From 1d219f5c776b1ce403586f0458881e5a05940454 Mon Sep 17 00:00:00 2001 From: cookie Date: Wed, 9 Nov 2005 16:05:28 +0000 Subject: funktion_schichtplan_Tage.php: endlosscheliede bei nur einer schicht secure.php: filterung noict komplett git-svn-id: svn://svn.cccv.de/engel-system@28 29ba0400-6e00-0410-a75a-ca02368028f8 --- www-ssl/inc/funktion_schichtplan_Tage.php | 15 +++++++++------ www-ssl/inc/secure.php | 2 +- 2 files changed, 10 insertions(+), 7 deletions(-) (limited to 'www-ssl') diff --git a/www-ssl/inc/funktion_schichtplan_Tage.php b/www-ssl/inc/funktion_schichtplan_Tage.php index 14ae53a9..abbbddc4 100755 --- a/www-ssl/inc/funktion_schichtplan_Tage.php +++ b/www-ssl/inc/funktion_schichtplan_Tage.php @@ -55,12 +55,15 @@ do "WHERE ( (`DateS` like '$DateS%') AND NOT (`DateE` like '%00:00:00'))"; $Erg2 = mysql_query($SQL2, $con); $DateE = substr(mysql_result($Erg2, 0 , 0), 0,10); - - while( $DateS != $DateE) - { - $DateS = DatumUm1TagErhoehen( $DateS); - $VeranstaltungsTage[$Pos++] = $DateS; - } + + if( strlen($DateE) == 0) + $DateE = $DateS; + else + while( $DateS != $DateE) + { + $DateS = DatumUm1TagErhoehen( $DateS); + $VeranstaltungsTage[$Pos++] = $DateS; + } //suchen den nästen eintrag $SQL = "SELECT `DateS` FROM `Shifts` ". diff --git a/www-ssl/inc/secure.php b/www-ssl/inc/secure.php index ed3a514b..687289fc 100755 --- a/www-ssl/inc/secure.php +++ b/www-ssl/inc/secure.php @@ -10,7 +10,7 @@ foreach ($_GET as $k => $v) $v = htmlspecialchars($v); $v = mysql_escape_string($v); // $v = htmlentities($v); - if (preg_match('/([\"`])/', $v, $match)) + if (preg_match('/([\'"`\'])/', $v, $match)) { print "sorry get has illegal char '$match[1]'"; exit; -- cgit v1.2.3-54-g00ecf