Revision: 1377
http://mrbs.svn.sourceforge.net/mrbs/?rev=1377&view=rev
Author: cimorrison
Date: 2010-07-23 17:52:46 +0000 (Fri, 23 Jul 2010)
Log Message:
-----------
- made consistent the point at which variables have HTML escaping applied (and
in the process fixed a bug that would occur if a username contains HTML special
chars)
- added translation of newlines in custom fields to <br>
Modified Paths:
--------------
mrbs/branches/custom_entry_fields/web/view_entry.php
Modified: mrbs/branches/custom_entry_fields/web/view_entry.php
===================================================================
--- mrbs/branches/custom_entry_fields/web/view_entry.php 2010-07-23
17:39:15 UTC (rev 1376)
+++ mrbs/branches/custom_entry_fields/web/view_entry.php 2010-07-23
17:52:46 UTC (rev 1377)
@@ -176,25 +176,22 @@
case 'start_time':
case 'end_time':
break;
-
+
case 'name':
case 'description':
case 'create_by':
case 'room_name':
case 'area_name':
- $$column = htmlspecialchars($value);
- break;
-
case 'type':
case 'status':
case 'private':
case 'room_id':
case 'entry_info_time':
- case 'entry_info_user': // HTML escaping done later
- case 'entry_info_text': // HTML escaping done later
+ case 'entry_info_user':
+ case 'entry_info_text':
case 'repeat_info_time':
- case 'repeat_info_user': // HTML escaping done later
- case 'repeat_info_text': // HTML escaping done later
+ case 'repeat_info_user':
+ case 'repeat_info_text':
$$column = $row[$column];
break;
@@ -336,7 +333,7 @@
echo "<h3" . (($keep_private) ? " class=\"private\"" : "") . ">\n";
-echo $name;
+echo htmlspecialchars($name);
if (is_private_event($private) && $writeable)
{
echo ' ('.get_vocab('private').')';
@@ -434,7 +431,7 @@
<tr>
<td><?php echo get_vocab("description") ?>:</td>
<?php
- echo "<td" . (($keep_private) ? " class=\"private\"" : "") . ">" .
mrbs_nl2br($description) . "</td>\n";
+ echo "<td" . (($keep_private) ? " class=\"private\"" : "") . ">" .
mrbs_nl2br(htmlspecialchars($description)) . "</td>\n";
?>
</tr>
<?php
@@ -448,7 +445,7 @@
?>
<tr>
<td><?php echo get_vocab("room") ?>:</td>
- <td><?php echo mrbs_nl2br($area_name . " - " . $room_name) ?></td>
+ <td><?php echo mrbs_nl2br(htmlspecialchars($area_name . " - " .
$room_name)) ?></td>
</tr>
<tr>
<td><?php echo get_vocab("start_date") ?>:</td>
@@ -469,7 +466,7 @@
<tr>
<td><?php echo get_vocab("createdby") ?>:</td>
<?php
- echo "<td" . (($keep_private) ? " class=\"private\"" : "") . ">" .
$create_by . "</td>\n";
+ echo "<td" . (($keep_private) ? " class=\"private\"" : "") . ">" .
htmlspecialchars($create_by) . "</td>\n";
?>
</tr>
<tr>
@@ -501,7 +498,7 @@
// Otherwise output a string
else
{
- $shown_value = (isset($value)) ? htmlspecialchars($value): " ";
+ $shown_value = (isset($value)) ? mrbs_nl2br(htmlspecialchars($value)):
" ";
}
echo "<td>$shown_value</td>\n";
echo "</tr>\n";
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits
