Permalink
Browse files

Properly escape parameters to Dwoo "a" blocks.

  • Loading branch information...
1 parent d3caa8b commit 68c7cb0acfaee294ec06184d8472d071eeee0265 @qris qris committed Nov 14, 2011
Showing with 5 additions and 1 deletion.
  1. +5 −1 lib/Dwoo/Plugin.php
View
@@ -73,10 +73,14 @@ public static function paramsToAttributes(array $params, $delim = '\'')
$out .= ' '.$attr.'=';
if (trim($val, '"\'')=='' || $val=='null') {
$out .= str_replace($delim, '\\'.$delim, '""');
+ // $out .= ' '.$delim.'.htmlentities('.$attr.').'.$delim.'=';
} elseif (substr($val, 0, 1) === $delim && substr($val, -1) === $delim) {
$out .= str_replace($delim, '\\'.$delim, '"'.substr($val, 1, -1).'"');
} else {
- $out .= str_replace($delim, '\\'.$delim, '"') . $delim . '.'.$val.'.' . $delim . str_replace($delim, '\\'.$delim, '"');
+ // $out .= str_replace($delim, '\\'.$delim, '"') . $delim . '.'.$val.'.' . $delim . str_replace($delim, '\\'.$delim, '"');
+ $out .= str_replace($delim, '\\'.$delim, '"') .
+ $delim . '.htmlentities(' . $val . ').' . $delim .
+ str_replace($delim, '\\'.$delim, '"');
}
}

0 comments on commit 68c7cb0

Please sign in to comment.