Changeset 1495 for trunk/gregarius/admin/folders.php

Timestamp:

06/13/06 08:57:24 (2 years ago)

Author:

mdodoo

Message:

Fixes #415, although there is a possibility that it introduces security problems, in which case we would need more sanitizer options.

Files:

• trunk/gregarius/admin/folders.php (modified) (2 diffs)

trunk/gregarius/admin/folders.php

@@ -213 +213 @@
     case CST_ADMIN_SUBMIT_EDIT:
         // TBD
-        $new_label = sanitize($_REQUEST['f_name'], RSS_SANITIZER_CHARACTERS_EXT);
+        $new_label = sanitize($_REQUEST['f_name'], RSS_SANITIZER_URL);
+        $new_label = rss_real_escape_string($new_label);
         if (is_numeric($fid) && strlen($new_label) > 0) {
 
@@ -229 +230 @@
     case LBL_ADMIN_ADD:
     case 'LBL_ADMIN_ADD':
-        $label=sanitize($_REQUEST['new_folder'],RSS_SANITIZER_CHARACTERS_EXT);
+        $label=sanitize($_REQUEST['new_folder'],RSS_SANITIZER_URL);
+        $new_label = rss_real_escape_string($new_label);
         assert(strlen($label) > 0);
         create_folder($label);