Skip to content

Commit

Permalink
Fix #95 - Not escaping feeds titles
Browse files Browse the repository at this point in the history
  • Loading branch information
@Phyks
Phyks committed Nov 1, 2014
1 parent 4bba0dd commit 95aba49
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 2 deletions.
6 changes: 6 additions & 0 deletions inc/rain.tpl.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,7 @@ class RainTPL{
const RAINTPL_IGNORE_SANITIZE = 0;
const RAINTPL_HTML_SANITIZE = 1;
const RAINTPL_XSS_SANITIZE = 2;
const RAINTPL_FULL_XSS_SANITIZE = 2;
function assign( $variable, $value = null, $sanitize=self::RAINTPL_IGNORE_SANITIZE){
switch($sanitize) {
case self::RAINTPL_HTML_SANITIZE:
Expand All @@ -171,6 +172,11 @@ function assign( $variable, $value = null, $sanitize=self::RAINTPL_IGNORE_SANITI
$value = xss_clean($value);
break;

case self::RAINTPL_FULL_XSS_SANITIZE:
$variable = strip_tags($variable);
$value = strip_tags($value);
break;

case self::RAINTPL_IGNORE_SANITIZE:
default:
break;
Expand Down
4 changes: 2 additions & 2 deletions index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
$tpl->assign('entries', get_entries($view, $page), RainTPL::RAINTPL_XSS_SANITIZE);
$nb_entries = get_entries_count($view, $page);
$tpl->assign('nb_entries', intval($nb_entries));
$tpl->assign('nb_pages', intval($nb_entries / $config->entries_per_page) + 1, RainTPL::RAINTPL_XSS_SANITIZE);
$tpl->assign('feeds', get_feeds('title'), RainTPL::RAINTPL_XSS_SANITIZE);
$tpl->assign('nb_pages', intval($nb_entries / $config->entries_per_page) + 1, RainTPL::RAINTPL_FULL_XSS_SANITIZE);
$tpl->assign('feeds', get_feeds('title'), RainTPL::RAINTPL_FULL_XSS_SANITIZE);

$tpl->draw('index');

0 comments on commit 95aba49

Please sign in to comment.