Replace the last vestiges of htmlentities with htmlspecialchars
This commit is contained in:
parent
03ad26655c
commit
1fa4cb19a2
@ -186,8 +186,8 @@ class EditAlbum extends HTMLController
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Quick stripping.
|
// Quick stripping.
|
||||||
$data['tag'] = htmlentities($data['tag']);
|
$data['tag'] = htmlspecialchars($data['tag']);
|
||||||
$data['description'] = htmlentities($data['description']);
|
$data['description'] = htmlspecialchars($data['description']);
|
||||||
$data['slug'] = strtr($data['slug'], [' ' => '-', '--' => '-', '&' => 'and', '=>' => '', "'" => "", ":"=> "", '\\' => '-']);
|
$data['slug'] = strtr($data['slug'], [' ' => '-', '--' => '-', '&' => 'and', '=>' => '', "'" => "", ":"=> "", '\\' => '-']);
|
||||||
|
|
||||||
// TODO: when updating slug, update slug for all photos in this album.
|
// TODO: when updating slug, update slug for all photos in this album.
|
||||||
|
@ -37,7 +37,7 @@ class EditAsset extends HTMLController
|
|||||||
{
|
{
|
||||||
$date_captured = !empty($_POST['date_captured']) ? new DateTime($_POST['date_captured']) : null;
|
$date_captured = !empty($_POST['date_captured']) ? new DateTime($_POST['date_captured']) : null;
|
||||||
$slug = strtr($_POST['slug'], [' ' => '-', '--' => '-', '&' => 'and', '=>' => '', "'" => "", ":"=> "", '\\' => '-']);
|
$slug = strtr($_POST['slug'], [' ' => '-', '--' => '-', '&' => 'and', '=>' => '', "'" => "", ":"=> "", '\\' => '-']);
|
||||||
$asset->setKeyData(htmlentities($_POST['title']), $slug, $date_captured, intval($_POST['priority']));
|
$asset->setKeyData(htmlspecialchars($_POST['title']), $slug, $date_captured, intval($_POST['priority']));
|
||||||
}
|
}
|
||||||
|
|
||||||
// Handle tags
|
// Handle tags
|
||||||
|
@ -134,8 +134,8 @@ class EditUser extends HTMLController
|
|||||||
$data = $form->getData();
|
$data = $form->getData();
|
||||||
|
|
||||||
// Just to be on the safe side.
|
// Just to be on the safe side.
|
||||||
$data['first_name'] = htmlentities(trim($data['first_name']));
|
$data['first_name'] = htmlspecialchars(trim($data['first_name']));
|
||||||
$data['surname'] = htmlentities(trim($data['surname']));
|
$data['surname'] = htmlspecialchars(trim($data['surname']));
|
||||||
$data['emailaddress'] = trim($data['emailaddress']);
|
$data['emailaddress'] = trim($data['emailaddress']);
|
||||||
|
|
||||||
// Make sure there's a slug.
|
// Make sure there's a slug.
|
||||||
|
@ -57,7 +57,7 @@ class ProvideAutoSuggest extends JSONController
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
$label = htmlentities(trim($_REQUEST['tag']));
|
$label = htmlspecialchars(trim($_REQUEST['tag']));
|
||||||
$slug = strtr($label, [' ' => '-']);
|
$slug = strtr($label, [' ' => '-']);
|
||||||
$tag = Tag::createNew([
|
$tag = Tag::createNew([
|
||||||
'tag' => $label,
|
'tag' => $label,
|
||||||
|
Loading…
Reference in New Issue
Block a user