Commit 72155f8b authored by Steven Wittens's avatar Steven Wittens
Browse files

Using drupal_specialchars() instead of htmlentities(). htmlentities() is not UTF-8 safe.

parent 7ebcac26
......@@ -131,7 +131,7 @@ function profile_view_field($user, $field) {
case 'textarea':
return check_output($value);
case 'selection':
return l($value, "profile/$field->name/". htmlentities($value));
return l($value, "profile/$field->name/". drupal_specialchars($value));
case 'checkbox':
return l($field->title, "profile/$field->name");
case 'url':
......@@ -141,7 +141,7 @@ function profile_view_field($user, $field) {
$fields = array();
foreach ($values as $value) {
if ($value = trim(strip_tags($value))) {
$fields[] = l($value, "profile/$field->name/". htmlentities($value));
$fields[] = l($value, "profile/$field->name/". drupal_specialchars($value));
}
}
return implode(', ', $fields);
......@@ -244,7 +244,7 @@ function profile_validate_profile($edit, $category) {
function profile_categories() {
$result = db_query("SELECT DISTINCT(category) FROM {profile_fields}");
while ($category = db_fetch_object($result)) {
$data[] = array('name' => htmlentities(strtolower($category->category)), 'title' => strtolower($category->category), 'weight' => 3);
$data[] = array('name' => drupal_specialchars(strtolower($category->category)), 'title' => strtolower($category->category), 'weight' => 3);
}
return $data;
}
......
......@@ -131,7 +131,7 @@ function profile_view_field($user, $field) {
case 'textarea':
return check_output($value);
case 'selection':
return l($value, "profile/$field->name/". htmlentities($value));
return l($value, "profile/$field->name/". drupal_specialchars($value));
case 'checkbox':
return l($field->title, "profile/$field->name");
case 'url':
......@@ -141,7 +141,7 @@ function profile_view_field($user, $field) {
$fields = array();
foreach ($values as $value) {
if ($value = trim(strip_tags($value))) {
$fields[] = l($value, "profile/$field->name/". htmlentities($value));
$fields[] = l($value, "profile/$field->name/". drupal_specialchars($value));
}
}
return implode(', ', $fields);
......@@ -244,7 +244,7 @@ function profile_validate_profile($edit, $category) {
function profile_categories() {
$result = db_query("SELECT DISTINCT(category) FROM {profile_fields}");
while ($category = db_fetch_object($result)) {
$data[] = array('name' => htmlentities(strtolower($category->category)), 'title' => strtolower($category->category), 'weight' => 3);
$data[] = array('name' => drupal_specialchars(strtolower($category->category)), 'title' => strtolower($category->category), 'weight' => 3);
}
return $data;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment