diff options
| author | Jim Hu <jimhu@users.sourceforge.net> | 2006-03-24 01:29:23 +0000 |
|---|---|---|
| committer | Jim Hu <jimhu@users.sourceforge.net> | 2006-03-24 01:29:23 +0000 |
| commit | 81d948b960707aacd95a2ee94ee89c6db8eda6c6 (patch) | |
| tree | 8ac5ca574331f94baf711df80e435708febc8cee | |
| parent | 03057b77274de45639c7d29bb1fa010cb736a9bc (diff) | |
| download | phpicalendar-81d948b960707aacd95a2ee94ee89c6db8eda6c6.tar.gz phpicalendar-81d948b960707aacd95a2ee94ee89c6db8eda6c6.tar.bz2 phpicalendar-81d948b960707aacd95a2ee94ee89c6db8eda6c6.zip | |
security patch for template file from cookie. Other minor bug fixes
| -rw-r--r-- | functions/init.inc.php | 4 | ||||
| -rw-r--r-- | rss/rss.php | 16 | ||||
| -rw-r--r-- | templates/default/header.tpl | 2 |
3 files changed, 17 insertions, 5 deletions
diff --git a/functions/init.inc.php b/functions/init.inc.php index 7f55713..89a9b54 100644 --- a/functions/init.inc.php +++ b/functions/init.inc.php @@ -21,7 +21,9 @@ if (isset($_COOKIE['phpicalendar'])) { if (isset($phpicalendar['cookie_calendar'])) $default_cal_check = $phpicalendar['cookie_calendar']; if (isset($phpicalendar['cookie_cpath'])) $default_cpath_check= $phpicalendar['cookie_cpath']; if (isset($phpicalendar['cookie_view'])) $default_view = $phpicalendar['cookie_view']; - if (isset($phpicalendar['cookie_style'])) $template = $phpicalendar['cookie_style']; + if (isset($phpicalendar['cookie_style']) && is_dir(BASE.'templates/'.$phpicalendar['cookie_style'].'/')){ + $template = $phpicalendar['cookie_style']; + } if (isset($phpicalendar['cookie_startday'])) $week_start_day = $phpicalendar['cookie_startday']; if (isset($phpicalendar['cookie_time'])) $day_start = $phpicalendar['cookie_time']; } diff --git a/rss/rss.php b/rss/rss.php index f72d0ca..f37d5d9 100644 --- a/rss/rss.php +++ b/rss/rss.php @@ -12,9 +12,11 @@ * feeds can be specified for a number of days to or from a given date * feeds can be specified for a range of dates * +* Language encoding added by dyfrin 2006/03/08 19:09:28 *********************************************************************************/ define('BASE', '../'); -include(BASE.'functions/init.inc.php'); +require(BASE.'functions/init.inc.php'); + if ($enable_rss != 'yes') { die ("RSS feeds are not enabled on this site."); } @@ -115,6 +117,12 @@ if ( ($_SERVER['HTTP_IF_MODIFIED_SINCE'] == $filemodtime) || ($_SERVER['HTTP_IF_ exit; } +/* Change languages to ISO 639-1 to validate RSS without changing long version in config.inc.php */ +$user_language = array ("english", "polish", "german", "french", "dutch", "italian", "japanese", "norwegian", "spanish", "swedish", "portuguese", "catalan", "traditional_chinese", "esperanto", "korean"); +$iso_language = array ("en", "pl", "de", "fr", "nl", "da", "it", "ja", "no", "es", "sv", "pt", "ca", "zh-tw", "eo", "ko"); +$rss_language = str_replace($user_language, $iso_language, $language); +/* End language modification */ + //If client needs new feed - make the header $rss = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"."\n"; $rss .= '<!DOCTYPE rss PUBLIC "-//Netscape Communications//DTD RSS 0.91//EN" "http://my.netscape.com/publish/formats/rss-0.91.dtd">'."\n"; @@ -165,7 +173,7 @@ $uid_arr = array(); $event_text = strip_tags($event_text, '<b><i><u>'); $event_text = str_replace('&','&',$event_text); $event_text = str_replace('&amp;','&',$event_text); - $event_text = urlencode($event_text); + # $event_text = urlencode($event_text); #uncomment for shorter event text with ... # $event_text = word_wrap($event_text, 21, $tomorrows_events_lines); $description = stripslashes(urldecode($val["description"])); @@ -194,9 +202,11 @@ $uid_arr = array(); */ $rss .= '<link>'.$rss_link.'</link>'."\n"; $rss .= '<description>'.$rss_description.'</description>'."\n"; + if (isset($val['location']) && $val['location'] !=''){ $location = str_replace('&','&',$val['location']); $location = str_replace('&amp;','&',$location); - $rss .= '<location>'.$location.'</location>'; + $rss .= '<location>'.$location."/location>\n"; + } $rss .= '</item>'."\n"; $events_count++; } diff --git a/templates/default/header.tpl b/templates/default/header.tpl index 1ac0920..0a2832a 100644 --- a/templates/default/header.tpl +++ b/templates/default/header.tpl @@ -6,7 +6,7 @@ <title>{CALENDAR_NAME} - {DISPLAY_DATE}</title> <link rel="stylesheet" type="text/css" href="{DEFAULT_PATH}templates/{TEMPLATE}/default.css" /> <!-- switch rss_available on --> - <link rel="alternate" type="application/rss+xml" title="RSS" href="{DEFAULT_VIEW}/rss/rss.php?cal={CAL}&rssview={CURRENT_VIEW}"> + <link rel="alternate" type="application/rss+xml" title="RSS" href="{DEFAULT_PATH}/rss/rss.php?cal={CAL}&rssview={CURRENT_VIEW}"> <!-- switch rss_available off --> {EVENT_JS} </head> |