Working on shaarli/Shaarli#224

I reviewed character escaping everywhere with the following ideas: * use a single common function to escape user data: `escape` using `htmlspecialchars`. * sanitize fields in `index.php` after reading them from datastore and before sending them to templates. It means no escaping function in Twig templates. 2 reasons: * it reduces risks of security issue for future user made templates * more readable templates * sanitize user configuration fields after loading them.
author: ArthurHoaro <arthur@hoa.ro> 2015-06-11 13:53:27 +0200
committer: ArthurHoaro <arthur@hoa.ro> 2015-06-23 16:35:36 +0200
commit: 5f85fcd863fe261921953ea3bd1742f3e1b7cf68 (patch)
tree: 5615922c1c696ec04cc60625a8d401b2b297a462 /tpl
parent: 0923a2bc1b097bf1def882722db489d83d95c423 (diff)
download: Shaarli-5f85fcd863fe261921953ea3bd1742f3e1b7cf68.tar.gz
Shaarli-5f85fcd863fe261921953ea3bd1742f3e1b7cf68.tar.zst
Shaarli-5f85fcd863fe261921953ea3bd1742f3e1b7cf68.zip
10 files changed, 22 insertions, 22 deletions
diff --git a/tpl/daily.html b/tpl/daily.html
index 0f762490..38aa4012 100644
--- a/tpl/daily.html
+++ b/tpl/daily.html
@@ -36,12 +36,12 @@
                        {if="$link.tags"}
                            <div class="dailyEntryTags">
                                {loop="link.taglist"}
-                                    {$value|htmlspecialchars} -
+                                    {$value} -
                                {/loop}
                            </div>
                        {/if}
                        <div class="dailyEntryTitle">
-                            <a href="{$link.url}">{$link.title|htmlspecialchars}</a>
+                            <a href="{$link.url}">{$link.title}</a>
                        </div>
                        {if="$link.thumbnail"}
                            <div class="dailyEntryThumbnail">{$link.thumbnail}</div>
diff --git a/tpl/dailyrss.html b/tpl/dailyrss.html
index a9b11e18..1b7ab8e9 100644
--- a/tpl/dailyrss.html
+++ b/tpl/dailyrss.html
@@ -1,7 +1,7 @@
 {loop="links"}
-        <h3><a href="{$value.url}">{$value.title|htmlspecialchars}</a></h3>
+        <h3><a href="{$value.url}">{$value.title}</a></h3>
-        <small>{if="!$GLOBALS['config']['HIDE_TIMESTAMPS']"}{function="strftime('%c', $value.timestamp)"} - {/if}{if="$value.tags"}{$value.tags|htmlspecialchars}{/if}<br>
+        <small>{if="!$GLOBALS['config']['HIDE_TIMESTAMPS']"}{function="strftime('%c', $value.timestamp)"} - {/if}{if="$value.tags"}{$value.tags}{/if}<br>
-        {$value.url|htmlspecialchars}</small><br>
+        {$value.url}</small><br>
        {if="$value.thumbnail"}{$value.thumbnail}{/if}<br>
        {if="$value.description"}{$value.formatedDescription}{/if}
        <br><br><hr>
diff --git a/tpl/editlink.html b/tpl/editlink.html
index 0276f088..6737c412 100644
--- a/tpl/editlink.html
+++ b/tpl/editlink.html
@@ -15,11 +15,11 @@
        <div id="editlinkform">
            <form method="post" name="linkform">
                <input type="hidden" name="lf_linkdate" value="{$link.linkdate}">
-                <label for="lf_url"><i>URL</i></label><br><input type="text" name="lf_url" id="lf_url" value="{$link.url|htmlspecialchars}" class="lf_input"><br>
+                <label for="lf_url"><i>URL</i></label><br><input type="text" name="lf_url" id="lf_url" value="{$link.url}" class="lf_input"><br>
