phpBB

Code Changes

File: phpbb/textformatter/s9e/factory.php

  Unmodified   Added   Modified   Removed
Line 311Line 311
		{
$configurator->Emoticons->set(
$row['code'],

		{
$configurator->Emoticons->set(
$row['code'],

				'<img class="smilies" src="{$T_SMILIES_PATH}/' . htmlspecialchars($row['smiley_url']) . '" width="' . $row['smiley_width'] . '" height="' . $row['smiley_height'] . '" alt="{.}" title="' . htmlspecialchars($row['emotion']) . '"/>'

				'<img class="smilies" src="{$T_SMILIES_PATH}/' . $this->escape_html_attribute($row['smiley_url']) . '" width="' . $row['smiley_width'] . '" height="' . $row['smiley_height'] . '" alt="{.}" title="' . $this->escape_html_attribute($row['emotion']) . '"/>'

			);
}


			);
}


Line 333Line 333
			$configurator->plugins->load('Censor', array('tagName' => 'censor:tag'));
foreach ($censor as $row)
{

			$configurator->plugins->load('Censor', array('tagName' => 'censor:tag'));
foreach ($censor as $row)
{

				// NOTE: words are stored as HTML, we need to decode them to plain text
$configurator->Censor->add(htmlspecialchars_decode($row['word']), htmlspecialchars_decode($row['replacement']));

				$configurator->Censor->add($row['word'], $row['replacement']);


			}
}


			}
}


Line 440Line 439
			->resetParameters()
->addParameterByName('tag')
->addParameterByName('parser');

			->resetParameters()
->addParameterByName('tag')
->addParameterByName('parser');

 
	}

/**
* Escape a literal to be used in an HTML attribute in an XSL template
*
* Escapes "HTML special chars" for obvious reasons and curly braces to avoid them
* being interpreted as an attribute value template
*
* @param string $value Original string
* @return string Escaped string
*/
protected function escape_html_attribute($value)
{
return htmlspecialchars(strtr($value, ['{' => '{{', '}' => '}}']), ENT_COMPAT | ENT_XML1, 'UTF-8');

	}

/**

	}

/**