makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/12202] Can't call htmlspecialchars before checking for quotes

Browse source 
PHPBB3-12202
This commit is contained in:
Nathaniel Guse 2014-03-09 17:17:33 -05:00
parent 50dd76aef3
commit f3d8dfd1e3
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
phpBB/includes/functions.php
View file

@ -3368,7 +3368,7 @@ function parse_cfg_file($filename, $lines = false)
// Determine first occurrence, since in values the equal sign is allowed // Determine first occurrence, since in values the equal sign is allowed
$key = htmlspecialchars(strtolower(trim(substr($line, 0, $delim_pos)))); $key = htmlspecialchars(strtolower(trim(substr($line, 0, $delim_pos))));
$value = htmlspecialchars(trim(substr($line, $delim_pos + 1))); $value = trim(substr($line, $delim_pos + 1));
if (in_array($value, array('off', 'false', '0'))) if (in_array($value, array('off', 'false', '0')))
{ {
@ -3386,6 +3386,10 @@ function parse_cfg_file($filename, $lines = false)
{ {
$value = htmlspecialchars(substr($value, 1, sizeof($value)-2)); $value = htmlspecialchars(substr($value, 1, sizeof($value)-2));
} }
else
{
$value = htmlspecialchars($value);
}
$parsed_items[$key] = $value; $parsed_items[$key] = $value;
} }