diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2003-09-04 18:30:20 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2003-09-04 18:30:20 +0000 |
| commit | fec9073f3a21818fa3bcfe89f0a73e861a3ad229 (patch) | |
| tree | 3d3191047cb59534c515551cac418c7d62c6955a /phpBB/includes/message_parser.php | |
| parent | 52e42838d9925ab063571f927df3aa59ed296710 (diff) | |
| download | forums-fec9073f3a21818fa3bcfe89f0a73e861a3ad229.tar forums-fec9073f3a21818fa3bcfe89f0a73e861a3ad229.tar.gz forums-fec9073f3a21818fa3bcfe89f0a73e861a3ad229.tar.bz2 forums-fec9073f3a21818fa3bcfe89f0a73e861a3ad229.tar.xz forums-fec9073f3a21818fa3bcfe89f0a73e861a3ad229.zip | |
initial draft functionality, loading (and a bunch of other stuff) is not implemented yet + bugfixes.
git-svn-id: file:///svn/phpbb/trunk@4467 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/message_parser.php')
| -rw-r--r-- | phpBB/includes/message_parser.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index bedb0d5371..98c61da6ba 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -673,7 +673,7 @@ class parse_message $error = array(); $num_attachments = count($this->attachment_data); - $this->filename_data['filecomment'] = (isset($_POST['filecomment'])) ? trim(strip_tags($_POST['filecomment'])) : ''; + $this->filename_data['filecomment'] = (isset($_POST['filecomment'])) ? trim(str_replace(array('\\\'', '\\"', '\\0', '\\\\'), array('\'', '"', '\0', '\\'), htmlspecialchars($_POST['filecomment']))) : ''; $this->filename_data['filename'] = ($_FILES['fileupload']['name'] != 'none') ? trim($_FILES['fileupload']['name']) : ''; $add_file = (isset($_POST['add_file'])) ? TRUE : FALSE; @@ -757,7 +757,7 @@ class parse_message foreach ($actual_comment_list as $index => $entry) { - $this->attachment_data[$index]['comment'] = $entry; + $this->attachment_data[$index]['comment'] = trim(str_replace(array('\\\'', '\\"', '\\0', '\\\\'), array('\'', '"', '\0', '\\'), htmlspecialchars($entry))); } } |