Skip to content
Snippets Groups Projects
Commit d8923b0b authored by Matthew Juhl's avatar Matthew Juhl
Browse files

Escape user-inputed strings that were causing js errors on the map.

parent b6b884b3
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
customindex/views/default/customindex/content.php
+ 5
4
View file @ d8923b0b
......@@ -156,21 +156,22 @@
<?php
$users = get_entities_from_metadata('icontime', '', 'user', '', 0, 8);
//$users = get_entities('user', '', 0, '', 8, 0, false, 0, null);
if($users){
foreach($users as $user){
echo "<div class=\"member_icon\"><img onclick=\"window.openLocation('" . $user->longitude . "','" . $user->latitude . "','" . $user->username . "',";
if($user->profile_country)
echo "'" . $user->profile_country . " - " . $user->profile_city . ", " . $user->profile_state . "',";
echo "'" . $user->profile_country . " - " . str_replace("'","\'",htmlentities($user->profile_city)) . ", " . $user->profile_state . "',";
else
echo "'',";
echo "'" . $user->name . "',";
echo "'" . str_replace("'","\'",htmlentities($user->name)) . "',";
if($user->profile_attended_from != "Did Not Attend UNL" && $user->profile_attended_from != "" && $user->profile_attended_from != NULL)
echo "'Attended UNL: " . $user->profile_attended_from . "-" . $user->profile_attended_to . "'";
else
echo "''";
echo ",'$user->map_explanation');return false;\" src=\"mod/profile/icon.php?username=" . $user->username . "&size=tiny\" /></div>";
echo ",'". str_replace("'","\'",htmlentities($user->map_explanation))."');return false;\" src=\"mod/profile/icon.php?username=" . $user->username . "&size=tiny\" /></div>";
}
}
}
?>
</div>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment