From 54faba1356236a4e6020f1ae2920838bafb517cc Mon Sep 17 00:00:00 2001
From: KuJoe <1040086+KuJoe@users.noreply.github.com>
Date: Wed, 1 Oct 2025 02:14:35 -0400
Subject: [PATCH] Improve HTML entity handling in meta tag generation
Enhanced the escaping and decoding of HTML entities for meta tag content in head_contents() and generate_meta() functions. This ensures that apostrophes and similar entities are consistently converted to single quotes, improving the accuracy and readability of generated meta tags.
---
system/includes/functions.php | 123 ++++++++++++++++++++++++++++------
1 file changed, 102 insertions(+), 21 deletions(-)
diff --git a/system/includes/functions.php b/system/includes/functions.php
index 2da01a3d..30176e8e 100644
--- a/system/includes/functions.php
+++ b/system/includes/functions.php
@@ -3649,15 +3649,23 @@ function head_contents()
$output .= '' . "\n";
$output .= '' . "\n";
$output .= '' . "\n";
- $output .= '' . "\n";
+ $version_html = safe_html($version);
+ $version_html = str_replace(array(''', '''), "'", $version_html);
+ $output .= '' . "\n";
$output .= $favicon;
$output .= '' . "\n";
- $output .= '' . "\n";
+ $rss_title = safe_html(blog_title());
+ $rss_title = str_replace(array(''', '''), "'", $rss_title);
+ $output .= '' . "\n";
if (!empty($google_wmt_id)) {
- $output .= '' . "\n";
+ $gw_html = safe_html($google_wmt_id);
+ $gw_html = str_replace(array(''', '''), "'", $gw_html);
+ $output .= '' . "\n";
}
if (!empty($bing_wmt_id)) {
- $output .= '' . "\n";
+ $bw_html = safe_html($bing_wmt_id);
+ $bw_html = str_replace(array(''', '''), "'", $bw_html);
+ $output .= '' . "\n";
}
return $output;
@@ -4079,18 +4087,52 @@ function generate_meta($type = null, $object = null)
$twitter = config('social.twitter');
if (is_null($object)) {
if ($type == 'is_blog') {
- $tags .= ''. generate_title('is_blog', null) .'' . "\n";
+ $t = html_entity_decode(generate_title('is_blog', null), ENT_QUOTES, 'UTF-8');
+ $t = safe_html($t);
+ $t = str_replace(array(''', '''), "'", $t);
+ $tags .= ''. $t .'' . "\n";
+
$tags .= '' . "\n";
- $tags .= '' . "\n";
- $tags .= '' . "\n";
- $tags .= '' . "\n";
+
+ $desc = html_entity_decode(blog_title() . ' ' . blog_string(), ENT_QUOTES, 'UTF-8');
+ $desc = safe_html($desc);
+ $desc = str_replace(array(''', '''), "'", $desc);
+ $tags .= '' . "\n";
+
+ $ogt = html_entity_decode(generate_title('is_blog', null), ENT_QUOTES, 'UTF-8');
+ $ogt = safe_html($ogt);
+ $ogt = str_replace(array(''', '''), "'", $ogt);
+ $tags .= '' . "\n";
+
+ $ogd = html_entity_decode(blog_title() . ' ' . blog_string(), ENT_QUOTES, 'UTF-8');
+ $ogd = safe_html($ogd);
+ $ogd = str_replace(array(''', '''), "'", $ogd);
+ $tags .= '' . "\n";
+
$tags .= '' . "\n";
} else {
- $tags .= ''. generate_title('is_front', null) .'' . "\n";
+ $t = html_entity_decode(generate_title('is_front', null), ENT_QUOTES, 'UTF-8');
+ $t = safe_html($t);
+ $t = str_replace(array(''', '''), "'", $t);
+ $tags .= ''. $t .'' . "\n";
+
$tags .= '' . "\n";
- $tags .= '' . "\n";
- $tags .= '' . "\n";
- $tags .= '' . "\n";
+
