makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 22:28:51 +00:00
Code Issues Projects Releases Packages Wiki Activity

Replace usage of strip_tags with htmlspecialchars for consistancy with posting

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5519 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Graham Eames 2006-02-04 19:49:41 +00:00
parent a600bb0af0
commit 7ce72693df
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
phpBB/privmsg.php
View file

@ -1187,7 +1187,7 @@ else if ( $submit || $refresh || $mode != '' )
$error_msg .= ( ( !empty($error_msg) ) ? '<br />' : '' ) . $lang['No_to_user']; $error_msg .= ( ( !empty($error_msg) ) ? '<br />' : '' ) . $lang['No_to_user'];
} }
$privmsg_subject = trim(strip_tags($HTTP_POST_VARS['subject'])); $privmsg_subject = trim(htmlspecialchars($HTTP_POST_VARS['subject']));
if ( empty($privmsg_subject) ) if ( empty($privmsg_subject) )
{ {
$error = TRUE; $error = TRUE;
@ -1374,7 +1374,7 @@ else if ( $submit || $refresh || $mode != '' )
// //
$to_username = (isset($HTTP_POST_VARS['username']) ) ? trim(htmlspecialchars(stripslashes($HTTP_POST_VARS['username']))) : ''; $to_username = (isset($HTTP_POST_VARS['username']) ) ? trim(htmlspecialchars(stripslashes($HTTP_POST_VARS['username']))) : '';
$privmsg_subject = ( isset($HTTP_POST_VARS['subject']) ) ? trim(strip_tags(stripslashes($HTTP_POST_VARS['subject']))) : ''; $privmsg_subject = ( isset($HTTP_POST_VARS['subject']) ) ? trim(htmlspecialchars(stripslashes($HTTP_POST_VARS['subject']))) : '';
$privmsg_message = ( isset($HTTP_POST_VARS['message']) ) ? trim($HTTP_POST_VARS['message']) : ''; $privmsg_message = ( isset($HTTP_POST_VARS['message']) ) ? trim($HTTP_POST_VARS['message']) : '';
$privmsg_message = preg_replace('#<textarea>#si', '&lt;textarea&gt;', $privmsg_message); $privmsg_message = preg_replace('#<textarea>#si', '&lt;textarea&gt;', $privmsg_message);
if ( !$preview ) if ( !$preview )