gnucash-htdocs beta: Multiple changes pushed

John Ralls jralls at code.gnucash.org
Tue Aug 10 18:44:42 EDT 2021 

Updated	 via  https://github.com/Gnucash/gnucash-htdocs/commit/0d7df218 (commit)
	 via  https://github.com/Gnucash/gnucash-htdocs/commit/3f869d4d (commit)
	from  https://github.com/Gnucash/gnucash-htdocs/commit/1acd86cc (commit)



commit 0d7df218dce07ad72c3928661307f26bf2634ae3
Author: John Ralls <jralls at ceridwen.us>
Date:   Tue Aug 10 15:44:25 2021 -0700

    Revert "More sanitizing."
    
    This reverts commit 3f869d4d8fe628f49ed0356c63accfc6813a1c60.

diff --git a/externals/header.phtml b/externals/header.phtml
index 0256aa9..7394899 100644
--- a/externals/header.phtml
+++ b/externals/header.phtml
@@ -8,30 +8,26 @@
   include("$top_dir/externals/global_params.php");
   if (!isset($title)) {
       $title = $GLOBALS["default_title"];
-  }
-  $full_title = filter_var($title, FILTER_SANITIZE_FULL_SPECIAL_CHARS)." | GnuCash";
+  };
+  $full_title = $title." | GnuCash";
   if (!isset($description)) {
       $description = $default_description;
-  } else {
-      $description = filter_var($description, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-  }
-  $page = filter_var($page, FILTER_SANITIZE_URL | FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+  };
 
   # This function will create a link to the given page
   # reusing the get parameters that were specified
   # with the option to override the language
   function make_lang_href($page, $get_parms, $lang)
   {
-      $query_lang = filter_input(INPUT_GET, $lang, FILTER_SANITIZE_STRING);
-      if ($query_lang)
-          $get_parms["lang"] = $query_lang;
+      if (isset($lang) && $lang != "") {
+          $get_parms["lang"] = $lang;
       }
       $url_get_query = http_build_query($get_parms);
       $lang_href = "$page"."?"."$url_get_query";
       return $lang_href;
   }
-
-  $get_parms = filter_var($_GET, FILTER_SANITIZE_STRING);
+  
+  $get_parms = $_GET;
 
   if (isset($locale)) {
       if (substr($locale, 0, 2) != 'zh') {
@@ -54,7 +50,7 @@
 <?php } //if ($can_utf)?>
 
     <title><?=$full_title?></title>
-    <meta name="description" content="<?=$description?>"/>
+    <meta name="description" content="<?=strip_tags($description)?>"/>
 
     <!--meta properties for facebook Open Graph-->
     <meta property="og:locale" content="<?=$locale_str?>"/>
@@ -67,10 +63,10 @@
     ?>
     <meta property="og:title" content="<?=$full_title?>"/>
     <meta property="og:type" content="website"/>
-    <meta property="og:url" content="<?=\DEFAULT_URL.$page?>"/>
+    <meta property="og:url" content="<?=\DEFAULT_URL.filter_var($page, FILTER_SANITIZE_URL)?>"/>
     <meta property="og:image" content="<?=\DEFAULT_URL."externals/logo_w120.png"?>"/>
     <meta property="og:site_name" content="GnuCash"/>
-    <meta property="og:description" content="<?=$description?>"/>
+    <meta property="og:description" content="<?=strip_tags($description)?>"/>
 <?php // end of Open Graph properties?>
 
     <link rel="stylesheet" href="<?=$home?>/externals/gnucash.css" type="text/css" />

commit 3f869d4d8fe628f49ed0356c63accfc6813a1c60
Author: John Ralls <jralls at ceridwen.us>
Date:   Tue Aug 10 15:40:41 2021 -0700

    More sanitizing.

diff --git a/externals/header.phtml b/externals/header.phtml
index 7394899..0256aa9 100644
--- a/externals/header.phtml
+++ b/externals/header.phtml
@@ -8,26 +8,30 @@
   include("$top_dir/externals/global_params.php");
   if (!isset($title)) {
       $title = $GLOBALS["default_title"];
-  };
-  $full_title = $title." | GnuCash";
+  }
+  $full_title = filter_var($title, FILTER_SANITIZE_FULL_SPECIAL_CHARS)." | GnuCash";
   if (!isset($description)) {
       $description = $default_description;
-  };
+  } else {
+      $description = filter_var($description, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+  }
+  $page = filter_var($page, FILTER_SANITIZE_URL | FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
   # This function will create a link to the given page
   # reusing the get parameters that were specified
   # with the option to override the language
   function make_lang_href($page, $get_parms, $lang)
   {
-      if (isset($lang) && $lang != "") {
-          $get_parms["lang"] = $lang;
+      $query_lang = filter_input(INPUT_GET, $lang, FILTER_SANITIZE_STRING);
+      if ($query_lang)
+          $get_parms["lang"] = $query_lang;
       }
       $url_get_query = http_build_query($get_parms);
       $lang_href = "$page"."?"."$url_get_query";
       return $lang_href;
   }
-  
-  $get_parms = $_GET;
+
+  $get_parms = filter_var($_GET, FILTER_SANITIZE_STRING);
 
   if (isset($locale)) {
       if (substr($locale, 0, 2) != 'zh') {
@@ -50,7 +54,7 @@
 <?php } //if ($can_utf)?>
 
     <title><?=$full_title?></title>
-    <meta name="description" content="<?=strip_tags($description)?>"/>
+    <meta name="description" content="<?=$description?>"/>
 
     <!--meta properties for facebook Open Graph-->
     <meta property="og:locale" content="<?=$locale_str?>"/>
@@ -63,10 +67,10 @@
     ?>
     <meta property="og:title" content="<?=$full_title?>"/>
     <meta property="og:type" content="website"/>
-    <meta property="og:url" content="<?=\DEFAULT_URL.filter_var($page, FILTER_SANITIZE_URL)?>"/>
+    <meta property="og:url" content="<?=\DEFAULT_URL.$page?>"/>
     <meta property="og:image" content="<?=\DEFAULT_URL."externals/logo_w120.png"?>"/>
     <meta property="og:site_name" content="GnuCash"/>
-    <meta property="og:description" content="<?=strip_tags($description)?>"/>
+    <meta property="og:description" content="<?=$description?>"/>
 <?php // end of Open Graph properties?>
 
     <link rel="stylesheet" href="<?=$home?>/externals/gnucash.css" type="text/css" />



Summary of changes:

More information about the gnucash-changes mailing list