Update of /cvsroot/phpicalendar/phpicalendar/functions
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18856/functions
Modified Files:
sanitize.php
Log Message:
bug fixes for sanitize.php
Index: sanitize.php
===================================================================
RCS file: /cvsroot/phpicalendar/phpicalendar/functions/sanitize.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** sanitize.php 16 May 2007 22:20:47 -0000 1.1
--- sanitize.php 17 May 2007 12:06:40 -0000 1.2
***************
*** 5,9 ****
# modify this to allow or disallow different HTML tags in event popups
$allowed = "<p><br><b><i><em><a><img><div><span><ul><ol><li><h1><h2><h3><h4><h5><h6><hr><em><strong><small><table><tr><td><th>";
! $val = strip_tags($val,$allowed)
break;
default:
--- 5,9 ----
# modify this to allow or disallow different HTML tags in event popups
$allowed = "<p><br><b><i><em><a><img><div><span><ul><ol><li><h1><h2><h3><h4><h5><h6><hr><em><strong><small><table><tr><td><th>";
! $val = strip_tags($val,$allowed);
break;
default:
***************
*** 22,26 ****
case 'date':
case 'time':
! if (!is_int($val)) $val = '';
break;
default:
--- 22,26 ----
case 'date':
case 'time':
! if (!is_numeric($val)) $val = '';
break;
default:
***************
*** 32,37 ****
foreach ($_GET as $key=>$val){
switch ($key){
case 'getdate':
! if (!is_int($val)) $val = '';
break;
default:
--- 32,48 ----
foreach ($_GET as $key=>$val){
switch ($key){
+ case 'cal':
+ if (!is_array($val)){
+ $val = strip_tags($val);
+ $_REQUEST['cal'] = strip_tags($val);
+ }else{
+ unset ($_REQUEST['cal']);
+ foreach($val as $cal){
+ $_REQUEST['cal'][]= strip_tags($cal);
+ }
+ }
+ break;
case 'getdate':
! if (!is_numeric($val)) $val = '';
break;
default:
***************
*** 44,48 ****
switch ($key){
case 'time':
! if (!is_int($val)) $val = '';
break;
default:
--- 55,59 ----
switch ($key){
case 'time':
! if (!is_numeric($val)) $val = '';
break;
default:
|
