Revision 656
Added by thorn almost 17 years ago
| text.php | ||
|---|---|---|
| 39 | 39 |
$table = TABLE_PREFIX.'mod_captcha_control'; |
| 40 | 40 |
if($query = $database->query("SELECT ct_text FROM $table")) {
|
| 41 | 41 |
$data = $query->fetchRow(); |
| 42 |
$text_qa = $admin->strip_slashes($data['ct_text']);
|
|
| 42 |
$text_qa = $data['ct_text'];
|
|
| 43 | 43 |
} |
| 44 | 44 |
$content = explode("\n", $text_qa);
|
| 45 | 45 |
|
| ... | ... | |
| 47 | 47 |
while($s = current($content)) {
|
| 48 | 48 |
// get question |
| 49 | 49 |
$s=trim(rtrim(rtrim($s,"\n"),"\r")); // remove newline |
| 50 |
$s=$admin->strip_slashes($s); |
|
| 51 | 50 |
if($s=='' OR $s{0}!='?') {
|
| 52 | 51 |
next($content); |
| 53 | 52 |
continue; |
| ... | ... | |
| 66 | 65 |
// get answer |
| 67 | 66 |
$s=next($content); |
| 68 | 67 |
$s=trim(rtrim(rtrim($s,"\n"),"\r")); // remove newline |
| 69 |
$s=$admin->strip_slashes($s); |
|
| 70 | 68 |
if(isset($s{0}) && $s{0}=='!') {
|
| 71 | 69 |
$a=substr($s,1); |
| 72 | 70 |
$qa[$lang][$q]=$a; |
Also available in: Unified diff
Added some missing add_slashes(), get_post_escaped(), and strip_tags() for $_POST, $_GET and $_REQUEST-data. Also for $_SERVER['PHP_SELF'].