Changeset 870

Show
Ignore:
Timestamp:
12/10/06 02:41:02 (2 years ago)
Author:
gboggs
Message:

Escape single quotes in the file_name before passing the insert string onto JS. ESCAPE=HTML was a mistake. :)

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • branches/wheeljack/lib/MT/Asset/Image.pm

    r865 r870  
    103103    my $self = shift; 
    104104    my %args = @_; 
     105    (my $name = $self->file_name) =~ s/'/\\'/g; 
    105106    return sprintf '<img src="%s" height="%d" width="%d" alt="%s" class="%s" />', 
    106         $self->url, $self->image_height, $self->image_width, $self->file_name, $args{class}; 
     107        $self->url, $self->image_height, $self->image_width, $name, $args{class}; 
    107108} 
    108109 

  • branches/wheeljack/tmpl/cms/asset_insert.tmpl

    r869 r870  
    22<script type="text/javascript"> 
    33var str = getByID('text', window.parent.document); 
    4 setSelection(str, '<TMPL_VAR NAME=ASSET_HTML ESCAPE=HTML>'); 
     4setSelection(str, '<TMPL_VAR NAME=ASSET_HTML>'); 
    55closeDialog(); 
    66</script>