diff options
Diffstat (limited to 'juick-www/src/main/java/com/juick/www/User.java')
| -rw-r--r-- | juick-www/src/main/java/com/juick/www/User.java | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/juick-www/src/main/java/com/juick/www/User.java b/juick-www/src/main/java/com/juick/www/User.java index 29218d0a..967d06c7 100644 --- a/juick-www/src/main/java/com/juick/www/User.java +++ b/juick-www/src/main/java/com/juick/www/User.java @@ -21,6 +21,7 @@ import com.juick.Tag; import com.juick.server.MessagesQueries; import com.juick.server.TagQueries; import com.juick.server.UserQueries; +import org.apache.commons.lang3.StringEscapeUtils; import org.springframework.jdbc.core.JdbcTemplate; import javax.servlet.ServletException; @@ -89,10 +90,10 @@ public class User { String title; if (paramShow == null) { if (paramTag != null) { - title = "Блог " + user.getUName() + ": *" + Utils.encodeHTML(paramTag.getName()); + title = "Блог " + user.getUName() + ": *" + StringEscapeUtils.escapeHtml4(paramTag.getName()); mids = MessagesQueries.getUserTag(sql, user.getUID(), paramTag.TID, privacy, paramBefore); } else if (paramSearch != null) { - title = "Блог " + user.getUName() + ": " + Utils.encodeHTML(paramSearch); + title = "Блог " + user.getUName() + ": " + StringEscapeUtils.escapeHtml4(paramSearch); mids = MessagesQueries.getUserSearch(sql, sqlSearch, user.getUID(), Utils.encodeSphinx(paramSearch), privacy, paramBefore); } else { title = "Блог " + user.getUName(); @@ -132,7 +133,7 @@ public class User { if (paramTag != null) { out.println("<p class=\"page\"><a href=\"/tag/" + URLEncoder.encode(paramTag.getName(), "UTF-8") + "\">← Все записи с тегом <b>" + - Utils.encodeHTML(paramTag.getName()) + "</b></a></p>"); + StringEscapeUtils.escapeHtml4(paramTag.getName()) + "</b></a></p>"); } PageTemplates.printMessages(out, sql, user, mids, visitor, visitor.getUID() == 0 ? 4 : 5, 0); @@ -328,7 +329,7 @@ public class User { String ret = ""; int count = cnt > 0 ? Math.min(tags.size(), cnt) : tags.size(); for (int i = 0; i < count; i++) { - String tag = Utils.encodeHTML(tags.get(i).getName()); + String tag = StringEscapeUtils.escapeHtml4(tags.get(i).getName()); try { tag = "<a href=\"./?tag=" + URLEncoder.encode(tags.get(i).getName(), "UTF-8") + "\" title=\"" + tags.get(i).UsageCnt + "\" rel=\"nofollow\">" + tag + "</a>"; |