diff --git a/classes/security/Purifier.class.php b/classes/security/Purifier.class.php index 10fb74708..3d467ccd4 100644 --- a/classes/security/Purifier.class.php +++ b/classes/security/Purifier.class.php @@ -41,6 +41,7 @@ class Purifier $this->_config->set('HTML.SafeIframe', TRUE); $this->_config->set('URI.SafeIframeRegexp', $whiteDomainRegex); $this->_config->set('Cache.SerializerPath', $this->_cacheDir); + $this->_config->set('Attr.AllowedFrameTargets', array('_blank')); //$this->_config->set('Attr.AllowedClasses', $allowdClasses); $this->_def = $this->_config->getHTMLDefinition(TRUE); diff --git a/modules/comment/comment.controller.php b/modules/comment/comment.controller.php index 0951dea8d..b787ef218 100644 --- a/modules/comment/comment.controller.php +++ b/modules/comment/comment.controller.php @@ -1086,7 +1086,7 @@ class commentController extends comment $obj = new stdClass(); $obj->member_srl = $oComment->get('member_srl'); $obj->module_srl = $oComment->get('module_srl'); - $obj->comment_srl = $oComment->get('comment'); + $obj->comment_srl = $oComment->get('comment_srl'); $obj->update_target = ($point < 0) ? 'blamed_count' : 'voted_count'; $obj->point = $point; $obj->before_point = ($point < 0) ? $oComment->get('blamed_count') : $oComment->get('voted_count'); diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php index b9f5f0c59..a4677133f 100644 --- a/modules/document/document.controller.php +++ b/modules/document/document.controller.php @@ -416,8 +416,8 @@ class documentController extends document if($source_obj->get('member_srl')==$logged_info->member_srl || $bUseHistory) { $obj->member_srl = $logged_info->member_srl; - $obj->user_name = $logged_info->user_name; - $obj->nick_name = $logged_info->nick_name; + $obj->user_name = htmlspecialchars_decode($logged_info->user_name); + $obj->nick_name = htmlspecialchars_decode($logged_info->nick_name); $obj->email_address = $logged_info->email_address; $obj->homepage = $logged_info->homepage; } diff --git a/modules/document/queries/updateDocumentCategory.xml b/modules/document/queries/updateDocumentCategory.xml index 89c5d032f..9f9204c6a 100644 --- a/modules/document/queries/updateDocumentCategory.xml +++ b/modules/document/queries/updateDocumentCategory.xml @@ -1,4 +1,4 @@ - + diff --git a/modules/document/tpl/document_list.html b/modules/document/tpl/document_list.html index 900cca383..af115fe4c 100644 --- a/modules/document/tpl/document_list.html +++ b/modules/document/tpl/document_list.html @@ -48,7 +48,7 @@ xe.lang.msg_empty_search_keyword = '{$lang->msg_empty_search_keyword}'; - + diff --git a/modules/widget/ruleset/generateCodeInPage.xml b/modules/widget/ruleset/generateCodeInPage.xml index 17da244bb..fcd4cc3b5 100644 --- a/modules/widget/ruleset/generateCodeInPage.xml +++ b/modules/widget/ruleset/generateCodeInPage.xml @@ -6,6 +6,6 @@ - + diff --git a/modules/widget/widget.controller.php b/modules/widget/widget.controller.php index 30500c48f..766b3b887 100644 --- a/modules/widget/widget.controller.php +++ b/modules/widget/widget.controller.php @@ -283,7 +283,7 @@ class widgetController extends widget else $vars = $xml_doc->attrs; $widget = $vars->widget; - if(!$widget) return $match[0]; + if(!$widget) return $matches[0]; unset($vars->widget); return $this->execute($widget, $vars, $this->javascript_mode);
{$oDocument->getTitleText()}{$lang->no_title_document}{htmlspecialchars($oDocument->getTitleText())}{$lang->no_title_document} {$oDocument->getNickName()} {$oDocument->get('readed_count')} {$oDocument->get('voted_count')}/{$oDocument->get('blamed_count')}