Well, I took a look at the CVS snapshot. That's fine so far, but I think you must ensure that every reading access on $PMF_CONF[] values (if necessary) is enclosed in a htmlspecialchars() call.
Another approach could be the following: Use a better (you own) htmlspecialchars() implementation in the ...
Search found 5 matches
- Wed Nov 15, 2006 10:42 am
- Forum: Bug reports
- Topic: Duplicate use of htmlspecialchars() in rss.php
- Replies: 8
- Views: 12021
- Wed Nov 15, 2006 10:09 am
- Forum: Bug reports
- Topic: Duplicate use of htmlspecialchars() in rss.php
- Replies: 8
- Views: 12021
- Tue Nov 14, 2006 2:28 pm
- Forum: Bug reports
- Topic: Duplicate use of htmlspecialchars() in rss.php
- Replies: 8
- Views: 12021
- Tue Nov 14, 2006 11:25 am
- Forum: Bug reports
- Topic: Duplicate use of htmlspecialchars() in rss.php
- Replies: 8
- Views: 12021
Duplicate use of htmlspecialchars() in rss.php
The function htmlspecialchars() is used in config.save.php to convert special characters to HTML entities. This function is also called in rss.php and the config values will be converted again.
Due to this I get an "&" for a simple "&" ("&" -> "&" -> &") in the RSS feed.
Due to this I get an "&" for a simple "&" ("&" -> "&" -> &") in the RSS feed.
- Thu Nov 09, 2006 1:54 pm
- Forum: Proposals
- Topic: "Edit News" with option to open link in the parent
- Replies: 1
- Views: 7930
"Edit News" with option to open link in the parent
The "Target of the link" choice offers only the options "Link opens new window" and "Link within the FAQ".
I would like to have the option "Link opens in parent window" because I'm using phpMyFAQ in an inline frame and some links are refering to the parent frame.
I would like to have the option "Link opens in parent window" because I'm using phpMyFAQ in an inline frame and some links are refering to the parent frame.