From: Jerome Jutteau Date: Mon, 30 Apr 2018 17:23:45 +0000 (+0200) Subject: [BUGFIX] refactor htmlspecialchars escaping X-Git-Tag: 3.4.1~8 X-Git-Url: https://git.p6c8.net/jirafeau.git/commitdiff_plain/33c3f08cac2785129f87e93fd754e5b872a9b3b5?hp=3017f09505541870dfa4eaf43e69af28d699f8ab [BUGFIX] refactor htmlspecialchars escaping Signed-off-by: Jerome Jutteau --- diff --git a/f.php b/f.php index 5fd8575..be7ce41 100644 --- a/f.php +++ b/f.php @@ -97,7 +97,7 @@ if (!empty($delete_code) && $delete_code == $link['link_code']) {
- +
' . t('TOS') . '.' ?> @@ -193,9 +193,9 @@ if (!$password_challenged && !$do_download && !$do_preview) { echo '
' . '
'; ?> ' . htmlspecialchars($link['file_name']) . '' . + echo '
' . jirafeau_escape($link['file_name']) . '
' . '' . ''; echo ''; echo ''; echo ''; @@ -1243,3 +1243,8 @@ function jirafeau_replace_markers($content, $htmllinebreaks = false) return $content; } + +function jirafeau_escape($string) +{ + return htmlspecialchars($string, ENT_QUOTES); +}
' . - t('NOW_DOWNLOADING') . ' "' . htmlspecialchars($link['file_name']) . '" (' . jirafeau_human_size($link['file_size']) . ').' . + t('NOW_DOWNLOADING') . ' "' . jirafeau_escape($link['file_name']) . '" (' . jirafeau_human_size($link['file_size']) . ').' . '
' . t('USING_SERIVCE'). ' ' . t('TOS') . '.' . diff --git a/lib/functions.php b/lib/functions.php index eaedfac..b417769 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -597,7 +597,7 @@ function jirafeau_admin_list($name, $file_hash, $link_hash) } /* Filter. */ - if (!empty($name) && !preg_match("/$name/i", htmlspecialchars($l['file_name']))) { + if (!empty($name) && !preg_match("/$name/i", jirafeau_escape($l['file_name']))) { continue; } if (!empty($file_hash) && $file_hash != $l['md5']) { @@ -609,8 +609,8 @@ function jirafeau_admin_list($name, $file_hash, $link_hash) /* Print link informations. */ echo '
' . - '' . htmlspecialchars($l['file_name']) . ''; + '' . jirafeau_escape($l['file_name']) . ''; echo '' . $l['mime_type'] . '' . jirafeau_human_size($l['file_size']) . '