From: garvinhicking <garvinhicking>
Date: Thu, 5 Oct 2006 11:43:59 +0000 (+0000)
Subject: Escape JS specific characters
X-Git-Tag: 1.0.3~11
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=d6a08dea979af79d6a3766ec8dfcdb29fb4633c5;p=s9y.git

Escape JS specific characters
---

diff --git a/include/functions_config.inc.php b/include/functions_config.inc.php
index 23687bc..6ccb595 100644
--- a/include/functions_config.inc.php
+++ b/include/functions_config.inc.php
@@ -398,8 +398,8 @@ function serendipity_restoreVar(&$source, &$target) {
  * @return  null
  */
 function serendipity_JSsetCookie($name, $value) {
-    $name  = str_replace('"', '\"', $name);
-    $value = str_replace('"', '\"', $value);
+    $name  = strtr($name, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/'));
+    $value = strtr($value, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/'));
 
     echo '<script type="text/javascript">SetCookie("' . $name . '", "' . $value . '")</script>' . "\n";
 }