kiduc
/
bibiuc.com
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 59 Wiki Activity
Browse Source

Improve descriptions 

Use htmlspecialchars() for title tag and description tag generation.
pull/189/head
Danang Probo Sayekti 10 years ago
parent
a23bf9464a
commit
1793eea56b
2 changed files with 44 additions and 24 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +32
    -17
      system/admin/admin.php
  2. +12
    -7
      system/includes/functions.php

+ 32
- 17
system/admin/admin.php View File

@ -96,12 +96,13 @@ function edit_post($title, $tag, $url, $content, $oldfile, $destination = null,
$oldurl[0] = substr($oldurl[0], 0, strrpos($oldurl[0], '/')) . '/' . $olddate; $oldurl[0] = substr($oldurl[0], 0, strrpos($oldurl[0], '/')) . '/' . $olddate;
} }
$post_title = $title;
$post_title = safe_html($title);
$post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag)); $post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag));
$post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag); $post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag);
$post_tag = rtrim($post_tag, ','); $post_tag = rtrim($post_tag, ',');
$post_tagmd = rtrim($post_tagmd, ','); $post_tagmd = rtrim($post_tagmd, ',');
$post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url))); $post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url)));
$description = safe_html($description);
if ($description !== null) { if ($description !== null) {
$post_description = "\n<!--d " . $description . " d-->"; $post_description = "\n<!--d " . $description . " d-->";
} else { } else {
@ -213,13 +214,14 @@ function edit_image($title, $tag, $url, $content, $oldfile, $destination = null,
$oldurl[0] = substr($oldurl[0], 0, strrpos($oldurl[0], '/')) . '/' . $olddate; $oldurl[0] = substr($oldurl[0], 0, strrpos($oldurl[0], '/')) . '/' . $olddate;
} }
$post_title = $title;
$post_title = safe_html($title);
$post_image = preg_replace('/\s\s+/', ' ', strip_tags($image)); $post_image = preg_replace('/\s\s+/', ' ', strip_tags($image));
$post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag)); $post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag));
$post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag); $post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag);
$post_tag = rtrim($post_tag, ','); $post_tag = rtrim($post_tag, ',');
$post_tagmd = rtrim($post_tagmd, ','); $post_tagmd = rtrim($post_tagmd, ',');
$post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url))); $post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url)));
$description = safe_html($description);
if ($description !== null) { if ($description !== null) {
$post_description = "\n<!--d " . $description . " d-->"; $post_description = "\n<!--d " . $description . " d-->";
} else { } else {
@ -336,13 +338,14 @@ function edit_video($title, $tag, $url, $content, $oldfile, $destination = null,
$oldurl[0] = substr($oldurl[0], 0, strrpos($oldurl[0], '/')) . '/' . $olddate; $oldurl[0] = substr($oldurl[0], 0, strrpos($oldurl[0], '/')) . '/' . $olddate;
} }
$post_title = $title;
$post_title = safe_html($title);
$post_video = preg_replace('/\s\s+/', ' ', strip_tags($video)); $post_video = preg_replace('/\s\s+/', ' ', strip_tags($video));
$post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag)); $post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag));
$post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag); $post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag);
$post_tag = rtrim($post_tag, ','); $post_tag = rtrim($post_tag, ',');
$post_tagmd = rtrim($post_tagmd, ','); $post_tagmd = rtrim($post_tagmd, ',');
$post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url))); $post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url)));
$description = safe_html($description);
if ($description !== null) { if ($description !== null) {
$post_description = "\n<!--d " . $description . " d-->"; $post_description = "\n<!--d " . $description . " d-->";
} else { } else {
@ -459,13 +462,14 @@ function edit_link($title, $tag, $url, $content, $oldfile, $destination = null,
$oldurl[0] = substr($oldurl[0], 0, strrpos($oldurl[0], '/')) . '/' . $olddate; $oldurl[0] = substr($oldurl[0], 0, strrpos($oldurl[0], '/')) . '/' . $olddate;
} }
$post_title = $title;
$post_title = safe_html($title);
$post_link = preg_replace('/\s\s+/', ' ', strip_tags($link)); $post_link = preg_replace('/\s\s+/', ' ', strip_tags($link));
$post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag)); $post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag));
$post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag); $post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag);
$post_tag = rtrim($post_tag, ','); $post_tag = rtrim($post_tag, ',');
$post_tagmd = rtrim($post_tagmd, ','); $post_tagmd = rtrim($post_tagmd, ',');
$post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url))); $post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url)));
$description = safe_html($description);
if ($description !== null) { if ($description !== null) {
$post_description = "\n<!--d " . $description . " d-->"; $post_description = "\n<!--d " . $description . " d-->";
} else { } else {
@ -582,13 +586,14 @@ function edit_quote($title, $tag, $url, $content, $oldfile, $destination = null,
$oldurl[0] = substr($oldurl[0], 0, strrpos($oldurl[0], '/')) . '/' . $olddate; $oldurl[0] = substr($oldurl[0], 0, strrpos($oldurl[0], '/')) . '/' . $olddate;
} }
$post_title = $title;
$post_title = safe_html($title);
$post_quote = preg_replace('/\s\s+/', ' ', strip_tags($quote)); $post_quote = preg_replace('/\s\s+/', ' ', strip_tags($quote));
$post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag)); $post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag));
