Sometimes URL escaping is more appropriate than HTML escaping
git-svn-id: file:///home/shish/svn/shimmie2/trunk@126 7f39781d-f577-437e-ae19-be835c7a54ca
This commit is contained in:
shish
parent
e188a49c58
commit
e6668f53d7
6 changed files with 18 additions and 13 deletions
|
|
@ -14,7 +14,7 @@ class Index extends Extension {
|
|||
|
||||
if(isset($_GET['search'])) {
|
||||
$search_terms = explode(' ', $_GET['search']);
|
||||
$query = "search=".html_escape($_GET['search']);
|
||||
$query = "search=".url_escape($_GET['search']);
|
||||
}
|
||||
else {
|
||||
$query = null;
|
||||
|
|
@ -36,8 +36,9 @@ class Index extends Extension {
|
|||
/*
|
||||
$page_title = "";
|
||||
foreach($search_terms as $term) {
|
||||
$u_term = url_escape($term);
|
||||
$h_term = html_escape($term);
|
||||
$page_title .= "<a href='".make_link("post/list", "search=$h_term")."'>$h_term</a>";
|
||||
$page_title .= "<a href='".make_link("post/list", "search=$u_term")."'>$h_term</a>";
|
||||
}
|
||||
*/
|
||||
$page->set_subheading("Page $page_number / $total_pages");
|
||||
|
|
@ -78,8 +79,8 @@ class Index extends Extension {
|
|||
$prev = $page_number - 1;
|
||||
$next = $page_number + 1;
|
||||
|
||||
$h_tags = html_escape(implode("%20", $search_terms));
|
||||
$query = empty($h_tags) ? null : "search=$h_tags";
|
||||
$u_tags = url_escape(implode(" ", $search_terms));
|
||||
$query = empty($u_tags) ? null : "search=$u_tags";
|
||||
|
||||
|
||||
$h_prev = ($page_number <= 1) ? "Prev" : "<a href='".make_link("index/$prev", $query)."'>Prev</a>";
|
||||
|
|
|
|||
|
|
@ -85,7 +85,7 @@ class TagEdit extends Extension {
|
|||
global $database;
|
||||
|
||||
if(isset($_GET['search'])) {
|
||||
$h_query = "search=".html_escape($_GET['search']);
|
||||
$h_query = "search=".url_escape($_GET['search']);
|
||||
}
|
||||
else {
|
||||
$h_query = "";
|
||||
|
|
|
|||
|
|
@ -329,8 +329,8 @@ class UserPage extends Extension {
|
|||
$h_image_rate = sprintf("%3.1f", ($i_image_count / $i_days_old2));
|
||||
$h_comment_rate = sprintf("%3.1f", ($i_comment_count / $i_days_old2));
|
||||
|
||||
$h_name = html_escape($duser->name);
|
||||
$images_link = make_link("index", "search=poster%3D$h_name");
|
||||
$u_name = url_escape($duser->name);
|
||||
$images_link = make_link("index", "search=poster%3D$u_name");
|
||||
|
||||
return "
|
||||
Join date: $h_join_date ($i_days_old days old)
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@ class ViewImage extends Extension {
|
|||
// $prev_img = $database->db->GetOne("SELECT id FROM images WHERE id > ? ORDER BY id ASC ", array($image_id));
|
||||
if(isset($_GET['search'])) {
|
||||
$search_terms = explode(' ', $_GET['search']);
|
||||
$query = "search=".html_escape($_GET['search']);
|
||||
$query = "search=".url_escape($_GET['search']);
|
||||
}
|
||||
else {
|
||||
$search_terms = array();
|
||||
|
|
|
|||
|
|
@ -12,6 +12,11 @@ function int_escape($input) {
|
|||
return (int)$input;
|
||||
}
|
||||
|
||||
function url_escape($input) {
|
||||
$input = rawurlencode($input);
|
||||
return $input;
|
||||
}
|
||||
|
||||
function sql_escape($input) {
|
||||
global $database;
|
||||
return $database->db->Quote($input);
|
||||
|
|
|
|||
|
|
@ -64,8 +64,7 @@ class TagList extends Extension {
|
|||
// }}}
|
||||
// misc {{{
|
||||
private function tag_link($tag) {
|
||||
$h_tag = html_escape($tag);
|
||||
return make_link("index", "search=$h_tag");
|
||||
return make_link("index", "search=".url_escape($tag));
|
||||
}
|
||||
// }}}
|
||||
// maps {{{
|
||||
|
|
@ -285,7 +284,7 @@ class TagList extends Extension {
|
|||
else {
|
||||
$tags = array_remove($tags, $tag);
|
||||
$tags = array_remove($tags, "-$tag");
|
||||
return "<a href='".make_link("index", "search=".html_escape(join('+', $tags)))."' title='Remove'>R</a>";
|
||||
return "<a href='".make_link("index", "search=".url_escape(join('+', $tags)))."' title='Remove'>R</a>";
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -296,7 +295,7 @@ class TagList extends Extension {
|
|||
else {
|
||||
$tags = array_remove($tags, "-$tag");
|
||||
$tags = array_add($tags, $tag);
|
||||
return "<a href='".make_link("index", "search=".html_escape(join('+', $tags)))."' title='Add'>A</a>";
|
||||
return "<a href='".make_link("index", "search=".url_escape(join('+', $tags)))."' title='Add'>A</a>";
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -307,7 +306,7 @@ class TagList extends Extension {
|
|||
else {
|
||||
$tags = array_remove($tags, $tag);
|
||||
$tags = array_add($tags, "-$tag");
|
||||
return "<a href='".make_link("index", "search=".html_escape(join('+', $tags)))."' title='Subtract'>S</a>";
|
||||
return "<a href='".make_link("index", "search=".url_escape(join('+', $tags)))."' title='Subtract'>S</a>";
|
||||
}
|
||||
}
|
||||
// }}}
|
||||
|
|
|
|||
Reference in a new issue