Project

General

Profile

« Previous | Next » 

Revision 656

Added by thorn over 17 years ago

Added some missing add_slashes(), get_post_escaped(), and strip_tags() for $_POST, $_GET and $_REQUEST-data. Also for $_SERVER['PHP_SELF'].

View differences:

settings2.php
41 41 

  		




  42
  42
  
    
// Get values


  		




  43
  43
  
    
$page_title = $admin->get_post_escaped('page_title');


  		




  44
  
  
    
$page_title = my_htmlspecialchars($page_title);


  		




  
  44
  
    
$page_title = htmlspecialchars($page_title);


  		




  45
  45
  
    
$menu_title = $admin->get_post_escaped('menu_title');


  		




  46
  
  
    
$menu_title = my_htmlspecialchars($menu_title);


  		




  47
  
  
    
$description = my_htmlspecialchars($admin->add_slashes($admin->get_post('description')));


  		




  48
  
  
    
$keywords = my_htmlspecialchars($admin->add_slashes($admin->get_post('keywords')));


  		




  49
  
  
    
$parent = $admin->get_post('parent');


  		




  50
  
  
    
$visibility = $admin->get_post('visibility');


  		




  51
  
  
    
$template = $admin->get_post('template');


  		




  52
  
  
    
$target = $admin->get_post('target');


  		




  53
  
  
    
$admin_groups = $admin->get_post('admin_groups');


  		




  54
  
  
    
$viewing_groups = $admin->get_post('viewing_groups');


  		




  55
  
  
    
$searching = $admin->get_post('searching');


  		




  56
  
  
    
$language = $admin->get_post('language');


  		




  57
  
  
    
$menu = $admin->get_post('menu');


  		




  
  46
  
    
$menu_title = htmlspecialchars($menu_title);


  		




  
  47
  
    
$description = htmlspecialchars($admin->add_slashes($admin->get_post('description')));


  		




  
  48
  
    
$keywords = htmlspecialchars($admin->add_slashes($admin->get_post('keywords')));


  		




  
  49
  
    
$parent = $admin->get_post_escaped('parent');


  		




  
  50
  
    
$visibility = $admin->get_post_escaped('visibility');


  		




  
  51
  
    
$template = $admin->get_post_escaped('template');


  		




  
  52
  
    
$target = $admin->get_post_escaped('target');


  		




  
  53
  
    
$admin_groups = $admin->get_post_escaped('admin_groups');


  		




  
  54
  
    
$viewing_groups = $admin->get_post_escaped('viewing_groups');


  		




  
  55
  
    
$searching = $admin->get_post_escaped('searching');


  		




  
  56
  
    
$language = $admin->get_post_escaped('language');


  		




  
  57
  
    
$menu = $admin->get_post_escaped('menu');


  		




  58
  58
  
    

  		




  59
  59
  
    
// Validate data


  		




  60
  60
  
    
if($page_title == '' || substr($page_title,0,1)=='.') {


  		












Also available in:  Unified diff