summaryrefslogtreecommitdiff
path: root/it_html.class
diff options
context:
space:
mode:
Diffstat (limited to 'it_html.class')
-rw-r--r--it_html.class19
1 files changed, 12 insertions, 7 deletions
diff --git a/it_html.class b/it_html.class
index c9e51a5..d82a8da 100644
--- a/it_html.class
+++ b/it_html.class
@@ -165,7 +165,7 @@ function head($args = array())
if (!empty($p['cssinline']))
$header .= tag('style', array('type' => "text/css", "\n" . preg_replace(array('/\s*\/\*[^\*]+\*\//Um', '/\s*\{\s*/', '/;\s+/'), array('', '{', ';'), $p['cssinline'])));
- $header .= $p['head'] . ($p['title'] ? tag('title', Q($p['title'])) : "");
+ $header .= $p['head'] . ($p['title'] ? tag('title', strip_tags(Q(strip_tags($p['title'])))) : ""); # remove coloring by .texts and .q debug param
if($this->p['htmltype'] == "xhtml-mobile" && strpos($_SERVER['HTTP_USER_AGENT'], 'W3C_Validator'))
header("Content-Type: application/xhtml+xml; charset={$this->p['charset']}"); # for validation
@@ -272,7 +272,12 @@ function _tag($name, $args)
if (($value === null) || ($value === false)) # null or false: omit whole tag
;
else if (isset($value) && $value !== true) # normal case: value
- $result .= " $key=\"" . (preg_match("/[<>&\"'\n\x80-\x9f]/", $value) ? str_replace("\n", "&#10;", Q($value)) : it_untaint($value)) . '"';
+ {
+ if (preg_match('/[<>&"\x00-\x08\x0a-\x0c\x0e-\x1f\x80-\x9f]/', $value)) # WARNING: copy/pasted from Q()
+ $result .= " $key=\"" . str_replace("\n", "&#10;", htmlspecialchars($GLOBALS['it_html']->p['charset'] == "iso-8859-1" ? it_html::latinize($value) : $value)) . '"';
+ else
+ $result .= " $key=\"$value\"";
+ }
else # true: tag without value
$result .= ($this->p['htmltype'] == 'html') ? " $key" : " $key=\"$key\"";
}
@@ -361,11 +366,11 @@ function select($tags, $options, $selected = null)
{
$grouphtml = "";
foreach($option as $optval => $opt)
- $grouphtml .= $this->_tag("option", array(array('value' => $optval, 'selected' => in_array((string)$optval, $selected)), Q($opt)));
+ $grouphtml .= $this->_tag("option", array(array('value' => $optval, 'selected' => in_array((string)$optval, $selected)), strip_tags(Q(strip_tags($opt)))));
$html .= $this->_tag("optgroup", array(array('label' => $value, $grouphtml)));
}
else
- $html .= $this->_tag("option", array(array('value' => $value, 'selected' => in_array((string)$value, $selected), 'disabled' => $option === ""), (trim($option) === "") ? "&nbsp;" : Q($option)));
+ $html .= $this->_tag("option", array(array('value' => $value, 'selected' => in_array((string)$value, $selected), 'disabled' => $option === ""), (trim($option) === "") ? "&nbsp;" : strip_tags(Q(strip_tags($option))))); # strip_tags removes .q debug param coloring
}
return $this->_tag("select", array($tags, $html));
@@ -414,7 +419,7 @@ function sanitize($html)
else
$result = it::replace(array('&amp;(#\d+;)' => '&$1'), it_html::Q(html_entity_decode(strip_tags($html), ENT_COMPAT, $charset)));
- return $result;
+ return $GLOBALS['debug_q'] ? "<span style='background:#8FF'>$result</span>" : $result;
}
/**
@@ -432,10 +437,10 @@ function latinize($string)
*/
function Q($string)
{
- if (preg_match('/[<>&"\x00-\x08\x0b-\x0c\x0e-\x1f\x80-\x9f]/', $string))
+ if (preg_match('/[<>&"\x00-\x08\x0a-\x0c\x0e-\x1f\x80-\x9f]/', $string)) # WARNING: copy/pasted to _tag()
$string = htmlspecialchars($GLOBALS['it_html']->p['charset'] == "iso-8859-1" ? it_html::latinize($string) : $string);
- return $string;
+ return $GLOBALS['debug_q'] ? "<span style='background:#8FF'>$string</span>" : $string;
}