Menu
▾
▴
[PHPiCalendar-Commits] phpicalendar/functions date_functions.php, 1.57, 1.58
|
From: <par...@us...> - 2010-04-13 15:45:55
|
Update of /cvsroot/phpicalendar/phpicalendar/functions In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv16185/functions Modified Files: date_functions.php Log Message: Properly sanitize dollar signs in event text (regression from new sanitize code in 2.4) Index: date_functions.php =================================================================== RCS file: /cvsroot/phpicalendar/phpicalendar/functions/date_functions.php,v retrieving revision 1.57 retrieving revision 1.58 diff -C2 -d -r1.57 -r1.58 *** date_functions.php 7 Jul 2009 14:48:29 -0000 1.57 --- date_functions.php 13 Apr 2010 15:45:47 -0000 1.58 *************** *** 223,232 **** function openevent($event_date, $time, $uid, $arr, $lines = 0, $length = 0, $link_class = '', $pre_text = '', $post_text = '') { global $cpath, $timeFormat, $dateFormat_week; $return = ''; ! $event_text = stripslashes(urldecode($arr["event_text"])); # build tooltip $title = makeTitle($arr, $time); # for iCal pseudo tag <http> comptability ! if (ereg("<([[:alpha:]]+://)([^<>[:space:]]+)>",$event_text,$matches)) { $full_event_text = $matches[1] . $matches[2]; $event_text = $matches[2]; --- 223,238 ---- function openevent($event_date, $time, $uid, $arr, $lines = 0, $length = 0, $link_class = '', $pre_text = '', $post_text = '') { global $cpath, $timeFormat, $dateFormat_week; + + # Strip all dollar signs from printable array entries; regex functions will mutilate them + foreach ($arr as $key => $val) { + $arr[$key] = str_replace('$', '$', $val); + } + $return = ''; ! $event_text = stripslashes(urldecode($arr['event_text'])); # build tooltip $title = makeTitle($arr, $time); # for iCal pseudo tag <http> comptability ! if (ereg('<([[:alpha:]]+://)([^<>[:space:]]+)>',$event_text,$matches)) { $full_event_text = $matches[1] . $matches[2]; $event_text = $matches[2]; *************** *** 239,248 **** if (!empty($event_text)) { ! $title = strip_tags(str_replace("<br />","\n",$title)); if ($lines > 0) { $event_text = word_wrap($event_text, $length, $lines); } ! if ((!(ereg("([[:alpha:]]+://[^<>[:space:]]+)", $full_event_text, $res))) || ($arr['description'])) { $escaped_date = addslashes($event_date); $escaped_time = addslashes($time); --- 245,254 ---- if (!empty($event_text)) { ! $title = strip_tags(str_replace('<br />',"\n",$title)); if ($lines > 0) { $event_text = word_wrap($event_text, $length, $lines); } ! if ((!(ereg('([[:alpha:]]+://[^<>[:space:]]+)', $full_event_text, $res))) || ($arr['description'])) { $escaped_date = addslashes($event_date); $escaped_time = addslashes($time); |
