Commit 78db3909 authored by Nigel McNie's avatar Nigel McNie
Browse files

Escape profile icon paths properly in the export

(cherry picked from commit 2cb0a7adcc77947ba593cb5505ba6f6d2c490c9b)
parent 25b24c8e
......@@ -101,8 +101,7 @@ class HtmlExportInternal extends HtmlExportArtefactPlugin {
$iconid = $this->exporter->get('user')->get('profileicon');
if ($iconid) {
$icon = artefact_instance_from_id($iconid);
// TODO: protect title from /'s
$smarty->assign('icon', '<img src="../../static/profileicons/200px-' . $icon->get('title') . '" alt="Profile Icon">');
$smarty->assign('icon', '<img src="../../static/profileicons/200px-' . PluginExportHtml::sanitise_path($icon->get('title')) . '" alt="Profile Icon">');
}
$content = $smarty->fetch('export:html/internal:index.tpl');
......@@ -119,8 +118,7 @@ class HtmlExportInternal extends HtmlExportArtefactPlugin {
$iconid = $this->exporter->get('user')->get('profileicon');
if ($iconid) {
$icon = artefact_instance_from_id($iconid);
// TODO: protect title from /'s
$smarty->assign('icon', '<img src="static/profileicons/200px-' . $icon->get('title') . '" alt="Profile Icon">');
$smarty->assign('icon', '<img src="static/profileicons/200px-' . PluginExportHtml::sanitise_path($icon->get('title')) . '" alt="Profile Icon">');
}
return array(
'description' => $smarty->fetch('export:html/internal:summary.tpl'),
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment