[drydock] r251 committed - changed capcodes/filters to be properly escaped
dry...@googlecode.com
Author: all.star25
Date: Sat Jul 23 21:19:29 2011
Log: changed capcodes/filters to be properly escaped
http://code.google.com/p/drydock/source/detail?r=251
Modified:
/trunk/drydock/admin.php
/trunk/drydock/tpl/_admin/admincapcodes.tpl
/trunk/drydock/tpl/_admin/adminfilters.tpl
=======================================
--- /trunk/drydock/admin.php Sat Jul 23 12:53:01 2011
+++ /trunk/drydock/admin.php Sat Jul 23 21:19:29 2011
@@ -272,20 +272,11 @@
$capcodes = array();
$capcodes = $db->fetchBCW(THbcw_capcode);
- if(count($capcodes) > 0)
- {
- foreach ($capcodes as $capcode)
- {
- $capcode = replacequote($capcode);
- }
- }
- else
+ if(count($capcodes) <= 0)
{
$capcodes = null;
}
- //print_r($capcodes);
- //rebuild_capcodes();
$sm->assign("capcodes",$capcodes);
$sm->display("admincapcodes.tpl");
}
@@ -300,14 +291,7 @@
// Retrieve wordfilters
$filters = array();
$filters = $db->fetchBCW(THbcw_filter);
- if(count($filters) > 0)
- {
- foreach( $filters as $filter )
- {
- $filter = replacequote($filter);
- }
- }
- else
+ if(count($filters) <= 0)
{
$filters = null;
}
=======================================
--- /trunk/drydock/tpl/_admin/admincapcodes.tpl Fri Mar 18 00:43:29 2011
+++ /trunk/drydock/tpl/_admin/admincapcodes.tpl Sat Jul 23 21:19:29 2011
@@ -1,66 +1,66 @@
{include file=admin-head.tpl}
<title>{$THname} — Administration — Capcodes</title></head>
<body>
-<div id="main">
- <div class="box">
- <div class="pgtitle">
- Capcode Settings
- </div>
- <br />
- <div class="sslarge">
- {if $capcodes==null}
- There are currently no capcodes.
- {else}
- <form method="post" enctype="multipart/form-data"
action="admin.php?t=rc">
- <div>
- <table>
- <tr>
- <td>
- Remove?
- </td>
- <td>
- Capcode From
- </td>
- <td>
- Capcode To
- </td>
- <td>
- Notes
- </td>
- </tr>
- {foreach from=$capcodes item=capcodes}
- <tr>
- <td>
- <input type="checkbox"
name='del{$capcodes.id}' />
- <input type="hidden" name="id{$capcodes.id}" size="15"
value='{$capcodes.id}' />
- </td>
- <td>
- <input type="text" name="from{$capcodes.id}" size="10"
value='{$capcodes.capcodefrom}' />
- </td>
- <td>
- <input type="text" name="to{$capcodes.id}"
value='{$capcodes.capcodeto}' />
- </td>
- <td>
- <input type="text"
name="notes{$capcodes.id}" value='{$capcodes.notes}' />
- </td>
- </tr>
- {/foreach}
- </table>
- <input type="submit" value="Save capcodes" />
- </div>
- </form>
- {/if}
- <div class="pgtitle">
+ <div id="main">
+ <div class="box">
+ <div class="pgtitle">
+ Capcode Settings
+ </div>
+ <br />
+ <div class="sslarge">
+ {if $capcodes==null}
+ There are currently no capcodes.
+ {else}
+ <form method="post" enctype="multipart/form-data"
action="admin.php?t=rc">
+ <div>
+ <table>
+ <tr>
+ <td>
+ Remove?
+ </td>
+ <td>
+ Capcode From
+ </td>
+ <td>
+ Capcode To
+ </td>
+ <td>
+ Notes
+ </td>
+ </tr>
+ {foreach from=$capcodes item=capcodes}
+ <tr>
+ <td>
+ <input type="checkbox"
name='del{$capcodes.id}' />
+ <input type="hidden"
name="id{$capcodes.id}" size="15" value='{$capcodes.id|escape}' />
+ </td>
+ <td>
+ <input type="text"
name="from{$capcodes.id}" size="10" value='{$capcodes.capcodefrom|escape}'
/>
+ </td>
+ <td>
+ <input type="text"
name="to{$capcodes.id}" value='{$capcodes.capcodeto|escape}' />
+ </td>
+ <td>
+ <input type="text"
name="notes{$capcodes.id}" value='{$capcodes.notes|escape}' />
+ </td>
+ </tr>
+ {/foreach}
+ </table>
+ <input type="submit" value="Save capcodes" />
+ </div>
+ </form>
+ {/if}
+ <div class="pgtitle">
Add New Capcode
- </div>
- <br />
- <form method="post" enctype="multipart/form-data"
action="admin.php?t=ac">
- <div>
- Capcode: <input type="text" name="capcodefrom"
size="10" />
- Filters to: <input type="text" name="capcodeto"/>
- Notes: <input type="text" name="notes"/> <input type="submit"
value="Submit" />
</div>
- </form>
+ <br />
+ <form method="post" enctype="multipart/form-data"
action="admin.php?t=ac">
+ <div>
+ Capcode: <input type="text" name="capcodefrom"
size="10" />
+ Filters to: <input type="text" name="capcodeto"/>
+ Notes: <input type="text" name="notes"/> <input type="submit"
value="Submit" />
+ </div>
+ </form>
+ </div>
</div>
- </div>
-{include file=admin-foot.tpl}
+ {include file=admin-foot.tpl}
=======================================
--- /trunk/drydock/tpl/_admin/adminfilters.tpl Sat Feb 23 23:15:15 2008
+++ /trunk/drydock/tpl/_admin/adminfilters.tpl Sat Jul 23 21:19:29 2011
@@ -35,13 +35,13 @@
<input type="hidden" name="id{$filters.id}" size="15"
value='{$filters.id}' />
</td>
<td>
- <input type="text" name="from{$filters.id}" size="15"
value='{$filters.filterfrom}' />
+ <input type="text" name="from{$filters.id}" size="15"
value='{$filters.filterfrom|escape}' />
</td>
<td>
- <input type="text" name="to{$filters.id}"
size="40" value='{$filters.filterto}' />
+ <input type="text" name="to{$filters.id}"
size="40" value='{$filters.filterto|escape}' />
</td>
<td>
- <input type="text"
name="notes{$filters.id}" size="25" value='{$filters.notes}' />
+ <input type="text"
name="notes{$filters.id}" size="25" value='{$filters.notes|escape}' />
</td>
</tr>
{/foreach}