funktion_schichtplan_Tage.php: endlosscheliede bei nur einer schicht

secure.php: filterung noict komplett


git-svn-id: svn://svn.cccv.de/engel-system@28 29ba0400-6e00-0410-a75a-ca02368028f8

2 files changed, 10 insertions, 7 deletions

diff --git a/www-ssl/inc/funktion_schichtplan_Tage.php b/www-ssl/inc/funktion_schichtplan_Tage.php
index 14ae53a9..abbbddc4 100755
--- a/www-ssl/inc/funktion_schichtplan_Tage.php
+++ b/www-ssl/inc/funktion_schichtplan_Tage.php
@@ -55,12 +55,15 @@ do
 		"WHERE ( (`DateS` like '$DateS%') AND NOT (`DateE` like '%00:00:00'))";
 	$Erg2 = mysql_query($SQL2, $con);
 	$DateE = substr(mysql_result($Erg2, 0 , 0), 0,10);
-	
-	while( $DateS != $DateE)
-	{
-		$DateS = DatumUm1TagErhoehen( $DateS);
-		$VeranstaltungsTage[$Pos++] = $DateS;
-	}
+
+	if( strlen($DateE) == 0)
+		$DateE = $DateS;
+	else
+		while( $DateS != $DateE)
+		{
+			$DateS = DatumUm1TagErhoehen( $DateS);
+			$VeranstaltungsTage[$Pos++] = $DateS;
+		}
 
 	//suchen den nästen eintrag
 	$SQL = "SELECT `DateS` FROM `Shifts` ".
diff --git a/www-ssl/inc/secure.php b/www-ssl/inc/secure.php
index ed3a514b..687289fc 100755
--- a/www-ssl/inc/secure.php
+++ b/www-ssl/inc/secure.php
@@ -10,7 +10,7 @@ foreach ($_GET as $k => $v)
   	$v = htmlspecialchars($v);
 	$v = mysql_escape_string($v);
 //	$v = htmlentities($v);
-	if (preg_match('/([\"`])/', $v, $match)) 
+	if (preg_match('/([\'"`\'])/', $v, $match)) 
 	{
 		print "sorry get has illegal char '$match[1]'";
 		exit;