htmlspecialchars manquants

Contribue à https://github.com/marienfressinaud/FreshRSS/issues/195
author: Alexandre Alapetite <alexandre@alapetite.fr> 2013-11-07 21:39:39 +0100
committer: Alexandre Alapetite <alexandre@alapetite.fr> 2013-11-07 21:39:39 +0100
commit: fa13929db9758b27b0140057e8f6e844dce86361 (patch)
tree: 789089691d0eb3129433d9996771ce1db071c701
parent: 2ce0f88d2821f56272427eb68055ead1797c2d13 (diff)
5 files changed, 8 insertions, 10 deletions
diff --git a/app/layout/aside_feed.phtml b/app/layout/aside_feed.phtml
index e03be007e..b00c1816c 100644
--- a/app/layout/aside_feed.phtml
+++ b/app/layout/aside_feed.phtml
@@ -17,7 +17,7 @@
 						<select name="category" id="category">
 						<?php foreach ($this->categories as $cat) { ?>
 						<option value="<?php echo $cat->id (); ?>"<?php echo $cat->id () == '000000' ? ' selected="selected"' : ''; ?>>
-							<?php echo $cat->name (); ?>
+							<?php echo htmlspecialchars($cat->name (), ENT_NOQUOTES, 'UTF-8'); ?>
 						</option>
 						<?php } ?>
 						</select>
@@ -48,7 +48,7 @@
 	<li class="item<?php echo ($this->flux && $this->flux->id () == $feed->id ()) ? ' active' : ''; ?><?php echo $feed->inError () ? ' error' : ''; ?><?php echo $nbEntries == 0 ? ' empty' : ''; ?>">
 		<a href="<?php echo _url ('configure', 'feed', 'id', $feed->id ()); ?>">
 			<img class="favicon" src="<?php echo $feed->favicon (); ?>" alt="✇" />
-			<?php echo $feed->name (); ?>
+			<?php echo htmlspecialchars($feed->name (), ENT_NOQUOTES, 'UTF-8'); ?>
 		</a>
 	</li>
 	<?php } ?>
diff --git a/app/layout/aside_flux.phtml b/app/layout/aside_flux.phtml
index 16c955a1d..6ebbbc036 100644
--- a/app/layout/aside_flux.phtml
+++ b/app/layout/aside_flux.phtml
@@ -52,7 +52,7 @@
 		<li>
 			<?php $c_active = false; if ($this->get_c == $cat->id ()) { $c_active = true; } ?>
 			<div class="category stick<?php echo $c_active ? ' active' : ''; ?>">
-				<a data-unread="<?php echo $cat->nbNotRead (); ?>" class="btn<?php echo $c_active ? ' active' : ''; ?>" href="<?php echo _url ('index', 'index', 'get', 'c_' . $cat->id ()); ?>"><?php echo $cat->name (); ?></a>
+				<a data-unread="<?php echo $cat->nbNotRead (); ?>" class="btn<?php echo $c_active ? ' active' : ''; ?>" href="<?php echo _url ('index', 'index', 'get', 'c_' . $cat->id ()); ?>"><?php echo htmlspecialchars($cat->name (), ENT_NOQUOTES, 'UTF-8'); ?></a>
 				<a class="btn dropdown-toggle" href="#"><i class="icon <?php echo $c_active ? 'i_up' : 'i_down'; ?>"></i></a>
 			</div>
 
@@ -68,7 +68,7 @@
 <?php /* feed_config_template */ ?>
 					</div>
 					<img class="favicon" src="<?php echo $feed->favicon (); ?>" alt="✇" />
-					<a class="feed" data-unread="<?php echo $feed->nbNotRead (); ?>" data-priority="<?php echo $feed->priority (); ?>" href="<?php echo _url ('index', 'index', 'get', 'f_' . $feed_id); ?>"><?php echo $feed->name(); ?></a>
+					<a class="feed" data-unread="<?php echo $feed->nbNotRead (); ?>" data-priority="<?php echo $feed->priority (); ?>" href="<?php echo _url ('index', 'index', 'get', 'f_' . $feed_id); ?>"><?php echo htmlspecialchars($feed->name(), ENT_NOQUOTES, 'UTF-8'); ?></a>
 				</li>
 				<?php } ?>
 			</ul>
diff --git a/app/views/helpers/view/global_view.phtml b/app/views/helpers/view/global_view.phtml
index 0eb29b11a..fc55ed8ba 100644
--- a/app/views/helpers/view/global_view.phtml
+++ b/app/views/helpers/view/global_view.phtml
@@ -10,7 +10,7 @@
 	<div class="category">
 		<div class="cat_header">
 			<a href="<?php echo _url ('index', 'index', 'get', 'c_' . $cat->id (), 'output', 'normal'); ?>">
-			<?php echo $cat->name(); ?><?php echo $catNotRead > 0 ? ' (' . $catNotRead . ')' : ''; ?>
+			<?php echo htmlspecialchars($cat->name(), ENT_NOQUOTES, 'UTF-8'); ?><?php echo $catNotRead > 0 ? ' (' . $catNotRead . ')' : ''; ?>
 			</a>
 		</div>
 
