From 209879d63f25276e38337983fc034da08b58ff3a Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Mon, 31 Aug 2015 18:01:13 +0200 Subject: Fix duplicate escaping of action links The __() helper function already escapes HTML special characters. Do not escape them again in html_action_*(). Fixes FS#45780. Signed-off-by: Lukas Fleischer --- web/lib/aur.inc.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index 99975356..7d659132 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -225,18 +225,18 @@ function html_format_maintainers($maintainer, $comaintainers) { * Format a link in the package actions box * * @param string $uri The link target - * @param string $desc The link label + * @param string $inner The HTML code to use for the link label * * @return string The generated HTML code for the action link */ -function html_action_link($uri, $desc) { +function html_action_link($uri, $inner) { if (isset($_COOKIE["AURSID"])) { $code = ''; } else { $code = ''; } - $code .= htmlspecialchars($desc) . ''; + $code .= $inner . ''; return $code; } @@ -246,11 +246,11 @@ function html_action_link($uri, $desc) { * * @param string $uri The link target * @param string $action The action name (passed as HTTP POST parameter) - * @param string $desc The link label + * @param string $inner The HTML code to use for the link label * * @return string The generated HTML code for the action link */ -function html_action_form($uri, $action, $desc) { +function html_action_form($uri, $action, $inner) { if (isset($_COOKIE["AURSID"])) { $code = '
'; $code .= ''; + $code .= 'value="' . $inner . '" />'; $code .= '
'; } else { $code = ''; - $code .= htmlspecialchars($desc) . ''; + $code .= $inner . ''; } return $code; -- cgit v1.2.3-24-g4f1b