diff options
author | Nathaniel Guse <nathaniel.guse@gmail.com> | 2014-03-09 17:17:33 -0500 |
---|---|---|
committer | Nathaniel Guse <nathaniel.guse@gmail.com> | 2014-03-09 17:17:33 -0500 |
commit | f3d8dfd1e32fd0c58b601d8a7131fa959bff7b53 (patch) | |
tree | a1736fa36f51473fde27281de940cb2f9e7391d8 /phpBB | |
parent | 50dd76aef356e38cd774e1fb4b29b59453233418 (diff) | |
download | forums-f3d8dfd1e32fd0c58b601d8a7131fa959bff7b53.tar forums-f3d8dfd1e32fd0c58b601d8a7131fa959bff7b53.tar.gz forums-f3d8dfd1e32fd0c58b601d8a7131fa959bff7b53.tar.bz2 forums-f3d8dfd1e32fd0c58b601d8a7131fa959bff7b53.tar.xz forums-f3d8dfd1e32fd0c58b601d8a7131fa959bff7b53.zip |
[ticket/12202] Can't call htmlspecialchars before checking for quotes
PHPBB3-12202
Diffstat (limited to 'phpBB')
-rw-r--r-- | phpBB/includes/functions.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 81a7dc5cbd..f0657b9016 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3368,7 +3368,7 @@ function parse_cfg_file($filename, $lines = false) // Determine first occurrence, since in values the equal sign is allowed $key = htmlspecialchars(strtolower(trim(substr($line, 0, $delim_pos)))); - $value = htmlspecialchars(trim(substr($line, $delim_pos + 1))); + $value = trim(substr($line, $delim_pos + 1)); if (in_array($value, array('off', 'false', '0'))) { @@ -3386,6 +3386,10 @@ function parse_cfg_file($filename, $lines = false) { $value = htmlspecialchars(substr($value, 1, sizeof($value)-2)); } + else + { + $value = htmlspecialchars($value); + } $parsed_items[$key] = $value; } |