Commit graph

4 commits

Author SHA1 Message Date
ArthurHoaro
5f85fcd863 Working on shaarli/Shaarli#224
I reviewed character escaping everywhere with the following ideas:

  * use a single common function to escape user data: `escape` using `htmlspecialchars`.
  * sanitize fields in `index.php` after reading them from datastore and before sending them to templates.
  	It means no escaping function in Twig templates.
    2 reasons:
    * it reduces risks of security issue for future user made templates
    * more readable templates
  * sanitize user configuration fields after loading them.
2015-06-23 16:35:36 +02:00
nodiscc
3139a6cf8d Fix php error in daily RSS
Use of undefined constant htmlspecialchars - assumed 'htmlspecialchars' in /var/www/links/tmp/dailyrss.*
    Thanks @alexisju in bec1870180
2015-03-31 20:02:50 +02:00
ArthurHoaro
bec1870180 Define date format in templates instead of index.php. 2015-03-31 13:19:07 +02:00
Sébastien SAUVAGE
450342737c Initial commit (version 0.0.40 beta) 2013-02-26 10:09:41 +01:00