Revision 1383
Added by FrankH almost 14 years ago
- Security fix for news module
- Some more Security fixes, thanks to Gerben van Veenendaal
| view.php | ||
|---|---|---|
| 209 | 209 |
{
|
| 210 | 210 |
?> |
| 211 | 211 |
<div class="selected-group-title"> |
| 212 |
<?php print '<a href="'.htmlspecialchars(strip_tags($_SERVER['PHP_SELF'])).'">'.PAGE_TITLE.'</a> >> '.$groups[$_GET['g']]['title']; ?>
|
|
| 212 |
<?php print '<a href="'.htmlspecialchars(strip_tags($_SERVER['SCRIPT_NAME'])).'">'.PAGE_TITLE.'</a> >> '.$groups[$_GET['g']]['title']; ?>
|
|
| 213 | 213 |
</div> |
| 214 | 214 |
<?php |
| 215 | 215 |
} |
| ... | ... | |
| 428 | 428 |
{
|
| 429 | 429 |
// Print comments header |
| 430 | 430 |
$vars = array('[ADD_COMMENT_URL]','[TEXT_COMMENTS]');
|
| 431 |
$values = array(WB_URL.'/modules/news/comment.php?post_id='.POST_ID.'&section_id='.$section_id, $MOD_NEWS['TEXT_COMMENTS']); |
|
| 431 |
$pid = $admin->getIDKEY(POST_ID); |
|
| 432 |
$values = array(WB_URL."/modules/news/comment.php?post_id=$pid&section_id=$section_id", $MOD_NEWS['TEXT_COMMENTS']); |
|
| 432 | 433 |
print str_replace($vars, $values, $setting_comments_header); |
| 433 | 434 |
|
| 434 | 435 |
// Query for comments |
| ... | ... | |
| 466 | 467 |
|
| 467 | 468 |
// Print comments footer |
| 468 | 469 |
$vars = array('[ADD_COMMENT_URL]','[TEXT_ADD_COMMENT]');
|
| 469 |
$values = array(WB_URL.'/modules/news/comment.php?post_id='.POST_ID.'&section_id='.$section_id, $MOD_NEWS['TEXT_ADD_COMMENT']);
|
|
| 470 |
$values = array(WB_URL."/modules/news/comment.php?post_id=$pid&section_id=$section_id", $MOD_NEWS['TEXT_ADD_COMMENT']);
|
|
| 470 | 471 |
print str_replace($vars, $values, $setting_comments_footer); |
| 471 | 472 |
|
| 472 | 473 |
} |
Also available in: Unified diff