Development

Changeset 1143

You must first sign up to be able to contribute.

Changeset 1143

Show
Ignore:
Timestamp:
04/07/06 11:28:16 (2 years ago)
Author:
fabien
Message:

added escaping in sfWebResponse for meta and title (patch from Mike Squire and Paul Lomax - closes #401)

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/lib/response/sfWebResponse.class.php

    r1079 r1143  
    352352  } 
    353353 
    354   public function addMeta($key, $value, $override = true
     354  public function addMeta($key, $value, $override = true, $doNotEscape = false
    355355  { 
    356356    if ($override || !$this->hasParameter($key, 'helper/asset/auto/meta')) 
    357357    { 
     358      if (!$doNotEscape) 
     359      { 
     360        $value = htmlentities($value, ENT_QUOTES); 
     361      } 
     362 
    358363      $this->setParameter($key, $value, 'helper/asset/auto/meta'); 
    359364    } 
     
    367372  } 
    368373 
    369   public function setTitle($title) 
    370   { 
     374  public function setTitle($title, $doNotEscape = false) 
     375  { 
     376    if (!$doNotEscape) 
     377    { 
     378      $title = htmlentities($title, ENT_QUOTES); 
     379    } 
     380 
    371381    $this->setParameter('title', $title, 'helper/asset/auto/meta'); 
    372382  }