Project

General

Profile

« Previous | Next » 

Revision 42

Added by stefan about 19 years ago

Changed most occurrences of strip_slashes to new dummy method strip_slashes_dummy.

View differences:

view.php
113 113 
$query_settings = $database->query("SELECT header,field_loop,footer FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
114 114 
if($query_settings->numRows() > 0) {
115 115 
	$fetch_settings = $query_settings->fetchRow();
116 
	$header = $this->strip_slashes($fetch_settings['header']);
117 
	$field_loop = $this->strip_slashes($fetch_settings['field_loop']);
118 
	$footer = $this->strip_slashes($fetch_settings['footer']);
116 
	$header = $this->strip_slashes_dummy($fetch_settings['header']);
117 
	$field_loop = $this->strip_slashes_dummy($fetch_settings['field_loop']);
118 
	$footer = $this->strip_slashes_dummy($fetch_settings['footer']);
119 119 
} else {
120 120 
	$header = '';
121 121 
	$field_loop = '';
......
136 136 
	while($field = $query_fields->fetchRow()) {
137 137 
		// Set field values
138 138 
		$field_id = $field['field_id'];
139 
		$value = $this->strip_slashes($field['value']);
139 
		$value = $this->strip_slashes_dummy($field['value']);
140 140 
		// Print field_loop after replacing vars with values
141 141 
		$vars = array('{TITLE}', '{REQUIRED}');
142 142 
		$values = array($field['title']);
......
198 198 
	$query_settings = $database->query("SELECT email_to,email_from,email_subject,success_message,max_submissions,stored_submissions FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
199 199 
	if($query_settings->numRows() > 0) {
200 200 
		$fetch_settings = $query_settings->fetchRow();
201 
		$email_to = $this->strip_slashes($fetch_settings['email_to']);
202 
		$email_from = $this->strip_slashes($fetch_settings['email_from']);
201 
		$email_to = $this->strip_slashes_dummy($fetch_settings['email_to']);
202 
		$email_from = $this->strip_slashes_dummy($fetch_settings['email_from']);
203 203 
		if(substr($email_from, 0, 5) == 'field') {
204 204 
			// Set the email from field to what the user entered in the specified field
205 205 
			$email_from = $this->add_slashes($_POST[$email_from]);
206 206 
		}
207 
		$email_subject = $this->strip_slashes($fetch_settings['email_subject']);
208 
		$success_message = $this->strip_slashes($fetch_settings['success_message']);
209 
		$max_submissions = $this->strip_slashes($fetch_settings['max_submissions']);
210 
		$stored_submissions = $this->strip_slashes($fetch_settings['stored_submissions']);
207 
		$email_subject = $this->strip_slashes_dummy($fetch_settings['email_subject']);
208 
		$success_message = $this->strip_slashes_dummy($fetch_settings['success_message']);
209 
		$max_submissions = $this->strip_slashes_dummy($fetch_settings['max_submissions']);
210 
		$stored_submissions = $this->strip_slashes_dummy($fetch_settings['stored_submissions']);
211 211 
	} else {
212 212 
		exit($TEXT['UNDER_CONSTRUCTION']);
213 213 
	}
......
231 231 
					} elseif (!is_array($_POST['field'.$field['field_id']])) {
232 232 
					$email_body .= '
233 233
234 
	'.$this->strip_slashes($field['title']).': '.$_POST['field'.$field['field_id']]."\n";
234 
	'.$this->strip_slashes_dummy($field['title']).': '.$_POST['field'.$field['field_id']]."\n";
235 235 
					} else {
236 236 
						$email_body .= '
237 237
238 
	'.$this->strip_slashes($field['title']).": \n";
238 
	'.$this->strip_slashes_dummy($field['title']).": \n";
239 239 
						foreach ($_POST['field'.$field['field_id']] as $k=>$v) {
240 240 
							$email_body .= '
241 241
......
243 243 
						}
244 244 
					}
245 245 
				} elseif($field['required'] == 1) {
246 
				$required[] = $this->strip_slashes($field['title']);
246 
				$required[] = $this->strip_slashes_dummy($field['title']);
247 247 
				}
248 248 
			}
249 249 
		}

Also available in: Unified diff