make_chm: escape attr

myfreeer · myfreeer · commit 3ddd3787b184 · 2020-12-27T19:53:03.000+08:00
diff --git a/make_chm.php b/make_chm.php
@@ -349,14 +349,14 @@ function buildChm( $cpp = true )
 	$metadata = '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">'."\n";
 	$metadata .= '<html><head><meta name="GENERATOR" content="Script from CEZEO software Ltd."></head><body>'."\n<ul>\n";
 
-    ksort($keywordsFiles);
+	ksort($keywordsFiles);
 	foreach ( array_keys( $keywordsFiles ) as $kwf )
 	{
 		$metadata .= "\t<li><object type=\"text/sitemap\">\n";
-		$metadata .= "\t\t<param name=\"Name\" value=\"".$kwf."\">\n";
+		$metadata .= "\t\t<param name=\"Name\" value=\"".htmlspecialchars( $kwf )."\">\n";
 		foreach ($keywordsFiles[$kwf] as $file)
 		{
-			$metadata .= "\t\t<param name=\"Local\" value=\"".$file."\">\n";
+			$metadata .= "\t\t<param name=\"Local\" value=\"".htmlspecialchars( $file )."\">\n";
 		}
 		$metadata .= "\t</object>\n";
 	}
@@ -424,7 +424,7 @@ function buildTree(&$array, &$metadata, $level )
 		if ( count( $object->childrens ) > 0 )
 		{
 			insertTabs( $metadata, $level );
-			$metadata .= '<li><object type="text/sitemap"><param name="Name" value="'.$object->title.'"><param name="ImageNumber" value="1"></object>'."\n";
+			$metadata .= '<li><object type="text/sitemap"><param name="Name" value="'.htmlspecialchars( $object->title ).'"><param name="ImageNumber" value="1"></object>'."\n";
 			insertTabs( $metadata, $level );
 			$metadata .= "<ul>\n";
 			$level++;

Original file line number	Diff line number	Diff line change
`@@ -349,14 +349,14 @@ function buildChm( $cpp = true )`
`349`	`349`	`$metadata = '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">'."\n";`
`350`	`350`	`$metadata .= '<html><head><meta name="GENERATOR" content="Script from CEZEO software Ltd."></head><body>'."\n<ul>\n";`
`351`	`351`
`352`		`- ksort($keywordsFiles);`
	`352`	`+ ksort($keywordsFiles);`
`353`	`353`	`foreach ( array_keys( $keywordsFiles ) as $kwf )`
`354`	`354`	`{`
`355`	`355`	`$metadata .= "\t<li><object type=\"text/sitemap\">\n";`
`356`		`- $metadata .= "\t\t<param name=\"Name\" value=\"".$kwf."\">\n";`
	`356`	`+ $metadata .= "\t\t<param name=\"Name\" value=\"".htmlspecialchars( $kwf )."\">\n";`
`357`	`357`	`foreach ($keywordsFiles[$kwf] as $file)`
`358`	`358`	`{`
`359`		`- $metadata .= "\t\t<param name=\"Local\" value=\"".$file."\">\n";`
	`359`	`+ $metadata .= "\t\t<param name=\"Local\" value=\"".htmlspecialchars( $file )."\">\n";`
`360`	`360`	`}`
`361`	`361`	`$metadata .= "\t</object>\n";`
`362`	`362`	`}`
`@@ -424,7 +424,7 @@ function buildTree(&$array, &$metadata, $level )`
`424`	`424`	`if ( count( $object->childrens ) > 0 )`
`425`	`425`	`{`
`426`	`426`	`insertTabs( $metadata, $level );`
`427`		`- $metadata .= '<li><object type="text/sitemap"><param name="Name" value="'.$object->title.'"><param name="ImageNumber" value="1"></object>'."\n";`
	`427`	`+ $metadata .= '<li><object type="text/sitemap"><param name="Name" value="'.htmlspecialchars( $object->title ).'"><param name="ImageNumber" value="1"></object>'."\n";`
`428`	`428`	`insertTabs( $metadata, $level );`
`429`	`429`	`$metadata .= "<ul>\n";`
`430`	`430`	`$level++;`