Escape JS specific characters

author garvinhicking <garvinhicking>

Thu, 5 Oct 2006 11:43:59 +0000 (11:43 +0000)

committer garvinhicking <garvinhicking>

Thu, 5 Oct 2006 11:43:59 +0000 (11:43 +0000)
author garvinhicking <garvinhicking>
Thu, 5 Oct 2006 11:43:59 +0000 (11:43 +0000)
committer garvinhicking <garvinhicking>
Thu, 5 Oct 2006 11:43:59 +0000 (11:43 +0000)
diff --git a/include/functions_config.inc.php b/include/functions_config.inc.php

index 23687bca7d7e2689170bb6e47221c8d335a9c940..6ccb5953bbdf8c3a7226b15f59bfaf616d1247b3 100644 (file)
--- a/include/functions_config.inc.php
+++ b/include/functions_config.inc.php
@@ -398,8 +398,8 @@ function serendipity_restoreVar(&$source, &$target) {
   * @return  null
   */
  function serendipity_JSsetCookie($name, $value) {
-    $name  = str_replace('"', '\"', $name);
-    $value = str_replace('"', '\"', $value);
+    $name  = strtr($name, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/'));
+    $value = strtr($value, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/'));
  
      echo '<script type="text/javascript">SetCookie("' . $name . '", "' . $value . '")</script>' . "\n";
  }
author	garvinhicking <garvinhicking>
	Thu, 5 Oct 2006 11:43:59 +0000 (11:43 +0000)
committer	garvinhicking <garvinhicking>
	Thu, 5 Oct 2006 11:43:59 +0000 (11:43 +0000)