Skip to content
Snippets Groups Projects
Commit bd680889 authored by Jared Hancock's avatar Jared Hancock
Browse files

Avoid double-encoding thread titles 

This is safe now, because the title is appropriately encoded in
class.thread.php/ThreadEntry::create()

Fixes #567, #718
parent c8197915
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
include/staff/ticket-view.inc.php
+ 2
2
View file @ bd680889
...@@ -294,7 +294,7 @@ if(!$cfg->showNotesInline()) { ?> ...@@ -294,7 +294,7 @@ if(!$cfg->showNotesInline()) { ?>
<th width="640"> <th width="640">
<?php <?php
echo sprintf('%s <em>posted by <b>%s</b></em>', echo sprintf('%s <em>posted by <b>%s</b></em>',
Format::htmlchars($note['title']), $note['title'],
Format::htmlchars($note['poster'])); Format::htmlchars($note['poster']));
?> ?>
</th> </th>
...@@ -338,7 +338,7 @@ if(!$cfg->showNotesInline()) { ?> ...@@ -338,7 +338,7 @@ if(!$cfg->showNotesInline()) { ?>
<table class="<?php echo $threadTypes[$entry['thread_type']]; ?>" cellspacing="0" cellpadding="1" width="940" border="0"> <table class="<?php echo $threadTypes[$entry['thread_type']]; ?>" cellspacing="0" cellpadding="1" width="940" border="0">
<tr> <tr>
<th width="200"><?php echo Format::db_datetime($entry['created']);?></th> <th width="200"><?php echo Format::db_datetime($entry['created']);?></th>
<th width="440"><span><?php echo Format::htmlchars($entry['title']); ?></span></th> <th width="440"><span><?php echo $entry['title']; ?></span></th>
<th width="300" class="tmeta"><?php echo Format::htmlchars($entry['poster']); ?></th> <th width="300" class="tmeta"><?php echo Format::htmlchars($entry['poster']); ?></th>
</tr> </tr>
<tr><td colspan=3><?php echo Format::display($entry['body']); ?></td></tr> <tr><td colspan=3><?php echo Format::display($entry['body']); ?></td></tr>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment