apply htmlspecialchars() to $href, $target, and $text

git-svn-id: https://svn.php.net/repository/pear/packages/Text_Wiki/trunk@161295 c90b9560-bf6c-de11-be94-00142212c4b1
horde · Jun 14, 2004 · 4776595 · 4776595
1 parent 1409cf9
commit 4776595
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/Text/Wiki/Render/Xhtml/Url.php b/Text/Wiki/Render/Xhtml/Url.php
@@ -33,6 +33,7 @@ function token($options)
         // extension.
         $pos = strrpos($href, '.');
         $ext = strtolower(substr($href, $pos + 1));
+        $href = htmlspecialchars($href);
 
         // does the filename extension indicate an image file?
         if ($this->getConf('images') &&
@@ -41,6 +42,7 @@ function token($options)
             // create alt text for the image
             if (! isset($text) || $text == '') {
                 $text = basename($href);
+                $text = htmlspecialchars($text);
             }
 
             // generate an image tag
@@ -51,11 +53,12 @@ function token($options)
         	// allow for alternative targets
         	$target = $this->getConf('target', '');
         	if ($target) {
-        		$target = 'target="$target"';
+        		$target = ' target="' . htmlspecialchars($target) . '"';
         	}
 
             // generate a regular link (not an image)
-            $output = "<a $target href=\"$href\">$text</a>";
+            $text = htmlspecialchars($text);
+            $output = "<a$target href=\"$href\">$text</a>";
 
             // make numbered references look like footnotes
             if ($type == 'footnote') {