diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2013-11-07 21:39:39 +0100 |
|---|---|---|
| committer | Alexandre Alapetite <alexandre@alapetite.fr>
| 2013-11-07 21:39:39 +0100 |
| commit | fa13929db9758b27b0140057e8f6e844dce86361 (patch) | |
| tree | 789089691d0eb3129433d9996771ce1db071c701 /app/views/helpers | |
| parent | 2ce0f88d2821f56272427eb68055ead1797c2d13 (diff) | |
htmlspecialchars manquants
Contribue à https://github.com/marienfressinaud/FreshRSS/issues/195
Diffstat (limited to 'app/views/helpers')
| -rw-r--r-- | app/views/helpers/view/global_view.phtml | 4 | ||||
| -rw-r--r-- | app/views/helpers/view/normal_view.phtml | 4 | ||||
| -rw-r--r-- | app/views/helpers/view/reader_view.phtml | 2 |
3 files changed, 4 insertions, 6 deletions
diff --git a/app/views/helpers/view/global_view.phtml b/app/views/helpers/view/global_view.phtml index 0eb29b11a..fc55ed8ba 100644 --- a/app/views/helpers/view/global_view.phtml +++ b/app/views/helpers/view/global_view.phtml @@ -10,7 +10,7 @@ <div class="category"> <div class="cat_header"> <a href="<?php echo _url ('index', 'index', 'get', 'c_' . $cat->id (), 'output', 'normal'); ?>"> - <?php echo $cat->name(); ?><?php echo $catNotRead > 0 ? ' (' . $catNotRead . ')' : ''; ?> + <?php echo htmlspecialchars($cat->name(), ENT_NOQUOTES, 'UTF-8'); ?><?php echo $catNotRead > 0 ? ' (' . $catNotRead . ')' : ''; ?> </a> </div> @@ -22,7 +22,7 @@ <a href="<?php echo _url ('index', 'index', 'get', 'f_' . $feed->id (), 'output', 'normal'); ?>"> <?php echo $not_read > 0 ? '<b>' : ''; ?> - <?php echo $feed->name(); ?> + <?php echo htmlspecialchars($feed->name(), ENT_NOQUOTES, 'UTF-8'); ?> <?php echo $not_read > 0 ? ' (' . $not_read . ')' : ''; ?> <?php echo $not_read > 0 ? '</b>' : ''; ?> </a> diff --git a/app/views/helpers/view/normal_view.phtml b/app/views/helpers/view/normal_view.phtml index 91d3d34a4..2f6748263 100644 --- a/app/views/helpers/view/normal_view.phtml +++ b/app/views/helpers/view/normal_view.phtml @@ -46,7 +46,7 @@ if (isset ($this->entryPaginator) && !$this->entryPaginator->isEmpty ()) { $feed = HelperCategory::findFeed($this->cat_aside, $item->feed ()); //We most likely already have the feed object in cache if (empty($feed)) $feed = $item->feed (true); ?> - <li class="item website"><a href="<?php echo _url ('index', 'index', 'get', 'f_' . $feed->id ()); ?>"><img class="favicon" src="<?php echo $feed->favicon (); ?>" alt="✇" /> <span><?php echo $feed->name (); ?></span></a></li> + <li class="item website"><a href="<?php echo _url ('index', 'index', 'get', 'f_' . $feed->id ()); ?>"><img class="favicon" src="<?php echo $feed->favicon (); ?>" alt="✇" /> <span><?php echo htmlspecialchars($feed->name(), ENT_NOQUOTES, 'UTF-8'); ?></span></a></li> <li class="item title"><a target="_blank" href="<?php echo $item->link (); ?>"><?php echo $item->title (); ?></a></li> <?php if ($this->conf->toplineDate ()) { ?><li class="item date"><?php echo $item->date (); ?> </li><?php } ?> <?php if ($this->conf->toplineLink ()) { ?><li class="item link"><a target="_blank" href="<?php echo $item->link (); ?>"> </a></li><?php } ?> @@ -83,7 +83,6 @@ if (isset ($this->entryPaginator) && !$this->entryPaginator->isEmpty ()) { <ul class="dropdown-menu"> <li class="dropdown-close"><a href="#close"> </a></li> - <?php $shaarli = $this->conf->urlShaarli (); if ((!login_is_conf ($this->conf) || is_logged ()) && $shaarli) { @@ -125,7 +124,6 @@ if (isset ($this->entryPaginator) && !$this->entryPaginator->isEmpty ()) { <div class="dropdown"> <div id="dropdown-tags-<?php echo $item->id ();?>" class="dropdown-target"></div> <i class="icon i_tag"></i> <a class="dropdown-toggle" href="#dropdown-tags-<?php echo $item->id ();?>"><?php echo Translate::t ('related_tags'); ?></a> - <ul class="dropdown-menu"> <li class="dropdown-close"><a href="#close"> </a></li> <?php foreach($tags as $tag) { ?> diff --git a/app/views/helpers/view/reader_view.phtml b/app/views/helpers/view/reader_view.phtml index fcafb1343..f808990f7 100644 --- a/app/views/helpers/view/reader_view.phtml +++ b/app/views/helpers/view/reader_view.phtml @@ -16,7 +16,7 @@ if (isset ($this->entryPaginator) && !$this->entryPaginator->isEmpty ()) { if (empty($feed)) $feed = $item->feed (true); ?> <a href="<?php echo $item->link (); ?>"> - <img class="favicon" src="<?php echo $feed->favicon (); ?>" alt="✇" /> <span><?php echo $feed->name (); ?></span> + <img class="favicon" src="<?php echo $feed->favicon (); ?>" alt="✇" /> <span><?php echo htmlspecialchars($feed->name(), ENT_NOQUOTES, 'UTF-8'); ?></span> </a> <h1 class="title"><?php echo $item->title (); ?></h1> |