|
|
|
# At the bottom of the function makeInfo
|
|
|
|
# _XXX_ joh, htmlspecialchars removed in the following line
|
|
$pathStr = $this->getPathFromPageId($pathId,$pathMP);
|
|
# was:
|
|
# $pathStr = htmlspecialchars($this->getPathFromPageId($pathId,$pathMP))
|
|
|
|
# in the following line the variable $pathStr is another time
|
|
# processed by htmlspecialchars...
|
|
$tmplArray['path'] = $this->linkPage($pathId,htmlspecialchars($pathStr),array(
|
|
'data_page_type' => $row['data_page_type'],
|
|
'data_page_mp' => $pathMP,
|
|
'sys_language_uid' => $row['sys_language_uid'],
|
|
));
|
|
|
|
|
|
|
|
# The function makeTitle preprocessed its result by htmlspecialchars
|
|
|
|
# _XXX_ Here was one htmlspecialchars tooo much.
|
|
return $this->utf8_to_currentCharset($outputString).$add;
|
|
# was:
|
|
# return htmlspecialchars($this->utf8_to_currentCharset($outputString).$add);
|
|
|
|
|
|
|
|
# In the following excerpt, makeTitle is used and its result
|
|
# again processed by htmlspecialchars ...
|
|
|
|
|
|
function prepareResultRowTemplateData($row, $headerOnly) {
|
|
|
|
// Initialize:
|
|
$specRowConf = $this->getSpecialConfigForRow($row);
|
|
$CSSsuffix = $specRowConf['CSSsuffix']?'-'.$specRowConf['CSSsuffix']:'';
|
|
|
|
// If external media, link to the media-file instead.
|
|
if ($row['item_type']) { // External media
|
|
if ($row['show_resume']) { // Can link directly.
|
|
$title = '<a href="'.htmlspecialchars($row['data_filename']).'">'.htmlspecialchars($this->makeTitle($row)).'</a>';
|
|
} else { // Suspicious, so linking to page instead...
|
|
$copy_row = $row;
|
|
unset($copy_row['cHashParams']);
|
|
$title = $this->linkPage($row['page_id'],htmlspecialchars($this->makeTitle($row)),$copy_row);
|
|
}
|
|
} else { // Else the page:
|