summaryrefslogtreecommitdiff
path: root/www-ssl
diff options
context:
space:
mode:
Diffstat (limited to 'www-ssl')
-rwxr-xr-xwww-ssl/admin/sprache.php2
-rwxr-xr-xwww-ssl/inc/secure.php12
2 files changed, 8 insertions, 6 deletions
diff --git a/www-ssl/admin/sprache.php b/www-ssl/admin/sprache.php
index af5db2ba..404a3961 100755
--- a/www-ssl/admin/sprache.php
+++ b/www-ssl/admin/sprache.php
@@ -46,6 +46,7 @@ if( !isset( $_GET["TextID"] ) )
foreach( $Sprachen as $Name => $Value )
{
+ $Value = html_entity_decode( $Value, ENT_QUOTES);
echo "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Value</textarea></td>\n";
$Sprachen[ $Name ] = "";
}
@@ -87,6 +88,7 @@ else
{
$sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) ".
"VALUES ('". $_GET["TextID"]. "', '$k', '$v')";
+ echo $sql_save."<br>";
$Erg = mysql_query($sql_save, $con);
if ($Erg == 1)
echo "\t $k Save: OK<br>\n";
diff --git a/www-ssl/inc/secure.php b/www-ssl/inc/secure.php
index 687289fc..d6b5c512 100755
--- a/www-ssl/inc/secure.php
+++ b/www-ssl/inc/secure.php
@@ -7,9 +7,9 @@ if( $DEBUG)
foreach ($_GET as $k => $v)
{
- $v = htmlspecialchars($v);
- $v = mysql_escape_string($v);
-// $v = htmlentities($v);
+// $v = htmlspecialchars($v, ENT_QUOTES);
+// $v = mysql_escape_string($v);
+ $v = htmlentities($v, ENT_QUOTES);
if (preg_match('/([\'"`\'])/', $v, $match))
{
print "sorry get has illegal char '$match[1]'";
@@ -23,9 +23,9 @@ foreach ($_GET as $k => $v)
foreach ($_POST as $k => $v)
{
- $v = htmlspecialchars($v);
- $v = mysql_escape_string($v);
-// $v = htmlentities($v);
+// $v = htmlspecialchars($v, ENT_QUOTES);
+// $v = mysql_escape_string($v);
+ $v = htmlentities($v, ENT_QUOTES);
if (preg_match('/([\'"`\'])/', $v, $match)) {
print "sorry post has illegal char '$match[1]'";
exit;