$post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag); $post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag);
$post_tag = rtrim($post_tag, ','); $post_tag = rtrim($post_tag, ',');
$post_tagmd = rtrim($post_tagmd, ','); $post_tagmd = rtrim($post_tagmd, ',');
$post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url))); $post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url)));
$description = safe_html($description);
if ($description !== null) { if ($description !== null) {
$post_description = "\n<!--d " . $description . " d-->"; $post_description = "\n<!--d " . $description . " d-->";
} else { } else {
@ -705,13 +710,14 @@ function edit_audio($title, $tag, $url, $content, $oldfile, $destination = null,
$oldurl[0] = substr($oldurl[0], 0, strrpos($oldurl[0], '/')) . '/' . $olddate; $oldurl[0] = substr($oldurl[0], 0, strrpos($oldurl[0], '/')) . '/' . $olddate;
} }
$post_title = $title;
$post_title = safe_html($title);
$post_audio = preg_replace('/\s\s+/', ' ', strip_tags($audio)); $post_audio = preg_replace('/\s\s+/', ' ', strip_tags($audio));
$post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag)); $post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag));
$post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag); $post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag);
$post_tag = rtrim($post_tag, ','); $post_tag = rtrim($post_tag, ',');
$post_tagmd = rtrim($post_tagmd, ','); $post_tagmd = rtrim($post_tagmd, ',');
$post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url))); $post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url)));
$description = safe_html($description);
if ($description !== null) { if ($description !== null) {
$post_description = "\n<!--d " . $description . " d-->"; $post_description = "\n<!--d " . $description . " d-->";
} else { } else {
@ -822,8 +828,9 @@ function edit_page($title, $url, $content, $oldfile, $destination = null, $descr
{ {
$dir = substr($oldfile, 0, strrpos($oldfile, '/')); $dir = substr($oldfile, 0, strrpos($oldfile, '/'));
$post_title = $title;
$post_title = safe_html($title);
$post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url))); $post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url)));
$description = safe_html($description);
if ($description !== null) { if ($description !== null) {
$post_description = "\n<!--d " . $description . " d-->"; $post_description = "\n<!--d " . $description . " d-->";
} else { } else {
@ -865,12 +872,13 @@ function add_post($title, $tag, $url, $content, $user, $description = null, $dra
{ {
$post_date = date('Y-m-d-H-i-s'); $post_date = date('Y-m-d-H-i-s');
$post_title = $title;
$post_title = safe_html($title);
$post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag)); $post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag));
$post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag); $post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag);
$post_tag = rtrim($post_tag, ','); $post_tag = rtrim($post_tag, ',');
$post_tagmd = rtrim($post_tagmd, ','); $post_tagmd = rtrim($post_tagmd, ',');
$post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url))); $post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url)));
$description = safe_html($description);
if ($description !== null) { if ($description !== null) {
$post_description = "\n<!--d " . $description . " d-->"; $post_description = "\n<!--d " . $description . " d-->";
} else { } else {
@ -924,13 +932,14 @@ function add_image($title, $tag, $url, $content, $user, $description = null, $im
{ {
$post_date = date('Y-m-d-H-i-s'); $post_date = date('Y-m-d-H-i-s');
$post_title = $title;
$post_title = safe_html($title);
$post_image = preg_replace('/\s\s+/', ' ', strip_tags($image)); $post_image = preg_replace('/\s\s+/', ' ', strip_tags($image));
$post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag)); $post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag));
$post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag); $post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag);
$post_tag = rtrim($post_tag, ','); $post_tag = rtrim($post_tag, ',');
$post_tagmd = rtrim($post_tagmd, ','); $post_tagmd = rtrim($post_tagmd, ',');
$post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url))); $post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url)));
$description = safe_html($description);
if ($description !== null) { if ($description !== null) {
$post_description = "\n<!--d " . $description . " d-->"; $post_description = "\n<!--d " . $description . " d-->";
} else { } else {
@ -989,13 +998,14 @@ function add_video($title, $tag, $url, $content, $user, $description = null, $vi
{ {
$post_date = date('Y-m-d-H-i-s'); $post_date = date('Y-m-d-H-i-s');
$post_title = $title;
$post_title = safe_html($title);
$post_video = preg_replace('/\s\s+/', ' ', strip_tags($video)); $post_video = preg_replace('/\s\s+/', ' ', strip_tags($video));
$post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag)); $post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag));
$post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag); $post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag);
$post_tag = rtrim($post_tag, ','); $post_tag = rtrim($post_tag, ',');
$post_tagmd = rtrim($post_tagmd, ','); $post_tagmd = rtrim($post_tagmd, ',');
$post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url))); $post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url)));
$description = safe_html($description);
if ($description !== null) { if ($description !== null) {
$post_description = "\n<!--d " . $description . " d-->"; $post_description = "\n<!--d " . $description . " d-->";
} else { } else {
@ -1054,13 +1064,14 @@ function add_audio($title, $tag, $url, $content, $user, $description = null, $au
