ChangeSet ID: 30853 CVSROOT: /opt/cvs-commit Module name: appdb Changes by: wineowner@winehq.org 2007/01/04 22:59:04
Modified files: include : filter.php
Log message: Chris Morgan cmorgan@alum.wpi.edu When filtering copy Xinha variables verbatim instead of stripping out html tags
Patch: http://cvs.winehq.org/patch.py?id=30853
Old revision New revision Changes Path 1.9 1.10 +11 -2 appdb/include/filter.php
Index: appdb/include/filter.php diff -u -p appdb/include/filter.php:1.9 appdb/include/filter.php:1.10 --- appdb/include/filter.php:1.9 5 Jan 2007 4:59: 4 -0000 +++ appdb/include/filter.php 5 Jan 2007 4:59: 4 -0000 @@ -14,10 +14,19 @@ function filter_gpc() // Special cases for variables that don't fit our filtering scheme // don't filter the AppDB session cookie and MAX_FILE_SIZE // and the DialogX values that xinha uses - if($aKeys[$i] == "whq_appdb" || ($aKeys[$i] == "MAX_FILE_SIZE") || ($aKeys[$i] == "PHPSESSID") - || (strpos($aKeys[$i], "Dialog") == 0) || (strpos($aKeys[$i], "pref_") == 0)) + if(strpos($aKeys[$i], "Dialog") == 0) // Xinha variables { // copy the key over to the clean array + // NOTE: we do not strip html tags or trim any Xinha variables + // because Xinha is a html editor and removing html tags + // would break the ability to use Xinha to create or edit html + $aClean[$aKeys[$i]] = $_REQUEST[$aKeys[$i]]; + continue; // go to the next entry + } else if($aKeys[$i] == "whq_appdb" || ($aKeys[$i] == "MAX_FILE_SIZE") + || ($aKeys[$i] == "PHPSESSID") + || (strpos($aKeys[$i], "pref_") == 0)) // other variables + { + // copy the key over to the clean array after stripping tags and trimming $aClean[$aKeys[$i]] = trim(strip_tags($_REQUEST[$aKeys[$i]])); continue; // go to the next entry }