SlatePermutate Changeset - 4ebd39f3f679 · protofusion repositories

Changeset - 4ebd39f3f679

Parent rev.

Child rev.

[Not reviewed]

default

0 3 0

Nathan Brink (binki) - 15 years ago 2011-01-15 22:28:28
ohnobinki@ohnopublishing.net

Now all url()-style functions return actual URLs, whose return value must and now is escaped using htmlentities() when inserted into XHTML pages.

3 files changed with 14 insertions and 5 deletions:

admin.php

class.schedule.php

inc/class.page.php

0 comments (0 inline, 0 general)

admin.php

➞

Show inline comments

@@ @@ -167,7 +167,7 @@ require_once('inc/admin.inc'); @@
 </ul>
 <h3>Purge</h3>
     <p>The highest saved_schedule id is <a href="<?php $max_saved = getMaxSaved(); echo Schedule::url($max_saved); ?>"><?php echo $max_saved;?></a>.</p>
+    <p>The highest saved_schedule id is <a href="<?php $max_saved = getMaxSaved(); echo htmlentities(Schedule::url($max_saved)); ?>"><?php echo $max_saved;?></a>.</p>
 <ul>
   <li><a href="admin.php?purge">Purge Entire Cache</a></li>
   <li>

class.schedule.php

➞

Show inline comments

@@ @@ -285,7 +285,7 @@ class Schedule @@
       echo '  });
             </script>';
       echo '<div id="sharedialog" title="Share Schedule"><p>You can share your schedule with the URL below:</p><p>'.$outputPage->gen_share_url($this->id_get()).'</p></div>';
+      echo '<div id="sharedialog" title="Share Schedule"><p>You can share your schedule with the URL below:</p><p>' . htmlentities($outputPage->gen_share_url($this->id_get())) . '</p></div>';
       echo '<p><span id="printItems"><a href="#">Print</a></span> :: <span id="share"><a href="#">Share</a></span> :: <a href="input.php">Home</a></p>';
       echo '<p class="centeredtext">Having problems? <a href="feedback.php">Let us know</a>.</p>';
       echo '<p class="centeredtext graytext"><em>Keyboard Shortcut: Left and right arrow keys switch between schedules</em></p>';
@@ @@ -319,11 +319,11 @@ class Schedule @@
 	echo "    <div id=\"pagers\">\n";
 	/* Previous button */
 	if ($page > 0)
 	  echo '      <div id="pager-previous" class="pager left"><a href="' . $this->url($this->id, $page - 1) . '">&laquo; Previous</a></div>' . "\n";
+	  echo '      <div id="pager-previous" class="pager left"><a href="' . htmlentities($this->url($this->id, $page - 1)) . '">&laquo; Previous</a></div>' . "\n";
 	/* Next button */
 	if ($page + 1 < $npages)
 	  echo '      <div id="pager-next" class="pager right"><a href="' . $this->url($this->id, $page + 1) . '">Next &raquo;</a></div>' . "\n";
+	  echo '      <div id="pager-next" class="pager right"><a href="' . htmlentities($this->url($this->id, $page + 1)) . '">Next &raquo;</a></div>' . "\n";
 	echo "    </div> <!-- id=\"pagers\" -->\n";
@@ @@ -521,6 +521,10 @@ class Schedule @@
    *   The ID of the schedule to link to. Defaults to the current schedule object.
    * \param $page
    *   The page of the schedule to link to. Defaults to 0.
    * \return
    *   A string, the URL used to access this schedule. Remember that
    *   if this string is inserted into an XHTML document,
    *   htmlentities() must be called on it.
    */
   function url($id = NULL, $page = 0)
+  {
@@ @@ -539,7 +543,7 @@ class Schedule @@
       $url .= '&';
     if ($page)
-      $url .= 'page=' . (int)$page . '&amp;';
       $url .= 'page=' . (int)$page . '&';
     return $url;
+  }

inc/class.page.php

➞

Show inline comments

@@ @@ -490,6 +490,11 @@ class page @@
   /**
    * \brief
    *   Generate a URL to a given schedule.
+   *
    * \return
    *   The URL used to access the schedule. You must call
    *   htmlentities() on this string if it is to be inserted into an
    *   XHTML document.
    */
   public function gen_share_url($id)
+  {

0 comments (0 inline, 0 general)