diff options
| author | David T. Sadler <davidtsadler@googlemail.com> | 2021-11-01 21:24:31 +0000 |
|---|---|---|
| committer | David T. Sadler <davidtsadler@googlemail.com> | 2021-11-01 21:24:31 +0000 |
| commit | 558959d4d7dcceff000fd5861f2f46451ebbd8a9 (patch) | |
| tree | 550a4df1072333a4d3da5524d80d34689c6227a2 | |
| parent | 647395dd6a9152ddb9d298daff21c6a3ada6d80b (diff) | |
Ensure html is escaped
| -rw-r--r-- | src/templates/confirm_deletion.php | 2 | ||||
| -rw-r--r-- | src/templates/form_fields.php | 6 | ||||
| -rw-r--r-- | src/templates/index.php | 2 |
3 files changed, 5 insertions, 5 deletions
diff --git a/src/templates/confirm_deletion.php b/src/templates/confirm_deletion.php index 0a800e5..06e133f 100644 --- a/src/templates/confirm_deletion.php +++ b/src/templates/confirm_deletion.php @@ -9,7 +9,7 @@ <a href="/">Back</a> <form action="/delete" method="POST"> <input type="hidden" name="id" value="<?php echo $bookmark->id; ?>"/> - <?php echo $bookmark->url.' '.$bookmark->title.' '.$bookmark->tag; ?> + <?php echo htmlentities($bookmark->url.' '.$bookmark->title.' '.$bookmark->tag); ?> <button type="submit">Delete</button> </form> </body> diff --git a/src/templates/form_fields.php b/src/templates/form_fields.php index cfacfda..3f54040 100644 --- a/src/templates/form_fields.php +++ b/src/templates/form_fields.php @@ -1,12 +1,12 @@ -<input type="text" name="url" maxlength="512" value="<?php echo $old->get('url', $bookmark->url); ?>" autofocus><br> +<input type="text" name="url" maxlength="512" value="<?php echo htmlspecialchars($old->get('url', $bookmark->url)); ?>" autofocus><br> <?php if ($errors->has('url')) { ?> <p><?php echo implode(', ', $errors->get('url')); ?></p> <?php } ?> -<input type="text" name="title" maxlength="256" value="<?php echo $old->get('title', $bookmark->title); ?>"><br> +<input type="text" name="title" maxlength="256" value="<?php echo htmlspecialchars($old->get('title', $bookmark->title)); ?>"><br> <?php if ($errors->has('title')) { ?> <p><?php echo implode(', ', $errors->get('title')); ?></p> <?php } ?> -<input type="text" name="tag" maxlength="8" value="<?php echo $old->get('tag', $bookmark->tag); ?>"><br> +<input type="text" name="tag" maxlength="8" value="<?php echo htmlspecialchars($old->get('tag', $bookmark->tag)); ?>"><br> <?php if ($errors->has('tag')) { ?> <p><?php echo implode(', ', $errors->get('tag')); ?></p> <?php } ?> diff --git a/src/templates/index.php b/src/templates/index.php index d246605..4f76614 100644 --- a/src/templates/index.php +++ b/src/templates/index.php @@ -12,7 +12,7 @@ <a href="/create">Add</a> <ul> <?php foreach ($bookmarks as $bookmark) { ?> - <li><a href="<?php echo $bookmark->url; ?>"><?php echo $bookmark->title != '' ? $bookmark->title : $bookmark->url; ?></a> <a href="/edit?id=<?php echo $bookmark->id; ?>">Edit</a> | <a href="/delete/confirm?id=<?php echo $bookmark->id; ?>">Delete</a></li> + <li><a href="<?php echo htmlentities($bookmark->url); ?>"><?php echo $bookmark->title != '' ? htmlentities($bookmark->title) : htmlentities($bookmark->url); ?></a> <a href="/edit?id=<?php echo $bookmark->id; ?>">Edit</a> | <a href="/delete/confirm?id=<?php echo $bookmark->id; ?>">Delete</a></li> <?php } ?> </ul> </body> |