[geeklog-hg] geeklog: filter Polls topic, question, and remark (TWSL2013-001)

[geeklog-cvs at lists.geeklog.net]

changeset 8942:bc167e6fe58a
url:  http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/bc167e6fe58a
user: Dirk Haun <dirk at haun-online.de>
date: Sun Feb 17 11:07:24 2013 +0100
description:
filter Polls topic, question, and remark (TWSL2013-001)

diffstat:

 public_html/admin/plugins/polls/index.php |  7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diffs (31 lines):

diff -r 3c6fd874b6c9 -r bc167e6fe58a public_html/admin/plugins/polls/index.php
--- a/public_html/admin/plugins/polls/index.php	Sun Feb 17 10:56:56 2013 +0100
+++ b/public_html/admin/plugins/polls/index.php	Sun Feb 17 11:07:24 2013 +0100
@@ -163,6 +163,7 @@
     list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon);
 
     $topic = COM_stripslashes($topic);
+    $topic = COM_checkHTML($topic);
     $meta_description = strip_tags(COM_stripslashes($meta_description));
     $meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
     $pid = COM_sanitizeID($pid);
@@ -259,6 +260,8 @@
     $num_questions_exist = 0;
     for ($i = 0; $i < $num_questions; $i++) {
         $Q[$i] = COM_stripslashes($Q[$i]);
+        $Q[$i] = COM_checkHTML($Q[$i]);
+
         if (strlen($Q[$i]) > 0) { // only insert questions that exist
             $num_questions_exist++;
             
@@ -270,6 +273,10 @@
             $num_answers = count($A[$i]);
             for ($j = 0; $j < $num_answers; $j++) {
                 $A[$i][$j] = COM_stripslashes($A[$i][$j]);
+                $A[$i][$j] = COM_checkHTML($A[$i][$j]);
+                $R[$i][$j] = COM_stripslashes($R[$i][$j]);
+                $R[$i][$j] = COM_checkHTML($R[$i][$j]);
+
                 if (strlen($A[$i][$j]) > 0) { // only insert answers etc that exist
                     if (!is_numeric($V[$i][$j])) {
                         $V[$i][$j] = "0";