Menu
▾
▴
[mxbb-commits] mx_quotations/includes mx_quotations_add.php, 1.9, 1.10 mx_quotations_edit.php, 1.9, 1.10
|
From: Jon O. <jon...@us...> - 2006-06-29 22:45:11
|
Update of /cvsroot/mxbb/mx_quotations/includes In directory sc8-pr-cvs7.sourceforge.net:/tmp/cvs-serv11433/modules/mx_quotations/includes Modified Files: mx_quotations_add.php mx_quotations_edit.php Log Message: Some security updates Index: mx_quotations_add.php =================================================================== RCS file: /cvsroot/mxbb/mx_quotations/includes/mx_quotations_add.php,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** mx_quotations_add.php 29 Jun 2006 19:06:57 -0000 1.9 --- mx_quotations_add.php 29 Jun 2006 22:45:07 -0000 1.10 *************** *** 29,35 **** else { ! $quote = htmlentities( $HTTP_POST_VARS['quote'] ); ! $author = htmlentities( $HTTP_POST_VARS['author'] ); ! $poster_id = $userdata[user_id]; $post_time = time(); --- 29,48 ---- else { ! // ! // Instantiate the mx_text class ! // ! include_once($mx_root_path . 'includes/mx_functions_tools.'.$phpEx); ! $mx_text = new mx_text(); ! $mx_text->init(false, false, false); ! ! // ! // Encode for db storage ! // ! $quote = $mx_text->encode_simple($HTTP_POST_VARS['quote']); ! $author = $mx_text->encode_simple($HTTP_POST_VARS['author']); ! ! //$quote = htmlentities( $HTTP_POST_VARS['quote'] ); ! //$author = htmlentities( $HTTP_POST_VARS['author'] ); ! $poster_id = intval($userdata['user_id']); $post_time = time(); Index: mx_quotations_edit.php =================================================================== RCS file: /cvsroot/mxbb/mx_quotations/includes/mx_quotations_edit.php,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** mx_quotations_edit.php 29 Jun 2006 19:06:57 -0000 1.9 --- mx_quotations_edit.php 29 Jun 2006 22:45:07 -0000 1.10 *************** *** 39,46 **** $author = array(); while ( $row1 = $db->sql_fetchrow( $result1 ) ) { ! $quote = htmlentities( $row1['quote'], ENT_QUOTES ); ! $author = htmlentities( $row1['author'], ENT_QUOTES ); } --- 39,59 ---- $author = array(); + // + // Instantiate the mx_text class + // + include_once($mx_root_path . 'includes/mx_functions_tools.'.$phpEx); + $mx_text = new mx_text(); + $mx_text->init(false, false, false); + while ( $row1 = $db->sql_fetchrow( $result1 ) ) { ! // ! // Decode for form editing ! // ! $quote = $mx_text->decode_simple($row1['quote']); ! $author = $mx_text->decode_simple($row1['author']); ! ! //$quote = htmlentities( $row1['quote'], ENT_QUOTES ); ! //$author = htmlentities( $row1['author'], ENT_QUOTES ); } *************** *** 53,58 **** else { ! $new_quote = htmlentities( $HTTP_POST_VARS['new_quote'] ); ! $new_author = htmlentities( $HTTP_POST_VARS['new_author'] ); $new_quote = ( $new_quote != "" ) ? "'" . $new_quote . "'" : "NULL"; --- 66,77 ---- else { ! // ! // Encode for db storage ! // ! $new_quote = $mx_text->encode_simple($HTTP_POST_VARS['new_quote']); ! $new_author = $mx_text->encode_simple($HTTP_POST_VARS['new_author']); ! ! //$new_quote = htmlentities( $HTTP_POST_VARS['new_quote'] ); ! //$new_author = htmlentities( $HTTP_POST_VARS['new_author'] ); $new_quote = ( $new_quote != "" ) ? "'" . $new_quote . "'" : "NULL"; |
