Escape before sending user input

2015-06-03 22:10:38 +02:00 · 2015-06-03 22:10:38 +02:00 · ffba49cc49
commit ffba49cc49
parent e94573480d
1 changed files with 15 additions and 9 deletions
--- a/php/modules/misc.php
+++ b/php/modules/misc.php
@ -89,21 +89,27 @@ function getGraphHeader($database, $photoID) {
 	$url		= $parseUrl['scheme'] . '://' . $parseUrl['host'] . $parseUrl['path'] . '?' . $parseUrl['query'];
 	$picture	= $parseUrl['scheme'] . '://' . $parseUrl['host'] . $parseUrl['path'] . '/../uploads/' . $dir . '/' . $row->url;
 	$url		= htmlentities($url);
 	$picture	= htmlentities($picture);
 	$row->title			= htmlentities($row->title);
 	$row->description	= htmlentities($row->description);
 	$return = '<!-- General Meta Data -->';
-	$return .= '<meta name="title" content="'.$row->title.'">';
+	$return .= '<meta name="title" content="' . $row->title . '">';
-	$return .= '<meta name="description" content="'.$row->description.' - via Lychee">';
+	$return .= '<meta name="description" content="' . $row->description . ' - via Lychee">';
-	$return .= '<link rel="image_src" type="image/jpeg" href="'.$picture.'">';
+	$return .= '<link rel="image_src" type="image/jpeg" href="' . $picture . '">';
 	$return .= '<!-- Twitter Meta Data -->';
 	$return .= '<meta name="twitter:card" content="photo">';
-	$return .= '<meta name="twitter:title" content="'.$row->title.'">';
+	$return .= '<meta name="twitter:title" content="' . $row->title . '">';
-	$return .= '<meta name="twitter:image:src" content="'.$picture.'">';
+	$return .= '<meta name="twitter:image:src" content="' . $picture . '">';
 	$return .= '<!-- Facebook Meta Data -->';
-	$return .= '<meta property="og:title" content="'.$row->title.'">';
+	$return .= '<meta property="og:title" content="' . $row->title . '">';
-	$return .= '<meta property="og:image" content="'.$picture.'">';
+	$return .= '<meta property="og:description" content="' . $row->description . ' - via Lychee">';
-	$return .= '<meta property="og:description" content="'.$row->description.' - via Lychee">';
+	$return .= '<meta property="og:image" content="' . $picture . '">';
-	$return .= '<meta property="og:url" content="'.$url.'">';
+	$return .= '<meta property="og:url" content="' . $url . '">';
 	return $return;