[Phpbb-checkins] CVS: phpBB2 posting.php,1.137,1.138

[Paul S. O. <ps...@us...>]

Update of /cvsroot/phpbb/phpBB2
In directory usw-pr-cvs1:/tmp/cvs-serv19583

Modified Files:
	posting.php 
Log Message:
htmlspecialchars for subject, poll title and options

Index: posting.php
===================================================================
RCS file: /cvsroot/phpbb/phpBB2/posting.php,v
retrieving revision 1.137
retrieving revision 1.138
diff -C2 -r1.137 -r1.138
*** posting.php	2002/01/12 17:00:32	1.137
--- posting.php	2002/01/25 12:58:24	1.138
***************
*** 382,392 ****
  $attach_sig = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['attach_sig']) ) ? TRUE : 0 ) : ( ( $userdata['user_id'] == ANONYMOUS ) ? 0 : $userdata['user_attachsig'] );
  
- 
- 
- 
- 
- 
- 
- 
  //
  // Here we do various lookups to find topic_id, forum_id, post_id etc.
--- 382,385 ----
***************
*** 728,732 ****
  	}
  
! 	$post_subject = trim(strip_tags($HTTP_POST_VARS['subject']));
  	if( ( $mode == "newtopic" || ( $mode == "editpost" && $is_first_post_topic ) ) && empty($post_subject) )
  	{
--- 721,725 ----
  	}
  
! 	$post_subject = trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['subject'])));
  	if( ( $mode == "newtopic" || ( $mode == "editpost" && $is_first_post_topic ) ) && empty($post_subject) )
  	{
***************
*** 771,775 ****
  		if( $is_auth['auth_pollcreate'] && $is_first_post_topic )
  		{
! 			$poll_title = ( isset($HTTP_POST_VARS['poll_title']) ) ? trim(strip_tags($HTTP_POST_VARS['poll_title'])) : "";
  			$poll_length = ( isset($HTTP_POST_VARS['poll_length']) ) ? intval($HTTP_POST_VARS['poll_length']) : 0;
  			if( $poll_length < 0 )
--- 764,768 ----
  		if( $is_auth['auth_pollcreate'] && $is_first_post_topic )
  		{
! 			$poll_title = ( isset($HTTP_POST_VARS['poll_title']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['poll_title']))) : "";
  			$poll_length = ( isset($HTTP_POST_VARS['poll_length']) ) ? intval($HTTP_POST_VARS['poll_length']) : 0;
  			if( $poll_length < 0 )
***************
*** 784,788 ****
  				while( list($option_id, $option_text) = each($HTTP_POST_VARS['poll_option_text']) )
  				{
! 					$poll_option_list[$option_id] = trim(strip_tags($option_text));
  					$poll_options++;
  				}
--- 777,781 ----
  				while( list($option_id, $option_text) = each($HTTP_POST_VARS['poll_option_text']) )
  				{
! 					$poll_option_list[$option_id] = trim(strip_tags(htmlspecialchars($option_text)));
  					$poll_options++;
  				}