From 8657d3fb5cbd25f78bc668ea9a0a8b17913dd490 Mon Sep 17 00:00:00 2001
From: neoraider <devnull@localhost>
Date: Tue, 18 Apr 2006 19:57:05 +0000
Subject: Ein paar unn?tige Aufrufe von strtr durch htmlspecialchars ersetzt.

---
 index.php                      |  2 +-
 pages/content/Users:Handle.xml | 12 ++++++------
 pages/editor/default.xml       |  4 ++--
 pages/editor/phpexec.xml       |  2 +-
 templates/default.inc.php      |  2 +-
 5 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/index.php b/index.php
index b4d930f..ac87ed9 100644
--- a/index.php
+++ b/index.php
@@ -31,7 +31,7 @@
     </div>
     <div id="content">
       <?PHP
-        if($pages->HasWriteAccess($page, 'c')) {
+        if($pages->HasWriteAccess($page, 'c') && $_GET['mode'] != 'edit') {
           $backlink = $GLOBALS['links']->GetNeonLink($page);
           
           echo '<a class="editlink" href="' . $GLOBALS['links']->GetNeonLink($page, 'mode=edit') . '">Bearbeiten</a>';
diff --git a/pages/content/Users:Handle.xml b/pages/content/Users:Handle.xml
index abed354..69339bc 100644
--- a/pages/content/Users:Handle.xml
+++ b/pages/content/Users:Handle.xml
@@ -28,7 +28,7 @@
                 $res = $GLOBALS['db']->Execute('SELECT * FROM groups ORDER BY name');
                 
                 while($group = $res->FetchRow()) {
-                  echo '<option value="' . $group[0] . '">' . strtr($group[1], array('<' => '&lt;', '>' => '&gt;', '&' => '&amp;', '"' => '&quot;')) . '</option>';
+                  echo '<option value="' . $group[0] . '">' . htmlspecialchars($group[1]) . '</option>';
                 }
               ?>
             </select><br />
@@ -43,7 +43,7 @@
           }
           elseif(isset($_POST['group'])) {
             if($_POST['id']) {
-              $name = strtr($GLOBALS['user']->GetName($_POST['id']), array('<' => '&lt;', '>' => '&gt;', '&' => '&amp;', '"' => '&quot;'));
+              $name = htmlspecialchars($GLOBALS['user']->GetName($_POST['id']));
               $gid = $GLOBALS['user']->GetGid($_POST['id']);
               
               $title = 'Gruppe von \'' . $name . '\' ändern';
@@ -63,7 +63,7 @@
               foreach($groups as $group) {
                 echo '<option value="' . $group[0] . '"';
                 if($group[0] == $gid) echo ' selected="selected"';
-                echo '>' . strtr($group[1], array('<' => '&lt;', '>' => '&gt;', '&' => '&amp;', '"' => '&quot;')) . '</option>';
+                echo '>' . htmlspecialchars($group[1]) . '</option>';
               }
               
               echo '</select><br />';
@@ -75,7 +75,7 @@
           }
           elseif(isset($_POST['password'])) {
             if($_POST['id']) {
-              $name = strtr($GLOBALS['user']->GetName($_POST['id']), array('<' => '&lt;', '>' => '&gt;', '&' => '&amp;', '"' => '&quot;'));
+              $name = htmlspecialchars($GLOBALS['user']->GetName($_POST['id']));
               
               $title = 'Passwort von \'' . $name . '\' ändern';
               
@@ -94,7 +94,7 @@
           }
           elseif(isset($_POST['rename'])) {
             if($_POST['id']) {
-              $name = strtr($GLOBALS['user']->GetName($_POST['id']), array('<' => '&lt;', '>' => '&gt;', '&' => '&amp;', '"' => '&quot;'));
+              $name = htmlspecialchars($GLOBALS['user']->GetName($_POST['id']));
               
               $title = '\'' . $name . '\' umbenennen';
               
@@ -111,7 +111,7 @@
           }
           elseif(isset($_POST['delete'])) {
             if($_POST['id']) {
-              $name = strtr($GLOBALS['user']->GetName($_POST['id']), array('<' => '&lt;', '>' => '&gt;', '&' => '&amp;', '"' => '&quot;'));
+              $name = htmlspecialchars($GLOBALS['user']->GetName($_POST['id']));
               
               $title = '\'' . $name . '\' löschen';
               
diff --git a/pages/editor/default.xml b/pages/editor/default.xml
index dd3438a..40769dd 100644
--- a/pages/editor/default.xml
+++ b/pages/editor/default.xml
@@ -22,10 +22,10 @@
   <input type="hidden" name="type" value="<?PHP echo $data['_data']['_type']; ?>" />
   <input type="hidden" name="backlink" value="<?PHP echo htmlspecialchars($data['_backlink']); ?>" />
   Titel: <input type="text" name="data_title" value="<?PHP
-    echo strtr($data['_data']['title'], array('<' => '&lt;', '>' => '&gt;', '&' => '&amp;', '"' => '&quot;'));
+    echo htmlspecialchars($data['_data']['title']);
   ?>" size="70" /><br />
   <textarea name="data_content" class="pageedit spaced-top spaced-bottom" rows="25" cols="70"><?PHP
-    echo strtr($data['_data']['content'], array('<' => '&lt;', '>' => '&gt;', '&' => '&amp;', '"' => '&quot;'));
+    echo htmlspecialchars($data['_data']['content']);
   ?></textarea><br />
   <input type="submit" value="Änderungen übernehmen" />
   <input type="submit" name="back" value="Zurück" />
diff --git a/pages/editor/phpexec.xml b/pages/editor/phpexec.xml
index 633106d..051fc8f 100644
--- a/pages/editor/phpexec.xml
+++ b/pages/editor/phpexec.xml
@@ -22,7 +22,7 @@
   <input type="hidden" name="type" value="<?PHP echo $data['_data']['_type']; ?>" />
   <input type="hidden" name="backlink" value="<?PHP echo htmlspecialchars($data['_backlink']); ?>" />
   <textarea name="data_code" class="pageedit spaced-bottom" rows="25" cols="70"><?PHP
-    echo strtr($data['_data']['code'], array('<' => '&lt;', '>' => '&gt;', '&' => '&amp;', '"' => '&quot;'));
+    echo htmlspecialchars($data['_data']['code']);
   ?></textarea><br />
   <input type="submit" value="Änderungen übernehmen" />
   <input type="submit" name="back" value="Zurück" />
diff --git a/templates/default.inc.php b/templates/default.inc.php
index 9669671..5ec0c75 100644
--- a/templates/default.inc.php
+++ b/templates/default.inc.php
@@ -4,7 +4,7 @@
   class default_template {
     function Get($data) {
       if($data['title'])
-        $title = strtr($data['title'], array('<' => '&lt;', '>' => '&gt;', '&' => '&amp;', '"' => '&quot;'));
+        $title = htmlspecialchars($data['title']);
       else
         $title = strtr($data['_page'], array(':' => ' - '));
       $content = '<h2>' . $title . '</h2>' . strtr($data['content'], array('<' => '&lt;', '>' => '&gt;', '&' => '&amp;',
-- 
cgit v1.2.3