From 33c3f08cac2785129f87e93fd754e5b872a9b3b5 Mon Sep 17 00:00:00 2001 From: Jerome Jutteau Date: Mon, 30 Apr 2018 19:23:45 +0200 Subject: [PATCH 1/1] [BUGFIX] refactor htmlspecialchars escaping Signed-off-by: Jerome Jutteau --- f.php | 6 +++--- lib/functions.php | 11 ++++++++--- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/f.php b/f.php index 5fd8575..be7ce41 100644 --- a/f.php +++ b/f.php @@ -97,7 +97,7 @@ if (!empty($delete_code) && $delete_code == $link['link_code']) {
- +
' . t('TOS') . '.' ?> @@ -193,9 +193,9 @@ if (!$password_challenged && !$do_download && !$do_preview) { echo '
' . '
'; ?> ' . htmlspecialchars($link['file_name']) . '' . + echo '
' . jirafeau_escape($link['file_name']) . '
' . '' . ''; echo ''; echo ''; echo ''; @@ -1243,3 +1243,8 @@ function jirafeau_replace_markers($content, $htmllinebreaks = false) return $content; } + +function jirafeau_escape($string) +{ + return htmlspecialchars($string, ENT_QUOTES); +} -- 2.34.1
' . - t('NOW_DOWNLOADING') . ' "' . htmlspecialchars($link['file_name']) . '" (' . jirafeau_human_size($link['file_size']) . ').' . + t('NOW_DOWNLOADING') . ' "' . jirafeau_escape($link['file_name']) . '" (' . jirafeau_human_size($link['file_size']) . ').' . '
' . t('USING_SERIVCE'). ' ' . t('TOS') . '.' . diff --git a/lib/functions.php b/lib/functions.php index eaedfac..b417769 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -597,7 +597,7 @@ function jirafeau_admin_list($name, $file_hash, $link_hash) } /* Filter. */ - if (!empty($name) && !preg_match("/$name/i", htmlspecialchars($l['file_name']))) { + if (!empty($name) && !preg_match("/$name/i", jirafeau_escape($l['file_name']))) { continue; } if (!empty($file_hash) && $file_hash != $l['md5']) { @@ -609,8 +609,8 @@ function jirafeau_admin_list($name, $file_hash, $link_hash) /* Print link informations. */ echo '
' . - '' . htmlspecialchars($l['file_name']) . ''; + '' . jirafeau_escape($l['file_name']) . ''; echo '' . $l['mime_type'] . '' . jirafeau_human_size($l['file_size']) . '