Context Navigation

← Previous Change
Next Change →

Dictionary.php

Timestamp:

Jan 17, 2016, 10:07:13 PM (9 years ago)

Author:

chronos

Message:

Fixed: Use htmlspecialchars function for user inserted content to avoid breaking page HTML structure. Added for forum, teams, dictionary and profile text.

File:

: 1 edited

trunk/Modules/Dictionary/Dictionary.php (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/Modules/Dictionary/Dictionary.php

-              r850
+              r851
           '<input type="hidden" name="id"  value="'.$_GET['id'].'"/>'.
           '<table><tr><td>'.
           'Původní anglické slovo:</td><td><input type="text" name="Original" value="'.$DbRow2['Text'].'" /></td></tr>'.
           '<tr><td>Přeložené:</td><td><input type="text" name="Translated"  value="'.$DbRow['Text'].'" /></td></tr>'.
+          'Původní anglické slovo:</td><td><input type="text" name="Original" value="'.htmlspecialchars($DbRow2['Text']).'" /></td></tr>'.
+          '<tr><td>Přeložené:</td><td><input type="text" name="Translated" value="'.htmlspecialchars($DbRow['Text']).'" /></td></tr>'.
           '<tr><td>'.T('Language').':</td><td>'.WriteLanguages($DbRow['Language']).'</td></tr>'.
           '<tr><td>'.T('Description').':</td><td><input type="text" name="Description"  value="'.$DbRow['Description'].'" /></td></tr>'.
+          '<tr><td>'.T('Description').':</td><td><input type="text" name="Description"  value="'.htmlspecialchars($DbRow['Description']).'" /></td></tr>'.
           '<tr><td colspan="2"><input type="submit" value="'.T('Save').'" /></td></tr>'.
           '</td></tr></table>'.
 …
     if(is_numeric($_SESSION['language'])) $LanguageName = $LanguageList[$_SESSION['language']]['Name'];
       else $LanguageName = 'Překlad';
+      else $LanguageName = T('Translation');
     $TableColumns = array(
       array('Name' => 'Original', 'Title' => T('English')),
 …
+    {
       $Output .= '<tr>'.
         '<td>'.$Line['Original'].'</td>'.
         '<td><strong>'.$Line['Translated'].'</strong></td>';
+        '<td>'.htmlspecialchars($Line['Original']).'</td>'.
+        '<td><strong>'.htmlspecialchars($Line['Translated']).'</strong></td>';
       if(!is_numeric($_SESSION['language'])) $Output .= '<td>'.T($Line['LangName']).'</td>';
       $Output .= '<td>'.$Line['Description'].'</td>'.
+      $Output .= '<td>'.htmlspecialchars($Line['Description']).'</td>'.
         '<td><a href="'.$this->System->Link('/user/?user='.$Line['UserId']).'">'.
         $Line['UserName'].'</a></td>';

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 851 for trunk/Modules/Dictionary/Dictionary.php

Legend:

trunk/Modules/Dictionary/Dictionary.php

Download in other formats: