])) {
|
||||
$author = htmlspecialchars($eventData['author']);
|
||||
$author = serendipity_specialchars($eventData['author']);
|
||||
$title = $author;
|
||||
}
|
||||
|
||||
|
||||
@ -164,7 +164,7 @@ class serendipity_event_mailer extends serendipity_event
|
||||
</div>
|
||||
<div class="form_field">
|
||||
<label title="<?php echo PLUGIN_EVENT_MAILER_RECIPIENT; ?>" for="properties_mailto"><?php echo PLUGIN_EVENT_MAILER_RECIPIENTS; ?></label>
|
||||
<input id="properties_mailto" type="text" name="serendipity[properties][mailto]" value="<?php echo htmlspecialchars($mailto); ?>">
|
||||
<input id="properties_mailto" type="text" name="serendipity[properties][mailto]" value="<?php echo serendipity_specialchars($mailto); ?>">
|
||||
</div>
|
||||
<div class="form_check">
|
||||
<input id="sendall" type="checkbox" value="true" name="serendipity[properties][sendentry_all]" <?php echo ($sendtoall ? 'checked="checked"': ''); ?>>
|
||||
@ -268,7 +268,7 @@ class serendipity_event_mailer extends serendipity_event
|
||||
|
||||
foreach($to AS $mailto) {
|
||||
if (!empty($mailto)) {
|
||||
echo htmlspecialchars($mailto) . '...<br />';
|
||||
echo serendipity_specialchars($mailto) . '...<br />';
|
||||
serendipity_sendMail($mailto, $mail['subject'], $mail['body'], $mail['from']);
|
||||
}
|
||||
}
|
||||
|
||||
@ -781,7 +781,7 @@ var $filter_defaults;
|
||||
if ($use_gd) {
|
||||
return sprintf('<img src="%s" onclick="this.src=this.src + \'1\'" title="%s" alt="CAPTCHA" class="captcha" />',
|
||||
$serendipity['baseURL'] . ($serendipity['rewrite'] == 'none' ? $serendipity['indexFile'] . '?/' : '') . 'plugin/captcha_' . md5(time()),
|
||||
htmlspecialchars(PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC2)
|
||||
serendipity_specialchars(PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC2)
|
||||
);
|
||||
} else {
|
||||
$bgcolors = explode(',', $this->get_config('captcha_color', '255,0,255'));
|
||||
@ -791,7 +791,7 @@ var $filter_defaults;
|
||||
for ($i = 1; $i <= $max_char; $i++) {
|
||||
$output .= sprintf('<img src="%s" title="%s" alt="CAPTCHA ' . $i . '" class="captcha" />',
|
||||
$serendipity['baseURL'] . ($serendipity['rewrite'] == 'none' ? $serendipity['indexFile'] . '?/' : '') . 'plugin/captcha_' . $i . '_' . md5(time()),
|
||||
htmlspecialchars(PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC2)
|
||||
serendipity_specialchars(PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC2)
|
||||
);
|
||||
}
|
||||
$output .= '</div>';
|
||||
@ -1205,7 +1205,7 @@ var $filter_defaults;
|
||||
echo '<br />';
|
||||
echo '<label for="captcha">'. PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC3 . '</label><br /><input class="input_textbox" type="text" size="5" name="serendipity[captcha]" value="" id="captcha" />';
|
||||
} elseif (isset($serendipity['POST']['captcha'])) {
|
||||
echo '<input type="hidden" name="serendipity[captcha]" value="' . htmlspecialchars($serendipity['POST']['captcha']) . '" />';
|
||||
echo '<input type="hidden" name="serendipity[captcha]" value="' . serendipity_specialchars($serendipity['POST']['captcha']) . '" />';
|
||||
}
|
||||
echo '</div>';
|
||||
}
|
||||
|
||||
@ -107,7 +107,7 @@ class serendipity_plugin_authors extends serendipity_plugin {
|
||||
if ( !empty($image) ) {
|
||||
$html .= '<a class="serendipity_xml_icon" href="'. serendipity_feedAuthorURL($auth, 'serendipityHTTPPath') .'"><img src="'. $image .'" alt="XML" style="border: 0px" /></a> ';
|
||||
}
|
||||
$html .= '<a href="'. serendipity_authorURL($auth, 'serendipityHTTPPath') .'" title="'. htmlspecialchars($auth['realname']) .'">'. htmlspecialchars($auth['realname']) . $entrycount . '</a>';
|
||||
$html .= '<a href="'. serendipity_authorURL($auth, 'serendipityHTTPPath') .'" title="'. serendipity_specialchars($auth['realname']) .'">'. serendipity_specialchars($auth['realname']) . $entrycount . '</a>';
|
||||
$html .= '</li>' . "\n";
|
||||
}
|
||||
}
|
||||
|
||||
@ -307,7 +307,7 @@ class serendipity_plugin_calendar extends serendipity_plugin {
|
||||
$cellProps[$externalevents[$currDay]['Class']] = 1;
|
||||
}
|
||||
if (isset($externalevents[$currDay]['Title'])) {
|
||||
$cellProps['Title'] = htmlspecialchars($externalevents[$currDay]['Title']);
|
||||
$cellProps['Title'] = serendipity_specialchars($externalevents[$currDay]['Title']);
|
||||
}
|
||||
if (isset($externalevents[$currDay]['Extended'])) {
|
||||
foreach($externalevents[$currDay]['Extended'] as $ext_key => $ext_val) {
|
||||
|
||||
@ -268,7 +268,7 @@ class serendipity_plugin_categories extends serendipity_plugin {
|
||||
if ( !empty($image) ) {
|
||||
$html .= '<a class="serendipity_xml_icon" href="'. $categories[$cid]['feedCategoryURL'] .'"><img src="'. $image .'" alt="XML" style="border: 0px" /></a> ';
|
||||
}
|
||||
$html .= '<a href="'. $categories[$cid]['categoryURL'] .'" title="'. htmlspecialchars($cat['category_description']) .'" style="padding-left: '. $categories[$cid]['paddingPx'] .'px">'. htmlspecialchars($categories[$cid]['category_name']) .'</a>';
|
||||
$html .= '<a href="'. $categories[$cid]['categoryURL'] .'" title="'. serendipity_specialchars($cat['category_description']) .'" style="padding-left: '. $categories[$cid]['paddingPx'] .'px">'. serendipity_specialchars($categories[$cid]['category_name']) .'</a>';
|
||||
$html .= '</li>' . "\n";
|
||||
}
|
||||
}
|
||||
|
||||
@ -213,9 +213,9 @@ class serendipity_plugin_comments extends serendipity_plugin
|
||||
substr($row['comment_url'], 0, 8) != 'https://') {
|
||||
$row['comment_url'] = 'http://' . $row['comment_url'];
|
||||
}
|
||||
$user = '<a class="highlight" href="' . htmlspecialchars(strip_tags($row['comment_url'])) . '" title="' . htmlspecialchars(strip_tags($row['comment_title'])) . '">' . htmlspecialchars(strip_tags($row['user'])) . '</a>';
|
||||
$user = '<a class="highlight" href="' . serendipity_specialchars(strip_tags($row['comment_url'])) . '" title="' . serendipity_specialchars(strip_tags($row['comment_title'])) . '">' . serendipity_specialchars(strip_tags($row['user'])) . '</a>';
|
||||
} else {
|
||||
$user = htmlspecialchars(strip_tags($row['user']));
|
||||
$user = serendipity_specialchars(strip_tags($row['user']));
|
||||
}
|
||||
|
||||
$user = trim($user);
|
||||
@ -256,10 +256,10 @@ class serendipity_plugin_comments extends serendipity_plugin
|
||||
'<div class="plugin_comment_wrap">' . PLUGIN_COMMENTS_ABOUT . '</div>',
|
||||
|
||||
'<div class="plugin_comment_subject"><span class="plugin_comment_author">' . $user . '</span>',
|
||||
