diff options
Diffstat (limited to 'www-ssl')
-rwxr-xr-x | www-ssl/admin/sprache.php | 2 | ||||
-rwxr-xr-x | www-ssl/inc/secure.php | 12 |
2 files changed, 8 insertions, 6 deletions
diff --git a/www-ssl/admin/sprache.php b/www-ssl/admin/sprache.php index af5db2ba..404a3961 100755 --- a/www-ssl/admin/sprache.php +++ b/www-ssl/admin/sprache.php @@ -46,6 +46,7 @@ if( !isset( $_GET["TextID"] ) ) foreach( $Sprachen as $Name => $Value ) { + $Value = html_entity_decode( $Value, ENT_QUOTES); echo "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Value</textarea></td>\n"; $Sprachen[ $Name ] = ""; } @@ -87,6 +88,7 @@ else { $sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) ". "VALUES ('". $_GET["TextID"]. "', '$k', '$v')"; + echo $sql_save."<br>"; $Erg = mysql_query($sql_save, $con); if ($Erg == 1) echo "\t $k Save: OK<br>\n"; diff --git a/www-ssl/inc/secure.php b/www-ssl/inc/secure.php index 687289fc..d6b5c512 100755 --- a/www-ssl/inc/secure.php +++ b/www-ssl/inc/secure.php @@ -7,9 +7,9 @@ if( $DEBUG) foreach ($_GET as $k => $v) { - $v = htmlspecialchars($v); - $v = mysql_escape_string($v); -// $v = htmlentities($v); +// $v = htmlspecialchars($v, ENT_QUOTES); +// $v = mysql_escape_string($v); + $v = htmlentities($v, ENT_QUOTES); if (preg_match('/([\'"`\'])/', $v, $match)) { print "sorry get has illegal char '$match[1]'"; @@ -23,9 +23,9 @@ foreach ($_GET as $k => $v) foreach ($_POST as $k => $v) { - $v = htmlspecialchars($v); - $v = mysql_escape_string($v); -// $v = htmlentities($v); +// $v = htmlspecialchars($v, ENT_QUOTES); +// $v = mysql_escape_string($v); + $v = htmlentities($v, ENT_QUOTES); if (preg_match('/([\'"`\'])/', $v, $match)) { print "sorry post has illegal char '$match[1]'"; exit; |