Project

General

Profile

« Previous | Next » 

Revision 364

Added by stefan about 19 years ago

Added get_post_escaped to wb class which automatically calls add_slashes on get_post output and used it in form/save_field.php

View differences:

trunk/wb/modules/form/save_field.php
69 69 

  		




  70
  70
  
    
// Get extra fields for field-type-specific settings


  		




  71
  71
  
    
if($admin->get_post('type') == 'textfield') {


  		




  72
  
  
    
	$length = $admin->get_post('length');


  		




  73
  
  
    
	$value = $admin->get_post('value');


  		




  
  72
  
    
	$length = $admin->get_post_escaped('length');


  		




  
  73
  
    
	$value = $admin->get_post_escaped('value');


  		




  74
  74
  
    
	$database->query("UPDATE ".TABLE_PREFIX."mod_form_fields SET value = '$value', extra = '$length' WHERE field_id = '$field_id'");


  		




  75
  75
  
    
} elseif($admin->get_post('type') == 'textarea') {


  		




  76
  
  
    
	$value = $admin->get_post('value');


  		




  
  76
  
    
	$value = $admin->get_post_escaped('value'));


  		




  77
  77
  
    
	$database->query("UPDATE ".TABLE_PREFIX."mod_form_fields SET value = '$value', extra = '' WHERE field_id = '$field_id'");


  		




  78
  78
  
    
} elseif($admin->get_post('type') == 'heading') {


  		




  79
  79
  
    
	$extra = $admin->get_post('template');


  		




  ......




  81
  81
  
    
	$extra = $admin->add_slashes($extra);


  		




  82
  82
  
    
	$database->query("UPDATE ".TABLE_PREFIX."mod_form_fields SET value = '', extra = '$extra' WHERE field_id = '$field_id'");


  		




  83
  83
  
    
} elseif($admin->get_post('type') == 'select') {


  		




  84
  
  
    
	$extra = $admin->get_post('size').','.$admin->get_post('multiselect');


  		




  
  84
  
    
	$extra = $admin->get_post_escaped('size').','.$admin->get_post_escaped('multiselect');


  		




  85
  85
  
    
	$database->query("UPDATE ".TABLE_PREFIX."mod_form_fields SET value = '$value', extra = '$extra' WHERE field_id = '$field_id'");


  		




  86
  86
  
    
} elseif($admin->get_post('type') == 'checkbox') {


  		




  87
  
  
    
	$extra = $admin->get_post('seperator');


  		




  
  87
  
    
	$extra = $admin->get_post_escaped('seperator');


  		




  88
  88
  
    
	$database->query("UPDATE ".TABLE_PREFIX."mod_form_fields SET value = '$value', extra = '$extra' WHERE field_id = '$field_id'");


  		




  89
  89
  
    
} elseif($admin->get_post('type') == 'radio') {


  		




  90
  
  
    
	$extra = $admin->get_post('seperator');


  		




  
  90
  
    
	$extra = $admin->get_post_escaped('seperator');


  		




  91
  91
  
    
	$database->query("UPDATE ".TABLE_PREFIX."mod_form_fields SET value = '$value', extra = '$extra' WHERE field_id = '$field_id'");


  		




  92
  92
  
    
}


  		




  93
  93
  
    

  		












  

    
      trunk/wb/framework/class.wb.php
    
  





  116
  116
  
    
		}


  		




  117
  117
  
    
	}


  		




  118
  118
  
    

  		




  
  119
  
    
	// Get POST data and escape it


  		




  
  120
  
    
	function get_post_escaped($field) {


  		




  
  121
  
    
		$result = $this->get_post($field);


  		




  
  122
  
    
		return (is_null($result)) ? null : $this->add_slashes($result);


  		




  
  123
  
    
	}


  		




  
  124
  
    
	


  		




  119
  125
  
    
	// Get GET data


  		




  120
  126
  
    
	function get_get($field) {


  		




  121
  127
  
    
		if(isset($_GET[$field])) {


  		












Also available in:  Unified diff