Update of /cvsroot/openbash-org/openbash-org/modules
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv1590
Modified Files:
Quote.php common.php
Log Message:
Ahora se utiliza el qstr() de ADODB para limpiar los datos introducidos
por los usuarios.
Index: Quote.php
===================================================================
RCS file: /cvsroot/openbash-org/openbash-org/modules/Quote.php,v
retrieving revision 1.23
retrieving revision 1.24
diff -C2 -d -r1.23 -r1.24
*** Quote.php 28 Aug 2005 20:01:35 -0000 1.23
--- Quote.php 30 Aug 2005 10:21:39 -0000 1.24
***************
*** 26,33 ****
--- 26,38 ----
{
$view = new view();
+ $magic = get_magic_quotes_gpc();
$quote = nl2br(variable_clean($quote));
+ $quote_clean = $this->bd->qstr($quote, $magic);
//$author = check_email($author);
+ $author_clean = $this->bd->qstr($author, $magic);
$channel = variable_clean($channel);
+ $channel_clean = $this->bd->qstr($channel, $magic);
$network = variable_clean($network);
+ $network_clean = $this->bd->qstr($network, $magic);
//$ip = check_ipv4($ip);
$deleted = 0; // by default the quote is not purged, of course xD
***************
*** 40,47 ****
'$points',
'$deleted',
! '$quote',
! '$author',
! '$channel',
! '$network',
'$pending',
'$ip')";
--- 45,52 ----
'$points',
'$deleted',
! '$quote_clean',
! '$author_clean',
! '$channel_clean',
! '$network_clean',
'$pending',
'$ip')";
Index: common.php
===================================================================
RCS file: /cvsroot/openbash-org/openbash-org/modules/common.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** common.php 26 Dec 2004 22:57:19 -0000 1.6
--- common.php 30 Aug 2005 10:21:39 -0000 1.7
***************
*** 7,11 ****
'<li><ol><p><strong>'.
'<u><ul><span><pre>';
! $tmp = str_replace ('--', '', $var);
$tmp = htmlentities($tmp);
$tmp = strip_tags ($tmp, $allowed);
--- 7,11 ----
'<li><ol><p><strong>'.
'<u><ul><span><pre>';
! //$tmp = str_replace ('--', '', $var);
$tmp = htmlentities($tmp);
$tmp = strip_tags ($tmp, $allowed);
|
