);
$vcard_widget .= replace_macros(get_markup_template("vcard-widget.tpl"),array(
- '$name' => $c[0]['name'],
- '$photo' => $c[0]['photo'],
- 'url' => z_root() . '/contacts/' . $cid
- ));
+ '$name' => htmlentities($c[0]['name']),
+ '$photo' => $c[0]['photo'],
+ 'url' => z_root() . '/contacts/' . $cid
+ ));
- if(! x($a->page,'aside'))
- $a->page['aside'] = '';
- $a->page['aside'] .= $vcard_widget;
+ if(! x($a->page,'aside'))
+ $a->page['aside'] = '';
+ $a->page['aside'] .= $vcard_widget;
if(! count($c))
return;
- $o .= '<h2>' . sprintf( t('Friends of %s'), $c[0]['name']) . '</h2>';
+ $o .= replace_macros(get_markup_template("section_title.tpl"),array(
+ '$title' => sprintf( t('Friends of %s'), htmlentities($c[0]['name']))
+ ));
$r = all_friends(local_user(),$cid);
$tpl = get_markup_template('common_friends.tpl');
foreach($r as $rr) {
-
+
$o .= replace_macros($tpl,array(
'$url' => $rr['url'],
- '$name' => $rr['name'],
+ '$name' => htmlentities($rr['name']),
'$photo' => $rr['photo'],
'$tags' => ''
));