{ {
$post_date = date('Y-m-d-H-i-s'); $post_date = date('Y-m-d-H-i-s');
$post_title = $title;
$post_title = safe_html($title);
$post_audio = preg_replace('/\s\s+/', ' ', strip_tags($audio)); $post_audio = preg_replace('/\s\s+/', ' ', strip_tags($audio));
$post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag)); $post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag));
$post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag); $post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag);
$post_tag = rtrim($post_tag, ','); $post_tag = rtrim($post_tag, ',');
$post_tagmd = rtrim($post_tagmd, ','); $post_tagmd = rtrim($post_tagmd, ',');
$post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url))); $post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url)));
$description = safe_html($description);
if ($description !== null) { if ($description !== null) {
$post_description = "\n<!--d " . $description . " d-->"; $post_description = "\n<!--d " . $description . " d-->";
} else { } else {
@ -1119,13 +1130,14 @@ function add_link($title, $tag, $url, $content, $user, $description = null, $lin
{ {
$post_date = date('Y-m-d-H-i-s'); $post_date = date('Y-m-d-H-i-s');
$post_title = $title;
$post_title = safe_html($title);
$post_link = preg_replace('/\s\s+/', ' ', strip_tags($link)); $post_link = preg_replace('/\s\s+/', ' ', strip_tags($link));
$post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag)); $post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag));
$post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag); $post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag);
$post_tag = rtrim($post_tag, ','); $post_tag = rtrim($post_tag, ',');
$post_tagmd = rtrim($post_tagmd, ','); $post_tagmd = rtrim($post_tagmd, ',');
$post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url))); $post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url)));
$description = safe_html($description);
if ($description !== null) { if ($description !== null) {
$post_description = "\n<!--d " . $description . " d-->"; $post_description = "\n<!--d " . $description . " d-->";
} else { } else {
@ -1184,13 +1196,14 @@ function add_quote($title, $tag, $url, $content, $user, $description = null, $qu
{ {
$post_date = date('Y-m-d-H-i-s'); $post_date = date('Y-m-d-H-i-s');
$post_title = $title;
$post_title = safe_html($title);
$post_quote = preg_replace('/\s\s+/', ' ', strip_tags($quote)); $post_quote = preg_replace('/\s\s+/', ' ', strip_tags($quote));
$post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag)); $post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tag));
$post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag); $post_tagmd = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), $tag);
$post_tag = rtrim($post_tag, ','); $post_tag = rtrim($post_tag, ',');
$post_tagmd = rtrim($post_tagmd, ','); $post_tagmd = rtrim($post_tagmd, ',');
$post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url))); $post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url)));
$description = safe_html($description);
if ($description !== null) { if ($description !== null) {
$post_description = "\n<!--d " . $description . " d-->"; $post_description = "\n<!--d " . $description . " d-->";
} else { } else {
@ -1248,8 +1261,9 @@ function add_quote($title, $tag, $url, $content, $user, $description = null, $qu
function add_page($title, $url, $content, $description = null) function add_page($title, $url, $content, $description = null)
{ {
$post_title = $title;
$post_title = safe_html($title);
$post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url))); $post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url)));
$description = safe_html($description);
if ($description !== null) { if ($description !== null) {
$post_description = "\n<!--d " . $description . " d-->"; $post_description = "\n<!--d " . $description . " d-->";
} else { } else {
@ -1281,8 +1295,9 @@ function add_page($title, $url, $content, $description = null)
function add_sub_page($title, $url, $content, $static, $description = null) function add_sub_page($title, $url, $content, $static, $description = null)
{ {
$post_title = $title;
$post_title = safe_html($title);
$post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url))); $post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url)));
$description = safe_html($description);
if ($description !== null) { if ($description !== null) {
$post_description = "\n<!--d " . $description . " d-->"; $post_description = "\n<!--d " . $description . " d-->";
} else { } else {
@ -1369,7 +1384,7 @@ function delete_page($file, $destination)
// Edit user profile // Edit user profile
function edit_profile($title, $content, $user) function edit_profile($title, $content, $user)
{ {
$user_title = $title;
$user_title = safe_html($title);
$user_content = '<!--t ' . $user_title . ' t-->' . "\n\n" . $content; $user_content = '<!--t ' . $user_title . ' t-->' . "\n\n" . $content;
if (!empty($user_title) && !empty($user_content)) { if (!empty($user_title) && !empty($user_content)) {
@ -1394,7 +1409,7 @@ function edit_profile($title, $content, $user)
function migrate($title, $time, $tags, $content, $url, $user, $source) function migrate($title, $time, $tags, $content, $url, $user, $source)
{ {
$post_date = date('Y-m-d-H-i-s', $time); $post_date = date('Y-m-d-H-i-s', $time);
$post_title = $title;
$post_title = safe_html($title);
$post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tags)); $post_tag = preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($tags));
$post_tag = rtrim($post_tag, ','); $post_tag = rtrim($post_tag, ',');
$post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url))); $post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url)));


