[Picfinity-commit] SF.net SVN: picfinity: [57] trunk/index.php
Status: Beta
Brought to you by:
espadav8
Menu
▾
▴
[Picfinity-commit] SF.net SVN: picfinity: [57] trunk/index.php
|
From: <esp...@us...> - 2007-08-27 16:30:10
|
Revision: 57
http://picfinity.svn.sourceforge.net/picfinity/?rev=57&view=rev
Author: espadav8
Date: 2007-08-25 07:55:36 -0700 (Sat, 25 Aug 2007)
Log Message:
-----------
Make some possible inputs safe
Modified Paths:
--------------
trunk/index.php
Modified: trunk/index.php
===================================================================
--- trunk/index.php 2007-08-25 10:27:14 UTC (rev 56)
+++ trunk/index.php 2007-08-25 14:55:36 UTC (rev 57)
@@ -131,7 +131,7 @@
// create the XML
if ($name == "")
- $folder_layout_xml = "<?xml version=\"1.0\"?>\n"
+ $folder_layout_xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
. "<!DOCTYPE layout PUBLIC \"-//picfinity//Gallery Layout//EN\" \"http://www.espadav8.co.uk/gallery/gallery.dtd\">\n"
. "<layout id=\"$folder_id\" name=\"\">\n";
else
@@ -189,7 +189,7 @@
add_image_to_db($image_id);
}
- if (($use_db) && ($image_id == $post_id))
+ if (($use_db) && ($image_id === $post_id))
{
$folder_layout_xml .= "\t<image id=\"$image_id\" file=\"$folder_entry\">\n"
. get_comments($image_id)
@@ -242,14 +242,14 @@
{
while ($row = mysql_fetch_assoc($result))
{
- $comments_xml .= "<comment>"
- . "<name>$row[user_name]</name>"
- . "<www>$row[user_www]</www>"
- . "<email>$row[user_email]</email>"
- . "<comment_text>$row[user_comment]</comment_text>"
- . "<rating>$row[comment_rating]</rating>"
- . "<added>$row[date_added]</added>"
- . "</comment>";
+ $comments_xml .= "<comment>\n"
+ . "<name>$row[user_name]</name>\n"
+ . "<www>$row[user_www]</www>\n"
+ . "<email>$row[user_email]</email>\n"
+ . "<comment_text>".htmlspecialchars($row['user_comment'])."</comment_text>\n"
+ . "<rating>$row[comment_rating]</rating>\n"
+ . "<added>$row[date_added]</added>\n"
+ . "</comment>\n";
}
return $comments_xml;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
