diff options
| author | Chad Little <clittle@users.sourceforge.net> | 2002-10-17 01:03:28 +0000 |
|---|---|---|
| committer | Chad Little <clittle@users.sourceforge.net> | 2002-10-17 01:03:28 +0000 |
| commit | d2762424d60d4be3ece6c15d559db9db2d2b1131 (patch) | |
| tree | 349be5bf781dc79ab7a56acdb71dfbf780d79fda | |
| parent | bae33beeb8dd54b6c3e0029725552f90313a0de4 (diff) | |
| download | phpicalendar-d2762424d60d4be3ece6c15d559db9db2d2b1131.tar.gz phpicalendar-d2762424d60d4be3ece6c15d559db9db2d2b1131.tar.bz2 phpicalendar-d2762424d60d4be3ece6c15d559db9db2d2b1131.zip | |
Fixed addslashes
| -rw-r--r-- | day.php | 23 | ||||
| -rw-r--r-- | month.php | 2 | ||||
| -rw-r--r-- | month_bottom.php | 2 | ||||
| -rw-r--r-- | sidebar.php | 10 | ||||
| -rw-r--r-- | week.php | 21 |
5 files changed, 22 insertions, 36 deletions
@@ -94,12 +94,12 @@ if (is_array($master_array[($getdate)])) { echo '<td colspan="3" height="24">'."\n"; echo '<table width="100%" border="0" cellspacing="1" cellpadding="4">'."\n"; foreach($master_array[($getdate)]['-1'] as $allday) { - $all_day_text = $allday['event_text']; + $event_text = stripslashes(urldecode($allday['event_text'])); $description = $allday['description']; - $event_text2 = rawurlencode(addslashes($all_day_text)); + $event_text2 = rawurlencode(addslashes($allday['event_text'])); echo '<tr>'."\n"; - echo '<td valign="top" align="center" class="eventbg"><a class="psf" href="javascript:openEventInfo(\''.$event_text2.'\', \''.$calendar_name.'\', \''.$event_start.'\', \''.$event_end.'\', \''.$description.'\')"><font color="#ffffff"><i>'.$all_day_text.'</i></font></a></td>'."\n"; + echo '<td valign="top" align="center" class="eventbg"><a class="psf" href="javascript:openEventInfo(\''.$event_text2.'\', \''.$calendar_name.'\', \''.$event_start.'\', \''.$event_end.'\', \''.$description.'\')"><font color="#ffffff"><i>'.$event_text.'</i></font></a></td>'."\n"; echo '</tr>'."\n"; } echo '</table>'."\n"; @@ -174,19 +174,14 @@ if (is_array($master_array[($getdate)])) { switch ($event_length[$i]['state']) { case 'begin': $event_length[$i]['state'] = 'started'; - $event_text = urldecode($master_array[($getdate)][$cal_time][($event_length[$i]['key'])]['event_text']); - $event_text2 = addslashes($master_array[($getdate)][$cal_time][($event_length[$i]['key'])]['event_text']); - $event_text2 = rawurlencode($event_text2); - $event_start = $master_array[($getdate)][$cal_time][($event_length[$i]['key'])]['event_start']; - $event_end = $master_array[($getdate)][$cal_time][($event_length[$i]['key'])]['event_end']; - $description = addslashes($master_array[($getdate)][$cal_time][($event_length[$i]['key'])]['description']); - $description = rawurlencode($description); - $event_start = strtotime ($event_start); + $event_text = stripslashes(urldecode($master_array[($getdate)][$cal_time][($event_length[$i]['key'])]['event_text'])); + $event_text2 = rawurlencode(addslashes($master_array[($getdate)][$cal_time][($event_length[$i]['key'])]['event_text'])); + $event_start = strtotime ($master_array[($getdate)][$cal_time][($event_length[$i]['key'])]['event_start']); + $event_end = strtotime ($master_array[($getdate)][$cal_time][($event_length[$i]['key'])]['event_end']); + $description = rawurlencode(addslashes($master_array[($getdate)][$cal_time][($event_length[$i]['key'])]['description'])); $event_start = date ($timeFormat, $event_start); - $event_end = strtotime ($event_end); $event_end = date ($timeFormat, $event_end); - $calendar_name2 = addslashes($calendar_name); - $calendar_name2 = rawurlencode($calendar_name2); + $calendar_name2 = rawurlencode(addslashes($calendar_name)); echo '<td rowspan="' . $event_length[$i]['length'] . '" colspan="' . $drawWidth . '" align="left" valign="top" class="eventbg2">'."\n"; echo '<table width="100%" border="0" cellspacing="0" cellpadding="2">'."\n"; echo '<tr>'."\n"; @@ -133,7 +133,7 @@ foreach ($master_array[("$daylink")] as $event_times) { foreach ($event_times as $val) { $num_of_events++; - $event_text = urldecode($val["event_text"]); + $event_text = stripslashes(urldecode($val["event_text"])); $event_text = strip_tags($event_text, '<b><i><u>'); if ($event_text != "") { $event_text2 = addslashes($val["event_text"]); diff --git a/month_bottom.php b/month_bottom.php index efbd30f..aed4225 100644 --- a/month_bottom.php +++ b/month_bottom.php @@ -360,7 +360,7 @@ // Pull out each time foreach ($new_val as $new_key2 => $new_val2) { if ($new_val2["event_text"]) { - $event_text = urldecode($new_val2["event_text"]); + $event_text = stripslashes(urldecode($new_val2["event_text"])); $event_text2 = addslashes($new_val2["event_text"]); $event_text2 = str_replace("\"", """, $event_text2); $event_text2 = urlencode($event_text2); diff --git a/sidebar.php b/sidebar.php index cc9bf03..7db68c6 100644 --- a/sidebar.php +++ b/sidebar.php @@ -168,14 +168,11 @@ <?php foreach ($master_array[("$tomorrows_date")] as $event_times) { foreach ($event_times as $val) { - $event_text = urldecode($val["event_text"]); + $event_text = stripslashes(urldecode($val["event_text"])); $event_text = strip_tags($event_text, '<b><i><u>'); if ($event_text != "") { - $event_text2 = addslashes($val["event_text"]); - $event_text2 = urlencode($event_text2); - $description = $val["description"]; - $description = addslashes($val["description"]); - $description = urlencode($description); + $event_text2 = rawurlencode(addslashes($val["event_text"])); + $description = urlencode(addslashes($val["description"])); $event_start = @$val["event_start"]; $event_end = @$val["event_end"]; $event_start = date ($timeFormat, @strtotime ("$event_start")); @@ -195,7 +192,6 @@ } echo "</td>\n"; echo "</tr>\n"; - //$num_of_events++; } } } @@ -173,9 +173,9 @@ for ($i=0;$i<7;$i++) { if (isset($master_array[($thisday)]["-1"])) { echo "<table width=\"100%\" border=\"0\" cellspacing=\"1\" cellpadding=\"4\" class=\"V9\">\n"; foreach($master_array[($thisday)]["-1"] as $allday) { - $all_day_text = urldecode($allday["event_text"]); - $all_day_text = word_wrap($all_day_text, 12, $allday_week_lines); + $all_day_text = stripslashes(urldecode($allday["event_text"])); $event_text2 = urlencode(addslashes($all_day_text)); + $all_day_text = word_wrap($all_day_text, 12, $allday_week_lines); $description = $allday["description"]; echo "<tr>\n"; echo "<td colspan=\"" . $nbrGridCols[$thisday] . "\" valign=\"top\" align=\"center\" class=\"eventbg\"><a class=\"psf\" href=\"javascript:openEventInfo('$event_text2', '$calendar_name', '$event_start', '$event_end', '$description')\"><font color=\"#ffffff\">$all_day_text</font></a></td>\n"; @@ -263,20 +263,15 @@ for ($i=0;$i<7;$i++) { case "begin": $event_length[$thisday][$i]["state"] = "started"; - $event_text = urldecode($master_array[($thisday)]["$cal_time"][($event_length[$thisday][$i]["key"])]["event_text"]); + $event_text = stripslashes(urldecode($master_array[($thisday)]["$cal_time"][($event_length[$thisday][$i]["key"])]["event_text"])); $event_text = word_wrap($event_text, 25, $week_events_lines); - $event_text2 = addslashes($master_array[($thisday)]["$cal_time"][($event_length[$thisday][$i]["key"])]["event_text"]); - $event_text2 = urlencode($event_text2); - $event_start = $master_array[($thisday)]["$cal_time"][($event_length[$thisday][$i]["key"])]["event_start"]; - $event_end = $master_array[($thisday)]["$cal_time"][($event_length[$thisday][$i]["key"])]["event_end"]; - $description = addslashes($master_array[($thisday)]["$cal_time"][($event_length[$thisday][$i]["key"])]["description"]); - $description = urlencode($description); - $event_start = strtotime ("$event_start"); + $event_text2 = urlencode(addslashes($master_array[($thisday)]["$cal_time"][($event_length[$thisday][$i]["key"])]["event_text"])); + $event_start = strtotime ($master_array[($thisday)]["$cal_time"][($event_length[$thisday][$i]["key"])]["event_start"]); + $event_end = strtotime ($master_array[($thisday)]["$cal_time"][($event_length[$thisday][$i]["key"])]["event_end"]); + $description = urlencode(addslashes($master_array[($thisday)]["$cal_time"][($event_length[$thisday][$i]["key"])]["description"])); $event_start = date ($timeFormat, $event_start); - $event_end = strtotime ("$event_end"); $event_end = date ($timeFormat, $event_end); - $calendar_name2 = addslashes($calendar_name); - $calendar_name2 = urlencode($calendar_name2); + $calendar_name2 = urlencode(addslashes($calendar_name)); echo "<td rowspan=\"" . $event_length[$thisday][$i]["length"] . "\" colspan=\"" . $drawWidth . "\" align=\"left\" valign=\"top\" class=\"eventbg2week\">\n"; echo "<table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n"; echo "<tr>\n"; |