Mercurial > hg > fapweb
changeset 297:fdcd78675d1c
Possibly fix input quotation and escaping issues.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Mon, 25 Nov 2013 18:44:13 +0200 |
parents | bbdf1b9c5a07 |
children | 2f35c4b90ee7 |
files | msitegen.inc.php |
diffstat | 1 files changed, 11 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/msitegen.inc.php Mon Nov 25 18:43:31 2013 +0200 +++ b/msitegen.inc.php Mon Nov 25 18:44:13 2013 +0200 @@ -157,6 +157,10 @@ return htmlentities($str, ENT_NOQUOTES, "UTF-8"); } +function ihentities($str) +{ + return htmlentities($str, ENT_QUOTES, "UTF-8"); +} function stGetIDName($name, $id, $prefix = "") { @@ -188,7 +192,7 @@ { return "<input type=\"button\" ".stGetIDName($name, $id, $prefix). - "value=\" ".chentities($label)." \" ". + "value=\" ".ihentities($label)." \" ". ($onclick != "" ? "onClick=\"".$onclick."\"" : "")." />"; } @@ -198,7 +202,7 @@ return "<textarea ".$extra." ".stGetIDName($name, $id, $prefix). "rows=\"".$rows."\" cols=\"".$cols."\">". - (isset($value) ? chentities($value) : ""). + (isset($value) ? ihentities($value) : ""). "</textarea>"; } @@ -208,7 +212,7 @@ return "<input ".$extra." type=\"text\" ".stGetIDName($name, $id, $prefix). "size=\"".$size."\" maxlength=\"".$len."\"". - (isset($value) ? " value=\"".chentities($value)."\"" : ""). + (isset($value) ? " value=\"".ihentities($value)."\"" : ""). " />"; } @@ -224,7 +228,7 @@ { return "<input type=\"submit\" name=\"".$name. - "\" value=\" ".chentities($label)." \" ". + "\" value=\" ".ihentities($label)." \" ". ($onclick != "" ? "onClick=\"".$onclick."\"" : "")." />"; } @@ -233,7 +237,7 @@ { return "<input type=\"hidden\" name=\"".$name. - "\" value=\"".chentities($value)."\" />"; + "\" value=\"".ihentities($value)."\" />"; } @@ -434,10 +438,10 @@ return intval(stGetRequestItem($value)); case "S": - return $db->quote(stGetDRequestItem($value)); + return $db->quote(stGetRequestItem($value)); case "Q": - return $db->quote(stripslashes(stGetDRequestItem($value))); + return $db->quote(stGetRequestItem($value)); case "B": return intval(stGetRequestItem($value)) ? 1 : 0;