Changeset 230 for branches/awmn/globals/functions.php

Timestamp:

01/09/2010 05:02:33 PM (2 years ago)

Author:

Acinonyx

Message:

[awmn] Escape HTML special characters

File:

• branches/awmn/globals/functions.php (modified) (4 diffs)

branches/awmn/globals/functions.php

@@ -4 +4 @@
  *
  * Copyright (C) 2005 Nikolaos Nikalexis <winner@cube.gr>
- * Copyright (C) 2009 Vasilis Tsiligiannis <b_tsiligiannis@silverton.gr>
+ * Copyright (C) 2009-2010 Vasilis Tsiligiannis <b_tsiligiannis@silverton.gr>
  * 
  * This program is free software; you can redistribute it and/or modify
@@ -39 +39 @@
 }
 
-function get_qs() {
+function get_qs($htmlspecialchars=TRUE) {
+        $ret = "";
         if ($_SERVER['REQUEST_METHOD'] == 'GET') {
-                return $_SERVER['QUERY_STRING'];
-        } else {
-                return $_POST['query_string'];
-        }
+                $ret = $_SERVER['QUERY_STRING'];
+        } else {
+                $ret = $_POST['query_string'];
+        }
+        return ($htmlspecialchars?htmlspecialchars($ret):$ret);
 }
 
@@ -105 +107 @@
         if(get('show_map') == "no") $o = array_merge($o,array("show_map" => "no"));
         if ($cur_qs == TRUE) {
-                parse_str(get_qs(), $qs);
+                parse_str(get_qs(FALSE), $qs);
                 $o = array_merge($o, $qs);
         }
@@ -338 +340 @@
         if ($gmap_key == '') return FALSE;
         
-        $main->html->head->add_script("text/javascript", "http://".$vars['gmap']['server']."/maps?file=api&v=".$vars['gmap']['api']."&key=".$gmap_key."&hl=".$lang["iso639"]);
+        $main->html->head->add_script("text/javascript", htmlspecialchars("http://".$vars['gmap']['server']."/maps?file=api&v=".$vars['gmap']['api']."&key=".$gmap_key."&hl=".$lang["iso639"]));
         $main->html->head->add_script("text/javascript", $javascript);
         $main->html->head->add_extra(