escape feed links properly and fix some bugs in the feed link parameters

This commit is contained in:
Christian Weiske 2011-06-27 23:03:31 +02:00
parent 3d11286cbc
commit 90b6e65b11
5 changed files with 47 additions and 20 deletions

View File

@ -222,12 +222,12 @@ if ($currenttag!= '') {
$size = count($rsschannels); $size = count($rsschannels);
for ($i = 0; $i < $size; $i++) { for ($i = 0; $i < $size; $i++) {
$brss = '<a style="background:#FFFFFF"' $brss = '<a style="background:#FFFFFF"'
. ' href="'. htmlspecialchars($rsschannels[$i][1]) . '"' . ' href="'. htmlspecialchars($rsschannels[$i][1]) . '"'
. ' title="' . $rsschannels[$i][0] . '">' . ' title="' . htmlspecialchars($rsschannels[$i][0]) . '">'
. '<img src="' . $theme->resource('images/rss.gif') . '"' . '<img src="' . $theme->resource('images/rss.gif') . '"'
. ' width="16" height="16"' . ' width="16" height="16"'
. ' alt="' . $rsschannels[$i][0] .'"/>' . ' alt="' . htmlspecialchars($rsschannels[$i][0]) .'"/>'
. '</a>'; . '</a>';
} }
$pagesBanner = '<p class="paging">'. $bfirst .'<span> / </span>'. $bprev .'<span> / </span>'. $bnext .'<span> / </span>'. $blast .'<span> / </span>'. sprintf(T_('Page %d of %d'), $page, $totalpages) ." ". $brss ." </p>\n"; $pagesBanner = '<p class="paging">'. $bfirst .'<span> / </span>'. $bprev .'<span> / </span>'. $bnext .'<span> / </span>'. $blast .'<span> / </span>'. sprintf(T_('Page %d of %d'), $page, $totalpages) ." ". $brss ." </p>\n";

View File

@ -13,7 +13,7 @@ if (isset($rsschannels)) {
for ($i = 0; $i < $size; $i++) { for ($i = 0; $i < $size; $i++) {
echo ' <link rel="alternate" type="application/rss+xml" title="' echo ' <link rel="alternate" type="application/rss+xml" title="'
. htmlspecialchars($rsschannels[$i][0]) . '"' . htmlspecialchars($rsschannels[$i][0]) . '"'
. ' href="'. $rsschannels[$i][1] .'" />'; . ' href="'. htmlspecialchars($rsschannels[$i][1]) .'" />' . "\n";
} }
} }
?> ?>

View File

@ -229,14 +229,14 @@ if ($templatename == 'editbookmark.tpl') {
$tplVars['sidebar_blocks'] = array('watchstatus'); $tplVars['sidebar_blocks'] = array('watchstatus');
if (!$cat) { //user page without tags if (!$cat) { //user page without tags
$rssTitle = ": My Bookmarks"; $rssTitle = "My Bookmarks";
$cat = NULL; $cat = NULL;
$tplVars['currenttag'] = NULL; $tplVars['currenttag'] = NULL;
//$tplVars['sidebar_blocks'][] = 'menu2'; //$tplVars['sidebar_blocks'][] = 'menu2';
$tplVars['sidebar_blocks'][] = 'linked'; $tplVars['sidebar_blocks'][] = 'linked';
$tplVars['sidebar_blocks'][] = 'popular'; $tplVars['sidebar_blocks'][] = 'popular';
} else { //pages with tags } else { //pages with tags
$rssTitle = ": Tags" . $catTitle; $rssTitle = "Tags" . $catTitle;
$rssCat = '/'. filter($cat, 'url'); $rssCat = '/'. filter($cat, 'url');
$tplVars['currenttag'] = $cat; $tplVars['currenttag'] = $cat;
$tplVars['sidebar_blocks'][] = 'tagactions'; $tplVars['sidebar_blocks'][] = 'tagactions';
@ -266,7 +266,11 @@ if ($templatename == 'editbookmark.tpl') {
// Set template vars // Set template vars
$tplVars['rsschannels'] = array( $tplVars['rsschannels'] = array(
array(filter($sitename .$rssTitle), createURL('rss', filter($user, 'url') . $rssCat.'?sort='.getSortOrder())) array(
sprintf(T_('%s: %s'), $sitename, $rssTitle),
createURL('rss', filter($user, 'url'))
. $rssCat . '?sort='.getSortOrder()
)
); );
if ($userservice->isLoggedOn()) { if ($userservice->isLoggedOn()) {
@ -275,8 +279,14 @@ if ($templatename == 'editbookmark.tpl') {
array_push( array_push(
$tplVars['rsschannels'], $tplVars['rsschannels'],
array( array(
filter($sitename . $rssTitle. sprintf(T_(': (private) ')) . $currentUsername), sprintf(
createURL('rss', filter($currentUsername, 'url') . '?sort='.getSortOrder().'&amp;privateKey='.$currentUser->getPrivateKey()) T_('%s: %s (+private %s)'),
$sitename, $rssTitle, $currentUsername
),
createURL('rss', filter($currentUsername, 'url'))
. $rssCat
. '?sort=' . getSortOrder()
. '&privateKey=' . $currentUser->getPrivateKey()
) )
); );
} }

