aboutsummaryrefslogtreecommitdiffstats
path: root/functions
diff options
context:
space:
mode:
authorJason Oster <parasytic@users.sourceforge.net>2010-04-13 15:45:47 +0000
committerJason Oster <parasytic@users.sourceforge.net>2010-04-13 15:45:47 +0000
commit5aa9f5230c240a952cdc6eb685b65df36fe7abfd (patch)
tree164ae1cbf9c9f765ac357f1f5aaae5f720ed6af3 /functions
parent873688e87be6762e794cfc6e11c2c9d407d8929a (diff)
downloadphpicalendar-5aa9f5230c240a952cdc6eb685b65df36fe7abfd.tar.gz
phpicalendar-5aa9f5230c240a952cdc6eb685b65df36fe7abfd.tar.bz2
phpicalendar-5aa9f5230c240a952cdc6eb685b65df36fe7abfd.zip
Properly sanitize dollar signs in event text (regression from new sanitize code in 2.4)
Diffstat (limited to 'functions')
-rw-r--r--functions/date_functions.php14
-rw-r--r--functions/init/sanitize.php2
2 files changed, 12 insertions, 4 deletions
diff --git a/functions/date_functions.php b/functions/date_functions.php
index 0aeef60..43a15a0 100644
--- a/functions/date_functions.php
+++ b/functions/date_functions.php
@@ -222,12 +222,18 @@ function makeTitle($arr, $time) {
*/
function openevent($event_date, $time, $uid, $arr, $lines = 0, $length = 0, $link_class = '', $pre_text = '', $post_text = '') {
global $cpath, $timeFormat, $dateFormat_week;
+
+ # Strip all dollar signs from printable array entries; regex functions will mutilate them
+ foreach ($arr as $key => $val) {
+ $arr[$key] = str_replace('$', '&#36;', $val);
+ }
+
$return = '';
- $event_text = stripslashes(urldecode($arr["event_text"]));
+ $event_text = stripslashes(urldecode($arr['event_text']));
# build tooltip
$title = makeTitle($arr, $time);
# for iCal pseudo tag <http> comptability
- if (ereg("<([[:alpha:]]+://)([^<>[:space:]]+)>",$event_text,$matches)) {
+ if (ereg('<([[:alpha:]]+://)([^<>[:space:]]+)>',$event_text,$matches)) {
$full_event_text = $matches[1] . $matches[2];
$event_text = $matches[2];
} else {
@@ -238,12 +244,12 @@ function openevent($event_date, $time, $uid, $arr, $lines = 0, $length = 0, $lin
if (!empty($link_class)) $link_class = ' class="'.$link_class.'"';
if (!empty($event_text)) {
- $title = strip_tags(str_replace("<br />","\n",$title));
+ $title = strip_tags(str_replace('<br />',"\n",$title));
if ($lines > 0) {
$event_text = word_wrap($event_text, $length, $lines);
}
- if ((!(ereg("([[:alpha:]]+://[^<>[:space:]]+)", $full_event_text, $res))) || ($arr['description'])) {
+ if ((!(ereg('([[:alpha:]]+://[^<>[:space:]]+)', $full_event_text, $res))) || ($arr['description'])) {
$escaped_date = addslashes($event_date);
$escaped_time = addslashes($time);
$escaped_uid = addslashes($uid);
diff --git a/functions/init/sanitize.php b/functions/init/sanitize.php
index 39b8246..e3e6525 100644
--- a/functions/init/sanitize.php
+++ b/functions/init/sanitize.php
@@ -53,11 +53,13 @@ function chopToWordCount($string, $count) {
function sanitizeForWeb($string) {
$string = preg_replace('/<br\s*\/?>/', "\n", $string);
+ $string = str_replace('&#36;', '$', $string);
$string = str_replace('&', '&amp;', $string);
$string = str_replace('<', '&lt;', $string);
$string = str_replace('>', '&gt;', $string);
$string = str_replace('\'', '&#39;', $string);
$string = str_replace('"', '&#34;', $string);
+ $string = str_replace('$', '&#36;', $string);
$string = str_replace("\n", '<br />', $string);
$string = str_replace("\t", ' &nbsp; &nbsp; ', $string);

© 2014-2022 Faster IT GmbH | imprint | privacy policy