Menu
▾
▴
[PHPiCalendar-Commits] phpicalendar/functions sanitize.php, 1.1, 1.2
|
From: <ji...@us...> - 2007-05-17 12:06:40
|
Update of /cvsroot/phpicalendar/phpicalendar/functions In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18856/functions Modified Files: sanitize.php Log Message: bug fixes for sanitize.php Index: sanitize.php =================================================================== RCS file: /cvsroot/phpicalendar/phpicalendar/functions/sanitize.php,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** sanitize.php 16 May 2007 22:20:47 -0000 1.1 --- sanitize.php 17 May 2007 12:06:40 -0000 1.2 *************** *** 5,9 **** # modify this to allow or disallow different HTML tags in event popups $allowed = "<p><br><b><i><em><a><img><div><span><ul><ol><li><h1><h2><h3><h4><h5><h6><hr><em><strong><small><table><tr><td><th>"; ! $val = strip_tags($val,$allowed) break; default: --- 5,9 ---- # modify this to allow or disallow different HTML tags in event popups $allowed = "<p><br><b><i><em><a><img><div><span><ul><ol><li><h1><h2><h3><h4><h5><h6><hr><em><strong><small><table><tr><td><th>"; ! $val = strip_tags($val,$allowed); break; default: *************** *** 22,26 **** case 'date': case 'time': ! if (!is_int($val)) $val = ''; break; default: --- 22,26 ---- case 'date': case 'time': ! if (!is_numeric($val)) $val = ''; break; default: *************** *** 32,37 **** foreach ($_GET as $key=>$val){ switch ($key){ case 'getdate': ! if (!is_int($val)) $val = ''; break; default: --- 32,48 ---- foreach ($_GET as $key=>$val){ switch ($key){ + case 'cal': + if (!is_array($val)){ + $val = strip_tags($val); + $_REQUEST['cal'] = strip_tags($val); + }else{ + unset ($_REQUEST['cal']); + foreach($val as $cal){ + $_REQUEST['cal'][]= strip_tags($cal); + } + } + break; case 'getdate': ! if (!is_numeric($val)) $val = ''; break; default: *************** *** 44,48 **** switch ($key){ case 'time': ! if (!is_int($val)) $val = ''; break; default: --- 55,59 ---- switch ($key){ case 'time': ! if (!is_numeric($val)) $val = ''; break; default: |
