ChangeSet ID: 30858 CVSROOT: /opt/cvs-commit Module name: appdb Changes by: wineowner(a)winehq.org 2007/01/05 23:30:31 Modified files: include : filter.php Log message: Chris Morgan <cmorgan(a)alum.wpi.edu> Fix filtering of html, we shouldn't be running htmlspecialchars() on html code that needs to be preserved without modification Patch: http://cvs.winehq.org/patch.py?id=30858 Old revision New revision Changes Path 1.11 1.12 +1 -1 appdb/include/filter.php Index: appdb/include/filter.php diff -u -p appdb/include/filter.php:1.11 appdb/include/filter.php:1.12 --- appdb/include/filter.php:1.11 6 Jan 2007 5:30:31 -0000 +++ appdb/include/filter.php 6 Jan 2007 5:30:31 -0000 @@ -52,7 +52,7 @@ function filter_gpc() switch($aKeys[$i][1]) { case "h": // HTML string - $aClean[$aKeys[$i]] = trim(htmlspecialchars($_REQUEST[$aKeys[$i]])); + $aClean[$aKeys[$i]] = trim($_REQUEST[$aKeys[$i]]); // if there is no content and no image, make the variable empty if(strip_tags($aClean[$aKeys[$i]],'<img>')=="") $aClean[$aKeys[$i]] = "";