Project

General

Profile

« Previous | Next » 

Revision 42

Added by stefan about 19 years ago

Changed most occurrences of strip_slashes to new dummy method strip_slashes_dummy.

View differences:

trunk/wb/include/htmlarea/popups/link.php
75 75
	global $template, $database;
76 76
	$get_pages = $database->query("SELECT page_id,menu_title,link,level FROM ".TABLE_PREFIX."pages WHERE parent = '$parent' AND visibility!='deleted' ORDER BY position ASC");
77 77
	while($page = $get_pages->fetchRow()) {
78
		$title = $admin->strip_slashes($page['menu_title']);
78
		$title = $admin->strip_slashes_dummy($page['menu_title']);
79 79
		// Add leading -'s so we can tell what level a page is at
80 80
		$leading_dashes = '';
81 81
		for($i = 0; $i < $page['level']; $i++) {
......
99 99
	$template->parse('page_list', 'page_list_block', true);
100 100
	// Loop through pages
101 101
	while($page = $get_pages->fetchRow()) {
102
		$title = $admin->strip_slashes($page['menu_title']);
102
		$title = $admin->strip_slashes_dummy($page['menu_title']);
103 103
		$template->set_var('TITLE', $title);
104 104
		$template->set_var('LINK', '[wblink'.$page['page_id'].']');
105 105
		$template->parse('page_list', 'page_list_block', true);
trunk/wb/search/search.php
38 38
	if(isset($_REQUEST['string'])) {
39 39
		if ($_REQUEST['match']!='exact') {
40 40
			$string=str_replace(',', '', $_REQUEST['string']);
41
		}
41
		} else {
42
			$string=$_REQUEST['string'];
43
		}
42 44
		// reverse potential magic_quotes action
43 45
		$original_string=$this->strip_slashes($string);
44 46
		// Double backslashes (mySQL needs doubly escaped backslashes in LIKE comparisons)
......
54 56
	$all_checked = '';
55 57
	$any_checked = '';
56 58
	$exact_checked = '';
57
	if($_REQUEST['match'] == 'any' OR $_REQUEST['match'] == 'all') {
59
	if($_REQUEST['match'] != 'exact') {
58 60
		// Split string into array with explode() function
59 61
		$exploded_string = explode(' ', $string);
60 62
		// Make sure there is no blank values in the array
......
103 105
	// Replace vars in search settings with values
104 106
	$vars = array('[SEARCH_STRING]', '[WB_URL]', '[PAGE_EXTENSION]', '[TEXT_RESULTS_FOR]');
105 107
	$values = array($search_string, WB_URL, PAGE_EXTENSION, $TEXT['RESULTS_FOR']);
106
	$search_footer = str_replace($vars, $values, $this->strip_slashes($fetch_footer['value']));
107
	$search_results_header = str_replace($vars, $values, $this->strip_slashes($fetch_results_header['value']));
108
	$search_results_footer = str_replace($vars, $values, $this->strip_slashes($fetch_results_footer['value']));
108
	$search_footer = str_replace($vars, $values, $this->strip_slashes_dummy($fetch_footer['value']));
109
	$search_results_header = str_replace($vars, $values, $this->strip_slashes_dummy($fetch_results_header['value']));
110
	$search_results_footer = str_replace($vars, $values, $this->strip_slashes_dummy($fetch_results_footer['value']));
109 111
	// Do extra vars/values replacement
110 112
	$vars = array('[SEARCH_STRING]', '[WB_URL]', '[PAGE_EXTENSION]', '[TEXT_SEARCH]', '[TEXT_ALL_WORDS]', '[TEXT_ANY_WORDS]', '[TEXT_EXACT_MATCH]', '[TEXT_MATCH]', '[TEXT_MATCHING]', '[ALL_CHECKED]', '[ANY_CHECKED]', '[EXACT_CHECKED]');
111 113
	$values = array($search_string, WB_URL, PAGE_EXTENSION, $TEXT['SEARCH'], $TEXT['ALL_WORDS'], $TEXT['ANY_WORDS'], $TEXT['EXACT_MATCH'], $TEXT['MATCH'], $TEXT['MATCHING'], $all_checked, $any_checked, $exact_checked);
112
	$search_header = str_replace($vars, $values, $this->strip_slashes($fetch_header['value']));
114
	$search_header = str_replace($vars, $values, $this->strip_slashes_dummy($fetch_header['value']));
113 115
	
114 116
	// Insert js code
115 117
	?>
......
158 160
					$date = $TEXT['UNKNOWN'].' '.$TEXT['DATE'];
159 161
					$time = $TEXT['UNKNOWN'].' '.$TEXT['TIME'];
160 162
				}
161
				$values = array($link, $this->strip_slashes($page['page_title']),$this->strip_slashes($page['description']), $users[$page['modified_by']]['username'], $users[$page['modified_by']]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
163
				$values = array($link, $this->strip_slashes_dummy($page['page_title']),$this->strip_slashes_dummy($page['description']), $users[$page['modified_by']]['username'], $users[$page['modified_by']]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
162 164
				// Show loop code with vars replaced by values
163 165
				if($values != array()) {
164
					echo str_replace($vars, $values, $this->strip_slashes($fetch_results_loop['value']));
166
					echo str_replace($vars, $values, $this->strip_slashes_dummy($fetch_results_loop['value']));
165 167
				}
166 168
				// Say that we have already listed this page id
167 169
				$pages_listed[$page['page_id']] = true;
......
184 186
					// Fetch query start
185 187
					$fetch_query_start = $get_query_start->fetchRow();
186 188
					// Prepare query start for execution by replacing {TP} with the TABLE_PREFIX
187
					$query_start = str_replace('[TP]', TABLE_PREFIX, $this->strip_slashes($fetch_query_start['value']));
189
					$query_start = str_replace('[TP]', TABLE_PREFIX, $this->strip_slashes_dummy($fetch_query_start['value']));
188 190
					// Get query end
189 191
					$get_query_end = $database->query("SELECT value FROM ".TABLE_PREFIX."search WHERE name = 'query_end' AND extra = '$module_name' LIMIT 1");
190 192
					if($get_query_end->numRows() > 0) {
191 193
						// Fetch query start
192 194
						$fetch_query_end = $get_query_end->fetchRow();
193 195
						// Set query end
194
						$query_end = $this->strip_slashes($fetch_query_end['value']);
196
						$query_end = $this->strip_slashes_dummy($fetch_query_end['value']);
195 197
						// Get query body
196 198
						$get_query_body = $database->query("SELECT value FROM ".TABLE_PREFIX."search WHERE name = 'query_body' AND extra = '$module_name' LIMIT 1");
197 199
						if($get_query_body->numRows() > 0) {
198 200
							// Fetch query start
199 201
							$fetch_query_body = $get_query_body->fetchRow();
200 202
							// Prepare query body for execution by replacing {STRING} with the correct one
201
							$query_body = str_replace(array('[TP]','[O]','[W]'), array(TABLE_PREFIX,'LIKE','%'), $this->strip_slashes($fetch_query_body['value']));
203
							$query_body = str_replace(array('[TP]','[O]','[W]'), array(TABLE_PREFIX,'LIKE','%'), $this->strip_slashes_dummy($fetch_query_body['value']));
202 204
							// Loop through query body for each string, then combine with start and end
203 205
							$prepared_query = $query_start;
204 206
							$count = 0;
......
226 228
											$date = $TEXT['UNKNOWN'].' '.$TEXT['DATE'];
227 229
											$time = $TEXT['UNKNOWN'].' '.$TEXT['TIME'];
228 230
										}
229
										$values = array($link, $this->strip_slashes($page[$fields['title']]), $this->strip_slashes($page[$fields['description']]), $users[$page[$fields['modified_by']]]['username'], $users[$page[$fields['modified_by']]]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
231
										$values = array($link, $this->strip_slashes_dummy($page[$fields['title']]), $this->strip_slashes_dummy($page[$fields['description']]), $users[$page[$fields['modified_by']]]['username'], $users[$page[$fields['modified_by']]]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
230 232
										// Show loop code with vars replaced by values
231
										echo str_replace($vars, $values, $this->strip_slashes($fetch_results_loop['value']));
233
										echo str_replace($vars, $values, $this->strip_slashes_dummy($fetch_results_loop['value']));
232 234
										// Say that this page or item has been listed if we can
233 235
										if(isset($fields['page_id'])) {
234 236
											$pages_listed[$page[$fields['page_id']]] = true;
trunk/wb/admin/pages/intro.php
43 43
$template->set_file('page', 'intro.html');
44 44
$template->set_block('page', 'main_block', 'main');
45 45
$template->set_var(array(
46
								'CONTENT' => $admin->strip_slashes($content),
46
								'CONTENT' => $admin->strip_slashes_dummy($content),
47 47
								'WB_URL' => WB_URL,
48 48
								'ADMIN_URL' => ADMIN_URL,
49 49
								'TEXT_SAVE' => $TEXT['SAVE'],
trunk/wb/admin/pages/settings.php
79 79
$template->set_block('page', 'main_block', 'main');
80 80
$template->set_var(array(
81 81
								'PAGE_ID' => $results_array['page_id'],
82
								'PAGE_TITLE' => $admin->strip_slashes($results_array['page_title']),
83
								'MENU_TITLE' => $admin->strip_slashes($results_array['menu_title']),
84
								'DESCRIPTION' => $admin->strip_slashes($results_array['description']),
85
								'KEYWORDS' => $admin->strip_slashes($results_array['keywords']),
82
								'PAGE_TITLE' => $admin->strip_slashes_dummy($results_array['page_title']),
83
								'MENU_TITLE' => $admin->strip_slashes_dummy($results_array['menu_title']),
84
								'DESCRIPTION' => $admin->strip_slashes_dummy($results_array['description']),
85
								'KEYWORDS' => $admin->strip_slashes_dummy($results_array['keywords']),
86 86
								'MODIFIED_BY' => $user['display_name'],
87 87
								'MODIFIED_BY_USERNAME' => $user['username'],
88 88
								'MODIFIED_WHEN' => $modified_ts,
......
251 251
			for($i = 1; $i <= $page['level']; $i++) { $title_prefix .= ' - '; }
252 252
				$template->set_var(array(
253 253
												'ID' => $page['page_id'],
254
												'TITLE' => $admin->strip_slashes($title_prefix.$page['page_title'])
254
												'TITLE' => $admin->strip_slashes_dummy($title_prefix.$page['page_title'])
255 255
												)
256 256
										);
257 257
				if($results_array['parent'] == $page['page_id']) {
trunk/wb/admin/pages/index.php
150 150
				</td>
151 151
				<?php if($admin->get_permission('pages_modify') == true AND $can_modify == true) { ?>
152 152
				<td>
153
					<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>"><?php echo $admin->strip_slashes($page['page_title']); ?></a>
153
					<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>"><?php echo $admin->strip_slashes_dummy($page['page_title']); ?></a>
154 154
				</td>
155 155
				<?php } else { ?>
156 156
				<td>
157
					<?php	echo $admin->strip_slashes($page['page_title']); ?>
157
					<?php	echo $admin->strip_slashes_dummy($page['page_title']); ?>
158 158
				</td>
159 159
				<?php } ?>
160 160
				<td align="left" width="232">
161
					<font color="#999999"><?php echo $admin->strip_slashes($page['menu_title']); ?></font>
161
					<font color="#999999"><?php echo $admin->strip_slashes_dummy($page['menu_title']); ?></font>
162 162
				</td>
163 163
				<td align="center" valign="middle" width="90">
164 164
				<?php if($page['visibility'] == 'public') { ?>
......
446 446
			for($i = 1; $i <= $page['level']; $i++) { $title_prefix .= ' - '; }
447 447
				$template->set_var(array(
448 448
												'ID' => $page['page_id'],
449
												'TITLE' => $admin->strip_slashes($title_prefix.$page['page_title'])
449
												'TITLE' => $admin->strip_slashes_dummy($title_prefix.$page['page_title'])
450 450
												)
451 451
										);
452 452
				if($can_modify == true) {
trunk/wb/admin/pages/trash.php
141 141
				</td>
142 142
				<?php if($admin->get_permission('pages_modify') == true AND $can_modify == true AND $page['visibility'] != 'heading') { ?>
143 143
				<td>
144
					<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>"><?php echo $admin->strip_slashes($page['page_title']); ?></a>
144
					<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>"><?php echo $admin->strip_slashes_dummy($page['page_title']); ?></a>
145 145
				</td>
146 146
				<?php } else { ?>
147 147
				<td>
148 148
					<?php
149 149
					if($page['visibility'] != 'heading') {
150
						echo $admin->strip_slashes($page['page_title']);
150
						echo $admin->strip_slashes_dummy($page['page_title']);
151 151
					} else {
152
						echo '<b>'.$admin->strip_slashes($page['page_title']).'</b>';
152
						echo '<b>'.$admin->strip_slashes_dummy($page['page_title']).'</b>';
153 153
					}
154 154
					?>
155 155
				</td>
trunk/wb/admin/pages/sections.php
134 134
	</td>
135 135
	<td align="right">
136 136
		<?php echo $TEXT['CURRENT_PAGE']; ?>: 
137
		<b><?php echo $admin->strip_slashes($results_array['page_title']); ?></b>
137
		<b><?php echo $admin->strip_slashes_dummy($results_array['page_title']); ?></b>
138 138
		-
139 139
		<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page_id; ?>"><?php echo $HEADING['MODIFY_PAGE']; ?></a>
140 140
		-
trunk/wb/admin/pages/modify.php
81 81
$template->set_block('page', 'main_block', 'main');
82 82
$template->set_var(array(
83 83
								'PAGE_ID' => $results_array['page_id'],
84
								'PAGE_TITLE' => $admin->strip_slashes($results_array['page_title']),
84
								'PAGE_TITLE' => $admin->strip_slashes_dummy($results_array['page_title']),
85 85
								'MODIFIED_BY' => $user['display_name'],
86 86
								'MODIFIED_BY_USERNAME' => $user['username'],
87 87
								'MODIFIED_WHEN' => $modified_ts,
trunk/wb/admin/pages/add.php
77 77
$database = new database();
78 78
$get_same_page = $database->query("SELECT page_id FROM ".TABLE_PREFIX."pages WHERE link = '$link'");
79 79
if($get_same_page->numRows() > 0) {
80
	$admin->print_error($MESSAGE['PAGES']['PAGE_EXISTS']);
80
	$admin->print_error("database");
81
//	$admin->print_error($MESSAGE['PAGES']['PAGE_EXISTS']);
81 82
} elseif(file_exists(WB_PATH.PAGES_DIRECTORY.$link.'.php')) {
82
	$admin->print_error($MESSAGE['PAGES']['PAGE_EXISTS']);
83
	$admin->print_error(WB_PATH.PAGES_DIRECTORY.$link.'.php');
84
//	$admin->print_error($MESSAGE['PAGES']['PAGE_EXISTS']);
83 85
} elseif(file_exists(WB_PATH.PAGES_DIRECTORY.$link.'/')) {
84
	$admin->print_error($MESSAGE['PAGES']['PAGE_EXISTS']);
86
	$admin->print_error("dir");
87
//	$admin->print_error($MESSAGE['PAGES']['PAGE_EXISTS']);
85 88
}
86 89

  
87 90
// Include the ordering class
trunk/wb/admin/settings/index.php
45 45
$results = $database->query($query);
46 46
while($setting = $results->fetchRow()) {
47 47
	$setting_name = $setting['name'];
48
	$setting_value = htmlspecialchars($admin->strip_slashes($setting['value']));
48
	$setting_value = htmlspecialchars($admin->strip_slashes_dummy($setting['value']));
49 49
	switch($setting_name) {
50 50
		// Website title
51 51
		case 'title':
......
79 79
$results = $database->query($query);
80 80
while($setting = $results->fetchRow()) {
81 81
	$setting_name = $setting['name'];
82
	$setting_value = htmlspecialchars($admin->strip_slashes($setting['value']));
82
	$setting_value = htmlspecialchars($admin->strip_slashes_dummy($setting['value']));
83 83
	switch($setting_name) {
84 84
		// Search header
85 85
		case 'header':
......
463 463
}
464 464

  
465 465
// Insert WYSIWYG style value into template
466
$template->set_var('WYSIWYG_STYLE', $admin->strip_slashes(WYSIWYG_STYLE));
466
$template->set_var('WYSIWYG_STYLE', $admin->strip_slashes_dummy(WYSIWYG_STYLE));
467 467

  
468 468
// Insert Server Email value into template
469 469
$template->set_var('SERVER_EMAIL', SERVER_EMAIL);
trunk/wb/modules/wrapper/view.php
26 26
// Get url
27 27
$get_settings = $database->query("SELECT url,height FROM ".TABLE_PREFIX."mod_wrapper WHERE section_id = '$section_id'");
28 28
$fetch_settings = $get_settings->fetchRow();
29
$url = $this->strip_slashes($fetch_settings['url']);
29
$url = $this->strip_slashes_dummy($fetch_settings['url']);
30 30

  
31 31
?>
32 32
<iframe src="<?php echo $url; ?>" width="100%" height="<?php echo $fetch_settings['height']; ?>px" frameborder="0" scrolling="auto">
trunk/wb/modules/wrapper/modify.php
32 32
$query = "SELECT url,height FROM ".TABLE_PREFIX."mod_wrapper WHERE section_id = '$section_id'";
33 33
$get_settings = $database->query($query);
34 34
$settings = $get_settings->fetchRow();
35
$url = $admin->strip_slashes($settings['url']);
35
$url = $admin->strip_slashes_dummy($settings['url']);
36 36
$height = $settings['height'];
37 37

  
38 38
// Insert vars
trunk/wb/modules/menu_link/modify.php
32 32
$query_info = "SELECT link,target FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'";
33 33
$get_info = $database->query($query_info);
34 34
$fetch_info = $get_info->fetchRow();
35
$link = $admin->strip_slashes($fetch_info['link']);
35
$link = $admin->strip_slashes_dummy($fetch_info['link']);
36 36
$target = $fetch_info['target'];
37 37

  
38 38
// Insert vars
trunk/wb/modules/wysiwyg/view.php
26 26
// Get content
27 27
$get_content = $database->query("SELECT content FROM ".TABLE_PREFIX."mod_wysiwyg WHERE section_id = '$section_id'");
28 28
$fetch_content = $get_content->fetchRow();
29
$content = $this->strip_slashes($fetch_content['content']);
29
$content = $this->strip_slashes_dummy($fetch_content['content']);
30 30

  
31 31
$this->preprocess($content);
32 32

  
trunk/wb/modules/wysiwyg/modify.php
29 29
$query = "SELECT content FROM ".TABLE_PREFIX."mod_wysiwyg WHERE section_id = '$section_id'";
30 30
$get_content = $database->query($query);
31 31
$content = $get_content->fetchRow();
32
$content = $admin->strip_slashes(htmlspecialchars($content['content']));
32
$content = $admin->strip_slashes_dummy(htmlspecialchars($content['content']));
33 33

  
34 34
// Load HTMLArea
35 35
if(!isset($loaded_htmlarea)) {
......
55 55
		echo 'var editor = new HTMLArea("content'.$wysiwyg_section["section_id"].'");'
56 56
			. 'editor.registerPlugin(ContextMenu);'
57 57
			. 'editor.registerPlugin(TableOperations);'
58
			. 'editor.config.pageStyle = "body { '.$admin->strip_slashes(WYSIWYG_STYLE).' }";'
58
			. 'editor.config.pageStyle = "body { '.$admin->strip_slashes_dummy(WYSIWYG_STYLE).' }";'
59 59
			. 'editor.generate();';
60 60
		}
61 61
	}
trunk/wb/modules/form/modify_field.php
63 63
<tr>
64 64
	<td width="80"><?php echo $TEXT['TITLE']; ?>:</td>
65 65
	<td>
66
		<input type="text" name="title" value="<?php echo htmlspecialchars($admin->strip_slashes($form['title'])); ?>" style="width: 100%;" maxlength="255" />
66
		<input type="text" name="title" value="<?php echo htmlspecialchars($admin->strip_slashes_dummy($form['title'])); ?>" style="width: 100%;" maxlength="255" />
67 67
	</td>
68 68
</tr>
69 69
<tr>
......
86 86
	<tr>
87 87
		<td valign="top"><?php echo $TEXT['TEMPLATE']; ?>:</td>
88 88
		<td>
89
		<textarea name="template" style="width: 100%; height: 20px;"><?php echo htmlspecialchars($admin->strip_slashes($form['extra'])); ?></textarea>
89
		<textarea name="template" style="width: 100%; height: 20px;"><?php echo htmlspecialchars($admin->strip_slashes_dummy($form['extra'])); ?></textarea>
90 90
		</td>
91 91
	</tr>
92 92
	<?php } elseif($type == 'textfield') { ?>
trunk/wb/modules/form/modify_settings.php
58 58
<tr>
59 59
	<td class="setting_name" width="220"><?php echo $TEXT['HEADER']; ?>:</td>
60 60
	<td class="setting_name">
61
		<textarea name="header" style="width: 100%; height: 80px;"><?php echo $admin->strip_slashes($setting['header']); ?></textarea>
61
		<textarea name="header" style="width: 100%; height: 80px;"><?php echo $admin->strip_slashes_dummy($setting['header']); ?></textarea>
62 62
	</td>
63 63
</tr>
64 64
<tr>
65 65
	<td class="setting_name"><?php echo $TEXT['FIELD'].' '.$TEXT['LOOP']; ?>:</td>
66 66
	<td class="setting_name">
67
		<textarea name="field_loop" style="width: 100%; height: 60px;"><?php echo $admin->strip_slashes($setting['field_loop']); ?></textarea>
67
		<textarea name="field_loop" style="width: 100%; height: 60px;"><?php echo $admin->strip_slashes_dummy($setting['field_loop']); ?></textarea>
68 68
	</td>
69 69
</tr>
70 70
<tr>
71 71
	<td class="setting_name"><?php echo $TEXT['FOOTER']; ?>:</td>
72 72
	<td class="setting_name">
73
		<textarea name="footer" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($setting['footer'])); ?></textarea>
73
		<textarea name="footer" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($setting['footer'])); ?></textarea>
74 74
	</td>
75 75
</tr>
76 76
<tr>
77 77
	<td class="setting_name"><?php echo $TEXT['EMAIL'].' '.$TEXT['TO']; ?>:</td>
78 78
	<td class="setting_name">
79
		<textarea name="email_to" style="width: 100%; height: 30px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($setting['email_to'])); ?></textarea>
79
		<textarea name="email_to" style="width: 100%; height: 30px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($setting['email_to'])); ?></textarea>
80 80
	</td>
81 81
</tr>
82 82
<tr>
......
85 85
		<select name="email_from_field" style="width: 100%;">
86 86
			<option value="" onclick="javascript: document.getElementById('email_from').style.display = 'block';"><?php echo $TEXT['CUSTOM']; ?>:</option>
87 87
			<?php
88
			$email_from_value = str_replace($raw, $friendly, $admin->strip_slashes($setting['email_from']));
88
			$email_from_value = str_replace($raw, $friendly, $admin->strip_slashes_dummy($setting['email_from']));
89 89
			$query_email_fields = $database->query("SELECT field_id,title FROM ".TABLE_PREFIX."mod_form_fields ORDER BY position ASC");
90 90
			if($query_email_fields->numRows() > 0) {
91 91
				while($field = $query_email_fields->fetchRow()) {
......
104 104
<tr>
105 105
	<td class="setting_name"><?php echo $TEXT['EMAIL'].' '.$TEXT['SUBJECT']; ?>:</td>
106 106
	<td class="setting_name">
107
		<input type="text" name="email_subject" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, $admin->strip_slashes($setting['email_subject'])); ?>" />
107
		<input type="text" name="email_subject" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($setting['email_subject'])); ?>" />
108 108
	</td>
109 109
</tr>
110 110
<tr>
111 111
	<td class="setting_name"><?php echo $TEXT['SUCCESS'].' '.$TEXT['MESSAGE']; ?>:</td>
112 112
	<td class="setting_name">
113
		<textarea name="success_message" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($setting['success_message'])); ?></textarea>
113
		<textarea name="success_message" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($setting['success_message'])); ?></textarea>
114 114
	</td>
115 115
</tr>
116 116
<tr>
117 117
	<td class="setting_name"><?php echo $TEXT['MAX_SUBMISSIONS_PER_HOUR']; ?>:</td>
118 118
	<td class="setting_name">
119
		<input type="text" name="max_submissions" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, $admin->strip_slashes($setting['max_submissions'])); ?>" />
119
		<input type="text" name="max_submissions" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($setting['max_submissions'])); ?>" />
120 120
	</td>
121 121
</tr>
122 122
<tr>
123 123
	<td class="setting_name"><?php echo $TEXT['SUBMISSIONS_STORED_IN_DATABASE']; ?>:</td>
124 124
	<td class="setting_name">
125
		<input type="text" name="stored_submissions" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, $admin->strip_slashes($setting['stored_submissions'])); ?>" />
125
		<input type="text" name="stored_submissions" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($setting['stored_submissions'])); ?>" />
126 126
	</td>
127 127
</tr>
128 128
</table>
trunk/wb/modules/form/view.php
113 113
$query_settings = $database->query("SELECT header,field_loop,footer FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
114 114
if($query_settings->numRows() > 0) {
115 115
	$fetch_settings = $query_settings->fetchRow();
116
	$header = $this->strip_slashes($fetch_settings['header']);
117
	$field_loop = $this->strip_slashes($fetch_settings['field_loop']);
118
	$footer = $this->strip_slashes($fetch_settings['footer']);
116
	$header = $this->strip_slashes_dummy($fetch_settings['header']);
117
	$field_loop = $this->strip_slashes_dummy($fetch_settings['field_loop']);
118
	$footer = $this->strip_slashes_dummy($fetch_settings['footer']);
119 119
} else {
120 120
	$header = '';
121 121
	$field_loop = '';
......
136 136
	while($field = $query_fields->fetchRow()) {
137 137
		// Set field values
138 138
		$field_id = $field['field_id'];
139
		$value = $this->strip_slashes($field['value']);
139
		$value = $this->strip_slashes_dummy($field['value']);
140 140
		// Print field_loop after replacing vars with values
141 141
		$vars = array('{TITLE}', '{REQUIRED}');
142 142
		$values = array($field['title']);
......
198 198
	$query_settings = $database->query("SELECT email_to,email_from,email_subject,success_message,max_submissions,stored_submissions FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
199 199
	if($query_settings->numRows() > 0) {
200 200
		$fetch_settings = $query_settings->fetchRow();
201
		$email_to = $this->strip_slashes($fetch_settings['email_to']);
202
		$email_from = $this->strip_slashes($fetch_settings['email_from']);
201
		$email_to = $this->strip_slashes_dummy($fetch_settings['email_to']);
202
		$email_from = $this->strip_slashes_dummy($fetch_settings['email_from']);
203 203
		if(substr($email_from, 0, 5) == 'field') {
204 204
			// Set the email from field to what the user entered in the specified field
205 205
			$email_from = $this->add_slashes($_POST[$email_from]);
206 206
		}
207
		$email_subject = $this->strip_slashes($fetch_settings['email_subject']);
208
		$success_message = $this->strip_slashes($fetch_settings['success_message']);
209
		$max_submissions = $this->strip_slashes($fetch_settings['max_submissions']);
210
		$stored_submissions = $this->strip_slashes($fetch_settings['stored_submissions']);
207
		$email_subject = $this->strip_slashes_dummy($fetch_settings['email_subject']);
208
		$success_message = $this->strip_slashes_dummy($fetch_settings['success_message']);
209
		$max_submissions = $this->strip_slashes_dummy($fetch_settings['max_submissions']);
210
		$stored_submissions = $this->strip_slashes_dummy($fetch_settings['stored_submissions']);
211 211
	} else {
212 212
		exit($TEXT['UNDER_CONSTRUCTION']);
213 213
	}
......
231 231
					} elseif (!is_array($_POST['field'.$field['field_id']])) {
232 232
					$email_body .= '
233 233
					
234
	'.$this->strip_slashes($field['title']).': '.$_POST['field'.$field['field_id']]."\n";
234
	'.$this->strip_slashes_dummy($field['title']).': '.$_POST['field'.$field['field_id']]."\n";
235 235
					} else {
236 236
						$email_body .= '
237 237
					
238
	'.$this->strip_slashes($field['title']).": \n";
238
	'.$this->strip_slashes_dummy($field['title']).": \n";
239 239
						foreach ($_POST['field'.$field['field_id']] as $k=>$v) {
240 240
							$email_body .= '
241 241
					
......
243 243
						}
244 244
					}
245 245
				} elseif($field['required'] == 1) {
246
				$required[] = $this->strip_slashes($field['title']);
246
				$required[] = $this->strip_slashes_dummy($field['title']);
247 247
				}
248 248
			}
249 249
		}
trunk/wb/modules/form/view_submission.php
75 75
</tr>
76 76
<tr>
77 77
	<td colspan="2">
78
		<?php echo $admin->strip_slashes(str_replace('\n', '<br />', $submission['body'])); ?>
78
		<?php echo $admin->strip_slashes_dummy(str_replace('\n', '<br />', $submission['body'])); ?>
79 79
	</td>
80 80
</tr>
81 81
</table>
trunk/wb/modules/code/view.php
26 26
// Get content
27 27
$get_content = $database->query("SELECT content FROM ".TABLE_PREFIX."mod_code WHERE section_id = '$section_id'");
28 28
$fetch_content = $get_content->fetchRow();
29
$content = $this->strip_slashes($fetch_content['content']);
29
$content = $this->strip_slashes_dummy($fetch_content['content']);
30 30
eval($content);
31 31

  
32 32
?>
trunk/wb/modules/code/modify.php
32 32
$query = "SELECT content FROM ".TABLE_PREFIX."mod_code WHERE section_id = '$section_id'";
33 33
$get_content = $database->query($query);
34 34
$content = $get_content->fetchRow();
35
$content = $admin->strip_slashes(htmlspecialchars($content['content']));
35
$content = $admin->strip_slashes_dummy(htmlspecialchars($content['content']));
36 36

  
37 37
// Insert vars
38 38
$template->set_var(array(
trunk/wb/modules/news/modify_post.php
51 51
function initEditor() {
52 52
	var editor = new HTMLArea("short");
53 53
	editor.registerPlugin(ContextMenu);
54
	editor.config.pageStyle = "body { <?php echo $admin->strip_slashes(WYSIWYG_STYLE); ?> }";
54
	editor.config.pageStyle = "body { <?php echo $admin->strip_slashes_dummy(WYSIWYG_STYLE); ?> }";
55 55
	editor.generate();
56 56
	var editor = new HTMLArea("long");
57 57
	editor.registerPlugin(ContextMenu);
58 58
	editor.registerPlugin(TableOperations);
59
	editor.config.pageStyle = "body { <?php echo $admin->strip_slashes(WYSIWYG_STYLE); ?> }";
59
	editor.config.pageStyle = "body { <?php echo $admin->strip_slashes_dummy(WYSIWYG_STYLE); ?> }";
60 60
	editor.generate();
61 61
}
62 62
</script>
......
72 72
<tr>
73 73
	<td width="80"><?php echo $TEXT['TITLE']; ?>:</td>
74 74
	<td>
75
		<input type="text" name="title" value="<?php echo $admin->strip_slashes(htmlspecialchars($fetch_content['title'])); ?>" style="width: 100%;" maxlength="255" />
75
		<input type="text" name="title" value="<?php echo $admin->strip_slashes_dummy(htmlspecialchars($fetch_content['title'])); ?>" style="width: 100%;" maxlength="255" />
76 76
	</td>
77 77
</tr>
78 78
<tr>
......
121 121
<tr>
122 122
	<td valign="top"><?php echo $TEXT['SHORT']; ?>:</td>
123 123
	<td>
124
		<textarea name="short" id="short" style="width: 100%; height: 135px;"><?php echo htmlspecialchars($admin->strip_slashes($fetch_content['short'])); ?></textarea>
124
		<textarea name="short" id="short" style="width: 100%; height: 135px;"><?php echo htmlspecialchars($admin->strip_slashes_dummy($fetch_content['short'])); ?></textarea>
125 125
	</td>
126 126
</tr>
127 127
<tr>
128 128
	<td valign="top"><?php echo $TEXT['LONG']; ?>:</td>
129 129
	<td>
130
		<textarea name="long" id="long" style="width: 100%; height: 300px;"><?php echo htmlspecialchars($admin->strip_slashes($fetch_content['long'])); ?></textarea>
130
		<textarea name="long" id="long" style="width: 100%; height: 300px;"><?php echo htmlspecialchars($admin->strip_slashes_dummy($fetch_content['long'])); ?></textarea>
131 131
	</td>
132 132
</tr>
133 133
</table>
trunk/wb/modules/news/comment_page.php
35 35
	// Print comments page
36 36
	$vars = array('[POST_TITLE]', '[ACTION_URL]');
37 37
	$values = array(POST_TITLE, WB_URL.'/modules/news/submit_comment.php?page_id='.PAGE_ID.'&section_id='.SECTION_ID.'&post_id='.POST_ID);
38
	echo str_replace($vars, $values, $this->strip_slashes($settings['comments_page']));
38
	echo str_replace($vars, $values, $this->strip_slashes_dummy($settings['comments_page']));
39 39
}
40 40

  
41 41
?>
trunk/wb/modules/news/modify_group.php
51 51
<tr>
52 52
	<td width="80"><?php echo $TEXT['TITLE']; ?>:</td>
53 53
	<td>
54
		<input type="text" name="title" value="<?php echo $admin->strip_slashes(htmlspecialchars($fetch_content['title'])); ?>" style="width: 100%;" maxlength="255" />
54
		<input type="text" name="title" value="<?php echo $admin->strip_slashes_dummy(htmlspecialchars($fetch_content['title'])); ?>" style="width: 100%;" maxlength="255" />
55 55
	</td>
56 56
</tr>
57 57
<tr>
trunk/wb/modules/news/modify_settings.php
53 53
<tr>
54 54
	<td class="setting_name" width="100"><?php echo $TEXT['HEADER']; ?>:</td>
55 55
	<td class="setting_name">
56
		<textarea name="header" style="width: 100%; height: 80px;"><?php echo $admin->strip_slashes($fetch_content['header']); ?></textarea>
56
		<textarea name="header" style="width: 100%; height: 80px;"><?php echo $admin->strip_slashes_dummy($fetch_content['header']); ?></textarea>
57 57
	</td>
58 58
</tr>
59 59
<tr>
60 60
	<td class="setting_name"><?php echo $TEXT['POST'].' '.$TEXT['LOOP']; ?>:</td>
61 61
	<td class="setting_name">
62
		<textarea name="post_loop" style="width: 100%; height: 60px;"><?php echo $admin->strip_slashes($fetch_content['post_loop']); ?></textarea>
62
		<textarea name="post_loop" style="width: 100%; height: 60px;"><?php echo $admin->strip_slashes_dummy($fetch_content['post_loop']); ?></textarea>
63 63
	</td>
64 64
</tr>
65 65
<tr>
66 66
	<td class="setting_name"><?php echo $TEXT['FOOTER']; ?>:</td>
67 67
	<td class="setting_name">
68
		<textarea name="footer" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($fetch_content['footer'])); ?></textarea>
68
		<textarea name="footer" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($fetch_content['footer'])); ?></textarea>
69 69
	</td>
70 70
</tr>
71 71
<tr>
72 72
	<td class="setting_name"><?php echo $TEXT['POST_HEADER']; ?>:</td>
73 73
	<td class="setting_name">
74
		<textarea name="post_header" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($fetch_content['post_header'])); ?></textarea>
74
		<textarea name="post_header" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($fetch_content['post_header'])); ?></textarea>
75 75
	</td>
76 76
</tr>
77 77
<tr>
78 78
	<td class="setting_name"><?php echo $TEXT['POST_FOOTER']; ?>:</td>
79 79
	<td class="setting_name">
80
		<textarea name="post_footer" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($fetch_content['post_footer'])); ?></textarea>
80
		<textarea name="post_footer" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($fetch_content['post_footer'])); ?></textarea>
81 81
	</td>
82 82
</tr>
83 83
<tr>
......
130 130
<tr>
131 131
	<td class="setting_name"><?php echo $TEXT['COMMENTS'].' '.$TEXT['HEADER']; ?>:</td>
132 132
	<td class="setting_name">
133
		<textarea name="comments_header" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($fetch_content['comments_header'])); ?></textarea>
133
		<textarea name="comments_header" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($fetch_content['comments_header'])); ?></textarea>
134 134
	</td>
135 135
</tr>
136 136
<tr>
137 137
	<td class="setting_name"><?php echo $TEXT['COMMENTS'].' '.$TEXT['LOOP']; ?>:</td>
138 138
	<td class="setting_name">
139
		<textarea name="comments_loop" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($fetch_content['comments_loop'])); ?></textarea>
139
		<textarea name="comments_loop" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($fetch_content['comments_loop'])); ?></textarea>
140 140
	</td>
141 141
</tr>
142 142
<tr>
143 143
	<td class="setting_name"><?php echo $TEXT['COMMENTS'].' '.$TEXT['FOOTER']; ?>:</td>
144 144
	<td class="setting_name">
145
		<textarea name="comments_footer" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($fetch_content['comments_footer'])); ?></textarea>
145
		<textarea name="comments_footer" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($fetch_content['comments_footer'])); ?></textarea>
146 146
	</td>
147 147
</tr>
148 148
<tr>
149 149
	<td class="setting_name"><?php echo $TEXT['COMMENTS'].' '.$TEXT['PAGE']; ?>:</td>
150 150
	<td class="setting_name">
151
		<textarea name="comments_page" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($fetch_content['comments_page'])); ?></textarea>
151
		<textarea name="comments_page" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($fetch_content['comments_page'])); ?></textarea>
152 152
	</td>
153 153
</tr>
154 154
</table>
trunk/wb/modules/news/modify_comment.php
52 52
<tr>
53 53
	<td width="80"><?php echo $TEXT['TITLE']; ?>:</td>
54 54
	<td>
55
		<input type="text" name="title" value="<?php echo $admin->strip_slashes(htmlspecialchars($fetch_content['title'])); ?>" style="width: 100%;" maxlength="255" />
55
		<input type="text" name="title" value="<?php echo $admin->strip_slashes_dummy(htmlspecialchars($fetch_content['title'])); ?>" style="width: 100%;" maxlength="255" />
56 56
	</td>
57 57
</tr>
58 58
<tr>
59 59
	<td valign="top"><?php echo $TEXT['COMMENT']; ?>:</td>
60 60
	<td>
61
		<textarea name="comment" style="width: 100%; height: 150px;"><?php echo $admin->strip_slashes(htmlspecialchars($fetch_content['comment'])); ?></textarea>
61
		<textarea name="comment" style="width: 100%; height: 150px;"><?php echo $admin->strip_slashes_dummy(htmlspecialchars($fetch_content['comment'])); ?></textarea>
62 62
	</td>
63 63
</tr>
64 64
</table>
trunk/wb/modules/news/view.php
55 55
	while($group = $query_users->fetchRow()) {
56 56
		// Insert user info into users array
57 57
		$group_id = $group['group_id'];
58
		$groups[$group_id]['title'] = $this->strip_slashes($group['title']);
58
		$groups[$group_id]['title'] = $this->strip_slashes_dummy($group['title']);
59 59
		$groups[$group_id]['active'] = $group['active'];
60 60
		if(file_exists(WB_PATH.MEDIA_DIRECTORY.'/.news/image'.$group_id.'.jpg')) {
61 61
			$groups[$group_id]['image'] = WB_URL.MEDIA_DIRECTORY.'/.news/image'.$group_id.'.jpg';
......
82 82
	$query_settings = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_news_settings WHERE section_id = '$section_id'");
83 83
	if($query_settings->numRows() > 0) {
84 84
		$fetch_settings = $query_settings->fetchRow();
85
		$setting_header = $this->strip_slashes($fetch_settings['header']);
86
		$setting_post_loop = $this->strip_slashes($fetch_settings['post_loop']);
87
		$setting_footer = $this->strip_slashes($fetch_settings['footer']);
85
		$setting_header = $this->strip_slashes_dummy($fetch_settings['header']);
86
		$setting_post_loop = $this->strip_slashes_dummy($fetch_settings['post_loop']);
87
		$setting_footer = $this->strip_slashes_dummy($fetch_settings['footer']);
88 88
		$setting_posts_per_page = $fetch_settings['posts_per_page'];
89 89
	} else {
90 90
		$setting_header = '';
......
185 185
				if($group_image == '') { $display_image = 'none'; } else { $display_image = ''; }
186 186
				if($group_id == 0) { $display_group = 'none'; } else { $display_group = ''; }
187 187
				// Replace [wblink--PAGE_ID--] with real link
188
				$short = $this->strip_slashes($post['short']);
188
				$short = $this->strip_slashes_dummy($post['short']);
189 189
				$this->preprocess($short);
190 190
				// Replace vars with values
191 191
				$vars = array('[PAGE_TITLE]', '[GROUP_ID]', '[GROUP_TITLE]', '[GROUP_IMAGE]', '[DISPLAY_GROUP]', '[DISPLAY_IMAGE]', '[TITLE]', '[SHORT]', '[LINK]', '[DATE]', '[TIME]', '[USER_ID]', '[USERNAME]', '[DISPLAY_NAME]', '[EMAIL]', '[TEXT_READ_MORE]');
192 192
				if(isset($users[$uid]['username']) AND $users[$uid]['username'] != '') {
193
					$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes($post['title']), $short, $post_link, $post_date, $post_time, $uid, $users[$uid]['username'], $users[$uid]['display_name'], $users[$uid]['email'], $TEXT['READ_MORE']);
193
					$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes_dummy($post['title']), $short, $post_link, $post_date, $post_time, $uid, $users[$uid]['username'], $users[$uid]['display_name'], $users[$uid]['email'], $TEXT['READ_MORE']);
194 194
				} else {
195
					$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes($post['title']), $short, $post_link, $post_date, $post_time, '', '', '', '', $TEXT['READ_MORE']);
195
					$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes_dummy($post['title']), $short, $post_link, $post_date, $post_time, '', '', '', '', $TEXT['READ_MORE']);
196 196
				}
197 197
				echo str_replace($vars, $values, $setting_post_loop);
198 198
			}
......
212 212
	$query_settings = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_news_settings WHERE section_id = '$section_id'");
213 213
	if($query_settings->numRows() > 0) {
214 214
		$fetch_settings = $query_settings->fetchRow();
215
		$setting_post_header = $this->strip_slashes($fetch_settings['post_header']);
216
		$setting_post_footer = $this->strip_slashes($fetch_settings['post_footer']);
217
		$setting_comments_header = $this->strip_slashes($fetch_settings['comments_header']);
218
		$setting_comments_loop = $this->strip_slashes($fetch_settings['comments_loop']);
219
		$setting_comments_footer = $this->strip_slashes($fetch_settings['comments_footer']);
215
		$setting_post_header = $this->strip_slashes_dummy($fetch_settings['post_header']);
216
		$setting_post_footer = $this->strip_slashes_dummy($fetch_settings['post_footer']);
217
		$setting_comments_header = $this->strip_slashes_dummy($fetch_settings['comments_header']);
218
		$setting_comments_loop = $this->strip_slashes_dummy($fetch_settings['comments_loop']);
219
		$setting_comments_footer = $this->strip_slashes_dummy($fetch_settings['comments_footer']);
220 220
	} else {
221 221
		$setting_post_header = '';
222 222
		$setting_post_footer = '';
......
258 258
			if($group_id == 0) { $display_group = 'none'; } else { $display_group = ''; }
259 259
			$vars = array('[PAGE_TITLE]', '[GROUP_ID]', '[GROUP_TITLE]', '[GROUP_IMAGE]', '[DISPLAY_GROUP]', '[DISPLAY_IMAGE]', '[TITLE]', '[SHORT]', '[BACK]', '[DATE]', '[TIME]', '[USER_ID]', '[USERNAME]', '[DISPLAY_NAME]', '[EMAIL]');
260 260
			if(isset($users[$uid]['username']) AND $users[$uid]['username'] != '') {
261
				$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes($post['title']), $this->strip_slashes($post['short']), $page_link, $post_date, $post_time, $uid, $users[$uid]['username'], $users[$uid]['display_name'], $users[$uid]['email']);
261
				$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes_dummy($post['title']), $this->strip_slashes_dummy($post['short']), $page_link, $post_date, $post_time, $uid, $users[$uid]['username'], $users[$uid]['display_name'], $users[$uid]['email']);
262 262
			} else {
263
				$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes($post['title']), $this->strip_slashes($post['short']), $page_link, $post_date, $post_time, '', '', '', '');
263
				$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes_dummy($post['title']), $this->strip_slashes_dummy($post['short']), $page_link, $post_date, $post_time, '', '', '', '');
264 264
			}
265
			$post_long = $this->strip_slashes($post['long']);
265
			$post_long = $this->strip_slashes_dummy($post['long']);
266 266
		}
267 267
	} else {
268 268
		header('Location: '.WB_URL.'/pages/');
......
290 290
		if($query_comments->numRows() > 0) {
291 291
			while($comment = $query_comments->fetchRow()) {
292 292
				// Display Comments without slashes, but with new-line characters
293
				$comment['comment'] = nl2br($this->strip_slashes($comment['comment']));
294
				$comment['title'] = $this->strip_slashes($comment['title']);
293
				$comment['comment'] = nl2br($this->strip_slashes_dummy($comment['comment']));
294
				$comment['title'] = $this->strip_slashes_dummy($comment['title']);
295 295
				// Print comments loop
296 296
				$commented_date = gmdate(DATE_FORMAT, $comment['commented_when']+TIMEZONE);
297 297
				$commented_time = gmdate(TIME_FORMAT, $comment['commented_when']+TIMEZONE);
298 298
				$uid = $comment['commented_by'];
299 299
				$vars = array('[TITLE]','[COMMENT]','[DATE]','[TIME]','[USER_ID]','[USERNAME]','[DISPLAY_NAME]', '[EMAIL]');
300 300
				if(isset($users[$uid]['username']) AND $users[$uid]['username'] != '') {
301
					$values = array($this->strip_slashes($comment['title']), $this->strip_slashes($comment['comment']), $commented_date, $commented_time, $uid, $this->strip_slashes($users[$uid]['username']), $this->strip_slashes($users[$uid]['display_name']), $this->strip_slashes($users[$uid]['email']));
301
					$values = array($this->strip_slashes_dummy($comment['title']), $this->strip_slashes_dummy($comment['comment']), $commented_date, $commented_time, $uid, $this->strip_slashes_dummy($users[$uid]['username']), $this->strip_slashes_dummy($users[$uid]['display_name']), $this->strip_slashes_dummy($users[$uid]['email']));
302 302
				} else {
303
					$values = array($this->strip_slashes($comment['title']), $this->strip_slashes($comment['comment']), $commented_date, $commented_time, '0', strtolower($TEXT['UNKNOWN']), $TEXT['UNKNOWN'], '');
303
					$values = array($this->strip_slashes_dummy($comment['title']), $this->strip_slashes_dummy($comment['comment']), $commented_date, $commented_time, '0', strtolower($TEXT['UNKNOWN']), $TEXT['UNKNOWN'], '');
304 304
				}
305 305
				echo str_replace($vars, $values, $setting_comments_loop);
306 306
			}
trunk/wb/modules/news/modify.php
65 65
			</td>
66 66
			<td>
67 67
				<a href="<?php echo WB_URL; ?>/modules/news/modify_post.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $post['post_id']; ?>">
68
					<?php echo $admin->strip_slashes($post['title']); ?>
68
					<?php echo $admin->strip_slashes_dummy($post['title']); ?>
69 69
				</a>
70 70
			</td>
71 71
			<td width="180">
......
74 74
				$query_title = $database->query("SELECT title FROM ".TABLE_PREFIX."mod_news_groups WHERE group_id = '".$post['group_id']."'");
75 75
				if($query_title->numRows() > 0) {
76 76
					$fetch_title = $query_title->fetchRow();
77
					echo $admin->strip_slashes($fetch_title['title']);
77
					echo $admin->strip_slashes_dummy($fetch_title['title']);
78 78
				} else {
79 79
					echo $TEXT['NONE'];
80 80
				}
trunk/wb/modules/admin.php
126 126
$template->set_block('page', 'main_block', 'main');
127 127
$template->set_var(array(
128 128
								'PAGE_ID' => $results_array['page_id'],
129
								'PAGE_TITLE' => $admin->strip_slashes($results_array['page_title']),
129
								'PAGE_TITLE' => $admin->strip_slashes_dummy($results_array['page_title']),
130 130
								'MODIFIED_BY' => $user['display_name'],
131 131
								'MODIFIED_BY_USERNAME' => $user['username'],
132 132
								'MODIFIED_WHEN' => $modified_ts,
trunk/wb/framework/class.admin.php
93 93
													'SECTION_NAME' => $MENU[strtoupper($this->section_name)],
94 94
													'INTERFACE_DIR' => ADMIN_URL.'/interface',
95 95
													'BODY_TAGS' => $body_tags,
96
													'WEBSITE_TITLE' => $this->strip_slashes($title['value']),
96
													'WEBSITE_TITLE' => $this->strip_slashes_dummy($title['value']),
97 97
													'TEXT_ADMINISTRATION' => $TEXT['ADMINISTRATION'],
98 98
													'VERSION' => VERSION
99 99
													)
trunk/wb/framework/class.wb.php
71 71