-            <label for="lf_title"><i>Title</i></label><br><input type="text" name="lf_title" id="lf_title" value="{$link.title|htmlspecialchars}" class="lf_input"><br>
+            <label for="lf_title"><i>Title</i></label><br><input type="text" name="lf_title" id="lf_title" value="{$link.title}" class="lf_input"><br>
-            <label for="lf_description"><i>Description</i></label><br><textarea name="lf_description" id="lf_description" rows="4" cols="25">{$link.description|htmlspecialchars}</textarea><br>
+            <label for="lf_description"><i>Description</i></label><br><textarea name="lf_description" id="lf_description" rows="4" cols="25">{$link.description}</textarea><br>
            <label for="lf_tags"><i>Tags</i></label><br>
-            <input type="text" id="lf_tags" name="lf_tags" id="lf_tags" value="{$link.tags|htmlspecialchars}" class="lf_input"
+            <input type="text" id="lf_tags" name="lf_tags" id="lf_tags" value="{$link.tags}" class="lf_input"
                data-list="{loop="$tags"}{$key}, {/loop}" data-multiple autocomplete="off" ><br>
                {if="($link_is_new && $GLOBALS['privateLinkByDefault']==true) || $link.private == true"}
            <input type="checkbox" checked="checked" name="lf_private" id="lf_private">
@@ -32,7 +32,7 @@
                <input type="submit" value="Cancel" name="cancel_edit" class="bigbutton">
                {if="!$link_is_new"}<input type="submit" value="Delete" name="delete_link" class="bigbutton delete" onClick="return confirmDeleteLink();">{/if}
                <input type="hidden" name="token" value="{$token}">
-                {if="$http_referer"}<input type="hidden" name="returnurl" value="{$http_referer|htmlspecialchars}">{/if}
+                {if="$http_referer"}<input type="hidden" name="returnurl" value="{$http_referer}">{/if}
            </form>
        </div>
 </div>
diff --git a/tpl/import.html b/tpl/import.html
index 9ac3c2f9..6c4f9421 100644
--- a/tpl/import.html
+++ b/tpl/import.html
@@ -5,11 +5,11 @@
 <div id="pageheader">
        {include="page.header"}
        <div id="uploaddiv">
-        Import Netscape HTML bookmarks (as exported from Firefox/Chrome/Opera/Delicious/Diigo...) (Max: {$maxfilesize|htmlspecialchars} bytes).
+        Import Netscape HTML bookmarks (as exported from Firefox/Chrome/Opera/Delicious/Diigo...) (Max: {$maxfilesize} bytes).
        <form method="POST" action="?do=upload" enctype="multipart/form-data" name="uploadform" id="uploadform">
            <input type="hidden" name="token" value="{$token}">
            <input type="file" name="filetoupload">
-            <input type="hidden" name="MAX_FILE_SIZE" value="{$maxfilesize|htmlspecialchars}">
+            <input type="hidden" name="MAX_FILE_SIZE" value="{$maxfilesize}">
            <input type="submit" name="import_file" value="Import" class="bigbutton"><br>
            <input type="checkbox" name="private" id="private"><label for="private">&nbsp;Import all links as private</label><br>
            <input type="checkbox" name="overwrite" id="overwrite"><label for="overwrite">&nbsp;Overwrite existing links</label>
diff --git a/tpl/linklist.html b/tpl/linklist.html
index a59a9e51..daf87060 100644
--- a/tpl/linklist.html
+++ b/tpl/linklist.html
@@ -33,7 +33,7 @@
        {if="$search_type=='tags'"}
            <div id="searchcriteria">{$result_count} results for tags <i>
            {loop="search_crits"}
-                <span class="linktag" title="Remove tag"><a href="?removetag={$value|htmlspecialchars}">{$value|htmlspecialchars} <span class="remove">x</span></a></span>
+                <span class="linktag" title="Remove tag"><a href="?removetag={$value}">{$value} <span class="remove">x</span></a></span>
            {/loop}</i></div>
        {/if}
    {/if}
@@ -50,7 +50,7 @@
                        <input type="hidden" name="token" value="{$token}"><input type="hidden" name="delete_link"><input type="image" alt="Delete" src="images/delete_icon.png#" title="Delete" class="button_delete" onClick="return confirmDeleteLink();"></form>
                    </div>
                {/if}
-                <span class="linktitle"><a href="{$redirector}{$value.url|htmlspecialchars}">{$value.title|htmlspecialchars}</a></span>
+                <span class="linktitle"><a href="{$redirector}{$value.url}">{$value.title}</a></span>
                <br>
                {if="$value.description"}<div class="linkdescription">{$value.description}</div>{/if}
                {if="!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()"}
@@ -59,15 +59,15 @@
                    <span class="linkdate" title="Short link here"><a href="?{$value.linkdate|smallHash}">permalink</a> - </span>
                {/if}
                {if="$GLOBALS['config']['ARCHIVE_ORG']"}
-                <span class="linkarchive"><a href="https://web.archive.org/web/{$value.url|htmlspecialchars}">archive</a> - </span>
+                <span class="linkarchive"><a href="https://web.archive.org/web/{$value.url}">archive</a> - </span>
                {/if}
                <div class="linkqrcode"><a href="http://qrfree.kaywa.com/?l=1&amp;s=8&amp;d={$scripturl|urlencode}%3F{$value.linkdate|smallHash}"
                    onclick="return showQrCode(this);" class="qrcode" data-permalink="{$scripturl}?{$value.linkdate|smallHash}">
                    <img src="images/qrcode.png#" alt="QR-Code" title="{function="strftime('%c', $value.timestamp)"}"></a></div> -
-                <a href="{$value.url|htmlspecialchars}"><span class="linkurl" title="Short link">{$value.url|htmlspecialchars}</span></a><br>
+                <a href="{$value.url}"><span class="linkurl" title="Short link">{$value.url}</span></a><br>
                {if="$value.tags"}
                    <div class="linktaglist">
-                    {loop="value.taglist"}<span class="linktag" title="Add tag"><a href="?addtag={$value|urlencode}">{$value|htmlspecialchars}</a></span> {/loop}
+                    {loop="value.taglist"}<span class="linktag" title="Add tag"><a href="?addtag={$value|urlencode}">{$value}</a></span> {/loop}
                    </div>
                {/if}
            </div>
diff --git a/tpl/loginform.html b/tpl/loginform.html
index 91b948dd..678375fd 100644
--- a/tpl/loginform.html
+++ b/tpl/loginform.html
@@ -17,7 +17,7 @@
    <input type="checkbox" name="longlastingsession" id="longlastingsession" tabindex="3">
    Stay signed in (Do not check on public computers)</label>
    <input type="hidden" name="token" value="{$token}">
-    {if="$returnurl"}<input type="hidden" name="returnurl" value="{$returnurl|htmlspecialchars}">{/if}
+    {if="$returnurl"}<input type="hidden" name="returnurl" value="{$returnurl}">{/if}
    </form>
 {/if}
    </div>
diff --git a/tpl/page.footer.html b/tpl/page.footer.html
