mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-04-26 11:19:55 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixed #1701 escaped " ' " for album creation and edit

Browse source
This commit is contained in:
Matthieu Leproux 2022-09-26 14:47:42 +02:00
parent 4d81d28eca
commit d0e32547db
2 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

5
admin/cat_modify.php
View file

@ -106,7 +106,8 @@ if (isset($_POST['submit']))
$conf['allow_html_descriptions'] ?
@$_POST['comment'] : strip_tags(@$_POST['comment']),
);
$data['name'] = pwg_db_real_escape_string($data['name']);
if ($conf['activate_comments'])
{
$data['commentable'] = isset($_POST['commentable'])? 'true':'false';
@ -211,7 +212,7 @@ if (!empty($category['id_uppercat']))
$template->assign(
array(
'CATEGORIES_NAV' => preg_replace("# {2,}#"," ",preg_replace("#(\r\n|\n\r|\n|\r)#"," ",$navigation)),
'CATEGORIES_NAV' => preg_replace("# {2,}#"," ",preg_replace("#(\r\n|\n\r|\n|\r)#"," ",pwg_db_real_escape_string($navigation))),
'CAT_ID' => $category['id'],
'CAT_NAME' => @htmlspecialchars($category['name']),
'CAT_COMMENT' => @htmlspecialchars($category['comment']),

3
include/ws_functions/pwg.categories.php
View file

@ -647,7 +647,8 @@ function ws_categories_add($params, &$service)
// TODO do not strip tags if pwg_token is provided (and valid)
$options['comment'] = strip_tags($params['comment']);
}
$params['name'] = pwg_db_real_escape_string($params['name']);
$creation_output = create_virtual_category(
strip_tags($params['name']), // TODO do not strip tags if pwg_token is provided (and valid)
$params['parent'],