Changeset 6713


Ignore:
Timestamp:
Jul 27, 2010, 2:37:12 PM (14 years ago)
Author:
plg
Message:

bug 1757 fixed: ability to use HTML in author field

Location:
branches/2.1
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/2.1/admin/element_set_unit.php

    r6364 r6713  
    6868    $data['level'] = $_POST['level-'.$row['id']];
    6969
    70     foreach (array('name', 'author', 'level') as $field)
     70    foreach (array('name', 'level') as $field)
    7171    {
    7272      if (!empty($_POST[$field.'-'.$row['id']]))
     
    239239            '&image_id='.$row['id'],
    240240        'NAME' => !empty($row['name'])?$row['name']:'',
    241         'AUTHOR' => !empty($row['author'])?$row['author']:'',
     241        'AUTHOR' => !empty($row['author'])?htmlspecialchars($row['author']):'',
    242242        'LEVEL' => !empty($row['level'])?$row['level']:'0',
    243243        'DESCRIPTION' => !empty($row['comment'])?$row['comment']:'',
  • branches/2.1/admin/picture_modify.php

    r6364 r6713  
    237237    'REGISTRATION_DATE' => format_date($row['date_available']),
    238238
    239     'AUTHOR' => isset($_POST['author']) ? $_POST['author'] : @$row['author'],
     239    'AUTHOR' => htmlspecialchars(
     240      isset($_POST['author'])
     241        ? stripslashes($_POST['author'])
     242        : @$row['author']
     243      ),
    240244
    241245    'DESCRIPTION' =>
  • branches/2.1/themes/default/template/header.tpl

    r6595 r6713  
    66{if isset($meta_ref) }
    77{if isset($INFO_AUTHOR)}
    8 <meta name="author" content="{$INFO_AUTHOR|@replace:'"':' '}">
     8<meta name="author" content="{$INFO_AUTHOR|@strip_tags:false|@replace:'"':' '}">
    99{/if}
    1010{if isset($related_tags)}
Note: See TracChangeset for help on using the changeset viewer.