Update of /cvsroot/phpicalendar/phpicalendar/functions
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv16185/functions
Modified Files:
date_functions.php
Log Message:
Properly sanitize dollar signs in event text (regression from new sanitize code in 2.4)
Index: date_functions.php
===================================================================
RCS file: /cvsroot/phpicalendar/phpicalendar/functions/date_functions.php,v
retrieving revision 1.57
retrieving revision 1.58
diff -C2 -d -r1.57 -r1.58
*** date_functions.php 7 Jul 2009 14:48:29 -0000 1.57
--- date_functions.php 13 Apr 2010 15:45:47 -0000 1.58
***************
*** 223,232 ****
function openevent($event_date, $time, $uid, $arr, $lines = 0, $length = 0, $link_class = '', $pre_text = '', $post_text = '') {
global $cpath, $timeFormat, $dateFormat_week;
$return = '';
! $event_text = stripslashes(urldecode($arr["event_text"]));
# build tooltip
$title = makeTitle($arr, $time);
# for iCal pseudo tag <http> comptability
! if (ereg("<([[:alpha:]]+://)([^<>[:space:]]+)>",$event_text,$matches)) {
$full_event_text = $matches[1] . $matches[2];
$event_text = $matches[2];
--- 223,238 ----
function openevent($event_date, $time, $uid, $arr, $lines = 0, $length = 0, $link_class = '', $pre_text = '', $post_text = '') {
global $cpath, $timeFormat, $dateFormat_week;
+
+ # Strip all dollar signs from printable array entries; regex functions will mutilate them
+ foreach ($arr as $key => $val) {
+ $arr[$key] = str_replace('$', '$', $val);
+ }
+
$return = '';
! $event_text = stripslashes(urldecode($arr['event_text']));
# build tooltip
$title = makeTitle($arr, $time);
# for iCal pseudo tag <http> comptability
! if (ereg('<([[:alpha:]]+://)([^<>[:space:]]+)>',$event_text,$matches)) {
$full_event_text = $matches[1] . $matches[2];
$event_text = $matches[2];
***************
*** 239,248 ****
if (!empty($event_text)) {
! $title = strip_tags(str_replace("<br />","\n",$title));
if ($lines > 0) {
$event_text = word_wrap($event_text, $length, $lines);
}
! if ((!(ereg("([[:alpha:]]+://[^<>[:space:]]+)", $full_event_text, $res))) || ($arr['description'])) {
$escaped_date = addslashes($event_date);
$escaped_time = addslashes($time);
--- 245,254 ----
if (!empty($event_text)) {
! $title = strip_tags(str_replace('<br />',"\n",$title));
if ($lines > 0) {
$event_text = word_wrap($event_text, $length, $lines);
}
! if ((!(ereg('([[:alpha:]]+://[^<>[:space:]]+)', $full_event_text, $res))) || ($arr['description'])) {
$escaped_date = addslashes($event_date);
$escaped_time = addslashes($time);
|
