gnucash-htdocs beta: Multiple changes pushed
John Ralls
jralls at code.gnucash.org
Tue Aug 10 18:44:42 EDT 2021
Updated via https://github.com/Gnucash/gnucash-htdocs/commit/0d7df218 (commit)
via https://github.com/Gnucash/gnucash-htdocs/commit/3f869d4d (commit)
from https://github.com/Gnucash/gnucash-htdocs/commit/1acd86cc (commit)
commit 0d7df218dce07ad72c3928661307f26bf2634ae3
Author: John Ralls <jralls at ceridwen.us>
Date: Tue Aug 10 15:44:25 2021 -0700
Revert "More sanitizing."
This reverts commit 3f869d4d8fe628f49ed0356c63accfc6813a1c60.
diff --git a/externals/header.phtml b/externals/header.phtml
index 0256aa9..7394899 100644
--- a/externals/header.phtml
+++ b/externals/header.phtml
@@ -8,30 +8,26 @@
include("$top_dir/externals/global_params.php");
if (!isset($title)) {
$title = $GLOBALS["default_title"];
- }
- $full_title = filter_var($title, FILTER_SANITIZE_FULL_SPECIAL_CHARS)." | GnuCash";
+ };
+ $full_title = $title." | GnuCash";
if (!isset($description)) {
$description = $default_description;
- } else {
- $description = filter_var($description, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
- }
- $page = filter_var($page, FILTER_SANITIZE_URL | FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+ };
# This function will create a link to the given page
# reusing the get parameters that were specified
# with the option to override the language
function make_lang_href($page, $get_parms, $lang)
{
- $query_lang = filter_input(INPUT_GET, $lang, FILTER_SANITIZE_STRING);
- if ($query_lang)
- $get_parms["lang"] = $query_lang;
+ if (isset($lang) && $lang != "") {
+ $get_parms["lang"] = $lang;
}
$url_get_query = http_build_query($get_parms);
$lang_href = "$page"."?"."$url_get_query";
return $lang_href;
}
-
- $get_parms = filter_var($_GET, FILTER_SANITIZE_STRING);
+
+ $get_parms = $_GET;
if (isset($locale)) {
if (substr($locale, 0, 2) != 'zh') {
@@ -54,7 +50,7 @@
<?php } //if ($can_utf)?>
<title><?=$full_title?></title>
- <meta name="description" content="<?=$description?>"/>
+ <meta name="description" content="<?=strip_tags($description)?>"/>
<!--meta properties for facebook Open Graph-->
<meta property="og:locale" content="<?=$locale_str?>"/>
@@ -67,10 +63,10 @@
?>
<meta property="og:title" content="<?=$full_title?>"/>
<meta property="og:type" content="website"/>
- <meta property="og:url" content="<?=\DEFAULT_URL.$page?>"/>
+ <meta property="og:url" content="<?=\DEFAULT_URL.filter_var($page, FILTER_SANITIZE_URL)?>"/>
<meta property="og:image" content="<?=\DEFAULT_URL."externals/logo_w120.png"?>"/>
<meta property="og:site_name" content="GnuCash"/>
- <meta property="og:description" content="<?=$description?>"/>
+ <meta property="og:description" content="<?=strip_tags($description)?>"/>
<?php // end of Open Graph properties?>
<link rel="stylesheet" href="<?=$home?>/externals/gnucash.css" type="text/css" />
commit 3f869d4d8fe628f49ed0356c63accfc6813a1c60
Author: John Ralls <jralls at ceridwen.us>
Date: Tue Aug 10 15:40:41 2021 -0700
More sanitizing.
diff --git a/externals/header.phtml b/externals/header.phtml
index 7394899..0256aa9 100644
--- a/externals/header.phtml
+++ b/externals/header.phtml
@@ -8,26 +8,30 @@
include("$top_dir/externals/global_params.php");
if (!isset($title)) {
$title = $GLOBALS["default_title"];
- };
- $full_title = $title." | GnuCash";
+ }
+ $full_title = filter_var($title, FILTER_SANITIZE_FULL_SPECIAL_CHARS)." | GnuCash";
if (!isset($description)) {
$description = $default_description;
- };
+ } else {
+ $description = filter_var($description, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+ }
+ $page = filter_var($page, FILTER_SANITIZE_URL | FILTER_SANITIZE_FULL_SPECIAL_CHARS);
# This function will create a link to the given page
# reusing the get parameters that were specified
# with the option to override the language
function make_lang_href($page, $get_parms, $lang)
{
- if (isset($lang) && $lang != "") {
- $get_parms["lang"] = $lang;
+ $query_lang = filter_input(INPUT_GET, $lang, FILTER_SANITIZE_STRING);
+ if ($query_lang)
+ $get_parms["lang"] = $query_lang;
}
$url_get_query = http_build_query($get_parms);
$lang_href = "$page"."?"."$url_get_query";
return $lang_href;
}
-
- $get_parms = $_GET;
+
+ $get_parms = filter_var($_GET, FILTER_SANITIZE_STRING);
if (isset($locale)) {
if (substr($locale, 0, 2) != 'zh') {
@@ -50,7 +54,7 @@
<?php } //if ($can_utf)?>
<title><?=$full_title?></title>
- <meta name="description" content="<?=strip_tags($description)?>"/>
+ <meta name="description" content="<?=$description?>"/>
<!--meta properties for facebook Open Graph-->
<meta property="og:locale" content="<?=$locale_str?>"/>
@@ -63,10 +67,10 @@
?>
<meta property="og:title" content="<?=$full_title?>"/>
<meta property="og:type" content="website"/>
- <meta property="og:url" content="<?=\DEFAULT_URL.filter_var($page, FILTER_SANITIZE_URL)?>"/>
+ <meta property="og:url" content="<?=\DEFAULT_URL.$page?>"/>
<meta property="og:image" content="<?=\DEFAULT_URL."externals/logo_w120.png"?>"/>
<meta property="og:site_name" content="GnuCash"/>
- <meta property="og:description" content="<?=strip_tags($description)?>"/>
+ <meta property="og:description" content="<?=$description?>"/>
<?php // end of Open Graph properties?>
<link rel="stylesheet" href="<?=$home?>/externals/gnucash.css" type="text/css" />
Summary of changes:
More information about the gnucash-changes
mailing list