Special characters should be escaped
This commit is contained in:
		
					parent
					
						
							
								4948460232
							
						
					
				
			
			
				commit
				
					
						3f35fed35a
					
				
			
		
					 3 changed files with 4 additions and 4 deletions
				
			
		|  | @ -10,7 +10,7 @@ function profile_init(&$a) { | ||||||
| 		$a->page['aside'] = ''; | 		$a->page['aside'] = ''; | ||||||
| 
 | 
 | ||||||
| 	if($a->argc > 1) | 	if($a->argc > 1) | ||||||
| 		$which = $a->argv[1]; | 		$which = htmlspecialchars($a->argv[1]); | ||||||
| 	else { | 	else { | ||||||
| 		$r = q("select nickname from user where blocked = 0 and account_expired = 0 and account_removed = 0 and verified = 1 order by rand() limit 1"); | 		$r = q("select nickname from user where blocked = 0 and account_expired = 0 and account_removed = 0 and verified = 1 order by rand() limit 1"); | ||||||
| 		if(count($r)) { | 		if(count($r)) { | ||||||
|  | @ -27,7 +27,7 @@ function profile_init(&$a) { | ||||||
| 	$profile = 0; | 	$profile = 0; | ||||||
| 	if((local_user()) && ($a->argc > 2) && ($a->argv[2] === 'view')) { | 	if((local_user()) && ($a->argc > 2) && ($a->argv[2] === 'view')) { | ||||||
| 		$which = $a->user['nickname']; | 		$which = $a->user['nickname']; | ||||||
| 		$profile = $a->argv[1]; | 		$profile = htmlspecialchars($a->argv[1]); | ||||||
| 	} | 	} | ||||||
| 	else { | 	else { | ||||||
| 		auto_redir($a, $which); | 		auto_redir($a, $which); | ||||||
|  |  | ||||||
|  | @ -17,7 +17,7 @@ | ||||||
| <html> | <html> | ||||||
| <head> | <head> | ||||||
| 	<title><?php if(x($page,'title')) echo $page['title'] ?></title>
 | 	<title><?php if(x($page,'title')) echo $page['title'] ?></title>
 | ||||||
| 	<meta request="<?php echo $_REQUEST['pagename'] ?> "> | 	<meta request="<?php echo htmlspecialchars($_REQUEST['pagename']) ?> "> | ||||||
| 	<script>var baseurl="<?php echo $a->get_baseurl() ?>";</script> | 	<script>var baseurl="<?php echo $a->get_baseurl() ?>";</script> | ||||||
| 	<script>var frio="<?php echo "view/theme/frio"; ?>";</script> | 	<script>var frio="<?php echo "view/theme/frio"; ?>";</script> | ||||||
| 	<?php $baseurl = $a->get_baseurl(); ?>
 | 	<?php $baseurl = $a->get_baseurl(); ?>
 | ||||||
|  |  | ||||||
|  | @ -11,7 +11,7 @@ | ||||||
| <head> | <head> | ||||||
| 	<title><?php if(x($page,'title')) echo $page['title'] ?></title>
 | 	<title><?php if(x($page,'title')) echo $page['title'] ?></title>
 | ||||||
| 	<meta name="viewport" content="initial-scale=1.0"> | 	<meta name="viewport" content="initial-scale=1.0"> | ||||||
| 	<meta request="<?php echo $_REQUEST['pagename'] ?> "> | 	<meta request="<?php echo htmlspecialchars($_REQUEST['pagename']) ?> "> | ||||||
| 	<script>var baseurl="<?php echo $a->get_baseurl() ?>";</script> | 	<script>var baseurl="<?php echo $a->get_baseurl() ?>";</script> | ||||||
| 	<script>var frio="<?php echo "view/theme/frio"; ?>";</script> | 	<script>var frio="<?php echo "view/theme/frio"; ?>";</script> | ||||||
| 	<?php $baseurl = $a->get_baseurl(); ?>
 | 	<?php $baseurl = $a->get_baseurl(); ?>
 | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue