Update of /cvsroot/webnotes/webnotes
In directory usw-pr-cvs1:/tmp/cvs-serv22855
Modified Files:
note_add.php note_preview_page.php
Log Message:
Fixed 41: Handling single/double quotes + disabling html tags
Index: note_add.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/note_add.php,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- note_add.php 11 Sep 2002 09:49:54 -0000 1.13
+++ note_add.php 13 Sep 2002 07:17:53 -0000 1.14
@@ -10,6 +10,11 @@
require_once( 'core' . DIRECTORY_SEPARATOR . 'api.php' );
+ $f_page_id = gpc_get_int( 'f_page_id' );
+ $f_email = stripslashes( gpc_get_string( 'f_email' ) );
+ $f_note = stripslashes( gpc_get_string( 'f_note' ) );
+ $f_url = gpc_get_string( 'f_url' );
+
### insert note
$result = note_add( $f_page_id, $f_email, $REMOTE_ADDR, $f_note);
Index: note_preview_page.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/note_preview_page.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- note_preview_page.php 12 Sep 2002 12:50:23 -0000 1.3
+++ note_preview_page.php 13 Sep 2002 07:17:53 -0000 1.4
@@ -27,6 +27,12 @@
<br />
EOT;
+ $f_page_id = gpc_get_int( 'f_page_id' );
+ $f_email = string_disable_html( gpc_get_string( 'f_email' ) );
+ $f_note = string_disable_html( gpc_get_string( 'f_note' ) );
+ $f_came_from = gpc_get_string( 'f_came_from' );
+ $f_url = gpc_get_string( 'f_url' );
+
$t_note['id'] = '0';
$t_note['email']= $f_email;
$t_note['date'] = date ($g_date_format);
@@ -37,16 +43,19 @@
theme_notes_echo( $t_page, $f_url, $t_note, true );
theme_notes_end( $t_page, $f_url, true );
+ $f_email = string_to_form( $f_email );
+ $f_note = string_to_form( $f_note );
+
echo <<<EOT
<form method="post" action="note_add.php">
<input type="hidden" name="f_came_from" value="$f_came_from" />
<input type="hidden" name="f_page_id" value="$f_page_id" />
<input type="hidden" name="f_url" value="$f_url" />
-
+
<input type="hidden" name="f_email" value="$f_email" />
- <input type="hidden" name="f_note" value="$f_note" />
-
+ <input type="hidden" name="f_note" value="$f_note" />
+
<table width="100%">
<tr bgcolor="$g_white_color">
<td colspan="2" align="center" width="80%"><input type="submit" value="Submit" />
|