@@ -22,7 +22,7 @@
 
 				<a href="<?php echo _url ('index', 'index', 'get', 'f_' . $feed->id (), 'output', 'normal'); ?>">
 				<?php echo $not_read > 0 ? '<b>' : ''; ?>
-				<?php echo $feed->name(); ?>
+				<?php echo htmlspecialchars($feed->name(), ENT_NOQUOTES, 'UTF-8'); ?>
 				<?php echo $not_read > 0 ? ' (' . $not_read . ')' : ''; ?>
 				<?php echo $not_read > 0 ? '</b>' : ''; ?>
 				</a>
diff --git a/app/views/helpers/view/normal_view.phtml b/app/views/helpers/view/normal_view.phtml
index 91d3d34a4..2f6748263 100644
--- a/app/views/helpers/view/normal_view.phtml
+++ b/app/views/helpers/view/normal_view.phtml
@@ -46,7 +46,7 @@ if (isset ($this->entryPaginator) && !$this->entryPaginator->isEmpty ()) {
 				$feed = HelperCategory::findFeed($this->cat_aside, $item->feed ());	//We most likely already have the feed object in cache
 				if (empty($feed)) $feed = $item->feed (true);
 			?>
-			<li class="item website"><a href="<?php echo _url ('index', 'index', 'get', 'f_' . $feed->id ()); ?>"><img class="favicon" src="<?php echo $feed->favicon (); ?>" alt="✇" /> <span><?php echo $feed->name (); ?></span></a></li>
+			<li class="item website"><a href="<?php echo _url ('index', 'index', 'get', 'f_' . $feed->id ()); ?>"><img class="favicon" src="<?php echo $feed->favicon (); ?>" alt="✇" /> <span><?php echo htmlspecialchars($feed->name(), ENT_NOQUOTES, 'UTF-8'); ?></span></a></li>
 			<li class="item title"><a target="_blank" href="<?php echo $item->link (); ?>"><?php echo $item->title (); ?></a></li>
 			<?php if ($this->conf->toplineDate ()) { ?><li class="item date"><?php echo $item->date (); ?>&nbsp;</li><?php } ?>
 			<?php if ($this->conf->toplineLink ()) { ?><li class="item link"><a target="_blank" href="<?php echo $item->link (); ?>">&nbsp;</a></li><?php } ?>
@@ -83,7 +83,6 @@ if (isset ($this->entryPaginator) && !$this->entryPaginator->isEmpty ()) {
 
 						<ul class="dropdown-menu">
 							<li class="dropdown-close"><a href="#close">&nbsp;</a></li>
-
 							<?php
 								$shaarli = $this->conf->urlShaarli ();
 								if ((!login_is_conf ($this->conf) || is_logged ()) && $shaarli) {
@@ -125,7 +124,6 @@ if (isset ($this->entryPaginator) && !$this->entryPaginator->isEmpty ()) {
 					<div class="dropdown">
 						<div id="dropdown-tags-<?php echo $item->id ();?>" class="dropdown-target"></div>
 						<i class="icon i_tag"></i> <a class="dropdown-toggle" href="#dropdown-tags-<?php echo $item->id ();?>"><?php echo Translate::t ('related_tags'); ?></a>
-
 						<ul class="dropdown-menu">
 							<li class="dropdown-close"><a href="#close">&nbsp;</a></li>
 							<?php foreach($tags as $tag) { ?>
diff --git a/app/views/helpers/view/reader_view.phtml b/app/views/helpers/view/reader_view.phtml
index fcafb1343..f808990f7 100644
--- a/app/views/helpers/view/reader_view.phtml
+++ b/app/views/helpers/view/reader_view.phtml
@@ -16,7 +16,7 @@ if (isset ($this->entryPaginator) && !$this->entryPaginator->isEmpty ()) {
 					if (empty($feed)) $feed = $item->feed (true);
 				?>
 				<a href="<?php echo $item->link (); ?>">
-					<img class="favicon" src="<?php echo $feed->favicon (); ?>" alt="✇" /> <span><?php echo $feed->name (); ?></span>
+					<img class="favicon" src="<?php echo $feed->favicon (); ?>" alt="✇" /> <span><?php echo htmlspecialchars($feed->name(), ENT_NOQUOTES, 'UTF-8'); ?></span>
 				</a>
 				<h1 class="title"><?php echo $item->title (); ?></h1>
author	Alexandre Alapetite <alexandre@alapetite.fr>	2013-11-07 21:39:39 +0100
committer	Alexandre Alapetite <alexandre@alapetite.fr>	2013-11-07 21:39:39 +0100
commit	fa13929db9758b27b0140057e8f6e844dce86361 (patch)
tree	789089691d0eb3129433d9996771ce1db071c701
parent	2ce0f88d2821f56272427eb68055ead1797c2d13 (diff)