diff options
author | Jason Oster <parasytic@users.sourceforge.net> | 2009-05-26 20:15:15 +0000 |
---|---|---|
committer | Jason Oster <parasytic@users.sourceforge.net> | 2009-05-26 20:15:15 +0000 |
commit | 9a320266804890028d660a08a0a79e1456b0571c (patch) | |
tree | f17c891e36f7a327817e4486b009acc3e668368f /functions/template.php | |
parent | 8ae45367719ad076fb4c762c4acdf17b9479e4bd (diff) | |
download | phpicalendar-9a320266804890028d660a08a0a79e1456b0571c.tar.gz phpicalendar-9a320266804890028d660a08a0a79e1456b0571c.tar.bz2 phpicalendar-9a320266804890028d660a08a0a79e1456b0571c.zip |
Sanitize print view and add URL links
Diffstat (limited to 'functions/template.php')
-rw-r--r-- | functions/template.php | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/functions/template.php b/functions/template.php index a7f183c..79ada79 100644 --- a/functions/template.php +++ b/functions/template.php @@ -85,13 +85,15 @@ class Page { } $seen_events["$new_key2"] = 1; $day_events++; - if (isset($new_val2['event_text'])) { - $event_text = stripslashes(urldecode($new_val2['event_text'])); - $location = stripslashes(urldecode($new_val2['location'])); - $description = stripslashes(urldecode($new_val2['description'])); - $event_start = $new_val2['event_start']; - $event_end = $new_val2['event_end']; - if (isset($new_val2['display_end'])) $event_end = $new_val2['display_end']; + if (isset($new_val2['event_text'])) { + $event_text = sanitizeForWeb(stripslashes(urldecode($new_val2['event_text']))); + $location = sanitizeForWeb(stripslashes(urldecode($new_val2['location']))); + $description = sanitizeForWeb(stripslashes(urldecode($new_val2['description']))); + if (!empty($description)) $description = ereg_replace("[[:alpha:]]+://[^<>[:space:]]+[[:alnum:]/]",'<a target="_new" href="\0">\0</a>', $description); + + $event_start = $new_val2['event_start']; + $event_end = $new_val2['event_end']; + if (isset($new_val2['display_end'])) $event_end = $new_val2['display_end']; if (!isset($new_val2['event_start'])) { $event_start = $lang['l_all_day']; $event_start2 = ''; |