index 42c621b9..8143669d 100644
--- a/tpl/page.footer.html
+++ b/tpl/page.footer.html
@@ -2,7 +2,7 @@
    <b><a href="https://github.com/shaarli/Shaarli">Shaarli</a></b> - The personal, minimalist, super-fast, no-database delicious clone by the <a href="https://github.com/shaarli/Shaarli">Shaarli</a> community - <a href="doc/Home.html">Help/documentation</a>
 </div>
 {if="$newversion"}
-    <div id="newversion"><span id="version_id">&#x25CF;</span> Shaarli {$newversion|htmlspecialchars} is <a href="https://github.com/shaarli/Shaarli/releases">available</a>.</div>
+    <div id="newversion"><span id="version_id">&#x25CF;</span> Shaarli {$newversion} is <a href="https://github.com/shaarli/Shaarli/releases">available</a>.</div>
 {/if}
 {if="isLoggedIn()"}
 <script>function confirmDeleteLink() { var agree=confirm("Are you sure you want to delete this link ?"); if (agree) return true ; else return false ; }</script>
diff --git a/tpl/page.header.html b/tpl/page.header.html
index 0fd65e40..2d186aa2 100644
--- a/tpl/page.header.html
+++ b/tpl/page.header.html
@@ -8,7 +8,7 @@
 <div id="menu">
  <ul>
      <li><span id="shaarli_title">
-        <a href="{$titleLink}">{$shaarlititle|htmlspecialchars}</a>
+        <a href="{$titleLink}">{$shaarlititle}</a>
    </span>
    </li>
  
diff --git a/tpl/picwall.html b/tpl/picwall.html
index e686afe1..9a2a4715 100644
--- a/tpl/picwall.html
+++ b/tpl/picwall.html
@@ -9,7 +9,7 @@
        <div id="picwall_container">
            {loop="linksToDisplay"}
            <div class="picwall_pictureframe">
-                    {$value.thumbnail}<a href="{$value.url}"><span class="info">{$value.title|htmlspecialchars}</span></a>
+                    {$value.thumbnail}<a href="{$value.url}"><span class="info">{$value.title}</span></a>
            </div>
            {/loop}
        </div>
diff --git a/tpl/tagcloud.html b/tpl/tagcloud.html
index 97205e2b..092f2294 100644
--- a/tpl/tagcloud.html
+++ b/tpl/tagcloud.html
@@ -6,7 +6,7 @@
 <div class="center">
    <div id="cloudtag">
        {loop="tags"}
-        <span class="count">{$value.count}</span><a href="?searchtags={$key|urlencode}" style="font-size:{$value.size}pt;">{$key|htmlspecialchars}</a>
+        <span class="count">{$value.count}</span><a href="?searchtags={$key|urlencode}" style="font-size:{$value.size}pt;">{$key}</a>
        {/loop}
    </div>
 </div>
author	ArthurHoaro <arthur@hoa.ro>	2015-06-11 13:53:27 +0200
committer	ArthurHoaro <arthur@hoa.ro>	2015-06-23 16:35:36 +0200
commit	5f85fcd863fe261921953ea3bd1742f3e1b7cf68 (patch)
tree	5615922c1c696ec04cc60625a8d401b2b297a462 /tpl
parent	0923a2bc1b097bf1def882722db489d83d95c423 (diff)
download	Shaarli-5f85fcd863fe261921953ea3bd1742f3e1b7cf68.tar.gz Shaarli-5f85fcd863fe261921953ea3bd1742f3e1b7cf68.tar.zst Shaarli-5f85fcd863fe261921953ea3bd1742f3e1b7cf68.zip

diff --git a/tpl/daily.html b/tpl/daily.html index 0f762490..38aa4012 100644 --- a/tpl/daily.html +++ b/tpl/daily.html
@@ -36,12 +36,12 @@
36	{if="$link.tags"}	36	{if="$link.tags"}
37	<div class="dailyEntryTags">	37	<div class="dailyEntryTags">
38	{loop="link.taglist"}	38	{loop="link.taglist"}
39	{$value\|htmlspecialchars} -	39	{$value} -
40	{/loop}	40	{/loop}
41	</div>	41	</div>
42	{/if}	42	{/if}
43	<div class="dailyEntryTitle">	43	<div class="dailyEntryTitle">
44	<a href="{$link.url}">{$link.title\|htmlspecialchars}</a>	44	<a href="{$link.url}">{$link.title}</a>
