Revision 40
Added by stefan about 20 years ago
| save.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: save.php,v 1.14 2005/06/23 05:56:33 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 45 | 45 |
while($setting = $results->fetchRow()) {
|
| 46 | 46 |
$setting_name = $setting['name']; |
| 47 | 47 |
$value = $admin->get_post($setting_name); |
| 48 |
$value = addslashes($value);
|
|
| 48 |
$value = $admin->add_slashes($value);
|
|
| 49 | 49 |
$database->query("UPDATE ".TABLE_PREFIX."settings SET value = '$value' WHERE name = '$setting_name'");
|
| 50 | 50 |
} |
| 51 | 51 |
|
| ... | ... | |
| 56 | 56 |
$setting_name = $search_setting['name']; |
| 57 | 57 |
$post_name = 'search_'.$search_setting['name']; |
| 58 | 58 |
$value = $admin->get_post($post_name); |
| 59 |
$value = addslashes($value);
|
|
| 59 |
$value = $admin->add_slashes($value);
|
|
| 60 | 60 |
$database->query("UPDATE ".TABLE_PREFIX."search SET value = '$value' WHERE name = '$setting_name'");
|
| 61 | 61 |
} |
| 62 | 62 |
|
| ... | ... | |
| 199 | 199 |
"define('HOMEPAGE_REDIRECTION', ".str_replace(';', '', $_POST['homepage_redirection']).");\n".
|
| 200 | 200 |
"define('PAGE_LANGUAGES', ".str_replace(';', '', $_POST['page_languages']).");\n".
|
| 201 | 201 |
"\n". |
| 202 |
"define('WYSIWYG_STYLE', '".addslashes($_POST['wysiwyg_style'])."');\n".
|
|
| 202 |
"define('WYSIWYG_STYLE', '".$admin->add_slashes($_POST['wysiwyg_style'])."');\n".
|
|
| 203 | 203 |
"\n". |
| 204 | 204 |
"define('MANAGE_SECTIONS', ".str_replace(';', '', $_POST['manage_sections']).");\n".
|
| 205 | 205 |
"define('SECTION_BLOCKS', ".str_replace(';', '', $_POST['section_blocks']).");\n".
|
Also available in: Unified diff
Change addslashes,stripslashes to (wb class) method calls add_slashes,strip_slashes