Changeset 458
- Timestamp:
- 07/18/06 02:15:06 (2 years ago)
- Files:
-
- devel/profile/profile.class.php (modified) (1 diff)
- devel/units/communities/communities_edit.php (modified) (1 diff)
- devel/units/communities/communities_members.php (modified) (1 diff)
- devel/units/communities/communities_membership_requests.php (modified) (1 diff)
- devel/units/communities/communities_moderator_of.php (modified) (1 diff)
- devel/units/communities/communities_owned.php (modified) (1 diff)
- devel/units/communities/community_memberships.php (modified) (1 diff)
- devel/units/files/function_search.php (modified) (2 diffs)
- devel/units/friends/friends_edit.php (modified) (1 diff)
- devel/units/friends/friends_of_edit.php (modified) (1 diff)
- devel/units/friends/user_friendship_requests.php (modified) (1 diff)
- devel/units/profile/function_display_name.php (modified) (1 diff)
- devel/units/profile/function_search.php (modified) (2 diffs)
- devel/units/users/user_info.php (modified) (1 diff)
- devel/units/weblogs/function_search.php (modified) (2 diffs)
- devel/units/weblogs/weblogs_posts_view.php (modified) (7 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
devel/profile/profile.class.php
r454 r458 69 69 70 70 $name_cache[$this->id]->created = time(); 71 $name_cache[$this->id]->data = get_field('users','name','ident',$this->id);71 $name_cache[$this->id]->data = htmlspecialchars(get_field('users','name','ident',$this->id), ENT_COMPAT, 'utf-8'); 72 72 73 73 } devel/units/communities/communities_edit.php
r454 r458 25 25 } 26 26 // $friends_name = htmlspecialchars(stripslashes($info->name), ENT_COMPAT, 'utf-8'); 27 $friends_name = htmlspecialchars(run("profile:display:name",$info->ident), ENT_COMPAT, 'utf-8');27 $friends_name = run("profile:display:name",$info->ident); 28 28 $info->icon = run("icons:get",$info->ident); 29 29 $friends_menu = run("users:infobox:menu",array($info->ident)); devel/units/communities/communities_members.php
r454 r458 25 25 } 26 26 // $friends_name = htmlspecialchars(stripslashes($info->name), ENT_COMPAT, 'utf-8'); 27 $friends_name = htmlspecialchars(run("profile:display:name", $info->ident), ENT_COMPAT, 'utf-8');27 $friends_name = run("profile:display:name", $info->ident); 28 28 $info->icon = run("icons:get",$info->ident); 29 29 // $friends_menu = run("users:infobox:menu",array($info->ident)); devel/units/communities/communities_membership_requests.php
r454 r458 28 28 $pending_user->name = run("profile:display:name",$pending_user->ident); 29 29 30 $col1 = "<p><b>" . stripslashes($pending_user->name). "</b></p>" . $description;30 $col1 = "<p><b>" . $pending_user->name . "</b></p>" . $description; 31 31 $col1 .= "<p>"; 32 32 $col1 .= "<a href=\"" . url . $pending_user->username . "/\">" . gettext("Profile") . "</a> | "; devel/units/communities/communities_moderator_of.php
r454 r458 24 24 //} 25 25 // $friends_name = htmlspecialchars(stripslashes($info->name), ENT_COMPAT, 'utf-8'); 26 $friends_name = htmlspecialchars(run("profile:display:name", $info->ident), ENT_COMPAT, 'utf-8');26 $friends_name = run("profile:display:name", $info->ident); 27 27 $info->icon = run("icons:get",$info->ident); 28 28 // $friends_menu = run("users:infobox:menu",array($info->ident)); devel/units/communities/communities_owned.php
