From: Steve Sutton <steve@gaslightmedia.com>
Date: Wed, 1 Oct 2014 12:40:36 +0000 (-0400)
Subject: Fixing htmlspecialchars issues with the title text
X-Git-Tag: v1.2.32^2
X-Git-Url: http://cvs2.gaslightmedia.com/gitweb/index.cgi?a=commitdiff_plain;h=4e257145a878a9327806eb5012fbccf42bfacafe;p=web%2FKeweenaw.git

Fixing htmlspecialchars issues with the title text

Using htmlspecialchars with ENT_COMPAT and double encode false.
---

diff --git a/Toolkit/Blocks/Admin/EditPage.php b/Toolkit/Blocks/Admin/EditPage.php
index b2ca0a7..467b4a5 100644
--- a/Toolkit/Blocks/Admin/EditPage.php
+++ b/Toolkit/Blocks/Admin/EditPage.php
@@ -97,6 +97,7 @@ class Toolkit_Blocks_Admin_EditPage
             $stmt->bindParam(':page', $this->_pageId, PDO::PARAM_INT);
             $stmt->execute();
             while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
+                $row['title'] = htmlspecialchars($row['title'], ENT_COMPAT, 'UTF-8', false);
                 if ($row['image']) {
                     $row['imageUrl'] = HOMEPAGE_HEADLINE_THUMB . $row['image'];
                 }
diff --git a/Toolkit/Blocks/templates/editPage.html b/Toolkit/Blocks/templates/editPage.html
index 1ae3563..fd47feb 100644
--- a/Toolkit/Blocks/templates/editPage.html
+++ b/Toolkit/Blocks/templates/editPage.html
@@ -116,7 +116,7 @@
                         type="text"
                         class="title"
                         name="title"
-                        value="{block[title]}">
+                        value="{block[title]:h}">
                     <div class="internal_link">
                     <h3>Internal Link</h3>
                     <label class="titleLabel">Links to:</label>
diff --git a/templates/template.html b/templates/template.html
index 952e902..027660e 100755
--- a/templates/template.html
+++ b/templates/template.html
@@ -164,7 +164,7 @@
                             <div class="row">
                                 <div class="small-11 small-centered columns show-for-small text-center homeBlockHeader">
                                     {if:block[href]}<a href="{block[href]:h}">{end:}
-                                    <h3>{block[header]}</h3>
+                                    <h3>{block[header]:h}</h3>
                                     {if:block[href]}</a>{end:}
                                 </div>
                                 <div class="small-11 small-centered columns text-center blockImg">
@@ -180,7 +180,7 @@
                                 </div>
                                 <div class="small-11 small-centered show-for-medium-up columns text-center homeBlockHeader">
                                     {if:block[href]}<a href="{block[href]:h}">{end:}
-                                    <h3>{block[header]}</h3>
+                                    <h3>{block[header]:h}</h3>
                                     {if:block[href]}</a>{end:}
                                 </div>
                                 <div class="small-10 small-centered columns blockDescr">