From d6e32fd723d1c0b1080a956c8a3c6936b3d2434d Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Thu, 5 May 2005 03:34:58 +0000 Subject: [PATCH] r89: Fixed our phrase tool thing to play nice with ISSO --- docs/phrasetools.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/phrasetools.php b/docs/phrasetools.php index ac00cd6..03b87b5 100644 --- a/docs/phrasetools.php +++ b/docs/phrasetools.php @@ -22,7 +22,7 @@ define('CHECKED', ' checked="checked"'); $vars['varname'] = $bugsys->in['varname']; -$vars['phrasetext'] = $bugsys->in['phrasetext']; +$vars['phrasetext'] = $bugsys->unsanitize($bugsys->in['phrasetext']); $vars['matchmethod'] = $bugsys->in['matchmethod']; $vars['do'] = $bugsys->in['do']; $vars['doneinsert'] = intval($bugsys->in['doneinsert']); @@ -78,7 +78,7 @@ if ($_REQUEST['do']) if ($_REQUEST['do'] == 'kill') { - $db->query("DELETE FROM " . TABLE_PREFIX . "phrase WHERE varname = '" . addslasheslike($vars['varname']) . "'"); + $db->query("DELETE FROM " . TABLE_PREFIX . "phrase WHERE varname = '" . $vars['varname'] . "'"); header("Location: phrasetools.php"); } @@ -86,7 +86,7 @@ if ($_REQUEST['do'] == 'kill') if ($_REQUEST['do'] == 'delete') { - $phrase = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "phrase WHERE varname = '" . addslasheslike($vars['varname']) . "'"); + $phrase = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "phrase WHERE varname = '" . $vars['varname'] . "'"); if (!$phrase) { echo 'Not a valid phrase!'; @@ -105,7 +105,7 @@ if ($_POST['do'] == 'insert') INSERT INTO " . TABLE_PREFIX . "phrase (varname, phrasetext) VALUES - ('" . addslasheslike(sanitize_name($vars['varname'])) . "', '" . addslasheslike($vars['phrasetext']) . "' + ('" . sanitize_name($vars['varname']) . "', '" . $vars['phrasetext'] . "' )" ); header("Location: phrasetools.php?do=edit&doneinsert=1&varname=$vars[varname]"); @@ -117,9 +117,9 @@ if ($_POST['do'] == 'update') { $db->query(" UPDATE " . TABLE_PREFIX . "phrase - SET varname = '" . addslasheslike(sanitize_name($vars['varname'])) . "', - phrasetext = '" . addslasheslike($vars['phrasetext']) . "' - WHERE varname = '" . addslasheslike($vars['oldvarname']) . "'" + SET varname = '" . sanitize_name($vars['varname']) . "', + phrasetext = '" . $vars['phrasetext'] . "' + WHERE varname = '" . $vars['oldvarname'] . "'" ); header("Location: phrasetools.php?do=edit&varname=$vars[varname]"); } @@ -128,7 +128,7 @@ if ($_POST['do'] == 'update') if ($_REQUEST['do'] == 'edit') { - $phrase = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "phrase WHERE varname = '" . addslasheslike($vars['varname']) . "'"); + $phrase = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "phrase WHERE varname = '" . $vars['varname'] . "'"); if (!$phrase) { echo 'Not a valid phrase!'; @@ -182,7 +182,7 @@ if ($_REQUEST['do'] == 'search') { while ($phrase = $db->fetch_array($phrases)) { - echo "
\$bugsys->language['$phrase[varname]'] =======> " . htmlspecialcharslike($phrase['phrasetext']) . "
"; + echo "
\$bugsys->language['$phrase[varname]'] =======> " . $bugsys->sanitize($phrase['phrasetext']) . "
"; } } else -- 2.43.5