  
72 72
	// Modified addslashes function which takes into account magic_quotes
73 73
	function add_slashes($input) {
74
		return addslashes($input);		
75 74
		if ( get_magic_quotes_gpc() || ( !is_string($input) ) ) {
76 75
			return $input;
77 76
		}
......
88 87
		return $output;
89 88
	}
90 89

  
90
	function strip_slashes_dummy($input) {
91
		return $input;
92
	}
93

  
91 94
	// Escape backslashes for use with mySQL LIKE strings
92 95
	function escape_backslashes($input) {
93
		return str_replace("\\","\\\\",$output);
96
		return str_replace("\\","\\\\",$input);
94 97
	}
95 98

  
96 99
	// Get POST data
......
151 154

  
152 155
	// Get the current users display name
153 156
	function get_display_name() {
154
		return $this->strip_slashes($_SESSION['DISPLAY_NAME']);
157
		return $this->strip_slashes_dummy($_SESSION['DISPLAY_NAME']);
155 158
	}
156 159

  
157 160
	// Get the current users email address
trunk/wb/framework/class.frontend.php
72 72
				$content = fread($handle, filesize($filename));
73 73
				fclose($handle);
74 74
				$this->preprocess($content);
75
				echo $this->strip_slashes($content);
75
				echo $this->strip_slashes_dummy($content);
76 76
				return false;
77 77
			}
78 78
		}
......
140 140
			define('PAGE_ID', $this->page['page_id']);
141 141
			$this->page_id=$this->page['page_id'];
142 142
			// Page Title
143
			define('PAGE_TITLE', $this->strip_slashes($this->page['page_title']));
143
			define('PAGE_TITLE', $this->strip_slashes_dummy($this->page['page_title']));
144 144
			$this->page_title=PAGE_TITLE;
145 145
			// Menu Title
146
			$menu_title = $this->strip_slashes($this->page['menu_title']);
146
			$menu_title = $this->strip_slashes_dummy($this->page['menu_title']);
147 147
			if($menu_title != '') {
148 148
				define('MENU_TITLE', $menu_title);
149 149
			} else {
......
252 252
		while($setting = $get_settings->fetchRow()) {
253 253
			switch($setting['name']) {
254 254
				case 'title':
255
					define('WEBSITE_TITLE', $this->strip_slashes($setting['value']));
255
					define('WEBSITE_TITLE', $this->strip_slashes_dummy($setting['value']));
256 256
					$this->website_title=WEBSITE_TITLE;
257 257
				break;
258 258
				case 'description':
259 259
					if($page_description != '') {
260 260
						define('WEBSITE_DESCRIPTION', $page_description);
261 261
					} else {
262
						define('WEBSITE_DESCRIPTION', $this->strip_slashes($setting['value']));
262
						define('WEBSITE_DESCRIPTION', $this->strip_slashes_dummy($setting['value']));
263 263
					}
264 264
					$this->website_description=WEBSITE_DESCRIPTION;
265 265
				break;
266 266
				case 'keywords':
267 267
					if($page_keywords != '') {
268
						define('WEBSITE_KEYWORDS', $this->strip_slashes($setting['value']).' '.$page_keywords);
268
						define('WEBSITE_KEYWORDS', $this->strip_slashes_dummy($setting['value']).' '.$page_keywords);
269 269
					} else {
270
						define('WEBSITE_KEYWORDS', $this->strip_slashes($setting['value']));
270
						define('WEBSITE_KEYWORDS', $this->strip_slashes_dummy($setting['value']));
271 271
					}
272 272
					$this->website_keywords=WEBSITE_KEYWORDS;
273 273
				break;
274 274
				case 'header':
275
					define('WEBSITE_HEADER', $this->strip_slashes($setting['value']));
275
					define('WEBSITE_HEADER', $this->strip_slashes_dummy($setting['value']));
276 276
					$this->website_header=WEBSITE_HEADER;
277 277
				break;
278 278
				case 'footer':
279
					define('WEBSITE_FOOTER', $this->strip_slashes($setting['value']));
279
					define('WEBSITE_FOOTER', $this->strip_slashes_dummy($setting['value']));
280 280
					$this->website_footer=WEBSITE_FOOTER;
281 281
				break;
282 282
			}
......
390 390
	            $link = $this->page_link($page['link']);
391 391
	         }
392 392
	         // Create values
393
	         $values = array($class,'<a href="'.$link.'" target="'.$page['target'].'" '.$class.'>', '</a>', $this->strip_slashes($page['menu_title']), $this->strip_slashes($page['page_title']));
393
	         $values = array($class,'<a href="'.$link.'" target="'.$page['target'].'" '.$class.'>', '</a>', $this->strip_slashes_dummy($page['menu_title']), $this->strip_slashes_dummy($page['page_title']));
394 394
	         // Replace vars with value and print
395 395
	         echo "\n".str_replace($vars, $values, $this->menu_item_template);
396 396
	         // Generate sub-menu
trunk/wb/framework/functions.php
630 630
	$parent = $results_array['parent'];
631 631
	$level = $results_array['level'];
632 632
	$link = $results_array['link'];
633
	$page_title = $admin->strip_slashes($results_array['page_title']);
634
	$menu_title = $admin->strip_slashes($results_array['menu_title']);
633
	$page_title = $admin->strip_slashes_dummy($results_array['page_title']);
634
	$menu_title = $admin->strip_slashes_dummy($results_array['menu_title']);
635 635
	
636 636
	// Get the sections that belong to the page
637 637
	$query_sections = $database->query("SELECT section_id,module FROM ".TABLE_PREFIX."sections WHERE page_id = '$page_id'");

Also available in: Unified diff