Skip to content
Snippets Groups Projects
Commit 9a6a429f authored by Chris Hallberg's avatar Chris Hallberg
Browse files

More & href escapes.

parent 76aa4da7
No related merge requests found
Hide whitespace changes
Inline Side-by-side
themes/bootstrap3/templates/browse/home.phtml
+ 4
4
View file @ 9a6a429f
...@@ -40,14 +40,14 @@ ...@@ -40,14 +40,14 @@
<div class="browse list-group col-sm-3<? if (!empty($this->resultList)): ?> hidden-xs<? endif ?>" id="list3"> <div class="browse list-group col-sm-3<? if (!empty($this->resultList)): ?> hidden-xs<? endif ?>" id="list3">
<? foreach($this->secondaryList as $secondary): ?> <? foreach($this->secondaryList as $secondary): ?>
<? $url = $BROWSE_BASE . '?findby=' . urlencode($this->findby) <? $url = $BROWSE_BASE . '?findby=' . urlencode($this->findby)
. '&category=' . urlencode($this->category) . '&amp;category=' . urlencode($this->category)
. '&query=' . urlencode($secondary['value']); . '&amp;query=' . urlencode($secondary['value']);
if ($this->facetPrefix) { if ($this->facetPrefix) {
$url .= '&facet_prefix=' . urlencode($secondary['displayText']); $url .= '&amp;facet_prefix=' . urlencode($secondary['displayText']);
} }
if ($this->secondaryParams) { if ($this->secondaryParams) {
foreach($this->secondaryParams as $var=>$val) { foreach($this->secondaryParams as $var=>$val) {
$url .= '&' . $var .'=' . urlencode($val); $url .= '&amp;' . $var .'=' . urlencode($val);
} }
} }
$viewRecord = !empty($this->categoryList) && $this->currentAction != 'Tag' && $this->findby != 'alphabetical'; $viewRecord = !empty($this->categoryList) && $this->currentAction != 'Tag' && $this->findby != 'alphabetical';
......
themes/bootstrap3/templates/collections/home.phtml
+ 2
2
View file @ 9a6a429f
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
foreach (isset($filters['Other']) ? $filters['Other'] : array() as $filter) { foreach (isset($filters['Other']) ? $filters['Other'] : array() as $filter) {
$filter['urlPart'] = $filter['field'] . ':' . $filter['value']; $filter['urlPart'] = $filter['field'] . ':' . $filter['value'];
$filterList[] = $filter; $filterList[] = $filter;
$filterString .= '&' . urlencode('filter[]') . '=' . urlencode($filter['urlPart']); $filterString .= '&amp;' . urlencode('filter[]') . '=' . urlencode($filter['urlPart']);
} }
?> ?>
...@@ -42,7 +42,7 @@ ...@@ -42,7 +42,7 @@
$removalUrl = $this->url('collections-home') . '?from=' . urlencode($from); $removalUrl = $this->url('collections-home') . '?from=' . urlencode($from);
foreach ($filterList as $current) { foreach ($filterList as $current) {
if ($current['urlPart'] != $filter['urlPart']) { if ($current['urlPart'] != $filter['urlPart']) {
$removalUrl .= '&' . urlencode('filter[]') . '=' . urlencode($current['urlPart']); $removalUrl .= '&amp;' . urlencode('filter[]') . '=' . urlencode($current['urlPart']);
} }
} }
?> ?>
......
themes/bootstrap3/templates/search/reservessearch.phtml
+ 2
2
View file @ 9a6a429f
...@@ -53,8 +53,8 @@ ...@@ -53,8 +53,8 @@
<? <?
$url = $this->currentPath() . $this->escapeHtmlAttr( $url = $this->currentPath() . $this->escapeHtmlAttr(
'?inst=' . urlencode($record->getInstructorId()) '?inst=' . urlencode($record->getInstructorId())
. '&course=' . urlencode($record->getCourseId()) . '&amp;course=' . urlencode($record->getCourseId())
. '&dept=' . urlencode($record->getDepartmentId()) . '&amp;dept=' . urlencode($record->getDepartmentId())
); );
?> ?>
<tr> <tr>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment