Revision: 1740
http://mrbs.svn.sourceforge.net/mrbs/?rev=1740&view=rev
Author: cimorrison
Date: 2011-01-06 13:59:18 +0000 (Thu, 06 Jan 2011)
Log Message:
-----------
Merged in latest changes from the trunk
Modified Paths:
--------------
mrbs/branches/ics_attachments/web/edit_area_room.php
mrbs/branches/ics_attachments/web/edit_entry.php
mrbs/branches/ics_attachments/web/functions.inc
Property Changed:
----------------
mrbs/branches/ics_attachments/
mrbs/branches/ics_attachments/web/upgrade/5/pgsql.sql
Property changes on: mrbs/branches/ics_attachments
___________________________________________________________________
Modified: svn:mergeinfo
- /mrbs/branches/custom_entry_fields:1374-1396
/mrbs/branches/datepicker:1409-1416
/mrbs/branches/disabled_rooms:1601-1634
/mrbs/branches/from_to_bookings:1491-1587
/mrbs/branches/improve_css_2008_06:804-872
/mrbs/branches/provisional_bookings:1242-1280
/mrbs/branches/provisional_bookings_new_style:1407-1570
/mrbs/trunk:1652-1729
+ /mrbs/branches/custom_entry_fields:1374-1396
/mrbs/branches/datepicker:1409-1416
/mrbs/branches/disabled_rooms:1601-1634
/mrbs/branches/from_to_bookings:1491-1587
/mrbs/branches/improve_css_2008_06:804-872
/mrbs/branches/provisional_bookings:1242-1280
/mrbs/branches/provisional_bookings_new_style:1407-1570
/mrbs/trunk:1652-1739
Modified: mrbs/branches/ics_attachments/web/edit_area_room.php
===================================================================
--- mrbs/branches/ics_attachments/web/edit_area_room.php 2011-01-06
13:51:55 UTC (rev 1739)
+++ mrbs/branches/ics_attachments/web/edit_area_room.php 2011-01-06
13:59:18 UTC (rev 1740)
@@ -493,7 +493,7 @@
{
echo " selected=\"selected\"";
}
- echo ">" . $row_area['area_name'] . "</option>\n";
+ echo ">" . htmlspecialchars($row_area['area_name']) . "</option>\n";
}
echo "</select>\n";
echo "<input type=\"hidden\" name=\"old_area\" value=\"" .
$row['area_id'] . "\">\n";
Modified: mrbs/branches/ics_attachments/web/edit_entry.php
===================================================================
--- mrbs/branches/ics_attachments/web/edit_entry.php 2011-01-06 13:51:55 UTC
(rev 1739)
+++ mrbs/branches/ics_attachments/web/edit_entry.php 2011-01-06 13:59:18 UTC
(rev 1740)
@@ -490,7 +490,7 @@
if ($key == "area_name")
{
// Enclose strings in quotes
- $value = "'$value'";
+ $value = "'" . escape_js($value) . "'";
}
elseif (in_array($key, $boolean_fields['area']))
{
@@ -848,10 +848,7 @@
{
if ($r['area_id'] == $a['id'])
{
- $clean_room_name = str_replace('\\', '\\\\', $r['room_name']);
// escape backslash
- $clean_room_name = str_replace('"', '\\"', $clean_room_name);
// escape double quotes
- $clean_room_name = str_replace('/', '\\/', $clean_room_name);
// prevent '/' being parsed as markup (eg </p>)
- print "roomsObj.options[$i] = new Option(\"" .
$clean_room_name . "\"," . $r['id'] . ");\n";
+ print "roomsObj.options[$i] = new Option(\"" .
escape_js($r['room_name']) . "\"," . $r['id'] . ");\n";
$i++;
}
}
@@ -921,7 +918,7 @@
?>
option = document.createElement('option');
option.value = <?php echo $a['id'] ?>;
- option_text = document.createTextNode('<?php echo $a['area_name'] ?>');
+ option_text = document.createTextNode('<?php echo
escape_js($a['area_name']) ?>');
<?php
if ($a['id'] == $area_id)
{
Modified: mrbs/branches/ics_attachments/web/functions.inc
===================================================================
--- mrbs/branches/ics_attachments/web/functions.inc 2011-01-06 13:51:55 UTC
(rev 1739)
+++ mrbs/branches/ics_attachments/web/functions.inc 2011-01-06 13:59:18 UTC
(rev 1740)
@@ -534,6 +534,17 @@
exit;
}
+
+// Escape a PHP string for use in JavaScript
+//
+// Based on a function contributed by kongaspar at gmail dot com at
+// http://www.php.net/manual/function.addcslashes.php
+function escape_js($str)
+{
+ return addcslashes($str, "\\\'\"&\n\r<>");
+}
+
+
// Remove backslash-escape quoting if PHP is configured to do it with
// magic_quotes_gpc. Use this whenever you need the actual value of a GET/POST
// form parameter (which might have special characters) regardless of PHP's
Property changes on: mrbs/branches/ics_attachments/web/upgrade/5/pgsql.sql
___________________________________________________________________
Modified: svn:mergeinfo
- /mrbs/branches/custom_entry_fields/web/upgrade/5/pgsql.sql:1374-1396
/mrbs/branches/datepicker/web/upgrade/5/pgsql.sql:1409-1416
/mrbs/branches/disabled_rooms/web/upgrade/5/pgsql.sql:1601-1634
/mrbs/branches/from_to_bookings/web/upgrade/5/pgsql.sql:1491-1587
/mrbs/branches/provisional_bookings/web/upgrade/5/pgsql.sql:1242-1280
/mrbs/branches/provisional_bookings_new_style/web/upgrade/5/pgsql.sql:1407-1570
/mrbs/trunk/web/upgrade/5/pgsql.sql:1652-1729
+ /mrbs/branches/custom_entry_fields/web/upgrade/5/pgsql.sql:1374-1396
/mrbs/branches/datepicker/web/upgrade/5/pgsql.sql:1409-1416
/mrbs/branches/disabled_rooms/web/upgrade/5/pgsql.sql:1601-1634
/mrbs/branches/from_to_bookings/web/upgrade/5/pgsql.sql:1491-1587
/mrbs/branches/provisional_bookings/web/upgrade/5/pgsql.sql:1242-1280
/mrbs/branches/provisional_bookings_new_style/web/upgrade/5/pgsql.sql:1407-1570
/mrbs/trunk/web/upgrade/5/pgsql.sql:1652-1739
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and,
should the need arise, upgrade to a full multi-node Oracle RAC database
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits
