From 81d948b960707aacd95a2ee94ee89c6db8eda6c6 Mon Sep 17 00:00:00 2001 From: Jim Hu Date: Fri, 24 Mar 2006 01:29:23 +0000 Subject: security patch for template file from cookie. Other minor bug fixes --- functions/init.inc.php | 4 +++- rss/rss.php | 16 +++++++++++++--- templates/default/header.tpl | 2 +- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/functions/init.inc.php b/functions/init.inc.php index 7f55713..89a9b54 100644 --- a/functions/init.inc.php +++ b/functions/init.inc.php @@ -21,7 +21,9 @@ if (isset($_COOKIE['phpicalendar'])) { if (isset($phpicalendar['cookie_calendar'])) $default_cal_check = $phpicalendar['cookie_calendar']; if (isset($phpicalendar['cookie_cpath'])) $default_cpath_check= $phpicalendar['cookie_cpath']; if (isset($phpicalendar['cookie_view'])) $default_view = $phpicalendar['cookie_view']; - if (isset($phpicalendar['cookie_style'])) $template = $phpicalendar['cookie_style']; + if (isset($phpicalendar['cookie_style']) && is_dir(BASE.'templates/'.$phpicalendar['cookie_style'].'/')){ + $template = $phpicalendar['cookie_style']; + } if (isset($phpicalendar['cookie_startday'])) $week_start_day = $phpicalendar['cookie_startday']; if (isset($phpicalendar['cookie_time'])) $day_start = $phpicalendar['cookie_time']; } diff --git a/rss/rss.php b/rss/rss.php index f72d0ca..f37d5d9 100644 --- a/rss/rss.php +++ b/rss/rss.php @@ -12,9 +12,11 @@ * feeds can be specified for a number of days to or from a given date * feeds can be specified for a range of dates * +* Language encoding added by dyfrin 2006/03/08 19:09:28 *********************************************************************************/ define('BASE', '../'); -include(BASE.'functions/init.inc.php'); +require(BASE.'functions/init.inc.php'); + if ($enable_rss != 'yes') { die ("RSS feeds are not enabled on this site."); } @@ -115,6 +117,12 @@ if ( ($_SERVER['HTTP_IF_MODIFIED_SINCE'] == $filemodtime) || ($_SERVER['HTTP_IF_ exit; } +/* Change languages to ISO 639-1 to validate RSS without changing long version in config.inc.php */ +$user_language = array ("english", "polish", "german", "french", "dutch", "italian", "japanese", "norwegian", "spanish", "swedish", "portuguese", "catalan", "traditional_chinese", "esperanto", "korean"); +$iso_language = array ("en", "pl", "de", "fr", "nl", "da", "it", "ja", "no", "es", "sv", "pt", "ca", "zh-tw", "eo", "ko"); +$rss_language = str_replace($user_language, $iso_language, $language); +/* End language modification */ + //If client needs new feed - make the header $rss = ""."\n"; $rss .= ''."\n"; @@ -165,7 +173,7 @@ $uid_arr = array(); $event_text = strip_tags($event_text, ''); $event_text = str_replace('&','&',$event_text); $event_text = str_replace('&','&',$event_text); - $event_text = urlencode($event_text); + # $event_text = urlencode($event_text); #uncomment for shorter event text with ... # $event_text = word_wrap($event_text, 21, $tomorrows_events_lines); $description = stripslashes(urldecode($val["description"])); @@ -194,9 +202,11 @@ $uid_arr = array(); */ $rss .= ''.$rss_link.''."\n"; $rss .= ''.$rss_description.''."\n"; + if (isset($val['location']) && $val['location'] !=''){ $location = str_replace('&','&',$val['location']); $location = str_replace('&','&',$location); - $rss .= ''.$location.''; + $rss .= ''.$location."/location>\n"; + } $rss .= ''."\n"; $events_count++; } diff --git a/templates/default/header.tpl b/templates/default/header.tpl index 1ac0920..0a2832a 100644 --- a/templates/default/header.tpl +++ b/templates/default/header.tpl @@ -6,7 +6,7 @@ {CALENDAR_NAME} - {DISPLAY_DATE} - + {EVENT_JS} -- cgit v1.2.3