Skip to content

Commit

Permalink
fix: added missing conversion to HTML entities
Browse files Browse the repository at this point in the history
  • Loading branch information
thorsten committed Jan 9, 2023
1 parent cd65a96 commit 1815dae
Show file tree
Hide file tree
Showing 4 changed files with 9 additions and 7 deletions.
2 changes: 1 addition & 1 deletion phpmyfaq/admin/record.edit.php
Expand Up @@ -652,7 +652,7 @@ class="form-check-input"
);
?>
<br>
<?= $entry['changelog'] ?>
<?= Strings::htmlentities($entry['changelog']) ?>
</li>
<?php } ?>
</ul>
Expand Down
6 changes: 4 additions & 2 deletions phpmyfaq/admin/record.show.php
Expand Up @@ -28,6 +28,7 @@
use phpMyFAQ\Language;
use phpMyFAQ\LinkVerifier;
use phpMyFAQ\Search\SearchFactory;
use phpMyFAQ\Strings;
use phpMyFAQ\Visits;

if (!defined('IS_VALID_PHPMYFAQ')) {
Expand Down Expand Up @@ -456,8 +457,9 @@ function verifyEntryURL_failure(XmlRequest)
</td>
<td>
<a href="?action=editentry&id=<?= $record['id'] ?>&lang=<?= $record['lang'] ?>"
title="<?= $PMF_LANG['ad_user_edit'] ?> '<?= str_replace('"', '´', $record['title']) ?>'">
<?= $record['title'] ?>
title="<?= $PMF_LANG['ad_user_edit'] ?> '
<?= str_replace('"', '´', Strings::htmlentities($record['title'])) ?>'">
<?= Strings::htmlentities($record['title']) ?>
</a>
<?php
if (isset($numCommentsByFaq[$record['id']])) {
Expand Down
4 changes: 2 additions & 2 deletions phpmyfaq/src/phpMyFAQ/Faq.php
Expand Up @@ -2010,8 +2010,8 @@ public function getLatest(): array
if (count($result) > 0) {
foreach ($result as $row) {
$output['url'][] = Strings::htmlentities($row['url']);
$output['title'][] = Utils::makeShorterText($row['question'], 8);
$output['preview'][] = $row['question'];
$output['title'][] = Strings::htmlentities(Utils::makeShorterText($row['question'], 8));
$output['preview'][] = Strings::htmlentities($row['question']);
$output['date'][] = $date->format($row['date']);
}
} else {
Expand Down
4 changes: 2 additions & 2 deletions phpmyfaq/src/phpMyFAQ/Tags.php
Expand Up @@ -368,7 +368,7 @@ public function renderTagCloud(): string
$totFaqByTag = count($this->getFaqsByTagName($tagName));
if ($totFaqByTag > 0) {
$tags[$tagName]['id'] = $tagId;
$tags[$tagName]['name'] = $tagName;
$tags[$tagName]['name'] = Strings::htmlentities($tagName);
$tags[$tagName]['count'] = $totFaqByTag;
}
}
Expand Down Expand Up @@ -483,7 +483,7 @@ public function renderPopularTags(int $limit = 0): string
'<a class="btn btn-primary m-1" href="?action=search&tagging_id=%d">%s ' .
'<span class="badge badge-info">%d</span></a>',
$tagId,
$tagName,
Strings::htmlentities($tagName),
$tagFreq
);
}
Expand Down

0 comments on commit 1815dae

Please sign in to comment.