diff --git a/admin/modules/style/templates.php b/admin/modules/style/templates.php
index 93da4780b5..c0cfda6f4c 100644
--- a/admin/modules/style/templates.php
+++ b/admin/modules/style/templates.php
@@ -695,7 +695,7 @@
$sub_tabs['diff_report'] = array(
'title' => $lang->diff_report,
- 'link' => "index.php?module=style-templates&action=diff_report&title=".$db->escape_string($template['title'])."&sid1=".(int)$template['sid']."&sid2=-2",
+ 'link' => "index.php?module=style-templates&action=diff_report&title=".urlencode($template['title'])."&sid1=".(int)$template['sid']."&sid2=-2",
);
}
@@ -1008,7 +1008,7 @@
}
}
- $table->construct_cell($label, array("width" => "85%"));
+ $table->construct_cell(htmlspecialchars_uni($label), array("width" => "85%"));
if($sid == -2)
{
@@ -1135,7 +1135,7 @@
foreach($templates as $template)
{
- $template['pretty_title'] = $template['title'];
+ $template['pretty_title'] = htmlspecialchars_uni($template['title']);
$popup = new PopupMenu("template_{$template['tid']}", $lang->options);
@@ -1162,14 +1162,14 @@
$popup->add_item($lang->revert_to_orig, "index.php?module=style-templates&action=revert&title=".urlencode($template['title'])."&sid={$sid}&my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->confirm_template_revertion}')");
}
- $template['pretty_title'] = "{$template['title']}";
+ $template['pretty_title'] = "".htmlspecialchars_uni($template['title'])."";
}
// This template does not exist in the master list
else if(!isset($template['original']) || $template['original'] == false)
{
$popup->add_item($lang->delete_template, "index.php?module=style-templates&action=delete_template&title=".urlencode($template['title'])."&sid={$sid}&my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->confirm_template_deletion}')");
- $template['pretty_title'] = "{$template['title']}";
+ $template['pretty_title'] = "".htmlspecialchars_uni($template['title'])."";
}
$table->construct_cell("{$template['pretty_title']}", array("width" => "85%"));
@@ -1366,7 +1366,7 @@
$popup->add_item($lang->diff_report, "index.php?module=style-templates&action=diff_report&title=".urlencode($template['title'])."&sid1=".$template['sid']."&sid2=-2&from=diff_report");
$popup->add_item($lang->revert_to_orig, "index.php?module=style-templates&action=revert&title=".urlencode($template['title'])."&sid={$sid}&from=diff_report&my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->confirm_template_revertion}')");
- $table->construct_cell("{$template['title']}", array('width' => '80%'));
+ $table->construct_cell("".htmlspecialchars_uni($template['title'])."", array('width' => '80%'));
$table->construct_cell($popup->fetch(), array("class" => "align_center"));
$table->construct_row();
@@ -1557,7 +1557,7 @@
$sub_tabs['diff_report'] = array(
'title' => $lang->diff_report,
- 'link' => "index.php?module=style-templates&action=diff_report&title=".$db->escape_string($mybb->input['title'])."&from=".htmlspecialchars_uni($mybb->input['from'])."sid1=".$mybb->get_input('sid1', MyBB::INPUT_INT)."&sid2=".$mybb->get_input('sid2', MyBB::INPUT_INT),
+ 'link' => "index.php?module=style-templates&action=diff_report&title=".urlencode($mybb->input['title'])."&from=".htmlspecialchars_uni($mybb->input['from'])."sid1=".$mybb->get_input('sid1', MyBB::INPUT_INT)."&sid2=".$mybb->get_input('sid2', MyBB::INPUT_INT),
'description' => $lang->diff_report_desc
);
@@ -1605,7 +1605,7 @@
$page->add_breadcrumb_item($lang->find_updated, "index.php?module=style-templates&action=find_updated");
}
- $page->add_breadcrumb_item($lang->diff_report.": ".htmlspecialchars_uni($template1['title']), "index.php?module=style-templates&action=diff_report&title=".$db->escape_string($mybb->input['title'])."&from=".htmlspecialchars_uni($mybb->input['from'])."&sid1=".$mybb->get_input('sid1', MyBB::INPUT_INT)."&sid2=".$mybb->get_input('sid2', MyBB::INPUT_INT));
+ $page->add_breadcrumb_item($lang->diff_report.": ".htmlspecialchars_uni($template1['title']), "index.php?module=style-templates&action=diff_report&title=".urlencode($mybb->input['title'])."&from=".htmlspecialchars_uni($mybb->input['from'])."&sid1=".$mybb->get_input('sid1', MyBB::INPUT_INT)."&sid2=".$mybb->get_input('sid2', MyBB::INPUT_INT));
$page->output_header($lang->template_sets);
@@ -1625,7 +1625,7 @@
$table->construct_cell("".$renderer->render($diff)."
");
$table->construct_row();
- $table->output($lang->template_diff_analysis.": ".$template1['title']);
+ $table->output($lang->template_diff_analysis.": ".htmlspecialchars_uni($template1['title']));
$page->output_footer();
}
@@ -1713,7 +1713,7 @@
$popup->add_item($lang->full_edit, "index.php?module=style-templates&action=edit_template&title=".urlencode($template['title'])."&sid=-1");
$popup->add_item($lang->delete_template, "index.php?module=style-templates&action=delete_template&title=".urlencode($template['title'])."&sid=-1&my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->confirm_template_deletion}')");
- $table->construct_cell("{$template['title']}");
+ $table->construct_cell("".htmlspecialchars_uni($template['title'])."");
$table->construct_cell($popup->fetch(), array("class" => "align_center"));
$table->construct_row();
@@ -1894,7 +1894,7 @@ function sort_template_groups($a, $b)
foreach($templates as $template)
{
- $template['pretty_title'] = $template['title'];
+ $template['pretty_title'] = htmlspecialchars_uni($template['title']);
$popup = new PopupMenu("template_{$template['tid']}", $lang->options);
$popup->add_item($lang->full_edit, "index.php?module=style-templates&action=edit_template&title=".urlencode($template['title'])."&sid={$sid}{$expand_str}");
@@ -1908,14 +1908,14 @@ function sort_template_groups($a, $b)
$popup->add_item($lang->revert_to_orig, "index.php?module=style-templates&action=revert&title=".urlencode($template['title'])."&sid={$sid}&my_post_key={$mybb->post_code}{$expand_str}", "return AdminCP.deleteConfirmation(this, '{$lang->confirm_template_revertion}')");
}
- $template['pretty_title'] = "{$template['title']}";
+ $template['pretty_title'] = "".htmlspecialchars_uni($template['title'])."";
}
// This template does not exist in the master list
else if(isset($template['original']) && $template['original'] == false)
{
$popup->add_item($lang->delete_template, "index.php?module=style-templates&action=delete_template&title=".urlencode($template['title'])."&sid={$sid}&my_post_key={$mybb->post_code}{$expand_str}", "return AdminCP.deleteConfirmation(this, '{$lang->confirm_template_deletion}')");
- $template['pretty_title'] = "{$template['title']}";
+ $template['pretty_title'] = "".htmlspecialchars_uni($template['title'])."";
}
$table->construct_cell("{$template['pretty_title']}");