template escapes
This commit is contained in:
parent
d6d24f3b6a
commit
63277b57fc
|
@ -485,7 +485,7 @@ function conversation(&$a, $items, $mode, $update) {
|
||||||
|
|
||||||
|
|
||||||
$tmp_item = replace_macros($template,array(
|
$tmp_item = replace_macros($template,array(
|
||||||
'$body' => $body,
|
'$body' => template_escape($body),
|
||||||
'$id' => $item['item_id'],
|
'$id' => $item['item_id'],
|
||||||
'$linktitle' => sprintf( t('View %s\'s profile @ %s'), $profile_name, ((strlen($item['author-link'])) ? $item['author-link'] : $item['url'])),
|
'$linktitle' => sprintf( t('View %s\'s profile @ %s'), $profile_name, ((strlen($item['author-link'])) ? $item['author-link'] : $item['url'])),
|
||||||
'$olinktitle' => sprintf( t('View %s\'s profile @ %s'), $profile_name, ((strlen($item['owner-link'])) ? $item['owner-link'] : $item['url'])),
|
'$olinktitle' => sprintf( t('View %s\'s profile @ %s'), $profile_name, ((strlen($item['owner-link'])) ? $item['owner-link'] : $item['url'])),
|
||||||
|
@ -494,18 +494,18 @@ function conversation(&$a, $items, $mode, $update) {
|
||||||
'$vwall' => t('via Wall-To-Wall:'),
|
'$vwall' => t('via Wall-To-Wall:'),
|
||||||
'$profile_url' => $profile_link,
|
'$profile_url' => $profile_link,
|
||||||
'$item_photo_menu' => item_photo_menu($item),
|
'$item_photo_menu' => item_photo_menu($item),
|
||||||
'$name' => $profile_name,
|
'$name' => template_escape($profile_name),
|
||||||
'$thumb' => $profile_avatar,
|
'$thumb' => $profile_avatar,
|
||||||
'$osparkle' => $osparkle,
|
'$osparkle' => $osparkle,
|
||||||
'$sparkle' => $sparkle,
|
'$sparkle' => $sparkle,
|
||||||
'$title' => $item['title'],
|
'$title' => template_escape($item['title']),
|
||||||
'$ago' => ((($item['app']) && ($item['id'] == $item['parent'])) ? sprintf( t('%s from %s'),relative_date($item['created']),$item['app']) : relative_date($item['created'])),
|
'$ago' => ((($item['app']) && ($item['id'] == $item['parent'])) ? sprintf( t('%s from %s'),relative_date($item['created']),$item['app']) : relative_date($item['created'])),
|
||||||
'$lock' => $lock,
|
'$lock' => $lock,
|
||||||
'$location' => $location,
|
'$location' => template_escape($location),
|
||||||
'$indent' => $indent,
|
'$indent' => $indent,
|
||||||
'$owner_url' => $owner_url,
|
'$owner_url' => $owner_url,
|
||||||
'$owner_photo' => $owner_photo,
|
'$owner_photo' => $owner_photo,
|
||||||
'$owner_name' => $owner_name,
|
'$owner_name' => template_escape($owner_name),
|
||||||
'$plink' => get_plink($item),
|
'$plink' => get_plink($item),
|
||||||
'$edpost' => $edpost,
|
'$edpost' => $edpost,
|
||||||
'$star' => $star,
|
'$star' => $star,
|
||||||
|
|
|
@ -196,8 +196,26 @@
|
||||||
$os=$s; $count++;
|
$os=$s; $count++;
|
||||||
$s = str_replace($this->search,$this->replace, $s);
|
$s = str_replace($this->search,$this->replace, $s);
|
||||||
}
|
}
|
||||||
return $s;
|
return template_unescape($s);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$t = new Template;
|
$t = new Template;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
function template_escape($s) {
|
||||||
|
|
||||||
|
return str_replace(array('$','{{'),array('!_Doll^Ars1Az_!','!_DoubLe^BraceS4Rw_!'),$s);