+ $desc = html_entity_decode(strip_tags(blog_description()), ENT_QUOTES, 'UTF-8');
+ $desc = safe_html($desc);
+ $desc = str_replace(array(''', '''), "'", $desc);
+ $tags .= '' . "\n";
+
+ $ogt = html_entity_decode(generate_title('is_front', null), ENT_QUOTES, 'UTF-8');
+ $ogt = safe_html($ogt);
+ $ogt = str_replace(array(''', '''), "'", $ogt);
+ $tags .= '' . "\n";
+
+ $ogd = html_entity_decode(strip_tags(blog_description()), ENT_QUOTES, 'UTF-8');
+ $ogd = safe_html($ogd);
+ $ogd = str_replace(array(''', '''), "'", $ogd);
+ $tags .= '' . "\n";
+
$tags .= '' . "\n";
}
$tags .= '' . "\n";
@@ -4115,20 +4157,45 @@ function generate_meta($type = null, $object = null)
}
}
if ($type == 'is_post') {
- $tags .= ''. generate_title('is_post',$object) .'' . "\n";
- $tags .= '' . "\n";
+ $t = html_entity_decode(generate_title('is_post',$object), ENT_QUOTES, 'UTF-8');
+ $t = safe_html($t);
+ $t = str_replace(array(''', '''), "'", $t);
+ $tags .= ''. $t .'' . "\n";
+
+ $author = html_entity_decode($object->authorName, ENT_QUOTES, 'UTF-8');
+ $author = safe_html($author);
+ $author = str_replace(array(''', '''), "'", $author);
+ $tags .= '' . "\n";
+
$tags .= '' . "\n";
$tags .= '' . "\n";
- $tags .= '' . "\n";
+
+ $section = html_entity_decode($object->categoryTitle, ENT_QUOTES, 'UTF-8');
+ $section = safe_html($section);
+ $section = str_replace(array(''', '''), "'", $section);
+ $tags .= '' . "\n";
+
$tags .= '' . "\n";
} elseif ($type == 'is_page' || $type == 'is_subpage') {
- $tags .= ''. generate_title('is_page',$object) .'' . "\n";
+ $t = html_entity_decode(generate_title('is_page',$object), ENT_QUOTES, 'UTF-8');
+ $t = safe_html($t);
+ $t = str_replace(array(''', '''), "'", $t);
+ $tags .= ''. $t .'' . "\n";
$tags .= '' . "\n";
} else {
- $tags .= ''. generate_title($type , $object) .'' . "\n";
+ $t = html_entity_decode(generate_title($type , $object), ENT_QUOTES, 'UTF-8');
+ $t = safe_html($t);
+ $t = str_replace(array(''', '''), "'", $t);
+ $tags .= ''. $t .'' . "\n";
}
+
$tags .= '' . "\n";
- $tags .= '' . "\n";
+
+ $desc = html_entity_decode($object->description, ENT_QUOTES, 'UTF-8');
+ $desc = safe_html($desc);
+ $desc = str_replace(array(''', '''), "'", $desc);
+ $tags .= '' . "\n";
+
if(!empty($facebook)) {
$tags .= '' . "\n";
}
@@ -4137,12 +4204,26 @@ function generate_meta($type = null, $object = null)
$tags .= '' . "\n";
$tags .= '' . "\n";
}
+
+ $site_name = html_entity_decode(blog_title(), ENT_QUOTES, 'UTF-8');
+ $site_name = safe_html($site_name);
+ $site_name = str_replace(array(''', '''), "'", $site_name);
$tags .= '' . "\n";
- $tags .= '' . "\n";
+ $tags .= '' . "\n";
$tags .= '' . "\n";
- $tags .= '' . "\n";
+
+ $ogt = html_entity_decode($object->title, ENT_QUOTES, 'UTF-8');
+ $ogt = safe_html($ogt);
+ $ogt = str_replace(array(''', '''), "'", $ogt);
+ $tags .= '' . "\n";
+
$tags .= '' . "\n";
- $tags .= '' . "\n";
+
+ $ogd = html_entity_decode($object->description, ENT_QUOTES, 'UTF-8');
+ $ogd = safe_html($ogd);
+ $ogd = str_replace(array(''', '''), "'", $ogd);
+ $tags .= '' . "\n";
+
$tags .= '' . "\n";
$tags .= '' . "\n";
if (!empty($fbApp)) {