Context Navigation

Changeset 1748

Timestamp:

08/25/07 01:14:54 (14 months ago)

Author:

mbonetti

Message:

fix for #491 -- fix a couple possible XSS holes

Files:

r1745	r1748
885	885	$res = rss_query($sql);
886	886	list ($id, $title, $url, $siteurl, $parent, $descr, $icon, $mode, $daterefreshed, $dateadded) = rss_fetch_row($res);
	887	$title = htmlentities($title,ENT_QUOTES);
887	888	// get tags
888	889	$sql = "select t.tag from " . getTable('tag')." t "
…	…
973	974
974	975	// Description
975		$descr = trim(~~strip_tags($descr~~));
	976	$descr = trim(htmlentities(strip_tags($descr), ENT_QUOTES));
976	977	echo "<p><label for=\"c_descr\">". __('Description:') ."</label>\n"
977	978	."<input type=\"text\" id=\"c_descr\" name=\"c_descr\" value=\"$descr\" /></p>\n";