From 56f21a4b89cef0c4c691096fe294abf356f1cfa9 Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 25 Nov 2018 19:26:46 +0000 Subject: [PATCH] Some more escaping --- mod/dirfind.php | 2 +- view/templates/contact_template.tpl | 4 ++-- view/theme/frio/templates/contact_template.tpl | 2 +- view/theme/frio/templates/mail_list.tpl | 2 +- view/theme/frio/templates/wall_thread.tpl | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mod/dirfind.php b/mod/dirfind.php index 2609760e91..7f1a6691f5 100644 --- a/mod/dirfind.php +++ b/mod/dirfind.php @@ -235,7 +235,7 @@ function dirfind_content(App $a, $prefix = "") { 'alt_text' => $alt_text, 'url' => Model\Contact::magicLink($jj->url), 'itemurl' => $itemurl, - 'name' => htmlentities($jj->name), + 'name' => $jj->name, 'thumb' => ProxyUtils::proxifyUrl($jj->photo, false, ProxyUtils::SIZE_THUMB), 'img_hover' => $jj->tags, 'conntxt' => $conntxt, diff --git a/view/templates/contact_template.tpl b/view/templates/contact_template.tpl index 06918533ca..6845c62562 100644 --- a/view/templates/contact_template.tpl +++ b/view/templates/contact_template.tpl @@ -5,7 +5,7 @@ onmouseover="if (typeof t{{$contact.id}} != 'undefined') clearTimeout(t{{$contact.id}}); openMenu('contact-photo-menu-button-{{$contact.id}}')" onmouseout="t{{$contact.id}}=setTimeout('closeMenu(\'contact-photo-menu-button-{{$contact.id}}\'); closeMenu(\'contact-photo-menu-{{$contact.id}}\');',200)" > - {{$contact.name}} + {{$contact.name|escape}} {{if $multiselect}} @@ -31,7 +31,7 @@
- {{$contact.name}} + {{$contact.name|escape}} {{if $contact.account_type}} ({{$contact.account_type}}){{/if}}
{{if $contact.alt_text}}
{{$contact.alt_text}}
{{/if}} diff --git a/view/theme/frio/templates/contact_template.tpl b/view/theme/frio/templates/contact_template.tpl index 4f07ad2b1d..1b56a6b62c 100644 --- a/view/theme/frio/templates/contact_template.tpl +++ b/view/theme/frio/templates/contact_template.tpl @@ -220,7 +220,7 @@ We use this part to filter the contacts with jquery.textcomplete *}} {{* The contact description (e.g. Name, Network, kind of connection and so on *}}
-

{$name} +

{$name|escape} {if $account_type} ({$account_type}){/if} {if $account_type == 'Forum'}{/if} {{* @todo this needs some changing in core because $contact.account_type contains a translated string which may notbe the same in every language *}} diff --git a/view/theme/frio/templates/mail_list.tpl b/view/theme/frio/templates/mail_list.tpl index 225fd71c18..e6a024f11c 100644 --- a/view/theme/frio/templates/mail_list.tpl +++ b/view/theme/frio/templates/mail_list.tpl @@ -11,7 +11,7 @@