projects / web / Keweenaw.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fbb78d4)
Fixing htmlspecialchars issues with the title text
authorSteve Sutton <steve@gaslightmedia.com>
Wed, 1 Oct 2014 12:40:36 +0000 (08:40 -0400)
committerSteve Sutton <steve@gaslightmedia.com>
Tue, 14 Oct 2014 15:17:08 +0000 (11:17 -0400)
Using htmlspecialchars with ENT_COMPAT and double encode false.

Toolkit/Blocks/Admin/EditPage.php patch | blob | history
Toolkit/Blocks/templates/editPage.html patch | blob | history
templates/template.html patch | blob | history

diff --git a/Toolkit/Blocks/Admin/EditPage.php b/Toolkit/Blocks/Admin/EditPage.php
index b2ca0a7..467b4a5 100644 (file)
--- a/Toolkit/Blocks/Admin/EditPage.php
+++ b/Toolkit/Blocks/Admin/EditPage.php
@@ -97,6 +97,7 @@ class Toolkit_Blocks_Admin_EditPage
             $stmt->bindParam(':page', $this->_pageId, PDO::PARAM_INT);
             $stmt->execute();
             while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
+                $row['title'] = htmlspecialchars($row['title'], ENT_COMPAT, 'UTF-8', false);
                 if ($row['image']) {
                     $row['imageUrl'] = HOMEPAGE_HEADLINE_THUMB . $row['image'];
                 }
diff --git a/Toolkit/Blocks/templates/editPage.html b/Toolkit/Blocks/templates/editPage.html
index 1ae3563..fd47feb 100644 (file)
--- a/Toolkit/Blocks/templates/editPage.html
+++ b/Toolkit/Blocks/templates/editPage.html
@@ -116,7 +116,7 @@
                         type="text"
                         class="title"
                         name="title"
-                        value="{block[title]}">
+                        value="{block[title]:h}">
                     <div class="internal_link">
                     <h3>Internal Link</h3>
                     <label class="titleLabel">Links to:</label>
diff --git a/templates/template.html b/templates/template.html
index 952e902..027660e 100755 (executable)
--- a/templates/template.html
+++ b/templates/template.html
@@ -164,7 +164,7 @@
                             <div class="row">
                                 <div class="small-11 small-centered columns show-for-small text-center homeBlockHeader">
                                     {if:block[href]}<a href="{block[href]:h}">{end:}
-                                    <h3>{block[header]}</h3>
+                                    <h3>{block[header]:h}</h3>
                                     {if:block[href]}</a>{end:}
                                 </div>
                                 <div class="small-11 small-centered columns text-center blockImg">
@@ -180,7 +180,7 @@
                                 </div>
                                 <div class="small-11 small-centered show-for-medium-up columns text-center homeBlockHeader">
                                     {if:block[href]}<a href="{block[href]:h}">{end:}
-                                    <h3>{block[header]}</h3>
+                                    <h3>{block[header]:h}</h3>
                                     {if:block[href]}</a>{end:}
                                 </div>
                                 <div class="small-10 small-centered columns blockDescr">