45	</div>	45	</div>
46	{if="$link.thumbnail"}	46	{if="$link.thumbnail"}
47	<div class="dailyEntryThumbnail">{$link.thumbnail}</div>	47	<div class="dailyEntryThumbnail">{$link.thumbnail}</div>


diff --git a/tpl/dailyrss.html b/tpl/dailyrss.html index a9b11e18..1b7ab8e9 100644 --- a/tpl/dailyrss.html +++ b/tpl/dailyrss.html
@@ -1,7 +1,7 @@
1	{loop="links"}	1	{loop="links"}
2	<h3><a href="{$value.url}">{$value.title\|htmlspecialchars}</a></h3>	2	<h3><a href="{$value.url}">{$value.title}</a></h3>
3	<small>{if="!$GLOBALS['config']['HIDE_TIMESTAMPS']"}{function="strftime('%c', $value.timestamp)"} - {/if}{if="$value.tags"}{$value.tags\|htmlspecialchars}{/if}<br>	3	<small>{if="!$GLOBALS['config']['HIDE_TIMESTAMPS']"}{function="strftime('%c', $value.timestamp)"} - {/if}{if="$value.tags"}{$value.tags}{/if}<br>
4	{$value.url\|htmlspecialchars}</small><br>	4	{$value.url}</small><br>
5	{if="$value.thumbnail"}{$value.thumbnail}{/if}<br>	5	{if="$value.thumbnail"}{$value.thumbnail}{/if}<br>
6	{if="$value.description"}{$value.formatedDescription}{/if}	6	{if="$value.description"}{$value.formatedDescription}{/if}
7	<br><br><hr>	7	<br><br><hr>


diff --git a/tpl/editlink.html b/tpl/editlink.html index 0276f088..6737c412 100644 --- a/tpl/editlink.html +++ b/tpl/editlink.html
@@ -15,11 +15,11 @@
15	<div id="editlinkform">	15	<div id="editlinkform">
16	<form method="post" name="linkform">	16	<form method="post" name="linkform">
17	<input type="hidden" name="lf_linkdate" value="{$link.linkdate}">	17	<input type="hidden" name="lf_linkdate" value="{$link.linkdate}">
18	<label for="lf_url"><i>URL</i></label><br><input type="text" name="lf_url" id="lf_url" value="{$link.url\|htmlspecialchars}" class="lf_input"><br>	18	<label for="lf_url"><i>URL</i></label><br><input type="text" name="lf_url" id="lf_url" value="{$link.url}" class="lf_input"><br>
19	<label for="lf_title"><i>Title</i></label><br><input type="text" name="lf_title" id="lf_title" value="{$link.title\|htmlspecialchars}" class="lf_input"><br>	19	<label for="lf_title"><i>Title</i></label><br><input type="text" name="lf_title" id="lf_title" value="{$link.title}" class="lf_input"><br>
20	<label for="lf_description"><i>Description</i></label><br><textarea name="lf_description" id="lf_description" rows="4" cols="25">{$link.description\|htmlspecialchars}</textarea><br>	20	<label for="lf_description"><i>Description</i></label><br><textarea name="lf_description" id="lf_description" rows="4" cols="25">{$link.description}</textarea><br>
21	<label for="lf_tags"><i>Tags</i></label><br>	21	<label for="lf_tags"><i>Tags</i></label><br>
22	<input type="text" id="lf_tags" name="lf_tags" id="lf_tags" value="{$link.tags\|htmlspecialchars}" class="lf_input"	22	<input type="text" id="lf_tags" name="lf_tags" id="lf_tags" value="{$link.tags}" class="lf_input"
23	data-list="{loop="$tags"}{$key}, {/loop}" data-multiple autocomplete="off" ><br>	23	data-list="{loop="$tags"}{$key}, {/loop}" data-multiple autocomplete="off" ><br>
24	{if="($link_is_new && $GLOBALS['privateLinkByDefault']==true) \|\| $link.private == true"}	24	{if="($link_is_new && $GLOBALS['privateLinkByDefault']==true) \|\| $link.private == true"}
25	<input type="checkbox" checked="checked" name="lf_private" id="lf_private">	25	<input type="checkbox" checked="checked" name="lf_private" id="lf_private">
@@ -32,7 +32,7 @@
