some htmlentities against XSS

This commit is contained in:
Ralf Becker 2003-06-26 19:16:12 +00:00
parent 0aa813b7bf
commit 17ea20cbcc

View File

@ -537,6 +537,7 @@
break; break;
list($style,$extra_link) = explode(',',$cell['size']); list($style,$extra_link) = explode(',',$cell['size']);
$value = strlen($value) > 1 && !$cell['no_lang'] ? lang($value) : $value; $value = strlen($value) > 1 && !$cell['no_lang'] ? lang($value) : $value;
$value = nl2br(htmlentities($value));
if ($value != '' && strstr($style,'b')) $value = $this->html->bold($value); if ($value != '' && strstr($style,'b')) $value = $this->html->bold($value);
if ($value != '' && strstr($style,'i')) $value = $this->html->italic($value); if ($value != '' && strstr($style,'i')) $value = $this->html->italic($value);
$html .= $value; $html .= $value;
@ -556,7 +557,7 @@
case 'text': // size: [length][,maxLength] case 'text': // size: [length][,maxLength]
if ($readonly) if ($readonly)
{ {
$html .= $this->html->bold($value); $html .= $this->html->bold(htmlentities($value));
} }
else else
{ {