diff options
| author | neoraider <devnull@localhost> | 2006-04-18 21:57:05 +0200 |
|---|---|---|
| committer | neoraider <devnull@localhost> | 2006-04-18 21:57:05 +0200 |
| commit | 8657d3fb5cbd25f78bc668ea9a0a8b17913dd490 (patch) | |
| tree | 4d4f15af80bf0bad4027e288f867767daea108cc | |
| parent | 7b622dca2d4a24221202d85c15ba68d0974b432c (diff) | |
| download | neon-8657d3fb5cbd25f78bc668ea9a0a8b17913dd490.tar neon-8657d3fb5cbd25f78bc668ea9a0a8b17913dd490.zip | |
Ein paar unn?tige Aufrufe von strtr durch htmlspecialchars ersetzt.
| -rw-r--r-- | index.php | 2 | ||||
| -rw-r--r-- | pages/content/Users:Handle.xml | 12 | ||||
| -rw-r--r-- | pages/editor/default.xml | 4 | ||||
| -rw-r--r-- | pages/editor/phpexec.xml | 2 | ||||
| -rw-r--r-- | templates/default.inc.php | 2 |
5 files changed, 11 insertions, 11 deletions
@@ -31,7 +31,7 @@ </div> <div id="content"> <?PHP - if($pages->HasWriteAccess($page, 'c')) { + if($pages->HasWriteAccess($page, 'c') && $_GET['mode'] != 'edit') { $backlink = $GLOBALS['links']->GetNeonLink($page); echo '<a class="editlink" href="' . $GLOBALS['links']->GetNeonLink($page, 'mode=edit') . '">Bearbeiten</a>'; diff --git a/pages/content/Users:Handle.xml b/pages/content/Users:Handle.xml index abed354..69339bc 100644 --- a/pages/content/Users:Handle.xml +++ b/pages/content/Users:Handle.xml @@ -28,7 +28,7 @@ $res = $GLOBALS['db']->Execute('SELECT * FROM groups ORDER BY name'); while($group = $res->FetchRow()) { - echo '<option value="' . $group[0] . '">' . strtr($group[1], array('<' => '<', '>' => '>', '&' => '&', '"' => '"')) . '</option>'; + echo '<option value="' . $group[0] . '">' . htmlspecialchars($group[1]) . '</option>'; } ?> </select><br /> @@ -43,7 +43,7 @@ } elseif(isset($_POST['group'])) { if($_POST['id']) { - $name = strtr($GLOBALS['user']->GetName($_POST['id']), array('<' => '<', '>' => '>', '&' => '&', '"' => '"')); + $name = htmlspecialchars($GLOBALS['user']->GetName($_POST['id'])); $gid = $GLOBALS['user']->GetGid($_POST['id']); $title = 'Gruppe von \'' . $name . '\' ändern'; @@ -63,7 +63,7 @@ foreach($groups as $group) { echo '<option value="' . $group[0] . '"'; if($group[0] == $gid) echo ' selected="selected"'; - echo '>' . strtr($group[1], array('<' => '<', '>' => '>', '&' => '&', '"' => '"')) . '</option>'; + echo '>' . htmlspecialchars($group[1]) . '</option>'; } echo '</select><br />'; @@ -75,7 +75,7 @@ } elseif(isset($_POST['password'])) { if($_POST['id']) { - $name = strtr($GLOBALS['user']->GetName($_POST['id']), array('<' => '<', '>' => '>', '&' => '&', '"' => '"')); + $name = htmlspecialchars($GLOBALS['user']->GetName($_POST['id'])); $title = 'Passwort von \'' . $name . '\' ändern'; @@ -94,7 +94,7 @@ } elseif(isset($_POST['rename'])) { if($_POST['id']) { - $name = strtr($GLOBALS['user']->GetName($_POST['id']), array('<' => '<', '>' => '>', '&' => '&', '"' => '"')); + $name = htmlspecialchars($GLOBALS['user']->GetName($_POST['id'])); $title = '\'' . $name . '\' umbenennen'; @@ -111,7 +111,7 @@ } elseif(isset($_POST['delete'])) { if($_POST['id']) { - $name = strtr($GLOBALS['user']->GetName($_POST['id']), array('<' => '<', '>' => '>', '&' => '&', '"' => '"')); + $name = htmlspecialchars($GLOBALS['user']->GetName($_POST['id'])); $title = '\'' . $name . '\' löschen'; diff --git a/pages/editor/default.xml b/pages/editor/default.xml index dd3438a..40769dd 100644 --- a/pages/editor/default.xml +++ b/pages/editor/default.xml @@ -22,10 +22,10 @@ <input type="hidden" name="type" value="<?PHP echo $data['_data']['_type']; ?>" /> <input type="hidden" name="backlink" value="<?PHP echo htmlspecialchars($data['_backlink']); ?>" /> Titel: <input type="text" name="data_title" value="<?PHP - echo strtr($data['_data']['title'], array('<' => '<', '>' => '>', '&' => '&', '"' => '"')); + echo htmlspecialchars($data['_data']['title']); ?>" size="70" /><br /> <textarea name="data_content" class="pageedit spaced-top spaced-bottom" rows="25" cols="70"><?PHP - echo strtr($data['_data']['content'], array('<' => '<', '>' => '>', '&' => '&', '"' => '"')); + echo htmlspecialchars($data['_data']['content']); ?></textarea><br /> <input type="submit" value="Änderungen übernehmen" /> <input type="submit" name="back" value="Zurück" /> diff --git a/pages/editor/phpexec.xml b/pages/editor/phpexec.xml index 633106d..051fc8f 100644 --- a/pages/editor/phpexec.xml +++ b/pages/editor/phpexec.xml @@ -22,7 +22,7 @@ <input type="hidden" name="type" value="<?PHP echo $data['_data']['_type']; ?>" /> <input type="hidden" name="backlink" value="<?PHP echo htmlspecialchars($data['_backlink']); ?>" /> <textarea name="data_code" class="pageedit spaced-bottom" rows="25" cols="70"><?PHP - echo strtr($data['_data']['code'], array('<' => '<', '>' => '>', '&' => '&', '"' => '"')); + echo htmlspecialchars($data['_data']['code']); ?></textarea><br /> <input type="submit" value="Änderungen übernehmen" /> <input type="submit" name="back" value="Zurück" /> diff --git a/templates/default.inc.php b/templates/default.inc.php index 9669671..5ec0c75 100644 --- a/templates/default.inc.php +++ b/templates/default.inc.php @@ -4,7 +4,7 @@ class default_template { function Get($data) { if($data['title']) - $title = strtr($data['title'], array('<' => '<', '>' => '>', '&' => '&', '"' => '"')); + $title = htmlspecialchars($data['title']); else $title = strtr($data['_page'], array(':' => ' - ')); $content = '<h2>' . $title . '</h2>' . strtr($data['content'], array('<' => '<', '>' => '>', '&' => '&', |