Commit 08100f68 authored by Côme Bernigaud's avatar Côme Bernigaud Committed by Benoit Mortier
Browse files

Fixes #3369 escaping html entities in img srcs

parent 8c730365
......@@ -5,16 +5,16 @@
<form action="main.php{$plug}" name="mainform" id="mainform" method="post" enctype="multipart/form-data">
<div class="setup_header">
<div id="header_left">
<img id="fd_logo" class="optional" src="geticon.php?context=applications&icon=fusiondirectory&size=48" alt="FusionDirectory"/>
<img id="fd_logo" class="optional" src="geticon.php?context=applications&amp;icon=fusiondirectory&amp;size=48" alt="FusionDirectory"/>
<a class="maintitlebar" href="main.php?reset=1">
<img src="geticon.php?context=actions&icon=go-home&size=22" alt="Main"/>&nbsp;{t}Main{/t}
<img src="geticon.php?context=actions&amp;icon=go-home&amp;size=22" alt="Main"/>&nbsp;{t}Main{/t}
</a>
&nbsp;
<a class="maintitlebar logout" href="logout.php?request">
<img src="geticon.php?context=actions&icon=application-exit&size=22" alt="Sign out"/>&nbsp;{t}Sign out{/t}
<img src="geticon.php?context=actions&amp;icon=application-exit&amp;size=22" alt="Sign out"/>&nbsp;{t}Sign out{/t}
</a>
<a class="plugtop">
<img src="{$headline_image}" alt="{t}{$headline}{/t}"/>{t}{$headline}{/t}
<img src="{$headline_image|escape}" alt="{t}{$headline}{/t}"/>{t}{$headline}{/t}
</a>
</div>
<div id="header_right">
......
{$php_errors}
<div class='setup_header'>
<div style="float:left;"><img src='geticon.php?context=applications&icon=fusiondirectory&size=48' class='center' alt='FusionDirectory' /></div>
<div class="setup_header">
<div style="float:left;">
<img src="geticon.php?context=applications&amp;icon=fusiondirectory&amp;size=48" class="center" alt="FusionDirectory" />
</div>
<div style="padding-top:8px;text-align:right;height:38px;color:#000000;font-size:20px">{$version}</div>
</div>
......
......@@ -261,7 +261,7 @@ class management
}
if (get_object_info() != "") {
$display = print_header($plIcon, _($plDescription),
'<img alt="" class="center" src="geticon.php?context=status&icon=object-locked&size=16"/>'.
'<img alt="" class="center" src="geticon.php?context=status&amp;icon=object-locked&amp;size=16"/>'.
LDAP::fix(get_object_info()));
} else {
$display = print_header($plIcon, _($plDescription));
......
......@@ -298,10 +298,9 @@ class pluglist {
function gen_menu()
{
if ($this->menu == "") {
$this->menu = '<ul class="menu">';
$this->menu = '<ul class="menu">'."\n";
/* Parse headlines */
foreach ($this->config->data['SECTIONS'] as $section => $section_infos) {
//~ $menu = '<p class="menuheader">'.$section_infos['NAME']."</p>\n";
$entries = '';
/* Parse sub-plugins */
......@@ -355,6 +354,7 @@ class pluglist {
$this->menu .= '<li><a>'.$section_infos['NAME']."</a>\n<ul>\n".$entries."\n</ul></li>\n";
}
}
$this->menu .= '</ul>'."\n";
}
/* Add the menucurrent class to current plugin */
......@@ -427,7 +427,7 @@ class pluglist {
if (!preg_match("/\//", $plIcon) && !preg_match("/^geticon/", $plIcon)) {
$image = get_template_path("plugins/".preg_replace('%^.*/([^/]+)/[^/]+$%', '\1', $class_mapping[$info['CLASS']])."/images/$plIcon");
} else {
$image = $plIcon;
$image = htmlentities($plIcon, ENT_COMPAT, 'UTF-8');
}
}
......
......@@ -1773,15 +1773,15 @@ function check_command($cmdline)
*
* \return the $display variable
*/
function print_header($image, $headline, $info = "")
function print_header($image, $headline, $info = '')
{
$smarty = get_smarty();
$smarty->assign("headline", $headline);
$smarty->assign("headline_image", $image);
$display = "";
$smarty->assign('headline', $headline);
$smarty->assign('headline_image', $image);
$display = '';
if ($info != "") {
$display .= "<div class=\"pluginfo\">\n";
if ($info != '') {
$display .= '<div class="pluginfo">'."\n";
$display .= "$info";
$display .= "</div>\n";
$display .= "<div></div>\n";
......
......@@ -163,8 +163,8 @@ class user extends simplePlugin
return array(
'plShortName' => _('Generic'),
'plDescription' => _('Generic user settings'),
'plIcon' => 'geticon.php?context=applications&amp;icon=user-info&amp;size=48',
'plSmallIcon' => 'geticon.php?context=applications&amp;icon=user-info&amp;size=16',
'plIcon' => 'geticon.php?context=applications&icon=user-info&size=48',
'plSmallIcon' => 'geticon.php?context=applications&icon=user-info&size=16',
'plSelfModify' => TRUE,
'plObjectType' => array('user' => array(
'description' => _('Users'),
......
......@@ -4,9 +4,9 @@
<form action="setup.php" name="mainform" id="mainform" method="post" enctype="multipart/form-data">
<div class="setup_header">
<div id="header_left">
<img id="fd_logo" class="optional" src="geticon.php?context=applications&icon=fusiondirectory&size=48" alt="FusionDirectory"/>
<img id="fd_logo" class="optional" src="geticon.php?context=applications&amp;icon=fusiondirectory&amp;size=48" alt="FusionDirectory"/>
<a class="plugtop">
<img src="{$headline_image}" alt="{t}{$headline}{/t}"/>{t}{$headline}{/t}
<img src="{$headline_image|escape}" alt="{t}{$headline}{/t}"/>{t}{$headline}{/t}
</a>
</div>
<div id="header_right">
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment