appdb/include filter.php
WineHQ
wineowner at wine.codeweavers.com
Thu Jan 4 22:59:04 CST 2007
ChangeSet ID: 30853
CVSROOT: /opt/cvs-commit
Module name: appdb
Changes by: wineowner at winehq.org 2007/01/04 22:59:04
Modified files:
include : filter.php
Log message:
Chris Morgan <cmorgan at alum.wpi.edu>
When filtering copy Xinha variables verbatim instead of stripping out html tags
Patch: http://cvs.winehq.org/patch.py?id=30853
Old revision New revision Changes Path
1.9 1.10 +11 -2 appdb/include/filter.php
Index: appdb/include/filter.php
diff -u -p appdb/include/filter.php:1.9 appdb/include/filter.php:1.10
--- appdb/include/filter.php:1.9 5 Jan 2007 4:59: 4 -0000
+++ appdb/include/filter.php 5 Jan 2007 4:59: 4 -0000
@@ -14,10 +14,19 @@ function filter_gpc()
// Special cases for variables that don't fit our filtering scheme
// don't filter the AppDB session cookie and MAX_FILE_SIZE
// and the DialogX values that xinha uses
- if($aKeys[$i] == "whq_appdb" || ($aKeys[$i] == "MAX_FILE_SIZE") || ($aKeys[$i] == "PHPSESSID")
- || (strpos($aKeys[$i], "Dialog") == 0) || (strpos($aKeys[$i], "pref_") == 0))
+ if(strpos($aKeys[$i], "Dialog") == 0) // Xinha variables
{
// copy the key over to the clean array
+ // NOTE: we do not strip html tags or trim any Xinha variables
+ // because Xinha is a html editor and removing html tags
+ // would break the ability to use Xinha to create or edit html
+ $aClean[$aKeys[$i]] = $_REQUEST[$aKeys[$i]];
+ continue; // go to the next entry
+ } else if($aKeys[$i] == "whq_appdb" || ($aKeys[$i] == "MAX_FILE_SIZE")
+ || ($aKeys[$i] == "PHPSESSID")
+ || (strpos($aKeys[$i], "pref_") == 0)) // other variables
+ {
+ // copy the key over to the clean array after stripping tags and trimming
$aClean[$aKeys[$i]] = trim(strip_tags($_REQUEST[$aKeys[$i]]));
continue; // go to the next entry
}
More information about the wine-cvs
mailing list