arno/lychee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Escape before sending user input

Browse Source
This commit is contained in:
Tobias Reich 2015-06-03 22:10:38 +02:00
parent e94573480d
commit ffba49cc49
1 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
php/modules/misc.php
View File

@ -89,6 +89,12 @@ function getGraphHeader($database, $photoID) {
$url = $parseUrl['scheme'] . '://' . $parseUrl['host'] . $parseUrl['path'] . '?' . $parseUrl['query']; $url = $parseUrl['scheme'] . '://' . $parseUrl['host'] . $parseUrl['path'] . '?' . $parseUrl['query'];
$picture = $parseUrl['scheme'] . '://' . $parseUrl['host'] . $parseUrl['path'] . '/../uploads/' . $dir . '/' . $row->url; $picture = $parseUrl['scheme'] . '://' . $parseUrl['host'] . $parseUrl['path'] . '/../uploads/' . $dir . '/' . $row->url;
$url = htmlentities($url);
$picture = htmlentities($picture);
$row->title = htmlentities($row->title);
$row->description = htmlentities($row->description);
$return = '<!-- General Meta Data -->'; $return = '<!-- General Meta Data -->';
$return .= '<meta name="title" content="' . $row->title . '">'; $return .= '<meta name="title" content="' . $row->title . '">';
$return .= '<meta name="description" content="' . $row->description . ' - via Lychee">'; $return .= '<meta name="description" content="' . $row->description . ' - via Lychee">';
@ -101,8 +107,8 @@ function getGraphHeader($database, $photoID) {
$return .= '<!-- Facebook Meta Data -->'; $return .= '<!-- Facebook Meta Data -->';
$return .= '<meta property="og:title" content="' . $row->title . '">'; $return .= '<meta property="og:title" content="' . $row->title . '">';
$return .= '<meta property="og:image" content="'.$picture.'">';
$return .= '<meta property="og:description" content="' . $row->description . ' - via Lychee">'; $return .= '<meta property="og:description" content="' . $row->description . ' - via Lychee">';
$return .= '<meta property="og:image" content="' . $picture . '">';
$return .= '<meta property="og:url" content="' . $url . '">'; $return .= '<meta property="og:url" content="' . $url . '">';
return $return; return $return;