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
function template_unescape($s) {
|
||||||
|
|
||||||
|
return str_replace(array('!_Doll^Ars1Az_!','!_DoubLe^BraceS4Rw_!'),array('$','{{'),$s);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
|
@ -159,10 +159,10 @@ function message_content(&$a) {
|
||||||
'$from_url' => $a->get_baseurl() . '/redir/' . $rr['contact-id'],
|
'$from_url' => $a->get_baseurl() . '/redir/' . $rr['contact-id'],
|
||||||
'$sparkle' => ' sparkle',
|
'$sparkle' => ' sparkle',
|
||||||
'$from_photo' => $rr['thumb'],
|
'$from_photo' => $rr['thumb'],
|
||||||
'$subject' => (($rr['mailseen']) ? $rr['title'] : '<strong>' . $rr['title'] . '</strong>'),
|
'$subject' => template_escape((($rr['mailseen']) ? $rr['title'] : '<strong>' . $rr['title'] . '</strong>')),
|
||||||
'$delete' => t('Delete conversation'),
|
'$delete' => t('Delete conversation'),
|
||||||
'$body' => $rr['body'],
|
'$body' => template_escape($rr['body']),
|
||||||
'$to_name' => $rr['name'],
|
'$to_name' => template_escape($rr['name']),
|
||||||
'$date' => datetime_convert('UTC',date_default_timezone_get(),$rr['mailcreated'], t('D, d M Y - g:i A'))
|
'$date' => datetime_convert('UTC',date_default_timezone_get(),$rr['mailcreated'], t('D, d M Y - g:i A'))
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
@ -221,14 +221,14 @@ function message_content(&$a) {
|
||||||
}
|
}
|
||||||
$o .= replace_macros($tpl, array(
|
$o .= replace_macros($tpl, array(
|
||||||
'$id' => $message['id'],
|
'$id' => $message['id'],
|
||||||
'$from_name' =>$message['from-name'],
|
'$from_name' => template_escape($message['from-name']),
|
||||||
'$from_url' => $from_url,
|
'$from_url' => $from_url,
|
||||||
'$sparkle' => $sparkle,
|
'$sparkle' => $sparkle,
|
||||||
'$from_photo' => $message['from-photo'],
|
'$from_photo' => $message['from-photo'],
|
||||||
'$subject' => $message['title'],
|
'$subject' => template_escape($message['title']),
|
||||||
'$body' => smilies(bbcode($message['body'])),
|
'$body' => template_escape(smilies(bbcode($message['body']))),
|
||||||
'$delete' => t('Delete message'),
|
'$delete' => t('Delete message'),
|
||||||
'$to_name' => $message['name'],
|
'$to_name' => template_escape($message['name']),
|
||||||
'$date' => datetime_convert('UTC',date_default_timezone_get(),$message['created'],'D, d M Y - g:i A')
|
'$date' => datetime_convert('UTC',date_default_timezone_get(),$message['created'],'D, d M Y - g:i A')
|
||||||
));
|
));
|
||||||
|
|
||||||
|
@ -240,7 +240,7 @@ function message_content(&$a) {
|
||||||
'$header' => t('Send Reply'),
|
'$header' => t('Send Reply'),
|
||||||
'$to' => t('To:'),
|
'$to' => t('To:'),
|
||||||
'$subject' => t('Subject:'),
|
'$subject' => t('Subject:'),
|
||||||
'$subjtxt' => $message['title'],
|
'$subjtxt' => template_escape($message['title']),
|
||||||
'$readonly' => ' readonly="readonly" style="background: #BBBBBB;" ',
|
'$readonly' => ' readonly="readonly" style="background: #BBBBBB;" ',
|
||||||
'$yourmessage' => t('Your message:'),
|
'$yourmessage' => t('Your message:'),
|
||||||
'$select' => $select,
|
'$select' => $select,
|
||||||
|
|
Loading…
Reference in New Issue
Block a user