Skip to content

Commit

Permalink
escape HTML, closes #17
Browse files Browse the repository at this point in the history
  • Loading branch information
@aaronpk
aaronpk committed May 24, 2019
1 parent b4fccf0 commit 8327f98
Show file tree
Hide file tree
Showing 4 changed files with 9 additions and 5 deletions.
4 changes: 4 additions & 0 deletions functions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,3 +133,7 @@ function join_with_and($array) {

return implode(', ', $array) . ' and ' . $last;
}

function e($text) {
return htmlspecialchars($text);
}
4 changes: 2 additions & 2 deletions generate-events-summary.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ function format_event($event) {
$locations[] = $loc['properties']['name'][0];
}
}
$location = '<ul>' . implode("\n", array_map(function($e){ return '<li>'.$e.'</li>'; }, $locations)) . '</ul>';
$location = '<ul>' . implode("\n", array_map(function($e){ return '<li>'.e($e).'</li>'; }, $locations)) . '</ul>';
} elseif(array_key_exists('location', $event['properties'])) {
$locations = [];
foreach($event['properties']['location'] as $loc) {
Expand All @@ -110,7 +110,7 @@ function format_event($event) {
if($name) {
echo "\n\n";
echo '<div style="margin-bottom: 1em;" class="h-event">';
echo '<div style="font-size: 1.3em; font-weight: bold;" class="p-name">' . ($url ? '<a href="'.$url.'" class="u-url">'.$name.'</a>' : $name) . '</div>' . "\n";
echo '<div style="font-size: 1.3em; font-weight: bold;" class="p-name">' . ($url ? '<a href="'.$url.'" class="u-url">'.e($name).'</a>' : e($name)) . '</div>' . "\n";
if($start) {
try {
$start = new DateTime($start);
Expand Down
4 changes: 2 additions & 2 deletions generate-indienews.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,11 @@
ob_start();
echo '<div style="margin-bottom: 1em;" class="h-entry">';
if($name)
echo '<div style="font-size:1.3em;font-weight:bold;"><a href="'.$url.'" class="u-url p-name">'.$name.'</a></div>';
echo '<div style="font-size:1.3em;font-weight:bold;"><a href="'.$url.'" class="u-url p-name">'.e($name).'</a></div>';
else
echo '';
echo '<div>';
echo 'by <a href="'.$author.'" class="p-author h-card">'.$author_name.'</a>';
echo 'by <a href="'.$author.'" class="p-author h-card">'.e($author_name).'</a>';
echo ' on <a href="'.$url.'"><time class="dt-published" datetime="'.$published->format('c').'">'.$published->format('F j').'</time></a>';
echo '</div>';
if($content) {
Expand Down
2 changes: 1 addition & 1 deletion generate-podcasts.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
ob_start();
echo '<div style="margin-bottom: 1em;" class="h-entry">';
if($name)
echo '<div style="font-size:1.3em;font-weight:bold;"><a href="'.$url.'" class="u-url p-name">'.$name.'</a></div>';
echo '<div style="font-size:1.3em;font-weight:bold;"><a href="'.$url.'" class="u-url p-name">'.e($name).'</a></div>';
else
echo '<a href="'.$url.'" class="u-url">'.$url.'</a>';
/*
Expand Down

0 comments on commit 8327f98

Please sign in to comment.