Escape JS specific characters

diff --git a/docs/NEWS b/docs/NEWS
index 031b02ee3ef34c64bb6ecef47600d9604b4bc835..75651f5cac4051932dc553c4aea6bfc9f8f04ad0 100644 (file)
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -1,6 +1,6 @@
 # $Id$
 
-Version 1.1-beta4 ()
+Version 1.1-beta5 ()
 ------------------------------------------------------------------------
 
     * Added new plugin hooks:

diff --git a/include/functions_config.inc.php b/include/functions_config.inc.php
index 510076551e80fdc07355650ae16bfb1ef55eaaa0..22822d21c2d7391b62bbaa2ca4f69a05f0e8a048 100644 (file)
--- a/include/functions_config.inc.php
+++ b/include/functions_config.inc.php
@@ -542,8 +542,8 @@ function serendipity_restoreVar(&$source, &$target) {
  * @return  null
  */
 function serendipity_JSsetCookie($name, $value) {
-    $name  = str_replace('"', '\"', $name);
-    $value = str_replace('"', '\"', $value);
+    $name  = strtr($name, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/'));
+    $value = strtr($value, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/'));
 
     echo '<script type="text/javascript">SetCookie("' . $name . '", "' . $value . '")</script>' . "\n";
 }

diff --git a/serendipity_config.inc.php b/serendipity_config.inc.php
index ddaf7503b0d9cdfeee13e8f18c89a36faee6285c..ce412304907b1814a0c3d1a147121dc53d236459 100644 (file)
--- a/serendipity_config.inc.php
+++ b/serendipity_config.inc.php
@@ -31,7 +31,7 @@ if (IS_installed === true && !defined('IN_serendipity')) {
 include(S9Y_INCLUDE_PATH . 'include/compat.inc.php');
 
 // The version string
-$serendipity['version']         = '1.1-beta4';
+$serendipity['version']         = '1.1-beta5';
 
 // Setting this to 'false' will enable debugging output. All alpa/beta/cvs snapshot versions will emit debug information by default. To increase the debug level (to enable Smarty debugging), set this flag to 'debug'.
 $serendipity['production']      = (preg_match('@\-(alpha|beta|cvs)@', $serendipity['version']) ? false : true);