diff --git a/controllers/EditAlbum.php b/controllers/EditAlbum.php index 9ac4e23..85f1f7d 100644 --- a/controllers/EditAlbum.php +++ b/controllers/EditAlbum.php @@ -186,8 +186,8 @@ class EditAlbum extends HTMLController } // Quick stripping. - $data['tag'] = htmlentities($data['tag']); - $data['description'] = htmlentities($data['description']); + $data['tag'] = htmlspecialchars($data['tag']); + $data['description'] = htmlspecialchars($data['description']); $data['slug'] = strtr($data['slug'], [' ' => '-', '--' => '-', '&' => 'and', '=>' => '', "'" => "", ":"=> "", '\\' => '-']); // TODO: when updating slug, update slug for all photos in this album. diff --git a/controllers/EditAsset.php b/controllers/EditAsset.php index a6ca7f9..f00194e 100644 --- a/controllers/EditAsset.php +++ b/controllers/EditAsset.php @@ -37,7 +37,7 @@ class EditAsset extends HTMLController { $date_captured = !empty($_POST['date_captured']) ? new DateTime($_POST['date_captured']) : null; $slug = strtr($_POST['slug'], [' ' => '-', '--' => '-', '&' => 'and', '=>' => '', "'" => "", ":"=> "", '\\' => '-']); - $asset->setKeyData(htmlentities($_POST['title']), $slug, $date_captured, intval($_POST['priority'])); + $asset->setKeyData(htmlspecialchars($_POST['title']), $slug, $date_captured, intval($_POST['priority'])); } // Handle tags diff --git a/controllers/EditUser.php b/controllers/EditUser.php index c5f6578..cf44235 100644 --- a/controllers/EditUser.php +++ b/controllers/EditUser.php @@ -134,8 +134,8 @@ class EditUser extends HTMLController $data = $form->getData(); // Just to be on the safe side. - $data['first_name'] = htmlentities(trim($data['first_name'])); - $data['surname'] = htmlentities(trim($data['surname'])); + $data['first_name'] = htmlspecialchars(trim($data['first_name'])); + $data['surname'] = htmlspecialchars(trim($data['surname'])); $data['emailaddress'] = trim($data['emailaddress']); // Make sure there's a slug. diff --git a/controllers/ProvideAutoSuggest.php b/controllers/ProvideAutoSuggest.php index 38eaf3c..732eaa5 100644 --- a/controllers/ProvideAutoSuggest.php +++ b/controllers/ProvideAutoSuggest.php @@ -57,7 +57,7 @@ class ProvideAutoSuggest extends JSONController return; } - $label = htmlentities(trim($_REQUEST['tag'])); + $label = htmlspecialchars(trim($_REQUEST['tag'])); $slug = strtr($label, [' ' => '-']); $tag = Tag::createNew([ 'tag' => $label,