+ 12
- 7
system/includes/functions.php View File

@ -1017,14 +1017,9 @@ function get_description($string, $char = null)
} }
} }
if (strlen(strip_tags($string)) < $char) { if (strlen(strip_tags($string)) < $char) {
$string = preg_replace('/[^A-Za-z0-9 !@#$%^&*(),.-]/u', ' ', strip_tags($string));
$string = preg_replace('/\s\s+/', ' ', $string);
$string = ltrim(rtrim($string));
return $string;
return safe_html($string);
} else { } else {
$string = preg_replace('/[^A-Za-z0-9 !@#$%^&*(),.-]/u', ' ', strip_tags($string));
$string = preg_replace('/\s\s+/', ' ', $string);
$string = ltrim(rtrim($string));
$string = safe_html($string);
$string = substr($string, 0, $char); $string = substr($string, 0, $char);
$string = substr($string, 0, strrpos($string, ' ')); $string = substr($string, 0, strrpos($string, ' '));
return $string; return $string;
@ -2189,4 +2184,14 @@ function tag_i18n($tag)
return $tags[$tag]; return $tags[$tag];
} }
return $tag; return $tag;
}
// return html safe string
function safe_html($string)
{
$string = htmlspecialchars($string, ENT_QUOTES);
$string = preg_replace('/\r\n|\r|\n/', ' ', $string);
$string = preg_replace('/\s\s+/', ' ', $string);
$string = ltrim(rtrim($string));
return $string;
} }

Write Preview
Loading…
Cancel
Save