Fixes #1184 - added elgg_format_url() for handling ampersands in urls

git-svn-id: http://code.elgg.org/elgg/trunk@5603 36083f99-b078-4883-b0ff-0f9b5a30f544

diff --git a/CHANGES.txt b/CHANGES.txt
index 074aa6c62f6bb0eab47d1ca63f76822129499d12..ed844f018ef6f621f5cf64c73e9e8966a83b2a78 100644 (file)
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -6,6 +6,7 @@ Version 1.8.0
  Generic API changes:
   * Added elgg_instanceof().
   * Added remove_subtype() and update_subtype().
+  * Added elgg_format_url()
 
  UI/UX API changes:
   * Added elgg_push_breadcrumb(), elgg_pop_breadcrumb(), and elgg_get_breadcrumbs().

diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index 04e04fbbc50637a30d581ad97e33fd55138b6d72..f106e4dedea6d2efa796080fd5a5fc3234693a7b 100644 (file)
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -2598,6 +2598,17 @@ interface Friendable {
        public function countObjects($subtype = "");
 }
 
+/**
+ * Handles formatting of ampersands in urls
+ * 
+ * @param string $url
+ * @return string
+ * @since 1.8
+ */
+function elgg_format_url($url) {
+       return preg_replace('/&(?!amp;)/', '&', $url);
+}
+
 /**
  * Rebuilds a parsed (partial) URL
  *
@@ -2615,7 +2626,7 @@ function elgg_http_build_url(array $parts) {
 
        $string = $scheme . $host . $port . $path . $query;
 
-       return $string;
+       return elgg_format_url($string);
 }
 
 

diff --git a/views/default/admin/plugins.php b/views/default/admin/plugins.php
index 465b019f61e095d34ee1ce28014aabc9bf315b75..4388e7a3c28f1d671ae92ff26b5a308c21407af5 100644 (file)
--- a/views/default/admin/plugins.php
+++ b/views/default/admin/plugins.php
@@ -15,7 +15,8 @@ $token = generate_action_token($ts);
 
 // Page Header elements
 $title = elgg_view_title(elgg_echo('admin:plugins'));
-$buttons = "<a class='action_button' href=\"{$CONFIG->url}action/admin/plugins/enableall?__elgg_token=$token&__elgg_ts=$ts\">".elgg_echo('enableall')."</a>  <a class='action_button disabled' href=\"{$CONFIG->url}action/admin/plugins/disableall?__elgg_token=$token&__elgg_ts=$ts\">".elgg_echo('disableall')."</a> ";
+$buttons = "<a class='action_button' href=\"{$CONFIG->url}action/admin/plugins/enableall?__elgg_token=$token&amp;__elgg_ts=$ts\">".elgg_echo('enableall')."</a>";
+$buttons .= "<a class='action_button disabled' href=\"{$CONFIG->url}action/admin/plugins/disableall?__elgg_token=$token&amp;__elgg_ts=$ts\">".elgg_echo('disableall')."</a> ";
 
 // construct page header
 ?>

diff --git a/views/default/admin/plugins_opt/plugin.php b/views/default/admin/plugins_opt/plugin.php
index 0150e76d891b20e2e2818fbae3f771ae2e66982f..6184580d8d5f19b73698ecaf195c2175e0a3b511 100644 (file)
--- a/views/default/admin/plugins_opt/plugin.php
+++ b/views/default/admin/plugins_opt/plugin.php
@@ -30,26 +30,37 @@ $token = generate_action_token($ts);
        <div class="admin_plugin_reorder">
 <?php
                        if ($vars['order'] > 10) {
+                               $top_url = "{$vars['url']}action/admin/plugins/reorder?plugin={$plugin}&order=1&__elgg_token=$token&__elgg_ts=$ts";
+                               $order = $vars['order'] - 11;
+                               $up_url = "{$vars['url']}action/admin/plugins/reorder?plugin={$plugin}&order=$order&__elgg_token=$token&__elgg_ts=$ts";
 ?>
-                       <a href="<?php echo $vars['url']; ?>action/admin/plugins/reorder?plugin=<?php echo $plugin; ?>&order=1&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("top"); ?></a>
-                       <a href="<?php echo $vars['url']; ?>action/admin/plugins/reorder?plugin=<?php echo $plugin; ?>&order=<?php echo $vars['order'] - 11; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("up"); ?></a>
+                       <a href="<?php echo elgg_format_url($top_url); ?>"><?php echo elgg_echo("top"); ?></a>
+                       <a href="<?php echo elgg_format_url($up_url); ?>"><?php echo elgg_echo("up"); ?></a>
 <?php
                        }
                ?>
                <?php
                        if ($vars['order'] < $vars['maxorder']) {
+                               $order =  $vars['order'] + 11;
+                               $down_url = "{$vars['url']}action/admin/plugins/reorder?plugin={$plugin}&order=$order&__elgg_token=$token&__elgg_ts=$ts";
+                               $order = $vars['maxorder'] + 11;
+                               $bottom_url = "{$vars['url']}action/admin/plugins/reorder?plugin={$plugin}&order=$order&__elgg_token=$token&__elgg_ts=$ts";
 ?>
-                       <a href="<?php echo $vars['url']; ?>action/admin/plugins/reorder?plugin=<?php echo $plugin; ?>&order=<?php echo $vars['order'] + 11; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("down"); ?></a>
-                       <a href="<?php echo $vars['url']; ?>action/admin/plugins/reorder?plugin=<?php echo $plugin; ?>&order=<?php echo $vars['maxorder'] + 11; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("bottom"); ?></a>
+                       <a href="<?php echo elgg_format_url($down_url); ?>"><?php echo elgg_echo("down"); ?></a>
+                       <a href="<?php echo elgg_format_url($bottom_url); ?>"><?php echo elgg_echo("bottom"); ?></a>
 <?php
                        }
                ?>
        </div><div class="clearfloat"></div>
        <div class="admin_plugin_enable_disable">
-               <?php if ($active) { ?>
-                       <a class="cancel_button" href="<?php echo $vars['url']; ?>action/admin/plugins/disable?plugin=<?php echo $plugin; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("disable"); ?></a>
-               <?php } else { ?>
-                       <a class="submit_button" href="<?php echo $vars['url']; ?>action/admin/plugins/enable?plugin=<?php echo $plugin; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("enable"); ?></a>
+               <?php if ($active) {
+                       $url = "{$vars['url']}action/admin/plugins/disable?plugin=$plugin&__elgg_token=$token&__elgg_ts=$ts";
+               ?>
+                       <a class="cancel_button" href="<?php echo elgg_format_url($url); ?>"><?php echo elgg_echo("disable"); ?></a>
+               <?php } else { 
+                       $url = "{$vars['url']}action/admin/plugins/enable?plugin=$plugin&__elgg_token=$token&__elgg_ts=$ts";
+               ?>
+                       <a class="submit_button" href="<?php echo elgg_format_url($url); ?>"><?php echo elgg_echo("enable"); ?></a>
                <?php } ?>
        </div>
 
@@ -90,10 +101,10 @@ $token = generate_action_token($ts);
                        ?>
                </div>
                <?php } ?>
-               <div><?php echo elgg_echo('admin:plugins:label:version') . ": ". $manifest['version'] ?></div>
-               <div><?php echo elgg_echo('admin:plugins:label:author') . ": ". $manifest['author'] ?></div>
-               <div><?php echo elgg_echo('admin:plugins:label:copyright') . ": ". $manifest['copyright'] ?></div>
-               <div><?php echo elgg_echo('admin:plugins:label:licence') . ": ". $manifest['licence'] . $manifest['license'] ?></div>
+               <div><?php echo elgg_echo('admin:plugins:label:version') . ": ". htmlspecialchars($manifest['version']) ?></div>
+               <div><?php echo elgg_echo('admin:plugins:label:author') . ": ". htmlspecialchars($manifest['author']) ?></div>
+               <div><?php echo elgg_echo('admin:plugins:label:copyright') . ": ". htmlspecialchars($manifest['copyright']) ?></div>
+               <div><?php echo elgg_echo('admin:plugins:label:licence') . ": ". htmlspecialchars($manifest['licence'] . $manifest['license']) ?></div>
                <div><?php echo elgg_echo('admin:plugins:label:website') . ": "; ?><a href="<?php echo $manifest['website']; ?>"><?php echo $manifest['website']; ?></a></div>
        <?php } ?>