Project

General

Profile

« Previous | Next » 

Revision 396

Added by Matthias over 17 years ago

Fixed problem with Page Title has to be escaped (#287)

View differences:

trunk/wb/admin/pages/settings.php
74 74 
$template->set_block('page', 'main_block', 'main');
75 75 
$template->set_var(array(
76 76 
								'PAGE_ID' => $results_array['page_id'],
77 
								'PAGE_TITLE' => ($results_array['page_title']),
78 
								'MENU_TITLE' => ($results_array['menu_title']),
77 
								'PAGE_TITLE' => (htmlentities($results_array['page_title'])),
78 
								'MENU_TITLE' => (htmlentities($results_array['menu_title'])),
79 79 
								'DESCRIPTION' => ($results_array['description']),
80 80 
								'KEYWORDS' => ($results_array['keywords']),
81 81 
								'MODIFIED_BY' => $user['display_name'],
......
247 247 
			for($i = 1; $i <= $page['level']; $i++) { $title_prefix .= ' - '; }
248 248 
			$template->set_var(array(
249 249 
											'ID' => $page['page_id'],
250 
											'TITLE' => ($title_prefix.$page['page_title'])
250 
											'TITLE' => ($title_prefix.htmlentities($page['page_title']))
251 251 
											)
252 252 
									);
253 253 
			if($results_array['parent'] == $page['page_id']) {
trunk/wb/admin/pages/index.php
164 164 
				</td>
165 165 
				<?php if($admin->get_permission('pages_modify') == true AND $can_modify == true) { ?>
166 166 
				<td>
167 
					<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>"><?php echo ($page['page_title']); ?></a>
167 
					<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>"><?php echo (htmlentities($page['page_title'])); ?></a>
168 168 
				</td>
169 169 
				<?php } else { ?>
170 170 
				<td>
171 
					<?php	echo ($page['page_title']); ?>
171 
					<?php echo (htmlentities($page['page_title'])); ?>
172 172 
				</td>
173 173 
				<?php } ?>
174 174 
				<td align="left" width="232">
175 
					<font color="#999999"><?php echo ($page['menu_title']); ?></font>
175 
					<font color="#999999"><?php echo (htmlentities($page['menu_title'])); ?></font>
176 176 
				</td>
177 177 
				<td align="center" valign="middle" width="90">
178 178 
				<?php if($page['visibility'] == 'public') { ?>
......
460 460 
			for($i = 1; $i <= $page['level']; $i++) { $title_prefix .= ' - '; }
461 461 
				$template->set_var(array(
462 462 
												'ID' => $page['page_id'],
463 
												'TITLE' => ($title_prefix.$page['page_title'])
463 
												'TITLE' => ($title_prefix.htmlentities($page['page_title']))
464 464 
												)
465 465 
										);
466 466 
				if($can_modify == true) {
trunk/wb/admin/pages/trash.php
141 141 
				</td>
142 142 
				<?php if($admin->get_permission('pages_modify') == true AND $can_modify == true AND $page['visibility'] != 'heading') { ?>
143 143 
				<td>
144 
					<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>"><?php echo ($page['page_title']); ?></a>
144 
					<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>"><?php echo (htmlentities($page['page_title'])); ?></a>
145 145 
				</td>
146 146 
				<?php } else { ?>
147 147 
				<td>
148 148 
					<?php
149 149 
					if($page['visibility'] != 'heading') {
150 
						echo ($page['page_title']);
150 
						echo (htmlentities($page['page_title']));
151 151 
					} else {
152 
						echo '<b>'.($page['page_title']).'</b>';
152 
						echo '<b>'.(htmlentities($page['page_title'])).'</b>';
153 153 
					}
154 154 
					?>
155 155 
				</td>
156 156 
				<?php } ?>
157 157 
				<td align="left" width="232">
158 
					<font color="#999999"><?php echo $page['menu_title']; ?></font>
158 
					<font color="#999999"><?php echo htmlentities($page['menu_title']); ?></font>
159 159 
				</td>
160 160 
				<td align="right" valign="middle" width="30" style="padding-right: 20px;">
161 161 
				<?php if($page['visibility'] == 'public') { ?>
trunk/wb/admin/pages/settings2.php
40 40 
require_once(WB_PATH.'/framework/functions.php');
41 41 

  		




  42
  42
  
    
// Get values


  		




  43
  
  
    
$page_title = $admin->add_slashes($admin->get_post('page_title'));


  		




  44
  
  
    
$menu_title = $admin->add_slashes($admin->get_post('menu_title'));


  		




  
  43
  
    
$page_title = $admin->add_slashes($admin->get_post_escaped('page_title'));


  		




  
  44
  
    
$menu_title = $admin->add_slashes($admin->get_post_escaped('menu_title'));


  		




  45
  45
  
    
$description = $admin->add_slashes($admin->get_post('description'));


  		




  46
  46
  
    
$keywords = $admin->add_slashes($admin->get_post('keywords'));


  		




  47
  47
  
    
$parent = $admin->get_post('parent');


  		












  

    
      trunk/wb/admin/pages/sections.php
    
  





  136
  136
  
    
	</td>


  		




  137
  137
  
    
	<td align="right">


  		




  138
  138
  
    
		<?php echo $TEXT['CURRENT_PAGE']; ?>: 


  		




  139
  
  
    
		<b><?php echo ($results_array['page_title']); ?></b>


  		




  
  139
  
    
		<b><?php echo (htmlentities($results_array['page_title'])); ?></b>


  		




  140
  140
  
    
		-


  		




  141
  141
  
    
		<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page_id; ?>"><?php echo $HEADING['MODIFY_PAGE']; ?></a>


  		




  142
  142
  
    
		-


  		












  

    
      trunk/wb/admin/pages/modify.php
    
  





  60
  60
  
    
$template->set_block('page', 'main_block', 'main');


  		




  61
  61
  
    
$template->set_var(array(


  		




  62
  62
  
    
								'PAGE_ID' => $results_array['page_id'],


  		




  63
  
  
    
								'PAGE_TITLE' => ($results_array['page_title']),


  		




  
  63
  
    
								'PAGE_TITLE' => (htmlentities($results_array['page_title'])),


  		




  64
  64
  
    
								'MODIFIED_BY' => $user['display_name'],


  		




  65
  65
  
    
								'MODIFIED_BY_USERNAME' => $user['username'],


  		




  66
  66
  
    
								'MODIFIED_WHEN' => $modified_ts,


  		












  

    
      trunk/wb/admin/pages/add.php
    
  





  32
  32
  
    
require_once(WB_PATH.'/framework/functions.php');


  		




  33
  33
  
    

  		




  34
  34
  
    
// Get values


  		




  35
  
  
    
$title = $admin->add_slashes($admin->get_post('title'));


  		




  
  35
  
    
$title = $admin->add_slashes($admin->get_post_escaped('title'));


  		




  36
  36
  
    
$module = $admin->get_post('type');


  		




  37
  37
  
    
$parent = $admin->get_post('parent');


  		




  38
  38
  
    
$visibility = $admin->get_post('visibility');


  		












  

    
      trunk/wb/framework/class.frontend.php
    
  





  139
  139
  
    
			// Page ID


  		




  140
  140
  
    
			define('PAGE_ID', $this->page['page_id']);


  		




  141
  141
  
    
			// Page Title


  		




  142
  
  
    
			define('PAGE_TITLE', ($this->page['page_title']));


  		




  
  142
  
    
			define('PAGE_TITLE', htmlentities(($this->page['page_title'])));


  		




  143
  143
  
    
			$this->page_title=PAGE_TITLE;


  		




  144
  144
  
    
			// Menu Title


  		




  145
  
  
    
			$menu_title = ($this->page['menu_title']);


  		




  
  145
  
    
			$menu_title = htmlentities($this->page['menu_title']);


  		




  146
  146
  
    
			if($menu_title != '') {


  		




  147
  147
  
    
				define('MENU_TITLE', $menu_title);


  		




  148
  148
  
    
			} else {


  		




  ......




  353
  353
  
    
	            $link = $this->page_link($page['link']);


  		




  354
  354
  
    
	         }


  		




  355
  355
  
    
	         // Create values


  		




  356
  
  
    
	         $values = array($class,'<a href="'.$link.'" target="'.$page['target'].'" '.$class.'>', '</a>', ($page['menu_title']), ($page['page_title']));


  		




  
  356
  
    
	         $values = array($class,'<a href="'.$link.'" target="'.$page['target'].'" '.$class.'>', '</a>', htmlentities($page['menu_title']), htmlentities($page['page_title']));


  		




  357
  357
  
    
	         // Replace vars with value and print


  		




  358
  358
  
    
	         echo "\n".str_replace($vars, $values, $this->menu_item_template);


  		




  359
  359
  
    
	         // Generate sub-menu


  		












  

    
      trunk/wb/framework/frontend.functions.php
    
  





  197
  197
  
    
					$query_menu=$database->query("SELECT menu_title,link FROM ".TABLE_PREFIX."pages WHERE page_id=$temp");


  		




  198
  198
  
    
					$page=$query_menu->fetchRow();


  		




  199
  199
  
    
					if ($links==true AND $temp!=$page_id)


  		




  200
  
  
    
						echo '<a href="'.page_link($page['link']).'">'.$page['menu_title'].'</a>';


  		




  
  200
  
    
						echo '<a href="'.page_link($page['link']).'">'.htmlentities($page['menu_title']).'</a>';


  		




  201
  201
  
    
					else


  		




  202
  
  
    
					    echo $page['menu_title'];


  		




  
  202
  
    
					    echo htmlentities($page['menu_title']);


  		




  203
  203
  
    
		        }


  		




  204
  204
  
    
	            $counter++;


  		




  205
  205
  
    
			}


  		












Also available in:  Unified diff