pioder/uf2
1
0
Fork 0
Code Releases Activity

replaced strip_tags() by htmlspecialchars() in most of POST variables

Browse Source 
added stripslashes() to POST variables while form is not sent
This commit is contained in:
Piotr Dergun
2015-02-15 22:42:46 +01:00
parent 9bae4628a0
commit 5899fffb29
4 changed files with 49 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
inc/views/MainView.class.php
View File

@@ -265,7 +265,7 @@ class MainView extends View
$this->assign('post', $_POST['post']);
if (isset($_POST['preview']))
$this->assign('preview', addslashes(htmlspecialchars($_POST['post'])));
$this->assign('preview', true);
if ($type == POSTING_NEWTOPIC || $type == POSTING_EDITTOPIC)
$this->assign('topic', $_POST['topic']);