' <a class="highlight" href="' . serendipity_archiveURL($row['entry_id'], $row['subject'], 'baseURL', true, array('timestamp' => $row['entrystamp'])) .'#c' . $row['comment_id'] . '" title="' . htmlspecialchars($row['subject']) . '">'
|
||||
. htmlspecialchars($row['subject'])
|
||||
' <a class="highlight" href="' . serendipity_archiveURL($row['entry_id'], $row['subject'], 'baseURL', true, array('timestamp' => $row['entrystamp'])) .'#c' . $row['comment_id'] . '" title="' . serendipity_specialchars($row['subject']) . '">'
|
||||
. serendipity_specialchars($row['subject'])
|
||||
. '</a></div>' . "\n"
|
||||
. '<div class="plugin_comment_date">' . htmlspecialchars(serendipity_strftime($dateformat, $row['stamp'])) . '</div>' . "\n"
|
||||
. '<div class="plugin_comment_date">' . serendipity_specialchars(serendipity_strftime($dateformat, $row['stamp'])) . '</div>' . "\n"
|
||||
. '<div class="plugin_comment_body">' . strip_tags($entry['comment'], '<br /><img><a>') . '</div>' . "\n\n"
|
||||
);
|
||||
}
|
||||
|
||||
@ -189,7 +189,7 @@ class serendipity_plugin_history extends serendipity_plugin
|
||||
$t = ($maxlength==0 || strlen($e[$x]['title'])<=$maxlength) ?
|
||||
$e[$x]['title'] :
|
||||
(trim(serendipity_mb('substr', $e[$x]['title'], 0, $maxlength-3)).' [...]');
|
||||
echo '<a href="' . $url . '" title="' . str_replace("'", "`", htmlspecialchars($e[$x]['title'])) . '">"' . htmlspecialchars($t) . '"</a></div>';
|
||||
echo '<a href="' . $url . '" title="' . str_replace("'", "`", serendipity_specialchars($e[$x]['title'])) . '">"' . serendipity_specialchars($t) . '"</a></div>';
|
||||
if ($full)
|
||||
{ echo '<div class="serendipity_history_body">' . strip_tags($e[$x]['body']) . '</div>'; }
|
||||
}
|
||||
|
||||
@ -241,9 +241,9 @@ class serendipity_plugin_recententries extends serendipity_plugin {
|
||||
$entry['title'] = '#' . $entry['id'];
|
||||
}
|
||||
|
||||
echo '<dt class="serendipity_recententries_entrylink"><a href="' . $entryLink . '" title="' . htmlspecialchars($entry['title']) . '">' . htmlspecialchars($entry['title']) . '</a></dt>' . "\n"
|
||||
echo '<dt class="serendipity_recententries_entrylink"><a href="' . $entryLink . '" title="' . serendipity_specialchars($entry['title']) . '">' . serendipity_specialchars($entry['title']) . '</a></dt>' . "\n"
|
||||
. '<dd class="serendipity_recententries_entrydate serendipitySideBarDate">'
|
||||
. htmlspecialchars(serendipity_strftime($dateformat, $entry['timestamp']))
|
||||
. serendipity_specialchars(serendipity_strftime($dateformat, $entry['timestamp']))
|
||||
. '</dd>' . "\n";
|
||||
}
|
||||
echo '</dl>' . "\n\n";
|
||||
|
||||
@ -507,7 +507,7 @@ class serendipity_plugin_remoterss extends serendipity_plugin {
|
||||
$content .= '<div class="rss_item">';
|
||||
|
||||
if ($use_rss_link) {
|
||||
$content .= '<div class="rss_link"><a href="' . htmlspecialchars($this->decode($item['link'])) . '" ' . (!empty($target) ? 'target="'.$target.'"' : '') . '>';
|
||||
$content .= '<div class="rss_link"><a href="' . serendipity_specialchars($this->decode($item['link'])) . '" ' . (!empty($target) ? 'target="'.$target.'"' : '') . '>';
|
||||
}
|
||||
|
||||
if (!empty($bulletimg)) {
|
||||
@ -525,7 +525,7 @@ class serendipity_plugin_remoterss extends serendipity_plugin {
|
||||
if ($escape_rss) {
|
||||
$content .= $this->decode($item[$rss_element]);
|
||||
} else {
|
||||
