[mod_* templates] Always use htmlspecialchars($str, ENT_COMPAT, 'UTF-…

…8') (#10422) * Update mod_footer.php * Update mod_whosonline.php * Update mod_feed.php * Update mod_banners.php * Update mod_breadcrumbs.php * Update mod_feed.php * Update mod_random_image.php * Update mod_related_items.php * Update mod_tags_similar.php * Update mod_menu.php * Update error.php * Update users.php
joomla · May 16, 2016 · f35a174 · f35a174
1 parent 09b624c
commit f35a174
Show file tree

Hide file tree

Showing 12 changed files with 20 additions and 19 deletions.
diff --git a/administrator/modules/mod_feed/mod_feed.php b/administrator/modules/mod_feed/mod_feed.php
@@ -26,6 +26,6 @@
 }
 
 $feed            = ModFeedHelper::getFeed($params);
-$moduleclass_sfx = htmlspecialchars($params->get('moduleclass_sfx'));
+$moduleclass_sfx = htmlspecialchars($params->get('moduleclass_sfx'), ENT_COMPAT, 'UTF-8');
 
 require JModuleHelper::getLayoutPath('mod_feed', $params->get('layout', 'default'));
diff --git a/components/com_users/helpers/html/users.php b/components/com_users/helpers/html/users.php
@@ -39,7 +39,7 @@ public static function value($value)
 
 		elseif (!is_array($value))
 		{
-			return htmlspecialchars($value);
+			return htmlspecialchars($value, ENT_COMPAT, 'UTF-8');
 		}
 	}
 
@@ -90,7 +90,7 @@ public static function helpsite($value)
 				}
 			}
 
-			$value = htmlspecialchars($value);
+			$value = htmlspecialchars($value, ENT_COMPAT, 'UTF-8');
 
 			if (substr($value, 0, 4) == "http")
 			{
@@ -130,7 +130,7 @@ public static function templatestyle($value)
 
 			if ($title)
 			{
-				return htmlspecialchars($title);
+				return htmlspecialchars($title, ENT_COMPAT, 'UTF-8');
 			}
 			else
 			{
@@ -168,7 +168,7 @@ public static function admin_language($value)
 
 			if ($result)
 			{
-				return htmlspecialchars($result['name']);
+				return htmlspecialchars($result['name'], ENT_COMPAT, 'UTF-8');
 			}
 			else
 			{
@@ -206,7 +206,7 @@ public static function language($value)
 
 			if ($result)
 			{
-				return htmlspecialchars($result['name']);
+				return htmlspecialchars($result['name'], ENT_COMPAT, 'UTF-8');
 			}
 			else
 			{

diff --git a/modules/mod_banners/mod_banners.php b/modules/mod_banners/mod_banners.php
@@ -18,6 +18,6 @@
 require_once JPATH_ADMINISTRATOR . '/components/com_banners/helpers/banners.php';
 BannersHelper::updateReset();
 $list = &ModBannersHelper::getList($params);
-$moduleclass_sfx = htmlspecialchars($params->get('moduleclass_sfx'));
+$moduleclass_sfx = htmlspecialchars($params->get('moduleclass_sfx'), ENT_COMPAT, 'UTF-8');
 
 require JModuleHelper::getLayoutPath('mod_banners', $params->get('layout', 'default'));
diff --git a/modules/mod_breadcrumbs/mod_breadcrumbs.php b/modules/mod_breadcrumbs/mod_breadcrumbs.php
@@ -18,6 +18,6 @@
 
 // Set the default separator
 $separator = ModBreadCrumbsHelper::setSeparator($params->get('separator'));
-$moduleclass_sfx = htmlspecialchars($params->get('moduleclass_sfx'));
+$moduleclass_sfx = htmlspecialchars($params->get('moduleclass_sfx'), ENT_COMPAT, 'UTF-8');
 
 require JModuleHelper::getLayoutPath('mod_breadcrumbs', $params->get('layout', 'default'));
diff --git a/modules/mod_feed/mod_feed.php b/modules/mod_feed/mod_feed.php
@@ -26,6 +26,6 @@
 }
 
 $feed = ModFeedHelper::getFeed($params);
-$moduleclass_sfx = htmlspecialchars($params->get('moduleclass_sfx'));
+$moduleclass_sfx = htmlspecialchars($params->get('moduleclass_sfx'), ENT_COMPAT, 'UTF-8');
 
 require JModuleHelper::getLayoutPath('mod_feed', $params->get('layout', 'default'));
diff --git a/modules/mod_footer/mod_footer.php b/modules/mod_footer/mod_footer.php
@@ -32,6 +32,6 @@
 	$lineone = $line1;
 }
 
