if(! $uid)
return;
- if($cmd === 'loc' && $cid) {
+ if($cmd === 'loc' && $cid) {
$c = q("select name, url, photo from contact where id = %d and uid = %d limit 1",
intval($cid),
intval($uid)
$c = q("select name, url, photo from contact where self = 1 and uid = %d limit 1",
intval($uid)
);
- }
+ }
$vcard_widget .= replace_macros(get_markup_template("vcard-widget.tpl"),array(
- '$name' => $c[0]['name'],
- '$photo' => $c[0]['photo'],
- 'url' => z_root() . '/contacts/' . $cid
- ));
+ '$name' => htmlentities($c[0]['name']),
+ '$photo' => $c[0]['photo'],
+ 'url' => z_root() . '/contacts/' . $cid
+ ));
- if(! x($a->page,'aside'))
- $a->page['aside'] = '';
- $a->page['aside'] .= $vcard_widget;
+ if(! x($a->page,'aside'))
+ $a->page['aside'] = '';
+ $a->page['aside'] .= $vcard_widget;
if(! count($c))
return;
- $o .= '<h2>' . t('Common Friends') . '</h2>';
+ $o .= replace_macros(get_markup_template("section_title.tpl"),array(
+ '$title' => t('Common Friends')
+ ));
if(! $cid) {
$tpl = get_markup_template('common_friends.tpl');
foreach($r as $rr) {
-
+
$o .= replace_macros($tpl,array(
'$url' => $rr['url'],
- '$name' => $rr['name'],
+ '$name' => htmlentities($rr['name']),
'$photo' => $rr['photo'],
'$tags' => ''
));