escape the installation name; html code was broken when one had quotes in the name

git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@750 b3834d28-1941-0410-a4f8-b48e95affb8f
This commit is contained in:
cweiske 2010-09-26 22:06:31 +00:00
parent fbf28d0753
commit 8b45ba9e75
3 changed files with 37 additions and 14 deletions

View file

@ -215,7 +215,10 @@ if ($currenttag!= '') {
$brss = ''; $brss = '';
$size = count($rsschannels); $size = count($rsschannels);
for ($i = 0; $i < $size; $i++) { for ($i = 0; $i < $size; $i++) {
$brss = '<a style="background:#FFFFFF" href="'. $rsschannels[$i][1] .'" title="'. $rsschannels[$i][0] .'"><img src="'. ROOT .'images/rss.gif" width="16" height="16" alt="'. $rsschannels[$i][0] .'" /></a>'; $brss = '<a style="background:#FFFFFF" href="'. htmlspecialchars($rsschannels[$i][1]) . '"'
. ' title="' . htmlspecialchars($rsschannels[$i][0]) . '">'
. '<img src="' . ROOT . 'images/rss.gif" width="16" height="16" alt="' . htmlspecialchars($rsschannels[$i][0]) .'"/>'
. '</a>';
} }
$pagesBanner = '<p class="paging">'. $bfirst .'<span> / </span>'. $bprev .'<span> / </span>'. $bnext .'<span> / </span>'. $blast .'<span> / </span>'. sprintf(T_('Page %d of %d'), $page, $totalpages) ." ". $brss ." </p>\n"; $pagesBanner = '<p class="paging">'. $bfirst .'<span> / </span>'. $bprev .'<span> / </span>'. $bnext .'<span> / </span>'. $blast .'<span> / </span>'. sprintf(T_('Page %d of %d'), $page, $totalpages) ." ". $brss ." </p>\n";

View file

@ -1,13 +1,26 @@
<?php <?php
/**
* Show a list of the last searches.
*
* SemanticScuttle - your social bookmark manager.
*
* PHP version 5.
*
* @category Bookmarking
* @package SemanticScuttle
* @subcategory Templates
* @author Benjamin Huynh-Kim-Bang <mensonge@users.sourceforge.net>
* @author Christian Weiske <cweiske@cweiske.de>
* @author Eric Dane <ericdane@users.sourceforge.net>
* @license GPL http://www.gnu.org/licenses/gpl.html
* @link http://sourceforge.net/projects/semanticscuttle
*/
/* Service creation: only useful services are created */ /* Service creation: only useful services are created */
$searchhistoryservice = SemanticScuttle_Service_Factory::get('SearchHistory'); $searchhistoryservice = SemanticScuttle_Service_Factory::get('SearchHistory');
$logged_on_userid = $userservice->getCurrentUserId(); $lastSearches = $searchhistoryservice->getAllSearches(
if ($logged_on_userid === false) { 'all', NULL, 3, NULL, true, false
$logged_on_userid = NULL; );
}
$lastSearches = $searchhistoryservice->getAllSearches('all', NULL, 3, NULL, true, false);
if ($lastSearches && count($lastSearches) > 0) { if ($lastSearches && count($lastSearches) > 0) {
?> ?>
@ -18,11 +31,15 @@ if ($lastSearches && count($lastSearches) > 0) {
<?php <?php
foreach ($lastSearches as $row) { foreach ($lastSearches as $row) {
echo '<tr><td>'; echo '<tr><td>';
echo '<a href="'.createURL('search', $range.'/'.$row['shTerms']).'">'; echo '<a href="'
. htmlspecialchars(createURL('search', $range.'/'.$row['shTerms']))
. '">';
echo $row['shTerms']; echo $row['shTerms'];
echo '</a>'; echo '</a>';
echo ' <span title="'.T_('Number of bookmarks for this query').'">('.$row['shNbResults'].')</span>'; echo ' <span title="'
echo '</td></tr>'; . T_('Number of bookmarks for this query')
. '">(' . $row['shNbResults'] . ')</span>';
echo '</td></tr>' . "\n";
} }
//echo '<tr><td><a href="'.createURL('users').'">...</a></td></tr>'; //echo '<tr><td><a href="'.createURL('users').'">...</a></td></tr>';
?> ?>

View file

@ -5,15 +5,18 @@
<title><?php echo filter($GLOBALS['sitename'] .(isset($pagetitle) ? ' » ' . $pagetitle : '')); ?></title> <title><?php echo filter($GLOBALS['sitename'] .(isset($pagetitle) ? ' » ' . $pagetitle : '')); ?></title>
<link rel="icon" type="image/png" href="<?php echo ROOT ?>icon.png" /> <link rel="icon" type="image/png" href="<?php echo ROOT ?>icon.png" />
<link rel="stylesheet" type="text/css" href="<?php echo ROOT ?>scuttle.css" /> <link rel="stylesheet" type="text/css" href="<?php echo ROOT ?>scuttle.css" />
<link rel="search" type="application/opensearchdescription+xml" href="<?php echo ROOT ?>api/opensearch.php" title="<?php echo $GLOBALS['sitename'] ?>"/> <link rel="search" type="application/opensearchdescription+xml" href="<?php echo ROOT ?>api/opensearch.php" title="<?php echo htmlspecialchars($GLOBALS['sitename']) ?>"/>
<?php <?php
if (isset($rsschannels)) { if (isset($rsschannels)) {
$size = count($rsschannels); $size = count($rsschannels);
for ($i = 0; $i < $size; $i++) { for ($i = 0; $i < $size; $i++) {
echo ' <link rel="alternate" type="application/rss+xml" title="'. $rsschannels[$i][0] .'" href="'. $rsschannels[$i][1] .'" />'; echo ' <link rel="alternate" type="application/rss+xml" title="'
. htmlspecialchars($rsschannels[$i][0]) . '"'
. ' href="'. $rsschannels[$i][1] .'" />';
} }
} }
?> ?>
<link rel="stylesheet" type="text/css" <link rel="stylesheet" type="text/css"
href="http://ajax.googleapis.com/ajax/libs/dojo/1.2/dijit/themes/nihilo/nihilo.css" /> href="http://ajax.googleapis.com/ajax/libs/dojo/1.2/dijit/themes/nihilo/nihilo.css" />