-$moduleclass_sfx = htmlspecialchars($params->get('moduleclass_sfx'));
+$moduleclass_sfx = htmlspecialchars($params->get('moduleclass_sfx'), ENT_COMPAT, 'UTF-8');
 
 require JModuleHelper::getLayoutPath('mod_footer', $params->get('layout', 'default'));
diff --git a/modules/mod_menu/mod_menu.php b/modules/mod_menu/mod_menu.php
@@ -20,7 +20,7 @@
 $default_id = $default->id;
 $path       = $base->tree;
 $showAll    = $params->get('showAllChildren');
-$class_sfx  = htmlspecialchars($params->get('class_sfx'));
+$class_sfx  = htmlspecialchars($params->get('class_sfx'), ENT_COMPAT, 'UTF-8');
 
 if (count($list))
 {

diff --git a/modules/mod_random_image/mod_random_image.php b/modules/mod_random_image/mod_random_image.php
@@ -23,6 +23,7 @@
 	return;
 }
 
-$image = ModRandomImageHelper::getRandomImage($params, $images);
-$moduleclass_sfx = htmlspecialchars($params->get('moduleclass_sfx'));
+$image           = ModRandomImageHelper::getRandomImage($params, $images);
+$moduleclass_sfx = htmlspecialchars($params->get('moduleclass_sfx'), ENT_COMPAT, 'UTF-8');
+
 require JModuleHelper::getLayoutPath('mod_random_image', $params->get('layout', 'default'));
diff --git a/modules/mod_related_items/mod_related_items.php b/modules/mod_related_items/mod_related_items.php
@@ -26,7 +26,7 @@
 	return;
 }
 
-$moduleclass_sfx = htmlspecialchars($params->get('moduleclass_sfx'));
-$showDate = $params->get('showDate', 0);
+$moduleclass_sfx = htmlspecialchars($params->get('moduleclass_sfx'), ENT_COMPAT, 'UTF-8');
+$showDate        = $params->get('showDate', 0);
 
 require JModuleHelper::getLayoutPath('mod_related_items', $params->get('layout', 'default'));
diff --git a/modules/mod_tags_similar/mod_tags_similar.php b/modules/mod_tags_similar/mod_tags_similar.php
@@ -26,6 +26,6 @@
 	return;
 }
 
-$moduleclass_sfx = htmlspecialchars($params->get('moduleclass_sfx'));
+$moduleclass_sfx = htmlspecialchars($params->get('moduleclass_sfx'), ENT_COMPAT, 'UTF-8');
 
 require JModuleHelper::getLayoutPath('mod_tags_similar', $params->get('layout', 'default'));
diff --git a/modules/mod_whosonline/mod_whosonline.php b/modules/mod_whosonline/mod_whosonline.php
@@ -25,6 +25,6 @@
 }
 
 $linknames = $params->get('linknames', 0);
-$moduleclass_sfx = htmlspecialchars($params->get('moduleclass_sfx'));
+$moduleclass_sfx = htmlspecialchars($params->get('moduleclass_sfx'), ENT_COMPAT, 'UTF-8');
 
 require JModuleHelper::getLayoutPath('mod_whosonline', $params->get('layout', 'default'));
diff --git a/templates/beez3/error.php b/templates/beez3/error.php
@@ -49,11 +49,11 @@
 		<link rel="stylesheet" href="<?php echo $file; ?>" type="text/css" />
 	<?php endforeach; ?>
 	<?php endif; ?>
-	<link rel="stylesheet" href="<?php echo $this->baseurl; ?>/templates/<?php echo $this->template; ?>/css/<?php echo htmlspecialchars($color); ?>.css" type="text/css" />
+	<link rel="stylesheet" href="<?php echo $this->baseurl; ?>/templates/<?php echo $this->template; ?>/css/<?php echo htmlspecialchars($color, ENT_COMPAT, 'UTF-8'); ?>.css" type="text/css" />
 	<?php if ($this->direction == 'rtl') : ?>
 		<link rel="stylesheet" href="<?php echo $this->baseurl ?>/templates/<?php echo $this->template; ?>/css/template_rtl.css" type="text/css" />
 		<?php if (file_exists(JPATH_SITE . '/templates/' . $this->template . '/css/' . $color . '_rtl.css')) : ?>
-			<link rel="stylesheet" href="<?php echo $this->baseurl; ?>/templates/<?php echo $this->template; ?>/css/<?php echo $color ?>_rtl.css" type="text/css" />
+			<link rel="stylesheet" href="<?php echo $this->baseurl; ?>/templates/<?php echo $this->template; ?>/css/<?php echo htmlspecialchars($color, ENT_COMPAT, 'UTF-8'); ?>_rtl.css" type="text/css" />
 		<?php endif; ?>
 	<?php endif; ?>
 	<?php if ($app->get('debug_lang', '0') == '1' || $app->get('debug', '0') == '1') : ?>