Changeset 1495

Show
Ignore:
Timestamp:
06/13/06 08:57:24 (2 years ago)
Author:
mdodoo
Message:

Fixes #415, although there is a possibility that it introduces security problems, in which case we would need more sanitizer options.

Files:
1 modified

Legend:

Unmodified
Added
Removed

  • trunk/gregarius/admin/folders.php

    r1295 r1495  
    213213    case CST_ADMIN_SUBMIT_EDIT: 
    214214        // TBD 
    215         $new_label = sanitize($_REQUEST['f_name'], RSS_SANITIZER_CHARACTERS_EXT); 
     215        $new_label = sanitize($_REQUEST['f_name'], RSS_SANITIZER_URL); 
     216        $new_label = rss_real_escape_string($new_label); 
    216217        if (is_numeric($fid) && strlen($new_label) > 0) { 
    217218 
     
    229230    case LBL_ADMIN_ADD: 
    230231    case 'LBL_ADMIN_ADD': 
    231         $label=sanitize($_REQUEST['new_folder'],RSS_SANITIZER_CHARACTERS_EXT); 
     232        $label=sanitize($_REQUEST['new_folder'],RSS_SANITIZER_URL); 
     233        $new_label = rss_real_escape_string($new_label); 
    232234        assert(strlen($label) > 0); 
    233235        create_folder($label);