Skip to content
This repository has been archived by the owner on Jan 5, 2023. It is now read-only.

Commit

Permalink
bugfix - use htmlentities() for Code in in textarea
Browse files Browse the repository at this point in the history
  • Loading branch information
@patkon
patkon committed Jun 29, 2016
1 parent 18ac803 commit 3a6779c
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 3 deletions.
1 change: 1 addition & 0 deletions acp/core/ajax.plugins.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@

if(is_file('../../'.FC_CONTENT_DIR.'/plugins/'.$plugin)) {
$plugin_src = file_get_contents('../../'.FC_CONTENT_DIR.'/plugins/'.$plugin);
$plugin_src = htmlentities($plugin_src,ENT_QUOTES,"UTF-8");

if(!is_writable('../../'.FC_CONTENT_DIR.'/plugins/'.$plugin)) {
$message = '<div class="alert alert-info">The file is not writable</div>';
Expand Down
6 changes: 3 additions & 3 deletions acp/core/list.plugins.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
if($_SESSION['user_class'] == 'administrator') {
$edit_btn = '<a href="/acp/core/ajax.plugins.php?plugin='.$plugin.'" class="fancybox-ajax btn btn-sm btn-default"><span class="glyphicon glyphicon-pencil"></span> '.$lang['edit'].'</a>';
} else {
$edit_btn = '<a class="btn btn-default btn-xs" data-toggle="modal" data-target="#myModal'.$id.'">Source</a>';
$edit_btn = '<a class="btn btn-default btn-sm" data-toggle="modal" data-target="#myModal'.$id.'">Source</a>';
}

$tpl_icon = "images/plugin-icon.png";
Expand All @@ -47,7 +47,7 @@
$tpl = str_replace("{\$MOD_NAV}", "$edit_btn","$tpl");

echo $tpl;

/* Modal */
echo '<div class="modal fade" id="myModal'.$id.'" tabindex="-1" role="dialog" aria-labelledby="myModalLabel">';
echo '<div class="modal-dialog modal-lg" role="document">';
Expand All @@ -57,7 +57,7 @@
echo '<h4 class="modal-title" id="myModalLabel'.$id.'">'.$plugin.'</h4>';
echo '</div>';
echo '<div class="modal-body">';
echo '<pre class="form-control" style="height:400px;overflow:auto;">'.htmlentities($plugin_src).'</pre>';
echo '<pre class="form-control" style="height:400px;overflow:auto;">'.htmlentities($plugin_src,ENT_QUOTES,"UTF-8").'</pre>';
echo '</div>';
echo '<div class="modal-footer">';
echo '<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>';
Expand Down

0 comments on commit 3a6779c

Please sign in to comment.