r454 r458 9 9 foreach($result as $row) { 10 10 $row->name = run("profile:display:name",$row->ident); 11 $body .= "<li><a href=\"" . url . $row->username . "/\">" . stripslashes($row->name). "</a></li>";11 $body .= "<li><a href=\"" . url . $row->username . "/\">" . $row->name . "</a></li>"; 12 12 } 13 13 $body .= "</ul>"; devel/units/communities/community_memberships.php
r454 r458 12 12 foreach($result as $row) { 13 13 $row->name = run("profile:display:name",$row->ident); 14 $body .= "<li><a href=\"" . url . $row->username . "/\">" . stripslashes($row->name). "</a></li>";14 $body .= "<li><a href=\"" . url . $row->username . "/\">" . $row->name . "</a></li>"; 15 15 } 16 16 $body .= "</ul>"; devel/units/files/function_search.php
r454 r458 94 94 } 95 95 $run_result .= "<p><small>[ <a href=\"".url.$username . "/files/rss/" . $parameter[1] . "\">" 96 .sprintf(gettext("RSS feed for files owned by %s"), stripslashes($name)) . " in category '".$parameter[1]."'</a> ]</small></p>\n";96 .sprintf(gettext("RSS feed for files owned by %s"), $name) . " in category '".$parameter[1]."'</a> ]</small></p>\n"; 97 97 } 98 98 } … … 115 115 $friends_userid = $info->ident; 116 116 // $friends_name = htmlspecialchars(stripslashes($info->name), ENT_COMPAT, 'utf-8'); 117 $friends_name = htmlspecialchars(run("profile:display:name",$info->ident), ENT_COMPAT, 'utf-8');117 $friends_name = run("profile:display:name",$info->ident); 118 118 $info->icon = run("icons:get",$info->ident); 119 119 $friends_menu = run("users:infobox:menu",array($info->ident)); devel/units/friends/friends_edit.php
r454 r458 24 24 } 25 25 // $friends_name = htmlspecialchars(stripslashes($info->name), ENT_COMPAT, 'utf-8'); 26 $friends_name = htmlspecialchars(run("profile:display:name", $info->ident), ENT_COMPAT, 'utf-8');26 $friends_name = run("profile:display:name", $info->ident); 27 27 $info->icon = run("icons:get",$info->ident); 28 28 $friends_menu = run("users:infobox:menu",array($info->ident)); devel/units/friends/friends_of_edit.php
r454 r458 25 25 } 26 26 // $friends_name = htmlspecialchars(stripslashes($info->name), ENT_COMPAT, 'utf-8'); 27 $friends_name = htmlspecialchars(run("profile:display:name", $info->ident), ENT_COMPAT, 'utf-8');27 $friends_name = run("profile:display:name", $info->ident); 28 28 $info->icon = run("icons:get",$info->ident); 29 29 $friends_menu = run("users:infobox:menu",array($info->ident)); devel/units/friends/user_friendship_requests.php
r339 r458 29 29 $pending_user->name = run("profile:display:name", $pending_user->ident); 30 30 31 $col1 = "<p><b>" . stripslashes($pending_user->name). "</b></p>" . $description;31 $col1 = "<p><b>" . $pending_user->name . "</b></p>" . $description; 32 32 $col1 .= "<p>"; 33 33 $col1 .= "<a href=\"" . url . $pending_user->username . "/\">" . gettext("Profile") . "</a> | "; devel/units/profile/function_display_name.php
r287 r458 22 22 23 23 $name_cache[$user_id]->created = time(); 24 $name_cache[$user_id]->data = get_field('users','name','ident',$user_id);24 $name_cache[$user_id]->data = htmlspecialchars(get_field('users','name','ident',$user_id), ENT_COMPAT, 'utf-8'); 25 25 26 26 } devel/units/profile/function_search.php
