diff options
author | Claude <longneck@scratchbook.ch> | 2017-10-04 19:50:07 +0200 |
---|---|---|
committer | Claude <longneck@scratchbook.ch> | 2017-10-04 19:50:07 +0200 |
commit | 615119a496a5229cf59534c540f9ccafddb53520 (patch) | |
tree | 1b91fbcebef46dc0ab32bbeae2367b8d82beb216 | |
parent | 6059120327826b8316797234de45490372e2ee5a (diff) | |
download | stikked-fit-615119a496a5229cf59534c540f9ccafddb53520.tar.gz stikked-fit-615119a496a5229cf59534c540f9ccafddb53520.tar.bz2 stikked-fit-615119a496a5229cf59534c540f9ccafddb53520.zip |
only htmlspecialchars when post. fixes #452
7 files changed, 7 insertions, 7 deletions
diff --git a/htdocs/application/controllers/Main.php b/htdocs/application/controllers/Main.php index 0c2511f..49d676e 100644 --- a/htdocs/application/controllers/Main.php +++ b/htdocs/application/controllers/Main.php @@ -426,7 +426,7 @@ class Main extends CI_Controller $data['expire_set'] = $this->input->post('expire'); $data['private_set'] = $this->input->post('private'); $data['snipurl_set'] = $this->input->post('snipurl'); - $data['paste_set'] = $this->input->post('code'); + $data['paste_set'] = htmlspecialchars($this->input->post('code')); $data['title_set'] = $this->input->post('title'); $data['reply'] = $this->input->post('reply'); $data['lang_set'] = $this->input->post('lang'); diff --git a/htdocs/themes/bootstrap/views/defaults/paste_form.php b/htdocs/themes/bootstrap/views/defaults/paste_form.php index f2874fe..07fd4a2 100644 --- a/htdocs/themes/bootstrap/views/defaults/paste_form.php +++ b/htdocs/themes/bootstrap/views/defaults/paste_form.php @@ -42,7 +42,7 @@ </div> <div class="control-group"> <div class="controls"> - <textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea> + <textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea> </div> </div> diff --git a/htdocs/themes/cleanwhite/views/defaults/paste_form.php b/htdocs/themes/cleanwhite/views/defaults/paste_form.php index ad28bec..3d0adfb 100644 --- a/htdocs/themes/cleanwhite/views/defaults/paste_form.php +++ b/htdocs/themes/cleanwhite/views/defaults/paste_form.php @@ -47,7 +47,7 @@ <span class="instruction"><a href="#" id="enable_codemirror" data-lang-enablesynhl="<?php echo lang('paste_enablesynhl'); ?>" data-lang-disablesynhl="<?php echo lang('paste_disablesynhl'); ?>"></a></span> </label> - <textarea id="code" name="code" cols="40" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea> + <textarea id="code" name="code" cols="40" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea> </div> <?php if($this->config->item('enable_captcha') && $this->session->userdata('is_human') === null){ ?> diff --git a/htdocs/themes/default/views/defaults/paste_form.php b/htdocs/themes/default/views/defaults/paste_form.php index 38b7247..581af2c 100644 --- a/htdocs/themes/default/views/defaults/paste_form.php +++ b/htdocs/themes/default/views/defaults/paste_form.php @@ -43,7 +43,7 @@ <span class="instruction"><a href="#" id="enable_codemirror" data-lang-enablesynhl="<?php echo lang('paste_enablesynhl'); ?>" data-lang-disablesynhl="<?php echo lang('paste_disablesynhl'); ?>"></a></span> </label> - <textarea id="code" name="code" cols="40" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea> + <textarea id="code" name="code" cols="40" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea> </div> diff --git a/htdocs/themes/geocities/views/defaults/paste_form.php b/htdocs/themes/geocities/views/defaults/paste_form.php index 541d49a..a426630 100644 --- a/htdocs/themes/geocities/views/defaults/paste_form.php +++ b/htdocs/themes/geocities/views/defaults/paste_form.php @@ -49,7 +49,7 @@ </div> <div class="control-group"> <div class="controls"> - <textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea> + <textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea> </div> </div> diff --git a/htdocs/themes/i386/views/defaults/paste_form.php b/htdocs/themes/i386/views/defaults/paste_form.php index 5a236e6..c2c36f6 100644 --- a/htdocs/themes/i386/views/defaults/paste_form.php +++ b/htdocs/themes/i386/views/defaults/paste_form.php @@ -49,7 +49,7 @@ </div> <div class="control-group"> <div class="controls"> - <textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea> + <textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea> </div> </div> diff --git a/htdocs/themes/stikkedizr/views/defaults/paste_form.php b/htdocs/themes/stikkedizr/views/defaults/paste_form.php index c0236f5..594bebb 100644 --- a/htdocs/themes/stikkedizr/views/defaults/paste_form.php +++ b/htdocs/themes/stikkedizr/views/defaults/paste_form.php @@ -48,7 +48,7 @@ </div> <div class="control-group"> <div class="controls"> - <textarea id="code" class="form-control" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea> + <textarea id="code" class="form-control" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea> </div> </div> |