Changeset 763 for trunk/lib/Utilities.inc.php

Timestamp:

Feb 24, 2022 10:05:48 PM (2 years ago)

Author:

anonymous

Message:

Include boomerang in hidden input on login form so the user will be redirected if the revisit the login form after session is garbage collected. Add escape values used in html attributes.

File:

• trunk/lib/Utilities.inc.php (modified) (2 diffs)

trunk/lib/Utilities.inc.php

@@ -319 +319 @@
             // Remove http schemas, and any single trailing / to make the display URL.
             $display_url = preg_replace(['!^https?://!u', '!^([^/]+)/$!u'], ['', '$1'], $url);
-            return sprintf('<a href="%s">%s</a>', oTxt($absolute_url), $display_url);
+            return sprintf('<a href="%s">%s</a>', oTxt($absolute_url), oTxt($display_url));
         } else {
             // Truncated URL.
             // Remove http schemas, and any single trailing / to make the display URL.
             $display_url = preg_replace(['!^https?://!u', '!^([^/]+)/$!u'], ['', '$1'], trim($truncated_url));
-            return sprintf('<a href="%s">%s%s</a>', oTxt($absolute_url), $display_url, $delim);
+            return sprintf('<a href="%s">%s%s</a>', oTxt($absolute_url), oTxt($display_url), $delim);
         }
     }, $text);
@@ -349 +349 @@
         if ('' != trim($w)) {
             $search[] = '/\b(' . preg_quote($w) . ')\b/i' . $app->getParam('preg_u');
-            $replace[] = '<span class="' . $class . '">$1</span>';
+            $replace[] = '<span class="' . oTxt($class) . '">$1</span>';
         }
     }