Changeset 40392


Ignore:
Timestamp:
Sep 30, 2008, 8:41:07 AM (11 years ago)
Author:
ryandesign@…
Message:

common.inc: obfuscate_email(): escape special characters that might be in the email address. Follow-up to r37825 in which I escaped the result of obfuscate_email() in ports.php (not realizing that it intended to provide HTML-formatted output already) and r40385 in which that escaping was removed.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/www/includes/common.inc

    r40386 r40392  
    142142
    143143# Obfuscate e-mail addresses:
     144# Input: e-mail address in plain text
     145# Output: obfuscated e-mail address in HTML
    144146function obfuscate_email($email) {
    145147    $IMGDIR = '/img';
    146     return '<span class="email">' . str_replace('@', "<img src=\"$IMGDIR/at.gif\" alt=\"at\" />", $email) . '</span>';
     148    return '<span class="email">' . str_replace('@', "<img src=\"$IMGDIR/at.gif\" alt=\"at\" />", htmlspecialchars($email)) . '</span>';
    147149}
    148150
Note: See TracChangeset for help on using the changeset viewer.