yolinlin/aowow
1
0
Fork 0
mirror of https://github.com/Sarjuuk/aowow.git synced 2025-11-29 15:58:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Search/Forms (#383)

Browse Source 
* do not prefil search form with unchecked user input
 * thx @Endalaust
This commit is contained in:
Sarjuuk
2023-04-13 15:18:23 +02:00
parent 9f1cbc0233
commit 2c142c506c
5 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
includes/types/quest.class.php
View File

@@ -313,7 +313,7 @@ class QuestList extends BaseType
if (!$this->curTpl) if (!$this->curTpl)
return null; return null;
$title = htmlentities($this->getField('name', true)); $title = Util::htmlEscape($this->getField('name', true));
$level = $this->curTpl['level']; $level = $this->curTpl['level'];
if ($level < 0) if ($level < 0)
$level = 0; $level = 0;

2
includes/utilities.php
View File

@@ -786,7 +786,7 @@ abstract class Util
return $data; return $data;
} }
return htmlspecialchars($data, ENT_QUOTES, 'utf-8'); return htmlspecialchars($data, ENT_QUOTES | ENT_DISALLOWED | ENT_HTML5, 'utf-8');
} }
public static function jsEscape($data) public static function jsEscape($data)

2
pages/search.php
View File

@@ -198,7 +198,7 @@ class SearchPage extends GenericPage
protected function generateTitle() protected function generateTitle()
{ {
array_unshift($this->title, $this->search, Lang::main('search')); array_unshift($this->title, Util::htmlEscape($this->search), Lang::main('search'));
} }
protected function generatePath() { } protected function generatePath() { }

2
template/bricks/head.tpl.php
View File

@@ -1,4 +1,4 @@
<title><?=htmlentities(implode(' - ', $this->title)); ?></title> <title><?=Util::htmlEscape(implode(' - ', $this->title)); ?></title>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8"> <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
<link rel="SHORTCUT ICON" href="<?=STATIC_URL; ?>/images/logos/favicon.ico" /> <link rel="SHORTCUT ICON" href="<?=STATIC_URL; ?>/images/logos/favicon.ico" />

4
template/bricks/header.tpl.php
View File

@@ -19,14 +19,14 @@
<div class="header" id="header"> <div class="header" id="header">
<div id="header-logo"> <div id="header-logo">
<a class="header-logo" href="."></a> <a class="header-logo" href="."></a>
<h1><?=htmlentities($this->name); ?></h1> <h1><?=Util::htmlEscape($this->name); ?></h1>
</div> </div>
</div> </div>
<div id="wrapper" class="wrapper"> <div id="wrapper" class="wrapper">
<div class="toplinks linklist"><?php $this->brick('headerMenu'); ?></div> <div class="toplinks linklist"><?php $this->brick('headerMenu'); ?></div>
<div class="toptabs" id="toptabs"></div> <div class="toptabs" id="toptabs"></div>
<div class="topbar" id="topbar"> <div class="topbar" id="topbar">
<div class="topbar-search"><form action="."><a href="javascript:;"></a><input name="search" size="35" id="livesearch-generic" value="<?=(isset($this->search) ? $this->search : ''); ?>" /></form></div> <div class="topbar-search"><form action="."><a href="javascript:;"></a><input name="search" size="35" id="livesearch-generic" value="<?=Util::htmlEscape($this->search ?? ''); ?>" /></form></div>
<div class="topbar-browse" id="topbar-browse"></div> <div class="topbar-browse" id="topbar-browse"></div>
<div class="topbar-buttons" id="topbar-buttons"></div> <div class="topbar-buttons" id="topbar-buttons"></div>
</div> </div>