diff options
author | Nils Adermann <naderman@naderman.de> | 2006-06-17 09:30:59 +0000 |
---|---|---|
committer | Nils Adermann <naderman@naderman.de> | 2006-06-17 09:30:59 +0000 |
commit | f04a3349e66984506ab71f0506d718188022e03f (patch) | |
tree | 16ba858ef305c630891326b7d44cbc4a962f0718 | |
parent | 3562bc5580d189566a2dcf4a85ea319fa1bd5e81 (diff) | |
download | forums-f04a3349e66984506ab71f0506d718188022e03f.tar forums-f04a3349e66984506ab71f0506d718188022e03f.tar.gz forums-f04a3349e66984506ab71f0506d718188022e03f.tar.bz2 forums-f04a3349e66984506ab71f0506d718188022e03f.tar.xz forums-f04a3349e66984506ab71f0506d718188022e03f.zip |
- fix some bugs in imageset editing, includes [Bug #2269]
git-svn-id: file:///svn/phpbb/trunk@6080 89ea8834-ac86-4346-8a33-228a782c2dd0
-rw-r--r-- | phpBB/includes/acp/acp_styles.php | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index a46f160a10..b11145a6b2 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -1232,11 +1232,14 @@ pagination_sep = \'{PAGINATION_SEP}\' global $db, $user, $phpbb_root_path, $cache, $template; $this->page_title = 'EDIT_IMAGESET'; - $update = (isset($_POST['update'])) ? true : false; - $imgname = (!empty($_POST['imgname'])) ? htmlspecialchars($_POST['imgname']) : ''; - $imgpath = (isset($_POST['imgpath'])) ? htmlspecialchars($_POST['imgpath']) : ''; - $imgsize = (!empty($_POST['imgsize'])) ? true : false; - $imgwidth = (isset($_POST['imgwidth'])) ? intval($_POST['imgwidth']) : ''; + $update = (isset($_POST['update'])) ? true : false; + $imgname = request_var('imgname', ''); + $imgpath = request_var('imgpath', ''); + $imgsize = request_var('imgsize', false); + $imgwidth = request_var('imgwidth', 0); + + $imgname = preg_replace('#[^a-z0-9\-+_]#i', '', $imgname); + $imgpath = str_replace('..', '.', $imgpath); if ($imageset_id) { @@ -1383,7 +1386,7 @@ pagination_sep = \'{PAGINATION_SEP}\' $imgsize_bool = (!empty($imgname) && ($imgsize || preg_match('#\*\d+#', $$imgname))) ? true : false; - $img_info = explode('*', $imgname); + $img_info = (!empty($imgname)) ? explode('*', $$imgname) : array(); $template->assign_vars(array( 'S_EDIT_IMAGESET' => true, |