Commit 33c3f08c authored by Jérôme Jutteau's avatar Jérôme Jutteau

[BUGFIX] refactor htmlspecialchars escaping

Signed-off-by: Jérôme Jutteau's avatarJerome Jutteau <mojo@couak.net>
parent 3017f095
......@@ -97,7 +97,7 @@ if (!empty($delete_code) && $delete_code == $link['link_code']) {
<legend> <?php echo t('CONFIRM_DEL') ?> </legend>
<table>
<tr><td>
<?php echo t('GONNA_DEL') . ' "' . htmlspecialchars($link['file_name']) . '" (' . jirafeau_human_size($link['file_size']) . ').' ?>
<?php echo t('GONNA_DEL') . ' "' . jirafeau_escape($link['file_name']) . '" (' . jirafeau_human_size($link['file_size']) . ').' ?>
</td></tr>
<tr><td>
<?php echo t('USING_SERIVCE'). ' <a href="tos.php">' . t('TOS') . '</a>.' ?>
......@@ -193,9 +193,9 @@ if (!$password_challenged && !$do_download && !$do_preview) {
echo '<div>' .
'<form action="f.php" method="post" id="submit_post" class="form download">'; ?>
<input type = "hidden" name = "jirafeau" value = "<?php echo JIRAFEAU_VERSION ?>"/><?php
echo '<fieldset><legend>' . htmlspecialchars($link['file_name']) . '</legend><table>' .
echo '<fieldset><legend>' . jirafeau_escape($link['file_name']) . '</legend><table>' .
'<tr><td>' .
t('NOW_DOWNLOADING') . ' "' . htmlspecialchars($link['file_name']) . '" (' . jirafeau_human_size($link['file_size']) . ').' .
t('NOW_DOWNLOADING') . ' "' . jirafeau_escape($link['file_name']) . '" (' . jirafeau_human_size($link['file_size']) . ').' .
'</td></tr>' .
'<tr><td>' .
t('USING_SERIVCE'). ' <a href="tos.php">' . t('TOS') . '</a>.' .
......
......@@ -597,7 +597,7 @@ function jirafeau_admin_list($name, $file_hash, $link_hash)
}
/* Filter. */
if (!empty($name) && !preg_match("/$name/i", htmlspecialchars($l['file_name']))) {
if (!empty($name) && !preg_match("/$name/i", jirafeau_escape($l['file_name']))) {
continue;
}
if (!empty($file_hash) && $file_hash != $l['md5']) {
......@@ -609,8 +609,8 @@ function jirafeau_admin_list($name, $file_hash, $link_hash)
/* Print link informations. */
echo '<tr>';
echo '<td>' .
'<strong><a id="upload_link" href="f.php?h='. htmlspecialchars($node) .'" title="' .
t('DL_PAGE') . '">' . htmlspecialchars($l['file_name']) . '</a></strong>';
'<strong><a id="upload_link" href="f.php?h='. jirafeau_escape($node) .'" title="' .
t('DL_PAGE') . '">' . jirafeau_escape($l['file_name']) . '</a></strong>';
echo '</td>';
echo '<td>' . $l['mime_type'] . '</td>';
echo '<td>' . jirafeau_human_size($l['file_size']) . '</td>';
......@@ -1243,3 +1243,8 @@ function jirafeau_replace_markers($content, $htmllinebreaks = false)
return $content;
}
function jirafeau_escape($string)
{
return htmlspecialchars($string, ENT_QUOTES);
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment