aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJason Oster <parasytic@users.sourceforge.net>2009-05-26 20:15:15 +0000
committerJason Oster <parasytic@users.sourceforge.net>2009-05-26 20:15:15 +0000
commit9a320266804890028d660a08a0a79e1456b0571c (patch)
treef17c891e36f7a327817e4486b009acc3e668368f
parent8ae45367719ad076fb4c762c4acdf17b9479e4bd (diff)
downloadphpicalendar-9a320266804890028d660a08a0a79e1456b0571c.zip
phpicalendar-9a320266804890028d660a08a0a79e1456b0571c.tar.gz
phpicalendar-9a320266804890028d660a08a0a79e1456b0571c.tar.bz2
Sanitize print view and add URL links
-rw-r--r--functions/template.php16
1 files changed, 9 insertions, 7 deletions
diff --git a/functions/template.php b/functions/template.php
index a7f183c..79ada79 100644
--- a/functions/template.php
+++ b/functions/template.php
@@ -85,13 +85,15 @@ class Page {
}
$seen_events["$new_key2"] = 1;
$day_events++;
- if (isset($new_val2['event_text'])) {
- $event_text = stripslashes(urldecode($new_val2['event_text']));
- $location = stripslashes(urldecode($new_val2['location']));
- $description = stripslashes(urldecode($new_val2['description']));
- $event_start = $new_val2['event_start'];
- $event_end = $new_val2['event_end'];
- if (isset($new_val2['display_end'])) $event_end = $new_val2['display_end'];
+ if (isset($new_val2['event_text'])) {
+ $event_text = sanitizeForWeb(stripslashes(urldecode($new_val2['event_text'])));
+ $location = sanitizeForWeb(stripslashes(urldecode($new_val2['location'])));
+ $description = sanitizeForWeb(stripslashes(urldecode($new_val2['description'])));
+ if (!empty($description)) $description = ereg_replace("[[:alpha:]]+://[^<>[:space:]]+[[:alnum:]/]",'<a target="_new" href="\0">\0</a>', $description);
+
+ $event_start = $new_val2['event_start'];
+ $event_end = $new_val2['event_end'];
+ if (isset($new_val2['display_end'])) $event_end = $new_val2['display_end'];
if (!isset($new_val2['event_start'])) {
$event_start = $lang['l_all_day'];
$event_start2 = '';

© 2014-2020 Faster IT GmbH | imprint | privacy policy