From 1ac697a520e6e75d1c73514bc39ea81dc128dfcf Mon Sep 17 00:00:00 2001
From: x2000habouzit <x2000habouzit>
Date: Tue, 24 Aug 2004 11:16:42 +0000
Subject: [PATCH] better escaping, type-prrof

---
 include/xorg.page.inc.php    | 7 ++++++-
 templates/database-debug.tpl | 2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/include/xorg.page.inc.php b/include/xorg.page.inc.php
index 4ddd950..0a43e68 100644
--- a/include/xorg.page.inc.php
+++ b/include/xorg.page.inc.php
@@ -23,6 +23,10 @@ function function_dyn($params) {
     return stripslashes(htmlentities(implode(' ',$params)));
 }
 
+function escape_html(&$string) {
+    return is_string($string) ? htmlspecialchars($string) : $string;
+}
+
 class XorgPage extends DiogenesCorePage {
     var $_page_type;
     var $_tpl;
@@ -36,7 +40,8 @@ class XorgPage extends DiogenesCorePage {
         $this->config_dir   = $globals->spoolroot."/configs/";
         $this->cache_dir    = $globals->spoolroot."/cache/";
         
-	$this->default_modifiers = Array('escape');
+        $this->register_modifier('escape_html', 'escape_html');
+	$this->default_modifiers = Array('escape_html');
         $this->config_overwrite  = false;
         $this->compile_check     = isset($site_dev);
         $this->caching	         = ($type == SKINNED);
diff --git a/templates/database-debug.tpl b/templates/database-debug.tpl
index c146b0c..a53a527 100644
--- a/templates/database-debug.tpl
+++ b/templates/database-debug.tpl
@@ -5,7 +5,7 @@
   <tr class="impair">
     <td>
       <strong>QUERY:</strong><br />
-      {$query.query|regex_replace:"/(\n|^|$) */":"\n  "|replace:" ":"&nbsp;"|nl2br}
+      {$query.query|nl2br}
       <br />
     </td>
   </tr>
-- 
2.1.4