diff options
| author | Nathan Guse <nathaniel.guse@gmail.com> | 2014-03-09 11:26:06 -0500 |
|---|---|---|
| committer | Nathan Guse <nathaniel.guse@gmail.com> | 2014-03-09 15:19:52 -0500 |
| commit | f2d3879da419624a817b247efac73bad27887498 (patch) | |
| tree | eb276362d227d52357753742251143ffb4c1821e /phpBB/includes/functions.php | |
| parent | 00f8fe24d2641823f51990b30d5a3f84884a78a6 (diff) | |
| download | forums-f2d3879da419624a817b247efac73bad27887498.tar forums-f2d3879da419624a817b247efac73bad27887498.tar.gz forums-f2d3879da419624a817b247efac73bad27887498.tar.bz2 forums-f2d3879da419624a817b247efac73bad27887498.tar.xz forums-f2d3879da419624a817b247efac73bad27887498.zip | |
[ticket/12202] Apply htmlspecialchars to style.cfg data
PHPBB3-12202
Diffstat (limited to 'phpBB/includes/functions.php')
| -rw-r--r-- | phpBB/includes/functions.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index eef4ade4e7..81a7dc5cbd 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3367,8 +3367,8 @@ function parse_cfg_file($filename, $lines = false) } // Determine first occurrence, since in values the equal sign is allowed - $key = strtolower(trim(substr($line, 0, $delim_pos))); - $value = trim(substr($line, $delim_pos + 1)); + $key = htmlspecialchars(strtolower(trim(substr($line, 0, $delim_pos)))); + $value = htmlspecialchars(trim(substr($line, $delim_pos + 1))); if (in_array($value, array('off', 'false', '0'))) { @@ -3384,7 +3384,7 @@ function parse_cfg_file($filename, $lines = false) } else if (($value[0] == "'" && $value[sizeof($value) - 1] == "'") || ($value[0] == '"' && $value[sizeof($value) - 1] == '"')) { - $value = substr($value, 1, sizeof($value)-2); + $value = htmlspecialchars(substr($value, 1, sizeof($value)-2)); } $parsed_items[$key] = $value; |