james/fembooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Sometimes URL escaping is more appropriate than HTML escaping

Browse Source 
git-svn-id: file:///home/shish/svn/shimmie2/trunk@126 7f39781d-f577-437e-ae19-be835c7a54ca
This commit is contained in:
shish 2007-05-23 03:44:15 +00:00
parent e188a49c58
commit e6668f53d7
6 changed files with 18 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
core/ext/index.ext.php
View File

@ -14,7 +14,7 @@ class Index extends Extension {
if(isset($_GET['search'])) { if(isset($_GET['search'])) {
$search_terms = explode(' ', $_GET['search']); $search_terms = explode(' ', $_GET['search']);
$query = "search=".html_escape($_GET['search']); $query = "search=".url_escape($_GET['search']);
} }
else { else {
$query = null; $query = null;
@ -36,8 +36,9 @@ class Index extends Extension {
/* /*
$page_title = ""; $page_title = "";
foreach($search_terms as $term) { foreach($search_terms as $term) {
$u_term = url_escape($term);
$h_term = html_escape($term); $h_term = html_escape($term);
$page_title .= "<a href='".make_link("post/list", "search=$h_term")."'>$h_term</a>"; $page_title .= "<a href='".make_link("post/list", "search=$u_term")."'>$h_term</a>";
} }
*/ */
$page->set_subheading("Page $page_number / $total_pages"); $page->set_subheading("Page $page_number / $total_pages");
@ -78,8 +79,8 @@ class Index extends Extension {
$prev = $page_number - 1; $prev = $page_number - 1;
$next = $page_number + 1; $next = $page_number + 1;
$h_tags = html_escape(implode("%20", $search_terms)); $u_tags = url_escape(implode(" ", $search_terms));
$query = empty($h_tags) ? null : "search=$h_tags"; $query = empty($u_tags) ? null : "search=$u_tags";
$h_prev = ($page_number <= 1) ? "Prev" : "<a href='".make_link("index/$prev", $query)."'>Prev</a>"; $h_prev = ($page_number <= 1) ? "Prev" : "<a href='".make_link("index/$prev", $query)."'>Prev</a>";

2
core/ext/tag_edit.ext.php
View File

@ -85,7 +85,7 @@ class TagEdit extends Extension {
global $database; global $database;
if(isset($_GET['search'])) { if(isset($_GET['search'])) {
$h_query = "search=".html_escape($_GET['search']); $h_query = "search=".url_escape($_GET['search']);
} }
else { else {
$h_query = ""; $h_query = "";

4
core/ext/user.ext.php
View File

@ -329,8 +329,8 @@ class UserPage extends Extension {
$h_image_rate = sprintf("%3.1f", ($i_image_count / $i_days_old2)); $h_image_rate = sprintf("%3.1f", ($i_image_count / $i_days_old2));
$h_comment_rate = sprintf("%3.1f", ($i_comment_count / $i_days_old2)); $h_comment_rate = sprintf("%3.1f", ($i_comment_count / $i_days_old2));
$h_name = html_escape($duser->name); $u_name = url_escape($duser->name);
$images_link = make_link("index", "search=poster%3D$h_name"); $images_link = make_link("index", "search=poster%3D$u_name");
return " return "
Join date: $h_join_date ($i_days_old days old) Join date: $h_join_date ($i_days_old days old)

2
core/ext/view.ext.php
View File

@ -61,7 +61,7 @@ class ViewImage extends Extension {
// $prev_img = $database->db->GetOne("SELECT id FROM images WHERE id > ? ORDER BY id ASC ", array($image_id)); // $prev_img = $database->db->GetOne("SELECT id FROM images WHERE id > ? ORDER BY id ASC ", array($image_id));
if(isset($_GET['search'])) { if(isset($_GET['search'])) {
$search_terms = explode(' ', $_GET['search']); $search_terms = explode(' ', $_GET['search']);
$query = "search=".html_escape($_GET['search']); $query = "search=".url_escape($_GET['search']);
} }
else { else {
$search_terms = array(); $search_terms = array();

5
core/util.inc.php
View File

@ -12,6 +12,11 @@ function int_escape($input) {
return (int)$input; return (int)$input;
} }
function url_escape($input) {
$input = rawurlencode($input);
return $input;
}
function sql_escape($input) { function sql_escape($input) {
global $database; global $database;
return $database->db->Quote($input); return $database->db->Quote($input);

9
ext/tag_list/main.php
View File

@ -64,8 +64,7 @@ class TagList extends Extension {
// }}} // }}}
// misc {{{ // misc {{{
private function tag_link($tag) { private function tag_link($tag) {
$h_tag = html_escape($tag); return make_link("index", "search=".url_escape($tag));
return make_link("index", "search=$h_tag");
} }
// }}} // }}}
// maps {{{ // maps {{{
@ -285,7 +284,7 @@ class TagList extends Extension {
else { else {
$tags = array_remove($tags, $tag); $tags = array_remove($tags, $tag);
$tags = array_remove($tags, "-$tag"); $tags = array_remove($tags, "-$tag");
return "<a href='".make_link("index", "search=".html_escape(join('+', $tags)))."' title='Remove'>R</a>"; return "<a href='".make_link("index", "search=".url_escape(join('+', $tags)))."' title='Remove'>R</a>";
} }
} }
@ -296,7 +295,7 @@ class TagList extends Extension {
else { else {
$tags = array_remove($tags, "-$tag"); $tags = array_remove($tags, "-$tag");
$tags = array_add($tags, $tag); $tags = array_add($tags, $tag);
return "<a href='".make_link("index", "search=".html_escape(join('+', $tags)))."' title='Add'>A</a>"; return "<a href='".make_link("index", "search=".url_escape(join('+', $tags)))."' title='Add'>A</a>";
} }
} }
@ -307,7 +306,7 @@ class TagList extends Extension {
else { else {
$tags = array_remove($tags, $tag); $tags = array_remove($tags, $tag);
$tags = array_add($tags, "-$tag"); $tags = array_add($tags, "-$tag");
return "<a href='".make_link("index", "search=".html_escape(join('+', $tags)))."' title='Subtract'>S</a>"; return "<a href='".make_link("index", "search=".url_escape(join('+', $tags)))."' title='Subtract'>S</a>";
} }
} }
// }}} // }}}