mirror of
https://github.com/Piwigo/Piwigo.git
synced 2026-07-05 09:22:21 +02:00
fixed #1701 escaped " ' " for album creation and edit
This commit is contained in:
@@ -106,7 +106,8 @@ if (isset($_POST['submit']))
|
|||||||
$conf['allow_html_descriptions'] ?
|
$conf['allow_html_descriptions'] ?
|
||||||
@$_POST['comment'] : strip_tags(@$_POST['comment']),
|
@$_POST['comment'] : strip_tags(@$_POST['comment']),
|
||||||
);
|
);
|
||||||
|
|
||||||
|
$data['name'] = pwg_db_real_escape_string($data['name']);
|
||||||
if ($conf['activate_comments'])
|
if ($conf['activate_comments'])
|
||||||
{
|
{
|
||||||
$data['commentable'] = isset($_POST['commentable'])? 'true':'false';
|
$data['commentable'] = isset($_POST['commentable'])? 'true':'false';
|
||||||
@@ -211,7 +212,7 @@ if (!empty($category['id_uppercat']))
|
|||||||
|
|
||||||
$template->assign(
|
$template->assign(
|
||||||
array(
|
array(
|
||||||
'CATEGORIES_NAV' => preg_replace("# {2,}#"," ",preg_replace("#(\r\n|\n\r|\n|\r)#"," ",$navigation)),
|
'CATEGORIES_NAV' => preg_replace("# {2,}#"," ",preg_replace("#(\r\n|\n\r|\n|\r)#"," ",pwg_db_real_escape_string($navigation))),
|
||||||
'CAT_ID' => $category['id'],
|
'CAT_ID' => $category['id'],
|
||||||
'CAT_NAME' => @htmlspecialchars($category['name']),
|
'CAT_NAME' => @htmlspecialchars($category['name']),
|
||||||
'CAT_COMMENT' => @htmlspecialchars($category['comment']),
|
'CAT_COMMENT' => @htmlspecialchars($category['comment']),
|
||||||
|
|||||||
@@ -647,7 +647,8 @@ function ws_categories_add($params, &$service)
|
|||||||
// TODO do not strip tags if pwg_token is provided (and valid)
|
// TODO do not strip tags if pwg_token is provided (and valid)
|
||||||
$options['comment'] = strip_tags($params['comment']);
|
$options['comment'] = strip_tags($params['comment']);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$params['name'] = pwg_db_real_escape_string($params['name']);
|
||||||
$creation_output = create_virtual_category(
|
$creation_output = create_virtual_category(
|
||||||
strip_tags($params['name']), // TODO do not strip tags if pwg_token is provided (and valid)
|
strip_tags($params['name']), // TODO do not strip tags if pwg_token is provided (and valid)
|
||||||
$params['parent'],
|
$params['parent'],
|
||||||
|
|||||||
Reference in New Issue
Block a user