[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] news_admin/inc class.uinews.inc.php, 1.10.2.6.2.11
From: |
skwashd |
Subject: |
[Phpgroupware-cvs] news_admin/inc class.uinews.inc.php, 1.10.2.6.2.11 |
Date: |
Mon, 7 Nov 2005 01:00:00 +0100 |
Update of news_admin/inc
Modified Files:
Branch: Version-0_9_16-branch
class.uinews.inc.php lines: +14 -1
Log Message:
fix anti XSS side effect
====================================================
Index: news_admin/inc/class.uinews.inc.php
diff -u news_admin/inc/class.uinews.inc.php:1.10.2.6.2.10
news_admin/inc/class.uinews.inc.php:1.10.2.6.2.11
--- news_admin/inc/class.uinews.inc.php:1.10.2.6.2.10 Mon Dec 20 13:41:52 2004
+++ news_admin/inc/class.uinews.inc.php Mon Nov 7 00:00:35 2005
@@ -289,6 +289,13 @@
{
$errors[] = lang('The news content is
missing');
}
+
+ if ( !isset($GLOBALS['data_cleaner']) ||
!is_object($GLOBALS['data_cleaner']) )
+ {
+ $GLOBALS['data_cleaner'] =
createObject('phpgwapi.data_cleaner', '');
+ }
+ $this->news_data['content'] =
$GLOBALS['data_cleaner']->clean($GLOBALS['RAW_REQUEST']['news']['content'],
false);
+
if (!is_array($errors))
{
$this->news_data['date'] = time();
@@ -367,6 +374,12 @@
{
$errors[] = lang('The news content is
missing');
}
+
+ if ( !isset($GLOBALS['data_cleaner']) ||
!is_object($GLOBALS['data_cleaner']) )
+ {
+ $GLOBALS['data_cleaner'] =
createObject('phpgwapi.data_cleaner', '');
+ }
+ $this->news_data['content'] =
$GLOBALS['data_cleaner']->clean($GLOBALS['RAW_REQUEST']['news']['content'],
false);
if(!is_array($errors))
{
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] news_admin/inc class.uinews.inc.php, 1.10.2.6.2.11,
skwashd <=