aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authornodiscc <nodiscc@gmail.com>2015-06-24 01:04:50 +0200
committernodiscc <nodiscc@gmail.com>2015-06-24 01:08:30 +0200
commit64bc92e3ac8f5e66d2bc14206ede31e6679d8c13 (patch)
tree93856d99964edd4109301ada6b028ff33985e470
parenteaefcba724e93c5f6b426ad8855ab1af8ac8212a (diff)
downloadShaarli-64bc92e3ac8f5e66d2bc14206ede31e6679d8c13.tar.gz
Shaarli-64bc92e3ac8f5e66d2bc14206ede31e6679d8c13.tar.zst
Shaarli-64bc92e3ac8f5e66d2bc14206ede31e6679d8c13.zip
move escape() and sanitizeLink() to application/Utils.php
prevents 'PHP Fatal error: Call to undefined function sanitizeLink() in Shaarli/application/LinkDB.php on line 255' in tests
-rw-r--r--application/Utils.php27
-rw-r--r--index.php17
2 files changed, 27 insertions, 17 deletions
diff --git a/application/Utils.php b/application/Utils.php
index 737f1502..82220bfc 100644
--- a/application/Utils.php
+++ b/application/Utils.php
@@ -42,4 +42,31 @@ function endsWith($haystack, $needle, $case=true)
42 } 42 }
43 return (strcasecmp(substr($haystack, strlen($haystack) - strlen($needle)), $needle) === 0); 43 return (strcasecmp(substr($haystack, strlen($haystack) - strlen($needle)), $needle) === 0);
44} 44}
45
46/**
47 * Same as nl2br(), but escapes < and >
48 */
49function nl2br_escaped($html)
50{
51 return str_replace('>','&gt;',str_replace('<','&lt;',nl2br($html)));
52}
53
54/**
55 * htmlspecialchars wrapper
56 */
57function escape($str)
58{
59 return htmlspecialchars($str, ENT_COMPAT, 'UTF-8', false);
60}
61
62/**
63 * Link sanitization before templating
64 */
65function sanitizeLink(&$link)
66{
67 $link['url'] = escape($link['url']); // useful?
68 $link['title'] = escape($link['title']);
69 $link['description'] = escape($link['description']);
70 $link['tags'] = escape($link['tags']);
71}
45?> 72?>
diff --git a/index.php b/index.php
index dd3ec3a4..96a601de 100644
--- a/index.php
+++ b/index.php
@@ -269,23 +269,6 @@ function logm($message)
269 file_put_contents($GLOBALS['config']['DATADIR'].'/log.txt',$t,FILE_APPEND); 269 file_put_contents($GLOBALS['config']['DATADIR'].'/log.txt',$t,FILE_APPEND);
270} 270}
271 271
272// Same as nl2br(), but escapes < and >
273function nl2br_escaped($html)
274{
275 return str_replace('>','&gt;',str_replace('<','&lt;',nl2br($html)));
276}
277
278function escape($str) {
279 return htmlspecialchars($str, ENT_COMPAT, 'UTF-8', false);
280}
281
282function sanitizeLink(&$link) {
283 $link['url'] = escape($link['url']); // useful?
284 $link['title'] = escape($link['title']);
285 $link['description'] = escape($link['description']);
286 $link['tags'] = escape($link['tags']);
287}
288
289// In a string, converts URLs to clickable links. 272// In a string, converts URLs to clickable links.
290// Function inspired from http://www.php.net/manual/en/function.preg-replace.php#85722 273// Function inspired from http://www.php.net/manual/en/function.preg-replace.php#85722
291function text2clickable($url) 274function text2clickable($url)