32	<input type="submit" value="Cancel" name="cancel_edit" class="bigbutton">	32	<input type="submit" value="Cancel" name="cancel_edit" class="bigbutton">
33	{if="!$link_is_new"}<input type="submit" value="Delete" name="delete_link" class="bigbutton delete" onClick="return confirmDeleteLink();">{/if}	33	{if="!$link_is_new"}<input type="submit" value="Delete" name="delete_link" class="bigbutton delete" onClick="return confirmDeleteLink();">{/if}
34	<input type="hidden" name="token" value="{$token}">	34	<input type="hidden" name="token" value="{$token}">
35	{if="$http_referer"}<input type="hidden" name="returnurl" value="{$http_referer\|htmlspecialchars}">{/if}	35	{if="$http_referer"}<input type="hidden" name="returnurl" value="{$http_referer}">{/if}
36	</form>	36	</form>
37	</div>	37	</div>
38	</div>	38	</div>


diff --git a/tpl/import.html b/tpl/import.html index 9ac3c2f9..6c4f9421 100644 --- a/tpl/import.html +++ b/tpl/import.html
@@ -5,11 +5,11 @@
5	<div id="pageheader">	5	<div id="pageheader">
6	{include="page.header"}	6	{include="page.header"}
7	<div id="uploaddiv">	7	<div id="uploaddiv">
8	Import Netscape HTML bookmarks (as exported from Firefox/Chrome/Opera/Delicious/Diigo...) (Max: {$maxfilesize\|htmlspecialchars} bytes).	8	Import Netscape HTML bookmarks (as exported from Firefox/Chrome/Opera/Delicious/Diigo...) (Max: {$maxfilesize} bytes).
9	<form method="POST" action="?do=upload" enctype="multipart/form-data" name="uploadform" id="uploadform">	9	<form method="POST" action="?do=upload" enctype="multipart/form-data" name="uploadform" id="uploadform">
10	<input type="hidden" name="token" value="{$token}">	10	<input type="hidden" name="token" value="{$token}">
11	<input type="file" name="filetoupload">	11	<input type="file" name="filetoupload">
12	<input type="hidden" name="MAX_FILE_SIZE" value="{$maxfilesize\|htmlspecialchars}">	12	<input type="hidden" name="MAX_FILE_SIZE" value="{$maxfilesize}">
13	<input type="submit" name="import_file" value="Import" class="bigbutton"><br>	13	<input type="submit" name="import_file" value="Import" class="bigbutton"><br>
14	<input type="checkbox" name="private" id="private"><label for="private"> Import all links as private</label><br>	14	<input type="checkbox" name="private" id="private"><label for="private"> Import all links as private</label><br>
15	<input type="checkbox" name="overwrite" id="overwrite"><label for="overwrite"> Overwrite existing links</label>	15	<input type="checkbox" name="overwrite" id="overwrite"><label for="overwrite"> Overwrite existing links</label>


diff --git a/tpl/linklist.html b/tpl/linklist.html index a59a9e51..daf87060 100644 --- a/tpl/linklist.html +++ b/tpl/linklist.html
@@ -33,7 +33,7 @@
33	{if="$search_type=='tags'"}	33	{if="$search_type=='tags'"}
34	<div id="searchcriteria">{$result_count} results for tags <i>	34	<div id="searchcriteria">{$result_count} results for tags <i>
35	{loop="search_crits"}	35	{loop="search_crits"}
36	<span class="linktag" title="Remove tag"><a href="?removetag={$value\|htmlspecialchars}">{$value\|htmlspecialchars} <span class="remove">x</span></a></span>	36	<span class="linktag" title="Remove tag"><a href="?removetag={$value}">{$value} <span class="remove">x</span></a></span>
37	{/loop}</i></div>	37	{/loop}</i></div>
38	{/if}	38	{/if}
39	{/if}	39	{/if}
@@ -50,7 +50,7 @@
