Changeset 1350

Show
Ignore:
Timestamp:
12/17/08 07:13:02 (15 months ago)
Author:
auno
Message:

Escape url parameter for links. BugzID:85847

Location:
trunk/ActionStreams/plugins/ActionStreams
Files:
2 modified

Legend:

Unmodified
Added
Removed

  • trunk/ActionStreams/plugins/ActionStreams/lib/ActionStreams/Plugin.pm

    r1344 r1350  
    1818    my $html = <<"EOF"; 
    1919    <mt:if var="USER_VIEW"> 
    20         <li><a href="<mt:var name="SCRIPT_URL">?__mode=other_profiles&amp;id=<mt:var name="EDIT_AUTHOR_ID">">$open_bold<__trans phrase="Other Profiles">$close_bold</a></li> 
    21         <li><a href="<mt:var name="SCRIPT_URL">?__mode=list_profileevent&amp;id=<mt:var name="EDIT_AUTHOR_ID">">$open_bold<__trans phrase="Action Stream">$close_bold</a></li> 
     20        <li><a href="<mt:var name="SCRIPT_URL">?__mode=other_profiles&amp;id=<mt:var name="EDIT_AUTHOR_ID" escape="url">">$open_bold<__trans phrase="Other Profiles">$close_bold</a></li> 
     21        <li><a href="<mt:var name="SCRIPT_URL">?__mode=list_profileevent&amp;id=<mt:var name="EDIT_AUTHOR_ID" escape="url">">$open_bold<__trans phrase="Action Stream">$close_bold</a></li> 
    2222    </mt:if> 
    2323    <mt:if var="edit_author"> 
    24         <li<mt:if name="other_profiles"> class="active"</mt:if>><a href="<mt:var name="SCRIPT_URL">?__mode=other_profiles&amp;id=<mt:var name="id">">$open_bold<__trans phrase="Other Profiles">$close_bold</a></li> 
    25         <li<mt:if name="list_profileevent"> class="active"</mt:if>><a href="<mt:var name="SCRIPT_URL">?__mode=list_profileevent&amp;id=<mt:var name="id">">$open_bold<__trans phrase="Action Stream">$close_bold</a></li> 
     24        <li<mt:if name="other_profiles"> class="active"</mt:if>><a href="<mt:var name="SCRIPT_URL">?__mode=other_profiles&amp;id=<mt:var name="id" escape="url">">$open_bold<__trans phrase="Other Profiles">$close_bold</a></li> 
     25        <li<mt:if name="list_profileevent"> class="active"</mt:if>><a href="<mt:var name="SCRIPT_URL">?__mode=list_profileevent&amp;id=<mt:var name="id" escape="url">">$open_bold<__trans phrase="Action Stream">$close_bold</a></li> 
    2626    </mt:if> 
    2727EOF 

  • trunk/ActionStreams/plugins/ActionStreams/tmpl/list_profileevent.tmpl

    r734 r1350  
    165165    <input type="hidden" name="__mode" value="<mt:var name="mode">" /> 
    166166    <mt:if name="id"> 
    167     <input type="hidden" name="id" value="<mt:var name="id">" /> 
     167    <input type="hidden" name="id" value="<mt:var name="id" escape="url">" /> 
    168168    </mt:if> 
    169169    <mt:if name="is_power_edit"> 
     
    178178            <mt:if name="filter_key"> 
    179179                <strong>Showing only: <mt:var name="filter_label" escape="html"></strong> 
    180                 <a class="filter-link" href="<mt:var name="script_url">?__mode=<mt:var name="mode">&amp;id=<mt:var name="id">">[ Remove filter ]</a> 
     180                <a class="filter-link" href="<mt:var name="script_url">?__mode=<mt:var name="mode">&amp;id=<mt:var name="id" escape="url">">[ Remove filter ]</a> 
    181181            <mt:else> 
    182182                <mt:if name="filter">