Revision 36
Added by stefan about 20 years ago
| view.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: view.php,v 1.7 2005/04/08 07:36:58 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 113 | 113 |
$query_settings = $database->query("SELECT header,field_loop,footer FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
|
| 114 | 114 |
if($query_settings->numRows() > 0) {
|
| 115 | 115 |
$fetch_settings = $query_settings->fetchRow(); |
| 116 |
$header = stripslashes($fetch_settings['header']); |
|
| 117 |
$field_loop = stripslashes($fetch_settings['field_loop']); |
|
| 118 |
$footer = stripslashes($fetch_settings['footer']); |
|
| 116 |
$header = $this->stripslashes($fetch_settings['header']);
|
|
| 117 |
$field_loop = $this->stripslashes($fetch_settings['field_loop']);
|
|
| 118 |
$footer = $this->stripslashes($fetch_settings['footer']);
|
|
| 119 | 119 |
} else {
|
| 120 | 120 |
$header = ''; |
| 121 | 121 |
$field_loop = ''; |
| ... | ... | |
| 136 | 136 |
while($field = $query_fields->fetchRow()) {
|
| 137 | 137 |
// Set field values |
| 138 | 138 |
$field_id = $field['field_id']; |
| 139 |
$value = stripslashes($field['value']); |
|
| 139 |
$value = $this->stripslashes($field['value']);
|
|
| 140 | 140 |
// Print field_loop after replacing vars with values |
| 141 | 141 |
$vars = array('{TITLE}', '{REQUIRED}');
|
| 142 | 142 |
$values = array($field['title']); |
| ... | ... | |
| 198 | 198 |
$query_settings = $database->query("SELECT email_to,email_from,email_subject,success_message,max_submissions,stored_submissions FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
|
| 199 | 199 |
if($query_settings->numRows() > 0) {
|
| 200 | 200 |
$fetch_settings = $query_settings->fetchRow(); |
| 201 |
$email_to = stripslashes($fetch_settings['email_to']); |
|
| 202 |
$email_from = stripslashes($fetch_settings['email_from']); |
|
| 201 |
$email_to = $this->stripslashes($fetch_settings['email_to']);
|
|
| 202 |
$email_from = $this->stripslashes($fetch_settings['email_from']);
|
|
| 203 | 203 |
if(substr($email_from, 0, 5) == 'field') {
|
| 204 | 204 |
// Set the email from field to what the user entered in the specified field |
| 205 | 205 |
$email_from = addslashes($_POST[$email_from]); |
| 206 | 206 |
} |
| 207 |
$email_subject = stripslashes($fetch_settings['email_subject']); |
|
| 208 |
$success_message = stripslashes($fetch_settings['success_message']); |
|
| 209 |
$max_submissions = stripslashes($fetch_settings['max_submissions']); |
|
| 210 |
$stored_submissions = stripslashes($fetch_settings['stored_submissions']); |
|
| 207 |
$email_subject = $this->stripslashes($fetch_settings['email_subject']);
|
|
| 208 |
$success_message = $this->stripslashes($fetch_settings['success_message']);
|
|
| 209 |
$max_submissions = $this->stripslashes($fetch_settings['max_submissions']);
|
|
| 210 |
$stored_submissions = $this->stripslashes($fetch_settings['stored_submissions']);
|
|
| 211 | 211 |
} else {
|
| 212 | 212 |
exit($TEXT['UNDER_CONSTRUCTION']); |
| 213 | 213 |
} |
| ... | ... | |
| 231 | 231 |
} elseif (!is_array($_POST['field'.$field['field_id']])) {
|
| 232 | 232 |
$email_body .= ' |
| 233 | 233 |
|
| 234 |
'.stripslashes($field['title']).': '.$_POST['field'.$field['field_id']].'\n'; |
|
| 234 |
'.$this->stripslashes($field['title']).': '.$_POST['field'.$field['field_id']].'\n';
|
|
| 235 | 235 |
} else {
|
| 236 | 236 |
$email_body .= ' |
| 237 | 237 |
|
| 238 |
'.stripslashes($field['title']).': \n'; |
|
| 238 |
'.$this->stripslashes($field['title']).': \n';
|
|
| 239 | 239 |
foreach ($_POST['field'.$field['field_id']] as $k=>$v) {
|
| 240 | 240 |
$email_body .= ' |
| 241 | 241 |
|
| ... | ... | |
| 243 | 243 |
} |
| 244 | 244 |
} |
| 245 | 245 |
} elseif($field['required'] == 1) {
|
| 246 |
$required[] = stripslashes($field['title']); |
|
| 246 |
$required[] = $this->stripslashes($field['title']);
|
|
| 247 | 247 |
} |
| 248 | 248 |
} |
| 249 | 249 |
} |
Also available in: Unified diff
Created new stripslashes method in class wb. Changed stripslashes() calls to method calls.