Revision 1407
Added by FrankH over 13 years ago
- various Security fixes, thanks to secunia and others
| settings2.php | ||
|---|---|---|
| 49 | 49 |
require_once(WB_PATH.'/framework/functions.php'); |
| 50 | 50 |
|
| 51 | 51 |
// Get values |
| 52 |
$page_title = htmlspecialchars($admin->get_post_escaped('page_title') );
|
|
| 53 |
$menu_title = htmlspecialchars($admin->get_post_escaped('menu_title') );
|
|
| 52 |
$page_title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('page_title')));
|
|
| 53 |
$menu_title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('menu_title')));
|
|
| 54 | 54 |
$page_code = (int) $admin->get_post_escaped('page_code');
|
| 55 |
$description = htmlspecialchars($admin->add_slashes($admin->get_post('description')) );
|
|
| 56 |
$keywords = htmlspecialchars($admin->add_slashes($admin->get_post('keywords')) );
|
|
| 55 |
$description = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->add_slashes($admin->get_post('description'))));
|
|
| 56 |
$keywords = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->add_slashes($admin->get_post('keywords'))));
|
|
| 57 | 57 |
$parent = (int) $admin->get_post_escaped('parent'); // fix secunia 2010-91-3
|
| 58 | 58 |
$visibility = $admin->get_post_escaped('visibility');
|
| 59 | 59 |
if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) {$visibility = 'public';} // fix secunia 2010-93-3
|
| ... | ... | |
| 61 | 61 |
$target = preg_replace("/\W/", "", $admin->get_post_escaped('target'));
|
| 62 | 62 |
$admin_groups = $admin->get_post_escaped('admin_groups');
|
| 63 | 63 |
$viewing_groups = $admin->get_post_escaped('viewing_groups');
|
| 64 |
$searching = $admin->get_post_escaped('searching');
|
|
| 64 |
$searching = (int) $admin->get_post_escaped('searching');
|
|
| 65 | 65 |
$language = strtoupper($admin->get_post('language'));
|
| 66 | 66 |
$language = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);
|
| 67 | 67 |
$menu = (int) $admin->get_post_escaped('menu'); // fix secunia 2010-91-3
|
Also available in: Unified diff