Mercurial > hg > batmud > misc
changeset 328:98c798a843ed misc
Better input validation.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Thu, 31 Dec 2015 03:02:47 +0200 |
| parents | fd471bd4e013 |
| children | 0e4b2c94b75d |
| files | materials/info.php |
| diffstat | 1 files changed, 10 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/materials/info.php Thu Dec 31 03:02:17 2015 +0200 +++ b/materials/info.php Thu Dec 31 03:02:47 2015 +0200 @@ -80,7 +80,8 @@ if (isset($_GET["m"])) { - $setShowMat = strtolower($_GET["m"]); + $setShowMat = trim(preg_replace("/[^a-z ]/", " ", strtolower($_GET["m"]))); + $setShowMat = preg_replace("/ +/", " ", $setShowMat); $setShowMatName = strtoupper(substr($setShowMat,0,1)).substr($setShowMat, 1); } @@ -186,14 +187,18 @@ if (!isset($matDataTable[$setShowMat])) { echo - "<h2>Error! No such material '".$setShowMatName."'</h2>\n". + "<h2>Error! No such material '".chentities($setShowMatName)."'</h2>\n". "<p>Material is not known. Check spelling.</p>\n"; } else { - echo "<h2>".$setShowMatName."</h2>\n". - "<table width=\"95%\">\n". - "<tr>"; + // + // Print material information table + // + echo + "\n". + "<h2>".chentities($setShowMatName)."</h2>\n". + "<table class=\"materialInfo\" width=\"95%\">\n"; $n = 0; foreach ($matDataTable[$setShowMat] as $key => $val)