View File

@ -42,17 +42,25 @@ if (GET_ACTION == "logout") {
// Header variables // Header variables
$tplVars['loadjs'] = true; $tplVars['loadjs'] = true;
$tplVars['rsschannels'] = array( $tplVars['rsschannels'] = array(
array(sprintf(T_('%s: Recent bookmarks'), htmlspecialchars($sitename)), createURL('rss').'?sort='.getSortOrder()) array(
sprintf(T_('%s: Recent bookmarks'), $sitename),
createURL('rss') . '?sort=' . getSortOrder()
)
); );
if ($userservice->isLoggedOn()) { if ($userservice->isLoggedOn()) {
$currentUsername = $currentUser->getUsername();
if ($userservice->isPrivateKeyValid($currentUser->getPrivateKey())) { if ($userservice->isPrivateKeyValid($currentUser->getPrivateKey())) {
$currentUsername = $currentUser->getUsername();
array_push( array_push(
$tplVars['rsschannels'], $tplVars['rsschannels'],
array( array(
filter(sprintf(T_('%s: Recent bookmarks (+private) %s'), $sitename, $currentUsername)), sprintf(
createURL('rss', filter($currentUsername, 'url') . '?sort='.getSortOrder().'&amp;privateKey='.$currentUser->getPrivateKey()) T_('%s: Recent bookmarks (+private %s)'),
$sitename, $currentUsername
),
createURL('rss')
. '?sort=' . getSortOrder()
. '&privateKey=' . $currentUser->getPrivateKey()
) )
); );
} }

View File

@ -67,17 +67,26 @@ if ($usecache) {
$tplVars['pagetitle'] = T_('Tags') .': '. $cat; $tplVars['pagetitle'] = T_('Tags') .': '. $cat;
$tplVars['loadjs'] = true; $tplVars['loadjs'] = true;
$tplVars['rsschannels'] = array( $tplVars['rsschannels'] = array(
array(filter($sitename .': Tags: '. $cat), createURL('rss', 'all/'. filter($cat, 'url')).'?sort='.getSortOrder()) array(
sprintf(T_('%s: tagged with "%s"'), $sitename, $cat),
createURL('rss', 'all/' . filter($cat, 'url'))
. '?sort='.getSortOrder()
)
); );
if ($userservice->isLoggedOn()) { if ($userservice->isLoggedOn()) {
$currentUsername = $currentUser->getUsername();
if ($userservice->isPrivateKeyValid($currentUser->getPrivateKey())) { if ($userservice->isPrivateKeyValid($currentUser->getPrivateKey())) {
$currentUsername = $currentUser->getUsername();
array_push( array_push(
$tplVars['rsschannels'], $tplVars['rsschannels'],
array( array(
filter($sitename .': Tags: '. $cat . sprintf(T_(': (private) ')) . $currentUsername), sprintf(
createURL('rss', filter($currentUsername, 'url') . '?sort='.getSortOrder().'&amp;privateKey='.$currentUser->getPrivateKey()) T_('%s: tagged with "%s" (+private %s)'),
$sitename, $cat, $currentUsername
),
createURL('rss', filter($currentUsername, 'url'))
. '?sort=' . getSortOrder()
. '&privateKey=' . $currentUser->getPrivateKey()
) )
); );
} }