Mibew/tray
1
0
Fork 0
mirror of https://github.com/Mibew/tray.git synced 2025-01-22 18:10:34 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix slashes and form value

Browse Source 
git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@448 c66351dc-e62f-0410-b875-e3a5c0b9693f
This commit is contained in:
Evgeny Gryaznov 2009-04-04 21:17:42 +00:00
parent 669a77ffee
commit 1fb7d5e7f9
2 changed files with 51 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
src/messenger/webim/libs/common.php
View File

@ -238,19 +238,63 @@ function getlocal2($text,$params) {
/* ajax server actions use utf-8 */ /* ajax server actions use utf-8 */
function getrawparam( $name ) { function getrawparam( $name ) {
global $webim_encoding; global $webim_encoding;
if( isset($_POST[$name]) ) if( isset($_POST[$name]) ) {
return myiconv("utf-8",$webim_encoding,$_POST[$name]); $value = myiconv("utf-8",$webim_encoding,$_POST[$name]);
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
return $value;
}
die("no ".$name." parameter"); die("no ".$name." parameter");
} }
/* form processors use current Output encoding */ /* form processors use current Output encoding */
function getparam( $name ) { function getparam( $name ) {
global $webim_encoding; global $webim_encoding;
if( isset($_POST[$name]) ) if( isset($_POST[$name]) ) {
return myiconv(getoutputenc(), $webim_encoding, $_POST[$name]); $value = myiconv(getoutputenc(), $webim_encoding, $_POST[$name]);
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
return $value;
}
die("no ".$name." parameter"); die("no ".$name." parameter");
} }
function unicode_urldecode($url) {
preg_match_all('/%u([[:alnum:]]{4})/', $url, $a);
foreach ($a[1] as $uniord) {
$dec = hexdec($uniord);
$utf = '';
if ($dec < 128) {
$utf = chr($dec);
} else if ($dec < 2048) {
$utf = chr(192 + (($dec - ($dec % 64)) / 64));
$utf .= chr(128 + ($dec % 64));
} else {
$utf = chr(224 + (($dec - ($dec % 4096)) / 4096));
$utf .= chr(128 + ((($dec % 4096) - ($dec % 64)) / 64));
$utf .= chr(128 + ($dec % 64));
}
$url = str_replace('%u'.$uniord, $utf, $url);
}
return urldecode($url);
}
function getgetparam($name,$default='') {
global $webim_encoding;
if( !isset($_GET[$name]) || !$_GET[$name] ) {
return $default;
}
$value = myiconv("utf-8", $webim_encoding, unicode_urldecode($_GET[$name]));
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
return $value;
}
function connect() { function connect() {
global $mysqlhost, $mysqllogin, $mysqlpass, $mysqldb, $dbencoding, $force_charset_in_connection; global $mysqlhost, $mysqllogin, $mysqlpass, $mysqldb, $dbencoding, $force_charset_in_connection;
$link = @mysql_connect($mysqlhost,$mysqllogin ,$mysqlpass ) $link = @mysql_connect($mysqlhost,$mysqllogin ,$mysqlpass )
@ -318,7 +362,7 @@ function escape_with_cdata($text) {
function form_value($key) { function form_value($key) {
global $page; global $page;
if( isset($page) && isset($page["form$key"]) ) if( isset($page) && isset($page["form$key"]) )
return $page["form$key"]; return htmlspecialchars($page["form$key"]);
return ""; return "";
} }
@ -408,43 +452,6 @@ function is_valid_email($email) {
return preg_match("/^[^@]+@[^\.]+(\.[^\.]+)*$/", $email); return preg_match("/^[^@]+@[^\.]+(\.[^\.]+)*$/", $email);
} }
function quote_smart($value,$link) {
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
return mysql_real_escape_string($value,$link);
}
function unicode_urldecode($url) {
preg_match_all('/%u([[:alnum:]]{4})/', $url, $a);
foreach ($a[1] as $uniord) {
$dec = hexdec($uniord);
$utf = '';
if ($dec < 128) {
$utf = chr($dec);
} else if ($dec < 2048) {
$utf = chr(192 + (($dec - ($dec % 64)) / 64));
$utf .= chr(128 + ($dec % 64));
} else {
$utf = chr(224 + (($dec - ($dec % 4096)) / 4096));
$utf .= chr(128 + ((($dec % 4096) - ($dec % 64)) / 64));
$utf .= chr(128 + ($dec % 64));
}
$url = str_replace('%u'.$uniord, $utf, $url);
}
return urldecode($url);
}
function getgetparam($name,$default='') {
global $webim_encoding;
if( !isset($_GET[$name]) || !$_GET[$name] ) {
return $default;
}
return myiconv("utf-8", $webim_encoding, unicode_urldecode($_GET[$name]));
}
function get_app_location($showhost,$issecure) { function get_app_location($showhost,$issecure) {
global $webimroot; global $webimroot;
if( $showhost ) { if( $showhost ) {

7
src/messenger/webim/operator/translate.php
View File

@ -124,9 +124,6 @@ if($stringid) {
} }
if(count($errors) == 0) { if(count($errors) == 0) {
if (get_magic_quotes_gpc()) {
$translation = stripslashes($translation);
}
save_message($target, $stringid, $translation); save_message($target, $stringid, $translation);
$page['saved'] = true; $page['saved'] = true;
@ -140,8 +137,8 @@ if($stringid) {
$page['saved'] = false; $page['saved'] = false;
$page['key'] = $stringid; $page['key'] = $stringid;
$page['target'] = $target; $page['target'] = $target;
$page['formoriginal'] = isset($lang1[$stringid]) ? htmlspecialchars($lang1[$stringid]) : "<b><unknown></b>"; $page['formoriginal'] = isset($lang1[$stringid]) ? $lang1[$stringid] : "<b><unknown></b>";
$page['formtranslation'] = htmlspecialchars($translation); $page['formtranslation'] = $translation;
prepare_menu($operator, false); prepare_menu($operator, false);
start_html_output(); start_html_output();
require('../view/translate.php'); require('../view/translate.php');