1.0.7 RC2 (fix html escaping in ajax & operator window)

git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@19 c66351dc-e62f-0410-b875-e3a5c0b9693f
This commit is contained in:
Evgeny Gryaznov 2007-08-22 20:03:43 +00:00
parent 89e42e6c85
commit 054af3ca4c
2 changed files with 4 additions and 4 deletions

View File

@ -49,9 +49,9 @@ function thread_to_xml($thread) {
$result .= " canopen=\"true\""; $result .= " canopen=\"true\"";
$result .= " state=\"$state\">"; $result .= " state=\"$state\">";
$result .= "<name>".htmlspecialchars(get_user_name($thread['userName']))."</name>"; $result .= "<name>".htmlspecialchars(htmlspecialchars(get_user_name($thread['userName'])))."</name>";
$result .= "<addr>".htmlspecialchars($thread['remote'])."</addr>"; $result .= "<addr>".htmlspecialchars(htmlspecialchars($thread['remote']))."</addr>";
$result .= "<agent>".htmlspecialchars($threadoperator)."</agent>"; $result .= "<agent>".htmlspecialchars(htmlspecialchars($threadoperator))."</agent>";
$result .= "<time>".$thread['unix_timestamp(dtmcreated)']."000</time>"; $result .= "<time>".$thread['unix_timestamp(dtmcreated)']."000</time>";
$result .= "<modified>".$thread['unix_timestamp(dtmmodified)']."000</modified>"; $result .= "<modified>".$thread['unix_timestamp(dtmmodified)']."000</modified>";
$result .= "</thread>"; $result .= "</thread>";

View File

@ -87,7 +87,7 @@ var threadParams = { servl:"/webim/thread.php",frequency:2,<?php if( $page['user
<tr> <tr>
<?php if( $page['agent'] ) { ?> <?php if( $page['agent'] ) { ?>
<td class="text" nowrap> <td class="text" nowrap>
<?php echo getstring("chat.window.chatting_with") ?> <b><a href="javascript:void(0)" onclick="return false;" title="<?php echo getstring("chat.window.chatting_with") ?> <?php echo $page['ct.user.name'] ?><?php echo $page['namePostfix'] ?>"><?php echo $page['ct.user.name'] ?></a></b><br> <?php echo getstring("chat.window.chatting_with") ?> <b><a href="javascript:void(0)" onclick="return false;" title="<?php echo getstring("chat.window.chatting_with") ?> <?php echo htmlspecialchars($page['ct.user.name']) ?><?php echo $page['namePostfix'] ?>"><?php echo htmlspecialchars($page['ct.user.name']) ?></a></b><br>
</td> </td>
<?php } ?><?php if( $page['user'] && $page['canChangeName'] ) { ?> <?php } ?><?php if( $page['user'] && $page['canChangeName'] ) { ?>
<td class="text" nowrap> <td class="text" nowrap>