50	<input type="hidden" name="token" value="{$token}"><input type="hidden" name="delete_link"><input type="image" alt="Delete" src="images/delete_icon.png#" title="Delete" class="button_delete" onClick="return confirmDeleteLink();"></form>	50	<input type="hidden" name="token" value="{$token}"><input type="hidden" name="delete_link"><input type="image" alt="Delete" src="images/delete_icon.png#" title="Delete" class="button_delete" onClick="return confirmDeleteLink();"></form>
51	</div>	51	</div>
52	{/if}	52	{/if}
53	<span class="linktitle"><a href="{$redirector}{$value.url\|htmlspecialchars}">{$value.title\|htmlspecialchars}</a></span>	53	<span class="linktitle"><a href="{$redirector}{$value.url}">{$value.title}</a></span>
54	<br>	54	<br>
55	{if="$value.description"}<div class="linkdescription">{$value.description}</div>{/if}	55	{if="$value.description"}<div class="linkdescription">{$value.description}</div>{/if}
56	{if="!$GLOBALS['config']['HIDE_TIMESTAMPS'] \|\| isLoggedIn()"}	56	{if="!$GLOBALS['config']['HIDE_TIMESTAMPS'] \|\| isLoggedIn()"}
@@ -59,15 +59,15 @@
59	<span class="linkdate" title="Short link here"><a href="?{$value.linkdate\|smallHash}">permalink</a> - </span>	59	<span class="linkdate" title="Short link here"><a href="?{$value.linkdate\|smallHash}">permalink</a> - </span>
60	{/if}	60	{/if}
61	{if="$GLOBALS['config']['ARCHIVE_ORG']"}	61	{if="$GLOBALS['config']['ARCHIVE_ORG']"}
62	<span class="linkarchive"><a href="https://web.archive.org/web/{$value.url\|htmlspecialchars}">archive</a> - </span>	62	<span class="linkarchive"><a href="https://web.archive.org/web/{$value.url}">archive</a> - </span>
63	{/if}	63	{/if}
64	<div class="linkqrcode"><a href="http://qrfree.kaywa.com/?l=1&s=8&d={$scripturl\|urlencode}%3F{$value.linkdate\|smallHash}"	64	<div class="linkqrcode"><a href="http://qrfree.kaywa.com/?l=1&s=8&d={$scripturl\|urlencode}%3F{$value.linkdate\|smallHash}"
65	onclick="return showQrCode(this);" class="qrcode" data-permalink="{$scripturl}?{$value.linkdate\|smallHash}">	65	onclick="return showQrCode(this);" class="qrcode" data-permalink="{$scripturl}?{$value.linkdate\|smallHash}">
66	<img src="images/qrcode.png#" alt="QR-Code" title="{function="strftime('%c', $value.timestamp)"}"></a></div> -	66	<img src="images/qrcode.png#" alt="QR-Code" title="{function="strftime('%c', $value.timestamp)"}"></a></div> -
67	<a href="{$value.url\|htmlspecialchars}"><span class="linkurl" title="Short link">{$value.url\|htmlspecialchars}</span></a><br>	67	<a href="{$value.url}"><span class="linkurl" title="Short link">{$value.url}</span></a><br>
68	{if="$value.tags"}	68	{if="$value.tags"}
69	<div class="linktaglist">	69	<div class="linktaglist">
70	{loop="value.taglist"}<span class="linktag" title="Add tag"><a href="?addtag={$value\|urlencode}">{$value\|htmlspecialchars}</a></span> {/loop}	70	{loop="value.taglist"}<span class="linktag" title="Add tag"><a href="?addtag={$value\|urlencode}">{$value}</a></span> {/loop}
71	</div>	71	</div>
72	{/if}	72	{/if}
73	</div>	73	</div>


diff --git a/tpl/loginform.html b/tpl/loginform.html index 91b948dd..678375fd 100644 --- a/tpl/loginform.html +++ b/tpl/loginform.html
@@ -17,7 +17,7 @@
17	<input type="checkbox" name="longlastingsession" id="longlastingsession" tabindex="3">	17	<input type="checkbox" name="longlastingsession" id="longlastingsession" tabindex="3">
18	Stay signed in (Do not check on public computers)</label>	18	Stay signed in (Do not check on public computers)</label>
19	<input type="hidden" name="token" value="{$token}">	19	<input type="hidden" name="token" value="{$token}">
20	{if="$returnurl"}<input type="hidden" name="returnurl" value="{$returnurl\|htmlspecialchars}">{/if}	20	{if="$returnurl"}<input type="hidden" name="returnurl" value="{$returnurl}">{/if}
21	</form>	21	</form>
22	{/if}	22	{/if}
23	</div>	23	</div>


diff --git a/tpl/page.footer.html b/tpl/page.footer.html index 42c621b9..8143669d 100644 --- a/tpl/page.footer.html +++ b/tpl/page.footer.html
@@ -2,7 +2,7 @@
2	<b><a href="https://github.com/shaarli/Shaarli">Shaarli</a></b> - The personal, minimalist, super-fast, no-database delicious clone by the <a href="https://github.com/shaarli/Shaarli">Shaarli</a> community - <a href="doc/Home.html">Help/documentation</a>	2	<b><a href="https://github.com/shaarli/Shaarli">Shaarli</a></b> - The personal, minimalist, super-fast, no-database delicious clone by the <a href="https://github.com/shaarli/Shaarli">Shaarli</a> community - <a href="doc/Home.html">Help/documentation</a>
3	</div>	3	</div>
4	{if="$newversion"}	4	{if="$newversion"}
5	<div id="newversion"><span id="version_id">●</span> Shaarli {$newversion\|htmlspecialchars} is <a href="https://github.com/shaarli/Shaarli/releases">available</a>.</div>	5	<div id="newversion"><span id="version_id">●</span> Shaarli {$newversion} is <a href="https://github.com/shaarli/Shaarli/releases">available</a>.</div>
6	{/if}	6	{/if}
7	{if="isLoggedIn()"}	7	{if="isLoggedIn()"}
8	<script>function confirmDeleteLink() { var agree=confirm("Are you sure you want to delete this link ?"); if (agree) return true ; else return false ; }</script>	8	<script>function confirmDeleteLink() { var agree=confirm("Are you sure you want to delete this link ?"); if (agree) return true ; else return false ; }</script>


diff --git a/tpl/page.header.html b/tpl/page.header.html index 0fd65e40..2d186aa2 100644 --- a/tpl/page.header.html +++ b/tpl/page.header.html
@@ -8,7 +8,7 @@
8	<div id="menu">	8	<div id="menu">
9	<ul>	9	<ul>
10	<li><span id="shaarli_title">	10	<li><span id="shaarli_title">
11	<a href="{$titleLink}">{$shaarlititle\|htmlspecialchars}</a>	11	<a href="{$titleLink}">{$shaarlititle}</a>
12	</span>	12	</span>
13	</li>	13	</li>
14		14


diff --git a/tpl/picwall.html b/tpl/picwall.html index e686afe1..9a2a4715 100644 --- a/tpl/picwall.html +++ b/tpl/picwall.html
@@ -9,7 +9,7 @@
9	<div id="picwall_container">	9	<div id="picwall_container">
10	{loop="linksToDisplay"}	10	{loop="linksToDisplay"}
11	<div class="picwall_pictureframe">	11	<div class="picwall_pictureframe">
12	{$value.thumbnail}<a href="{$value.url}"><span class="info">{$value.title\|htmlspecialchars}</span></a>	12	{$value.thumbnail}<a href="{$value.url}"><span class="info">{$value.title}</span></a>
13	</div>	13	</div>
14	{/loop}	14	{/loop}
15	</div>	15	</div>


diff --git a/tpl/tagcloud.html b/tpl/tagcloud.html index 97205e2b..092f2294 100644 --- a/tpl/tagcloud.html +++ b/tpl/tagcloud.html
@@ -6,7 +6,7 @@
6	<div class="center">	6	<div class="center">
7	<div id="cloudtag">	7	<div id="cloudtag">
8	{loop="tags"}	8	{loop="tags"}
9	<span class="count">{$value.count}</span><a href="?searchtags={$key\|urlencode}" style="font-size:{$value.size}pt;">{$key\|htmlspecialchars}</a>	9	<span class="count">{$value.count}</span><a href="?searchtags={$key\|urlencode}" style="font-size:{$value.size}pt;">{$key}</a>
10	{/loop}	10	{/loop}
11	</div>	11	</div>
12	</div>	12	</div>