From 4e257145a878a9327806eb5012fbccf42bfacafe Mon Sep 17 00:00:00 2001
From: Steve Sutton <steve@gaslightmedia.com>
Date: Wed, 1 Oct 2014 08:40:36 -0400
Subject: [PATCH] Fixing htmlspecialchars issues with the title text

Using htmlspecialchars with ENT_COMPAT and double encode false.
---
 Toolkit/Blocks/Admin/EditPage.php      | 1 +
 Toolkit/Blocks/templates/editPage.html | 2 +-
 templates/template.html                | 4 ++--
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/Toolkit/Blocks/Admin/EditPage.php b/Toolkit/Blocks/Admin/EditPage.php
index b2ca0a7..467b4a5 100644
--- a/Toolkit/Blocks/Admin/EditPage.php
+++ b/Toolkit/Blocks/Admin/EditPage.php
@@ -97,6 +97,7 @@ class Toolkit_Blocks_Admin_EditPage
             $stmt->bindParam(':page', $this->_pageId, PDO::PARAM_INT);
             $stmt->execute();
             while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
+                $row['title'] = htmlspecialchars($row['title'], ENT_COMPAT, 'UTF-8', false);
                 if ($row['image']) {
                     $row['imageUrl'] = HOMEPAGE_HEADLINE_THUMB . $row['image'];
                 }
diff --git a/Toolkit/Blocks/templates/editPage.html b/Toolkit/Blocks/templates/editPage.html
index 1ae3563..fd47feb 100644
--- a/Toolkit/Blocks/templates/editPage.html
+++ b/Toolkit/Blocks/templates/editPage.html
@@ -116,7 +116,7 @@
                         type="text"
                         class="title"
                         name="title"
-                        value="{block[title]}">
+                        value="{block[title]:h}">
                     <div class="internal_link">
                     <h3>Internal Link</h3>
                     <label class="titleLabel">Links to:</label>
diff --git a/templates/template.html b/templates/template.html
index 952e902..027660e 100755
--- a/templates/template.html
+++ b/templates/template.html
@@ -164,7 +164,7 @@
                             <div class="row">
                                 <div class="small-11 small-centered columns show-for-small text-center homeBlockHeader">
                                     {if:block[href]}<a href="{block[href]:h}">{end:}
-                                    <h3>{block[header]}</h3>
+                                    <h3>{block[header]:h}</h3>
                                     {if:block[href]}</a>{end:}
                                 </div>
                                 <div class="small-11 small-centered columns text-center blockImg">
@@ -180,7 +180,7 @@
                                 </div>
                                 <div class="small-11 small-centered show-for-medium-up columns text-center homeBlockHeader">
                                     {if:block[href]}<a href="{block[href]:h}">{end:}
-                                    <h3>{block[header]}</h3>
+                                    <h3>{block[header]:h}</h3>
                                     {if:block[href]}</a>{end:}
                                 </div>
                                 <div class="small-10 small-centered columns blockDescr">
-- 
2.17.1