Fixes #382: Bookmarklet can not retrieve title when there is a quotation mark in it

bookmarklet fields weren't correctly escaped
This commit is contained in:
ArthurHoaro 2015-11-22 15:47:41 +01:00 committed by Knah Tsaeb
parent f981ab8a17
commit a1c3e68e7a

View file

@ -1682,11 +1682,13 @@ function renderPage()
{ {
$link_is_new = true; // This is a new link $link_is_new = true; // This is a new link
$linkdate = strval(date('Ymd_His')); $linkdate = strval(date('Ymd_His'));
$title = (empty($_GET['title']) ? '' : $_GET['title'] ); // Get title if it was provided in URL (by the bookmarklet). // Get title if it was provided in URL (by the bookmarklet).
$description = (empty($_GET['description']) ? '' : '>'.$_GET['description']); // Get description if it was provided in URL (by the bookmarklet). [Bronco added that] $title = empty($_GET['title']) ? '' : htmlspecialchars($_GET['title']);
$tags = (empty($_GET['tags']) ? '' : $_GET['tags'] ); // Get tags if it was provided in URL // Get description if it was provided in URL (by the bookmarklet). [Bronco added that]
$via = (empty($_GET['via']) ? '' : $_GET['via'] ); $description = (empty($_GET['description']) ? '' : htmlspecialchars($_GET['description']));
$private = (!empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0); // Get private if it was provided in URL $tags = (empty($_GET['tags']) ? '' : htmlspecialchars($_GET['tags'] ));
$via = (empty($_GET['via']) ? '' : htmlspecialchars($_GET['via'] ));
$private = (!empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0);
if (($url!='') && parse_url($url,PHP_URL_SCHEME)=='') $url = 'http://'.$url; if (($url!='') && parse_url($url,PHP_URL_SCHEME)=='') $url = 'http://'.$url;
// If this is an HTTP link, we try go get the page to extact the title (otherwise we will to straight to the edit form.) // If this is an HTTP link, we try go get the page to extact the title (otherwise we will to straight to the edit form.)
if (empty($title) && parse_url($url,PHP_URL_SCHEME)=='http') if (empty($title) && parse_url($url,PHP_URL_SCHEME)=='http')