diff options
| -rw-r--r-- | _test/tests/inc/parser/parser_media.test.php | 6 | ||||
| -rw-r--r-- | inc/common.php | 4 | ||||
| -rw-r--r-- | inc/parser/xhtml.php | 4 |
3 files changed, 7 insertions, 7 deletions
diff --git a/_test/tests/inc/parser/parser_media.test.php b/_test/tests/inc/parser/parser_media.test.php index fdb9c0fc4..edb635acd 100644 --- a/_test/tests/inc/parser/parser_media.test.php +++ b/_test/tests/inc/parser/parser_media.test.php @@ -136,12 +136,12 @@ class TestOfDoku_Parser_Media extends TestOfDoku_Parser { function testVideoInternalTitle() { $file = 'wiki:kind_zu_katze.ogv'; $title = 'Single quote: \' Ampersand: &'; - + $Renderer = new Doku_Renderer_xhtml(); $url = $Renderer->externalmedia($file, $title, null, null, null, 'cache', 'details', true); - + // make sure the title is escaped just once - $this->assertEquals(htmlspecialchars($title), substr($url, 28, 32)); + $this->assertEquals(hsc($title), substr($url, 28, 37)); } function testSimpleLinkText() { diff --git a/inc/common.php b/inc/common.php index c8d56baca..ac6ebc09f 100644 --- a/inc/common.php +++ b/inc/common.php @@ -26,7 +26,7 @@ use dokuwiki\Extension\Event; * @return string converted string */ function hsc($string) { - return htmlspecialchars($string, ENT_QUOTES, 'UTF-8'); + return htmlspecialchars($string, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, 'UTF-8'); } /** @@ -367,7 +367,7 @@ function buildAttributes($params, $skipEmptyStrings = false) { if($white) $url .= ' '; $url .= $key.'="'; - $url .= htmlspecialchars($val); + $url .= hsc($val); $url .= '"'; $white = true; } diff --git a/inc/parser/xhtml.php b/inc/parser/xhtml.php index 9c8e4dab6..40a934933 100644 --- a/inc/parser/xhtml.php +++ b/inc/parser/xhtml.php @@ -1054,7 +1054,7 @@ class Doku_Renderer_xhtml extends Doku_Renderer { if($conf['target']['interwiki']) $link['rel'] .= ' noopener'; $link['url'] = $url; - $link['title'] = htmlspecialchars($link['url']); + $link['title'] = $this->_xmlEntities($link['url']); // output formatted if($returnonly) { @@ -1739,7 +1739,7 @@ class Doku_Renderer_xhtml extends Doku_Renderer { * @return string */ public function _xmlEntities($string) { - return htmlspecialchars($string, ENT_QUOTES, 'UTF-8'); + return hsc($string); } |