Merge pull request 'Replace the last vestiges of htmlentities with htmlspecialchars' (#33) from htmlentities into master

Reviewed-on: #33
This commit is contained in:
Roflin 2023-09-03 19:49:51 +02:00
commit 238dc1d6e7
4 changed files with 6 additions and 6 deletions

View File

@ -186,8 +186,8 @@ class EditAlbum extends HTMLController
} }
// Quick stripping. // Quick stripping.
$data['tag'] = htmlentities($data['tag']); $data['tag'] = htmlspecialchars($data['tag']);
$data['description'] = htmlentities($data['description']); $data['description'] = htmlspecialchars($data['description']);
$data['slug'] = strtr($data['slug'], [' ' => '-', '--' => '-', '&' => 'and', '=>' => '', "'" => "", ":"=> "", '\\' => '-']); $data['slug'] = strtr($data['slug'], [' ' => '-', '--' => '-', '&' => 'and', '=>' => '', "'" => "", ":"=> "", '\\' => '-']);
// TODO: when updating slug, update slug for all photos in this album. // TODO: when updating slug, update slug for all photos in this album.

View File

@ -37,7 +37,7 @@ class EditAsset extends HTMLController
{ {
$date_captured = !empty($_POST['date_captured']) ? new DateTime($_POST['date_captured']) : null; $date_captured = !empty($_POST['date_captured']) ? new DateTime($_POST['date_captured']) : null;
$slug = strtr($_POST['slug'], [' ' => '-', '--' => '-', '&' => 'and', '=>' => '', "'" => "", ":"=> "", '\\' => '-']); $slug = strtr($_POST['slug'], [' ' => '-', '--' => '-', '&' => 'and', '=>' => '', "'" => "", ":"=> "", '\\' => '-']);
$asset->setKeyData(htmlentities($_POST['title']), $slug, $date_captured, intval($_POST['priority'])); $asset->setKeyData(htmlspecialchars($_POST['title']), $slug, $date_captured, intval($_POST['priority']));
} }
// Handle tags // Handle tags

View File

@ -134,8 +134,8 @@ class EditUser extends HTMLController
$data = $form->getData(); $data = $form->getData();
// Just to be on the safe side. // Just to be on the safe side.
$data['first_name'] = htmlentities(trim($data['first_name'])); $data['first_name'] = htmlspecialchars(trim($data['first_name']));
$data['surname'] = htmlentities(trim($data['surname'])); $data['surname'] = htmlspecialchars(trim($data['surname']));
$data['emailaddress'] = trim($data['emailaddress']); $data['emailaddress'] = trim($data['emailaddress']);
// Make sure there's a slug. // Make sure there's a slug.

View File

@ -57,7 +57,7 @@ class ProvideAutoSuggest extends JSONController
return; return;
} }
$label = htmlentities(trim($_REQUEST['tag'])); $label = htmlspecialchars(trim($_REQUEST['tag']));
$slug = strtr($label, [' ' => '-']); $slug = strtr($label, [' ' => '-']);
$tag = Tag::createNew([ $tag = Tag::createNew([
'tag' => $label, 'tag' => $label,