From 75f28186a995aa930f6db9f05ec7b63bbd2cd284 Mon Sep 17 00:00:00 2001 From: xue <> Date: Tue, 30 May 2006 03:30:14 +0000 Subject: Merge from 3.0 branch till 1103 --- framework/Web/UI/WebControls/THyperLink.php | 8 ++------ framework/Xml/TXmlDocument.php | 4 ++-- 2 files changed, 4 insertions(+), 8 deletions(-) (limited to 'framework') diff --git a/framework/Web/UI/WebControls/THyperLink.php b/framework/Web/UI/WebControls/THyperLink.php index 1a5db69d..5489727c 100644 --- a/framework/Web/UI/WebControls/THyperLink.php +++ b/framework/Web/UI/WebControls/THyperLink.php @@ -22,10 +22,6 @@ * If both {@link getImageUrl ImageUrl} and {@link getText Text} are empty, * the content enclosed within the control tag will be rendered. * - * Note, {@link getText Text} is not HTML-encoded when displayed. - * Make sure it does not contain unwanted characters that may bring - * security vulnerabilities. - * * @author Qiang Xue * @version $Revision: $ $Date: $ * @package System.Web.UI.WebControls @@ -66,7 +62,7 @@ class THyperLink extends TWebControl if(($imageUrl=$this->getImageUrl())==='') { if(($text=$this->getText())!=='') - $writer->write($text); + $writer->write(THttpUtility::htmlEncode($text)); else parent::renderContents($writer); } @@ -77,7 +73,7 @@ class THyperLink extends TWebControl if(($toolTip=$this->getToolTip())!=='') $image->setToolTip($toolTip); if(($text=$this->getText())!=='') - $image->setAlternateText($text); + $image->setAlternateText(THttpUtility::htmlEncode($text)); $image->renderControl($writer); } } diff --git a/framework/Xml/TXmlDocument.php b/framework/Xml/TXmlDocument.php index 46181761..ab4b0b7a 100644 --- a/framework/Xml/TXmlDocument.php +++ b/framework/Xml/TXmlDocument.php @@ -35,11 +35,11 @@ class TXmlElement extends TComponent /** * @var string tagname of this element */ - private $_tagName; + private $_tagName='unknown'; /** * @var string text enclosed between openning and closing tags of this element */ - private $_value; + private $_value=''; /** * @var TXmlElementList list of child elements of this element */ -- cgit v1.2.3