From b0e88c50e3a6b11915bbe895337099101b14e697 Mon Sep 17 00:00:00 2001
From: "Michael J. Rubinsky" <mrubinsk@horde.org>
Date: Mon, 21 Dec 2009 16:57:27 -0500
Subject: [PATCH] Properly urlencode/decode and escape html when dealing with
 tags.

---
 ansel/js/tagactions.js              | 2 +-
 ansel/lib/Ajax/Imple/TagActions.php | 6 ++++--
 ansel/lib/Widget/Tags.php           | 2 +-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/ansel/js/tagactions.js b/ansel/js/tagactions.js
index 5d3c767ff..17cc8498b 100755
--- a/ansel/js/tagactions.js
+++ b/ansel/js/tagactions.js
@@ -12,7 +12,7 @@ function addTag()
                                 if (r.responseJSON.response == 1) {
                                     $('tags').update(r.responseJSON.message);
                                 }
-                            }      
+                            }
                          });
     }
 
diff --git a/ansel/lib/Ajax/Imple/TagActions.php b/ansel/lib/Ajax/Imple/TagActions.php
index 05ac80e49..0ba55903e 100644
--- a/ansel/lib/Ajax/Imple/TagActions.php
+++ b/ansel/lib/Ajax/Imple/TagActions.php
@@ -17,7 +17,7 @@ class Ansel_Ajax_Imple_TagActions extends Horde_Ajax_Imple_Base
 
         $url = $this->_getUrl('TagActions', 'ansel', array('gallery' => $this->_params['gallery'],
                                                            'image' =>  (isset($this->_params['image']) ? $this->_params['image'] : 0)));
-        $params = array('url' => $url,
+        $params = array('url' => (string)$url,
                         'gallery' => $this->_params['gallery'],
                         'image' => (isset($this->_params['image']) ? $this->_params['image'] : 0),
                         'bindTo' => $this->_params['bindTo'],
@@ -67,6 +67,8 @@ class Ansel_Ajax_Imple_TagActions extends Horde_Ajax_Imple_Base
         case 'add':
             if (!empty($tags)) {
                 $tags = explode(',', $tags);
+                $tags = array_map('rawurldecode', $tags);
+
                 /* Get current tags so we don't overwrite them */
                 $etags = Ansel_Tags::readTags($id, $type);
                 $tags = array_keys(array_flip(array_merge($tags, array_values($etags))));
@@ -108,7 +110,7 @@ class Ansel_Ajax_Imple_TagActions extends Horde_Ajax_Imple_Base
         $links = Ansel_Tags::getTagLinks($tags, 'add');
         $html = '<ul>';
         foreach ($tags as $tag_id => $taginfo) {
-            $html .= '<li>' . Horde::link($links[$tag_id], sprintf(ngettext("%d photo", "%d photos", $taginfo['total']), $taginfo['total'])) . $taginfo['tag_name'] . '</a>' . ($hasEdit ? '<a href="#" onclick="removeTag(' . $tag_id . ');">' . Horde::img('delete-small.png', _("Remove Tag"), '', $registry->getImageDir('horde')) . '</a>' : '') . '</li>';
+            $html .= '<li>' . Horde::link($links[$tag_id], sprintf(ngettext("%d photo", "%d photos", $taginfo['total']), $taginfo['total'])) . htmlspecialchars($taginfo['tag_name']) . '</a>' . ($hasEdit ? '<a href="#" onclick="removeTag(' . $tag_id . ');">' . Horde::img('delete-small.png', _("Remove Tag"), '', $registry->getImageDir('horde')) . '</a>' : '') . '</li>';
         }
         $html .= '</ul>';
         return $html;
diff --git a/ansel/lib/Widget/Tags.php b/ansel/lib/Widget/Tags.php
index 70b32969c..ea1a3ba80 100644
--- a/ansel/lib/Widget/Tags.php
+++ b/ansel/lib/Widget/Tags.php
@@ -81,7 +81,7 @@ class Ansel_Widget_Tags extends Ansel_Widget_Base
         $links = Ansel_Tags::getTagLinks($tags, 'add', $owner);
         $html = '<ul>';
         foreach ($tags as $tag_id => $taginfo) {
-            $html .= '<li>' . Horde::link($links[$tag_id], sprintf(ngettext("%d photo", "%d photos", $taginfo['total']), $taginfo['total'])) . $taginfo['tag_name'] . '</a>' . ($hasEdit ? '<a href="#" onclick="removeTag(' . $tag_id . ');">' . Horde::img('delete-small.png', _("Remove Tag"), '', $registry->getImageDir('horde')) . '</a>' : '') . '</li>';
+            $html .= '<li>' . Horde::link($links[$tag_id], sprintf(ngettext("%d photo", "%d photos", $taginfo['total']), $taginfo['total'])) . htmlspecialchars($taginfo['tag_name']) . '</a>' . ($hasEdit ? '<a href="#" onclick="removeTag(' . $tag_id . ');">' . Horde::img('delete-small.png', _("Remove Tag"), '', $registry->getImageDir('horde')) . '</a>' : '') . '</li>';
         }
         $html .= '</ul>';
 
-- 
2.11.0