extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-01-03 12:39:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix for bug #3241 (Apostrophes in custom-fields)

Browse Source 
removed a wrong quote
This commit is contained in:
Ralf Becker 2003-04-18 08:06:35 +00:00
parent 28362cbdaa
commit ff22985b3e
1 changed files with 5 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
addressbook/inc/class.uifields.inc.php
View File

@ -133,8 +133,8 @@
exit; exit;
} }
$field = $GLOBALS['HTTP_POST_VARS']['field']; $field = stripslashes($GLOBALS['HTTP_POST_VARS']['field']);
$field_name = $GLOBALS['HTTP_POST_VARS']['field_name']; $field_name = stripslashes($GLOBALS['HTTP_POST_VARS']['field_name']);
$start = $GLOBALS['HTTP_POST_VARS']['start']; $start = $GLOBALS['HTTP_POST_VARS']['start'];
$query = $GLOBALS['HTTP_POST_VARS']['query']; $query = $GLOBALS['HTTP_POST_VARS']['query'];
$sort = $GLOBALS['HTTP_POST_VARS']['sort']; $sort = $GLOBALS['HTTP_POST_VARS']['sort'];
@ -161,7 +161,6 @@
if(!$error) if(!$error)
{ {
$field_name = addslashes($field_name);
$this->save_custom_field($field,$field_name); $this->save_custom_field($field,$field_name);
} }
} }
@ -210,8 +209,8 @@
exit; exit;
} }
$field = $GLOBALS['HTTP_POST_VARS']['field'] ? $GLOBALS['HTTP_POST_VARS']['field'] : $GLOBALS['HTTP_GET_VARS']['field']; $field = stripslashes($GLOBALS['HTTP_POST_VARS']['field'] ? $GLOBALS['HTTP_POST_VARS']['field'] : $GLOBALS['HTTP_GET_VARS']['field']);
$field_name = $GLOBALS['HTTP_POST_VARS']['field_name']; $field_name = stripslashes($GLOBALS['HTTP_POST_VARS']['field_name']);
$start = $GLOBALS['HTTP_POST_VARS']['start'] ? $GLOBALS['HTTP_POST_VARS']['start'] : $GLOBALS['HTTP_GET_VARS']['start']; $start = $GLOBALS['HTTP_POST_VARS']['start'] ? $GLOBALS['HTTP_POST_VARS']['start'] : $GLOBALS['HTTP_GET_VARS']['start'];
$query = $GLOBALS['HTTP_POST_VARS']['query'] ? $GLOBALS['HTTP_POST_VARS']['query'] : $GLOBALS['HTTP_GET_VARS']['query']; $query = $GLOBALS['HTTP_POST_VARS']['query'] ? $GLOBALS['HTTP_POST_VARS']['query'] : $GLOBALS['HTTP_GET_VARS']['query'];
$sort = $GLOBALS['HTTP_POST_VARS']['sort'] ? $GLOBALS['HTTP_POST_VARS']['sort'] : $GLOBALS['HTTP_GET_VARS']['sort']; $sort = $GLOBALS['HTTP_POST_VARS']['sort'] ? $GLOBALS['HTTP_POST_VARS']['sort'] : $GLOBALS['HTTP_GET_VARS']['sort'];
@ -239,8 +238,6 @@
$error[$errorcount++] = lang('Please enter a name for that field!'); $error[$errorcount++] = lang('Please enter a name for that field!');
} }
$field_name = addslashes($field_name);
if(!$error) if(!$error)
{ {
$this->save_custom_field($field,$field_name); $this->save_custom_field($field,$field_name);
@ -338,7 +335,7 @@
$GLOBALS['phpgw']->template->set_var('no',$nolink); $GLOBALS['phpgw']->template->set_var('no',$nolink);
$yeslinkf = $GLOBALS['phpgw']->link('/index.php','menuaction=addressbook.uifieldsdelete&field_id=' . $field_id . '&confirm=True'); $yeslinkf = $GLOBALS['phpgw']->link('/index.php','menuaction=addressbook.uifieldsdelete&field_id=' . $field_id . '&confirm=True');
$yeslinkf = '<form method="POST" name="yesbutton" action="' . $GLOBALS['phpgw']->link('/index.php','menuaction=addressbook.uifields.delete') . '\">' $yeslinkf = '<form method="POST" name="yesbutton" action="' . $GLOBALS['phpgw']->link('/index.php','menuaction=addressbook.uifields.delete') . '">'
. $hidden_vars . $hidden_vars
. '<input type="hidden" name="field_id" value="' . $field_id . '">' . '<input type="hidden" name="field_id" value="' . $field_id . '">'
. '<input type="hidden" name="confirm" value="True">' . '<input type="hidden" name="confirm" value="True">'