From c7f6fd8ff1bc6c46ffbb157446939f12e5d6e12f Mon Sep 17 00:00:00 2001
From: neoraider <devnull@localhost>
Date: Tue, 18 Apr 2006 19:57:05 +0000
Subject: Ein paar unn?tige Aufrufe von strtr durch htmlspecialchars ersetzt.

---
 pages/editor/bbcode.xml  | 8 ++++----
 templates/bbcode.inc.php | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/pages/editor/bbcode.xml b/pages/editor/bbcode.xml
index 3dcc901..198d433 100644
--- a/pages/editor/bbcode.xml
+++ b/pages/editor/bbcode.xml
@@ -10,22 +10,22 @@
     <code>
       <![CDATA[
 <?PHP
-  require_once('code/links.inc.php')
+  require_once('code/links.inc.php');
   
   
   $title = 'Edit \'' . $data['_data']['_page'] . '\'';
   
   echo '<h2>' . $title . '</h2>';
 ?>
-<form method="post" action="<?PHP echo $GLOBALS['links']->GetNeonLink('Pages:Edit:Do'); ?>">
+<form method="post" action="<?PHP echo $GLOBALS['links']->GetNeonLink('Pages:Edit'); ?>">
   <input type="hidden" name="name" value="<?PHP echo $data['_data']['_page'] ?>" />
   <input type="hidden" name="type" value="<?PHP echo $data['_data']['_type']; ?>" />
   <input type="hidden" name="backlink" value="<?PHP echo htmlspecialchars($data['_backlink']); ?>" />
   Titel: <input type="text" name="data_title" value="<?PHP
-    echo strtr($data['_data']['title'], array('<' => '&lt;', '>' => '&gt;', '&' => '&amp;', '"' => '&quot;'));
+    echo htmlspecialchars($data['_data']['title']);
   ?>" size="70" /><br />
   <textarea name="data_code" class="pageedit spaced-top spaced-bottom" rows="25" cols="70"><?PHP
-    echo strtr($data['_data']['code'], array('<' => '&lt;', '>' => '&gt;', '&' => '&amp;', '"' => '&quot;'));
+    echo htmlspecialchars($data['_data']['code']);
   ?></textarea><br />
   <input type="submit" value="Änderungen übernehmen" />
   <input type="submit" name="back" value="Zurück" />
diff --git a/templates/bbcode.inc.php b/templates/bbcode.inc.php
index e04d575..8a41d46 100644
--- a/templates/bbcode.inc.php
+++ b/templates/bbcode.inc.php
@@ -7,7 +7,7 @@
   class bbcode_template {
     function Get($data) {
       if($data['title'])
-        $title = strtr($data['title'], array('<' => '&lt;', '>' => '&gt;', '&' => '&amp;', '"' => '&quot;'));
+        $title = htmlspecialchars($data['title']);
       else
         $title = strtr($data['_page'], array(':' => ' - '));
       $content = '<h2>' . $title . '</h2>' . $GLOBALS['bbcode']->Parse($data['code']);
-- 
cgit v1.2.3