[geeklog-hg] geeklog: filter Polls topic, question, and remark (TWSL2013-001)
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Tue Feb 19 12:47:07 EST 2013
changeset 8950:83bea0c890e9
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/83bea0c890e9
user: Dirk Haun <dirk at haun-online.de>
date: Sun Feb 17 11:07:24 2013 +0100
description:
filter Polls topic, question, and remark (TWSL2013-001)
diffstat:
public_html/admin/plugins/polls/index.php | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diffs (31 lines):
diff -r c787e36670d8 -r 83bea0c890e9 public_html/admin/plugins/polls/index.php
--- a/public_html/admin/plugins/polls/index.php Sun Feb 17 10:56:56 2013 +0100
+++ b/public_html/admin/plugins/polls/index.php Sun Feb 17 11:07:24 2013 +0100
@@ -164,6 +164,7 @@
list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon);
$topic = COM_stripslashes($topic);
+ $topic = COM_checkHTML($topic);
$meta_description = strip_tags(COM_stripslashes($meta_description));
$meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
$pid = COM_sanitizeID($pid);
@@ -260,6 +261,8 @@
$num_questions = count($Q);
for ($i = 0; $i < $num_questions; $i++) {
$Q[$i] = COM_stripslashes($Q[$i]);
+ $Q[$i] = COM_checkHTML($Q[$i]);
+
if (strlen($Q[$i]) > 0) { // only insert questions that exist
$Q[$i] = addslashes($Q[$i]);
DB_save($_TABLES['pollquestions'], 'qid, pid, question',
@@ -269,6 +272,10 @@
$num_answers = count($A[$i]);
for ($j = 0; $j < $num_answers; $j++) {
$A[$i][$j] = COM_stripslashes($A[$i][$j]);
+ $A[$i][$j] = COM_checkHTML($A[$i][$j]);
+ $R[$i][$j] = COM_stripslashes($R[$i][$j]);
+ $R[$i][$j] = COM_checkHTML($R[$i][$j]);
+
if (strlen($A[$i][$j]) > 0) { // only insert answers etc that exist
if (!is_numeric($V[$i][$j])) {
$V[$i][$j] = "0";
More information about the geeklog-cvs
mailing list