Some more escaping

This commit is contained in:
Michael 2018-11-25 19:26:46 +00:00
parent 4f9f86e310
commit 56f21a4b89
5 changed files with 6 additions and 6 deletions

View file

@ -235,7 +235,7 @@ function dirfind_content(App $a, $prefix = "") {
'alt_text' => $alt_text, 'alt_text' => $alt_text,
'url' => Model\Contact::magicLink($jj->url), 'url' => Model\Contact::magicLink($jj->url),
'itemurl' => $itemurl, 'itemurl' => $itemurl,
'name' => htmlentities($jj->name), 'name' => $jj->name,
'thumb' => ProxyUtils::proxifyUrl($jj->photo, false, ProxyUtils::SIZE_THUMB), 'thumb' => ProxyUtils::proxifyUrl($jj->photo, false, ProxyUtils::SIZE_THUMB),
'img_hover' => $jj->tags, 'img_hover' => $jj->tags,
'conntxt' => $conntxt, 'conntxt' => $conntxt,

View file

@ -5,7 +5,7 @@
onmouseover="if (typeof t{{$contact.id}} != 'undefined') clearTimeout(t{{$contact.id}}); openMenu('contact-photo-menu-button-{{$contact.id}}')" onmouseover="if (typeof t{{$contact.id}} != 'undefined') clearTimeout(t{{$contact.id}}); openMenu('contact-photo-menu-button-{{$contact.id}}')"
onmouseout="t{{$contact.id}}=setTimeout('closeMenu(\'contact-photo-menu-button-{{$contact.id}}\'); closeMenu(\'contact-photo-menu-{{$contact.id}}\');',200)" > onmouseout="t{{$contact.id}}=setTimeout('closeMenu(\'contact-photo-menu-button-{{$contact.id}}\'); closeMenu(\'contact-photo-menu-{{$contact.id}}\');',200)" >
<a href="{{$contact.url}}" title="{{$contact.img_hover}}" /><img src="{{$contact.thumb}}" {{$contact.sparkle}} alt="{{$contact.name}}" /></a> <a href="{{$contact.url}}" title="{{$contact.img_hover|escape}}" /><img src="{{$contact.thumb}}" {{$contact.sparkle}} alt="{{$contact.name|escape}}" /></a>
{{if $multiselect}} {{if $multiselect}}
<input type="checkbox" class="contact-select" name="contact_batch[]" value="{{$contact.id}}"> <input type="checkbox" class="contact-select" name="contact_batch[]" value="{{$contact.id}}">
@ -31,7 +31,7 @@
<div class="contact-entry-desc"> <div class="contact-entry-desc">
<div class="contact-entry-name" id="contact-entry-name-{{$contact.id}}" > <div class="contact-entry-name" id="contact-entry-name-{{$contact.id}}" >
{{$contact.name}} {{$contact.name|escape}}
{{if $contact.account_type}} <span class="contact-entry-details" id="contact-entry-accounttype-{{$contact.id}}">({{$contact.account_type}})</span>{{/if}} {{if $contact.account_type}} <span class="contact-entry-details" id="contact-entry-accounttype-{{$contact.id}}">({{$contact.account_type}})</span>{{/if}}
</div> </div>
{{if $contact.alt_text}}<div class="contact-entry-details" id="contact-entry-rel-{{$contact.id}}" >{{$contact.alt_text}}</div>{{/if}} {{if $contact.alt_text}}<div class="contact-entry-details" id="contact-entry-rel-{{$contact.id}}" >{{$contact.alt_text}}</div>{{/if}}

View file

@ -220,7 +220,7 @@ We use this part to filter the contacts with jquery.textcomplete *}}
{{* The contact description (e.g. Name, Network, kind of connection and so on *}} {{* The contact description (e.g. Name, Network, kind of connection and so on *}}
<div class="contact-entry-desc"> <div class="contact-entry-desc">
<div class="contact-entry-name" id="contact-entry-name-{$id}"> <div class="contact-entry-name" id="contact-entry-name-{$id}">
<h4 class="media-heading"><a href="{$url}">{$name}</a> <h4 class="media-heading"><a href="{$url}">{$name|escape}</a>
{if $account_type} <small class="contact-entry-details" id="contact-entry-accounttype-{$id}">({$account_type})</small>{/if} {if $account_type} <small class="contact-entry-details" id="contact-entry-accounttype-{$id}">({$account_type})</small>{/if}
{if $account_type == 'Forum'}<i class="fa fa-comments-o" aria-hidden="true"></i>{/if} {if $account_type == 'Forum'}<i class="fa fa-comments-o" aria-hidden="true"></i>{/if}
{{* @todo this needs some changing in core because $contact.account_type contains a translated string which may notbe the same in every language *}} {{* @todo this needs some changing in core because $contact.account_type contains a translated string which may notbe the same in every language *}}

View file

@ -11,7 +11,7 @@
<div class="media-body"> <div class="media-body">
<div class="text-muted time ago pull-right" title="{{$date}}">{{$ago}}</div> <div class="text-muted time ago pull-right" title="{{$date}}">{{$ago}}</div>
<h4 class="media-heading">{{$from_name}}</h4> <h4 class="media-heading">{{$from_name|escape}}</h4>
<div class="mail-list-subject"><a href="message/{{$id}}">{{$subject}}</a></div> <div class="mail-list-subject"><a href="message/{{$id}}">{{$subject}}</a></div>
<a href="message/dropconv/{{$id}}" onclick="return confirmDelete();" title="{{$delete}}" class="pull-right" onmouseover="imgbright(this);" onmouseout="imgdull(this);"> <a href="message/dropconv/{{$id}}" onclick="return confirmDelete();" title="{{$delete}}" class="pull-right" onmouseover="imgbright(this);" onmouseout="imgdull(this);">
<i class="faded-icon fa fa-trash"></i> <i class="faded-icon fa fa-trash"></i>

View file

@ -252,7 +252,7 @@ as the value of $top_child_total (this is done at the end of this file)
{{/if}} {{/if}}
{{if $item.title}} {{if $item.title}}
<span class="wall-item-title" id="wall-item-title-{{$item.id}}"><h4 class="media-heading"><a href="{{$item.plink.href}}" class="{{$item.sparkle}} p-name">{{$item.title}}</a></h4><br /></span> <span class="wall-item-title" id="wall-item-title-{{$item.id}}"><h4 class="media-heading"><a href="{{$item.plink.href}}" class="{{$item.sparkle}} p-name">{{$item.title|escape}}</a></h4><br /></span>
{{/if}} {{/if}}
<div class="wall-item-body e-content {{if !$item.title}}p-name{{/if}}" id="wall-item-body-{{$item.id}}">{{$item.body}}</div> <div class="wall-item-body e-content {{if !$item.title}}p-name{{/if}}" id="wall-item-body-{{$item.id}}">{{$item.body}}</div>