Menu
▾
▴
[Webnotes-cvs] webnotes note_add.php,1.13,1.14 note_preview_page.php,1.3,1.4
|
From: <vb...@us...> - 2002-09-13 07:24:09
|
Update of /cvsroot/webnotes/webnotes In directory usw-pr-cvs1:/tmp/cvs-serv22855 Modified Files: note_add.php note_preview_page.php Log Message: Fixed 41: Handling single/double quotes + disabling html tags Index: note_add.php =================================================================== RCS file: /cvsroot/webnotes/webnotes/note_add.php,v retrieving revision 1.13 retrieving revision 1.14 diff -u -d -r1.13 -r1.14 --- note_add.php 11 Sep 2002 09:49:54 -0000 1.13 +++ note_add.php 13 Sep 2002 07:17:53 -0000 1.14 @@ -10,6 +10,11 @@ require_once( 'core' . DIRECTORY_SEPARATOR . 'api.php' ); + $f_page_id = gpc_get_int( 'f_page_id' ); + $f_email = stripslashes( gpc_get_string( 'f_email' ) ); + $f_note = stripslashes( gpc_get_string( 'f_note' ) ); + $f_url = gpc_get_string( 'f_url' ); + ### insert note $result = note_add( $f_page_id, $f_email, $REMOTE_ADDR, $f_note); Index: note_preview_page.php =================================================================== RCS file: /cvsroot/webnotes/webnotes/note_preview_page.php,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -r1.3 -r1.4 --- note_preview_page.php 12 Sep 2002 12:50:23 -0000 1.3 +++ note_preview_page.php 13 Sep 2002 07:17:53 -0000 1.4 @@ -27,6 +27,12 @@ <br /> EOT; + $f_page_id = gpc_get_int( 'f_page_id' ); + $f_email = string_disable_html( gpc_get_string( 'f_email' ) ); + $f_note = string_disable_html( gpc_get_string( 'f_note' ) ); + $f_came_from = gpc_get_string( 'f_came_from' ); + $f_url = gpc_get_string( 'f_url' ); + $t_note['id'] = '0'; $t_note['email']= $f_email; $t_note['date'] = date ($g_date_format); @@ -37,16 +43,19 @@ theme_notes_echo( $t_page, $f_url, $t_note, true ); theme_notes_end( $t_page, $f_url, true ); + $f_email = string_to_form( $f_email ); + $f_note = string_to_form( $f_note ); + echo <<<EOT <form method="post" action="note_add.php"> <input type="hidden" name="f_came_from" value="$f_came_from" /> <input type="hidden" name="f_page_id" value="$f_page_id" /> <input type="hidden" name="f_url" value="$f_url" /> - + <input type="hidden" name="f_email" value="$f_email" /> - <input type="hidden" name="f_note" value="$f_note" /> - + <input type="hidden" name="f_note" value="$f_note" /> + <table width="100%"> <tr bgcolor="$g_white_color"> <td colspan="2" align="center" width="80%"><input type="submit" value="Submit" /> |