r454 r458 40 40 $i = 1; 41 41 $w = 100; 42 if (sizeof($ parameter[1]) > 4) {42 if (sizeof($result) > 4) { 43 43 $w = 50; 44 44 } … … 46 46 $friends_username = $info->username; 47 47 // $friends_name = htmlspecialchars(stripslashes($info->name), ENT_COMPAT, 'utf-8'); 48 $friends_name = htmlspecialchars(run("profile:display:name",$info->ident), ENT_COMPAT, 'utf-8');48 $friends_name = run("profile:display:name",$info->ident); 49 49 $info->icon = run("icons:get",$info->ident); 50 50 $friends_menu = run("users:infobox:menu",array($info->ident)); devel/units/users/user_info.php
r447 r458 47 47 48 48 // $username = htmlspecialchars(stripslashes($info->name), ENT_COMPAT, 'utf-8'); 49 $username = htmlspecialchars(run("profile:display:name",$info->ident), ENT_COMPAT, 'utf-8');49 $username = run("profile:display:name",$info->ident); 50 50 $usermenu = ''; 51 51 // not used - sven devel/units/weblogs/function_search.php
r454 r458 54 54 } 55 55 $run_result .= "</ul>"; 56 $run_result .= "<p><small>[ <a href=\"".url.$username . "/weblog/rss/" . $parameter[1] . "\">$rssForBlog " . stripslashes($name). " $inCategory '".$parameter[1]."'</a> ]</small></p>\n";56 $run_result .= "<p><small>[ <a href=\"".url.$username . "/weblog/rss/" . $parameter[1] . "\">$rssForBlog " . $name . " $inCategory '".$parameter[1]."'</a> ]</small></p>\n"; 57 57 } 58 58 } else { … … 81 81 $friends_userid = $info->ident; 82 82 // $friends_name = htmlspecialchars(stripslashes($info->name), ENT_COMPAT, 'utf-8'); 83 $friends_name = htmlspecialchars(run("profile:display:name",$info->ident), ENT_COMPAT, 'utf-8');83 $friends_name = run("profile:display:name",$info->ident); 84 84 $info->icon = run("icons:get",$info->ident); 85 85 $friends_menu = run("users:infobox:menu",array($info->ident)); devel/units/weblogs/weblogs_posts_view.php
r453 r458 15 15 $stuff = get_record('users','ident',$post->owner); 16 16 17 $author->fullname = stripslashes($stuff->name);17 $author->fullname = htmlspecialchars($stuff->name, ENT_COMPAT, 'utf-8'); 18 18 19 19 if ($stuff->icon == -1 || $post->owner == -1) { … … 32 32 $stuff2 = get_record('users','ident',$post->weblog); 33 33 34 $community->fullname = stripslashes($stuff2->name);34 $community->fullname = htmlspecialchars($stuff2->name, ENT_COMPAT, 'utf-8'); 35 35 36 36 if (empty($stuff2->icon) || $stuff2->icon == -1) { … … 46 46 $date = gmdate("H:i",$post->posted); 47 47 48 48 $username = run("users:id_to_name",$post->owner); 49 49 50 50 … … 71 71 72 72 $title = get_access_description($post->access); 73 $title .= stripslashes($post->title);73 $title .= htmlspecialchars($post->title, ENT_COMPAT, 'utf-8'); 74 74 75 75 if ($post->owner != $post->weblog) { … … 83 83 } 84 84 85 $body = run("weblogs:text:process", stripslashes($post->body));85 $body = run("weblogs:text:process", $post->body); 86 86 $More = gettext("More"); 87 87 $Keywords = gettext("Keywords:"); … … 147 147 END; 148 148 } 149 $comment->postedname = stripslashes($comment->postedname);149 $comment->postedname = htmlspecialchars($comment->postedname, ENT_COMPAT, 'utf-8'); 150 150 151 151 // turn commentor name into a link if they're a registered user … … 158 158 'context' => 'weblogcomment', 159 159 'postedname' => $comment->postedname, 160 'body' => run("weblogs:text:process", stripslashes($comment->body)) . $commentmenu,160 'body' => run("weblogs:text:process", $comment->body) . $commentmenu, 161 161 'posted' => strftime("%A, %e %B %Y, %R %Z",$comment->posted) 162 162 )
