Skip to content

Commit

Permalink
Escape special characters
Browse files Browse the repository at this point in the history
  • Loading branch information
@olivierberten
olivierberten committed Mar 10, 2014
1 parent 677c5eb commit 1f5b2ff
Show file tree
Hide file tree
Showing 4 changed files with 5 additions and 5 deletions.
2 changes: 1 addition & 1 deletion chant.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -246,7 +246,7 @@
}
while ($m = $req1->fetch_assoc()) {
$user_info = get_userdata($m['user_id']);
echo "<li>".date("M d, Y",$m['time']).": ".$m['comment']." (".$user_info->display_name.') <a href="history.php?changeset='.$m['time'].'|'.$id.'|'.$m['user_id']."\">?</a></li>\n";
echo "<li>".date("M d, Y",$m['time']).": ".htmlspecialchars($m['comment'])." (".$user_info->display_name.') <a href="history.php?changeset='.$m['time'].'|'.$id.'|'.$m['user_id']."\">?</a></li>\n";
}
if($c['transcriber'] > '') {
echo "<li>Original transcriber: ".$c['transcriber']."</li>\n";
Expand Down
4 changes: 2 additions & 2 deletions feed.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
echo '<entry>
<title type="html">'.chant_from_id($m['chant_id'])[1].'</title>
<link href="'.$dir.'chant.php?id='.$m['chant_id'].'" />
<summary>'.$m['comment'].'</summary>
<summary>'.htmlspecialchars($m['comment']).'</summary>
<updated>'.date(DATE_ATOM,$m['time']).'</updated>
<author>
<name>'.$user_info->display_name.'</name>
Expand All @@ -43,7 +43,7 @@
echo '<entry>
<title type="html">'.chant_from_id($m['chant_id'])[1].'</title>
<link href="'.$dir.'chant.php?id='.$m['chant_id'].'" />
<summary>'.$m['comment'].'</summary>
<summary>'.htmlspecialchars($m['comment']).'</summary>
<updated>'.date(DATE_ATOM,$m['time']).'</updated>
<author>
<name>'.$user_info->display_name.'</name>
Expand Down
2 changes: 1 addition & 1 deletion scores.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@
echo "<ul>\n";
foreach($ml as $m) {
echo '<li><a href="chant.php?id='.$m['chant_id'].'">'.format_incipit(chant_from_id($m['chant_id'])[1])."</a><br />\n";
echo "<i>".$m['comment']."</i></li>\n";
echo "<i>".htmlspecialchars($m['comment'])."</i></li>\n";
}
echo "</ul><br />\n";
}
Expand Down
2 changes: 1 addition & 1 deletion updates.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
foreach($ml as $m) {
$user_info = get_userdata($m['user_id']);
echo "<li>".' <a href="chant.php?id='.$m['chant_id'].'">'.format_incipit(chant_from_id($m['chant_id'])[1])."</a><br />\n";
echo "<i>".$m['comment'].'</i> <span class="version">('.$user_info->display_name.")</span></li>\n";
echo "<i>".htmlspecialchars($m['comment']).'</i> <span class="version">('.$user_info->display_name.")</span></li>\n";
}
echo "</ul>\n";
}
Expand Down

0 comments on commit 1f5b2ff

Please sign in to comment.