$content .= htmlspecialchars($this->decode($item[$rss_element]));
|
||||
$content .= serendipity_specialchars($this->decode($item[$rss_element]));
|
||||
}
|
||||
|
||||
if ($smarty) {
|
||||
@ -551,7 +551,7 @@ class serendipity_plugin_remoterss extends serendipity_plugin {
|
||||
$item['timestamp'] = @strtotime(isset($item['pubdate']) ? $item['pubdate'] : $item['dc:date']);
|
||||
if (!($item['timestamp'] == -1) AND ($displaydate == 'true')) {
|
||||
$content .= '<div class="serendipitySideBarDate">'
|
||||
. htmlspecialchars(serendipity_formatTime($dateformat, $item['timestamp'], false))
|
||||
. serendipity_specialchars(serendipity_formatTime($dateformat, $item['timestamp'], false))
|
||||
. '</div>';
|
||||
|
||||
}
|
||||
@ -650,7 +650,7 @@ class serendipity_plugin_remoterss extends serendipity_plugin {
|
||||
$content .= '<div class="rss_item">';
|
||||
|
||||
if ($use_rss_link) {
|
||||
$content .= '<div class="rss_link"><a href="' . htmlspecialchars($this->decode($item['link'])) . '" ' . (!empty($target) ? 'target="'.$target.'"' : '') . '>';
|
||||
$content .= '<div class="rss_link"><a href="' . serendipity_specialchars($this->decode($item['link'])) . '" ' . (!empty($target) ? 'target="'.$target.'"' : '') . '>';
|
||||
}
|
||||
|
||||
if (!empty($bulletimg)) {
|
||||
@ -668,7 +668,7 @@ class serendipity_plugin_remoterss extends serendipity_plugin {
|
||||
if ($escape_rss) {
|
||||
$content .= $this->decode($item[$rss_element]);
|
||||
} else {
|
||||
$content .= htmlspecialchars($this->decode($item[$rss_element]));
|
||||
$content .= serendipity_specialchars($this->decode($item[$rss_element]));
|
||||
}
|
||||
|
||||
if ($smarty) {
|
||||
@ -694,7 +694,7 @@ class serendipity_plugin_remoterss extends serendipity_plugin {
|
||||
$item['timestamp'] = @strtotime(isset($item['pubdate']) ? $item['pubdate'] : $item['dc:date']);
|
||||
if (!($item['timestamp'] == -1) AND ($displaydate == 'true')) {
|
||||
$content .= '<div class="serendipitySideBarDate">'
|
||||
. htmlspecialchars(serendipity_formatTime($dateformat, $item['timestamp'], false))
|
||||
. serendipity_specialchars(serendipity_formatTime($dateformat, $item['timestamp'], false))
|
||||
. '</div>';
|
||||
|
||||
}
|
||||
@ -782,23 +782,23 @@ class serendipity_plugin_remoterss extends serendipity_plugin {
|
||||
}
|
||||
|
||||
if (!empty($item['text'])) {
|
||||
$text = htmlspecialchars($this->decode($item['text']));
|
||||
$text = serendipity_specialchars($this->decode($item['text']));
|
||||
} elseif (!empty($item['title'])) {
|
||||
$text = htmlspecialchars($this->decode($item['title']));
|
||||
$text = serendipity_specialchars($this->decode($item['title']));
|
||||
} elseif (!empty($item['description'])) {
|
||||
$text = htmlspecialchars($this->decode($item['description']));
|
||||
$text = serendipity_specialchars($this->decode($item['description']));
|
||||
} else {
|
||||
$text = '';
|
||||
}
|
||||
|
||||
if ($blogrolling === true && (!empty($text) || !empty($url))) {
|
||||
$content .= '• <a href="' . htmlspecialchars($url) . '" ' . (!empty($target) ? 'target="'.$target.'"' : '') . ' title="' . $text . '">' . $text . "</a>";
|
||||
$content .= '• <a href="' . serendipity_specialchars($url) . '" ' . (!empty($target) ? 'target="'.$target.'"' : '') . ' title="' . $text . '">' . $text . "</a>";
