blue
/
GregoBase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Escape special characters

This commit is contained in:
Olivier Berten 2014-03-10 16:58:34 +01:00
parent 677c5eb3ab
commit 1f5b2ff7ee
4 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
chant.php
View File

@ -246,7 +246,7 @@ if($req1->num_rows > 0 || $c['transcriber'] > '') {
} }
while ($m = $req1->fetch_assoc()) { while ($m = $req1->fetch_assoc()) {
$user_info = get_userdata($m['user_id']); $user_info = get_userdata($m['user_id']);
echo "<li>".date("M d, Y",$m['time']).": ".$m['comment']." (".$user_info->display_name.') <a href="history.php?changeset='.$m['time'].'|'.$id.'|'.$m['user_id']."\">?</a></li>\n"; echo "<li>".date("M d, Y",$m['time']).": ".htmlspecialchars($m['comment'])." (".$user_info->display_name.') <a href="history.php?changeset='.$m['time'].'|'.$id.'|'.$m['user_id']."\">?</a></li>\n";
} }
if($c['transcriber'] > '') { if($c['transcriber'] > '') {
echo "<li>Original transcriber: ".$c['transcriber']."</li>\n"; echo "<li>Original transcriber: ".$c['transcriber']."</li>\n";

4
feed.php
View File

@ -28,7 +28,7 @@ $user_info = get_userdata($m['user_id']);
echo '<entry> echo '<entry>
<title type="html">'.chant_from_id($m['chant_id'])[1].'</title> <title type="html">'.chant_from_id($m['chant_id'])[1].'</title>
<link href="'.$dir.'chant.php?id='.$m['chant_id'].'" /> <link href="'.$dir.'chant.php?id='.$m['chant_id'].'" />
<summary>'.$m['comment'].'</summary> <summary>'.htmlspecialchars($m['comment']).'</summary>
<updated>'.date(DATE_ATOM,$m['time']).'</updated> <updated>'.date(DATE_ATOM,$m['time']).'</updated>
<author> <author>
<name>'.$user_info->display_name.'</name> <name>'.$user_info->display_name.'</name>
@ -43,7 +43,7 @@ while($m = $req1->fetch_assoc()) {
echo '<entry> echo '<entry>
<title type="html">'.chant_from_id($m['chant_id'])[1].'</title> <title type="html">'.chant_from_id($m['chant_id'])[1].'</title>
<link href="'.$dir.'chant.php?id='.$m['chant_id'].'" /> <link href="'.$dir.'chant.php?id='.$m['chant_id'].'" />
<summary>'.$m['comment'].'</summary> <summary>'.htmlspecialchars($m['comment']).'</summary>
<updated>'.date(DATE_ATOM,$m['time']).'</updated> <updated>'.date(DATE_ATOM,$m['time']).'</updated>
<author> <author>
<name>'.$user_info->display_name.'</name> <name>'.$user_info->display_name.'</name>

2
scores.php
View File

@ -69,7 +69,7 @@ foreach($mod as $d => $ml) {
echo "<ul>\n"; echo "<ul>\n";
foreach($ml as $m) { foreach($ml as $m) {
echo '<li><a href="chant.php?id='.$m['chant_id'].'">'.format_incipit(chant_from_id($m['chant_id'])[1])."</a><br />\n"; echo '<li><a href="chant.php?id='.$m['chant_id'].'">'.format_incipit(chant_from_id($m['chant_id'])[1])."</a><br />\n";
echo "<i>".$m['comment']."</i></li>\n"; echo "<i>".htmlspecialchars($m['comment'])."</i></li>\n";
} }
echo "</ul><br />\n"; echo "</ul><br />\n";
} }

2
updates.php
View File

@ -24,7 +24,7 @@ foreach($mod as $d => $ml) {
foreach($ml as $m) { foreach($ml as $m) {
$user_info = get_userdata($m['user_id']); $user_info = get_userdata($m['user_id']);
echo "<li>".' <a href="chant.php?id='.$m['chant_id'].'">'.format_incipit(chant_from_id($m['chant_id'])[1])."</a><br />\n"; echo "<li>".' <a href="chant.php?id='.$m['chant_id'].'">'.format_incipit(chant_from_id($m['chant_id'])[1])."</a><br />\n";
echo "<i>".$m['comment'].'</i> <span class="version">('.$user_info->display_name.")</span></li>\n"; echo "<i>".htmlspecialchars($m['comment']).'</i> <span class="version">('.$user_info->display_name.")</span></li>\n";
} }
echo "</ul>\n"; echo "</ul>\n";
} }