|
||||
if (isset($item['isRecent'])) {
|
||||
$content .= ' <span style="color: Red; ">*</span>';
|
||||
}
|
||||
$content .= "<br />";
|
||||
} elseif ((isset($item['type']) && $item['type'] == 'url') || !empty($url)) {
|
||||
$content .= '• <a href="' . htmlspecialchars($url) . '" ' . (!empty($target) ? 'target="'.$target.'"' : '') . ' title="' . $text . '">' . $text . "</a>";
|
||||
$content .= '• <a href="' . serendipity_specialchars($url) . '" ' . (!empty($target) ? 'target="'.$target.'"' : '') . ' title="' . $text . '">' . $text . "</a>";
|
||||
$content .= "<br />";
|
||||
}
|
||||
++$i;
|
||||
|
||||
@ -66,7 +66,7 @@ if (defined('IS_up2date') && IS_up2date === true && IS_installed === true) {
|
||||
$is_logged_in = serendipity_userLoggedIn();
|
||||
|
||||
if ($is_logged_in) {
|
||||
$self_info = sprintf(USER_SELF_INFO, htmlspecialchars($serendipity['serendipityUser']), $serendipity['permissionLevels'][$serendipity['serendipityUserlevel']]);
|
||||
$self_info = sprintf(USER_SELF_INFO, serendipity_specialchars($serendipity['serendipityUser']), $serendipity['permissionLevels'][$serendipity['serendipityUserlevel']]);
|
||||
} else {
|
||||
$self_info = '';
|
||||
}
|
||||
|
||||
@ -121,7 +121,7 @@ switch ($serendipity['GET']['step']) {
|
||||
serendipity_plugin_api::hook_event('media_getproperties_cached', $media['file']['props']['base_metadata'], $media['file']['realfile']);
|
||||
|
||||
if ($file['is_image']) {
|
||||
$file['finishJSFunction'] = $file['origfinishJSFunction'] = 'serendipity.serendipity_imageSelector_done(\'' . htmlspecialchars($serendipity['GET']['textarea']) . '\')';
|
||||
$file['finishJSFunction'] = $file['origfinishJSFunction'] = 'serendipity.serendipity_imageSelector_done(\'' . serendipity_specialchars($serendipity['GET']['textarea']) . '\')';
|
||||
|
||||
if (!empty($serendipity['GET']['filename_only']) && $serendipity['GET']['filename_only'] !== 'true') {
|
||||
$file['fast_select'] = true;
|
||||
@ -277,11 +277,11 @@ switch ($serendipity['GET']['step']) {
|
||||
$media['case'] = 'default';
|
||||
$add_url = '';
|
||||
if (!empty($serendipity['GET']['htmltarget'])) {
|
||||
$add_url .= '&serendipity[htmltarget]=' . htmlspecialchars($serendipity['GET']['htmltarget']);
|
||||
$add_url .= '&serendipity[htmltarget]=' . serendipity_specialchars($serendipity['GET']['htmltarget']);
|
||||
}
|
||||
|
||||
if (!empty($serendipity['GET']['filename_only'])) {
|
||||
$add_url .= '&serendipity[filename_only]=' . htmlspecialchars($serendipity['GET']['filename_only']);
|
||||
$add_url .= '&serendipity[filename_only]=' . serendipity_specialchars($serendipity['GET']['filename_only']);
|
||||
}
|
||||
|
||||
if (!isset($serendipity['thumbPerPage2'])) {
|
||||
@ -293,7 +293,7 @@ switch ($serendipity['GET']['step']) {
|
||||
isset($serendipity['GET']['page']) ? $serendipity['GET']['page'] : 1,
|
||||
$serendipity['thumbPerPage2'],
|
||||
($serendipity['showMediaToolbar'] ? true : false),
|
||||
'?serendipity[step]=1' . $add_url . '&serendipity[textarea]='. htmlspecialchars($serendipity['GET']['textarea']),
|
||||
'?serendipity[step]=1' . $add_url . '&serendipity[textarea]='. serendipity_specialchars($serendipity['GET']['textarea']),
|
||||
true,
|
||||
null
|
||||
);
|
||||
|
||||
Reference in New Issue
Block a user