Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

- Removed stripslashes(). See http://lists.drupal.org/pipermail/drupal-devel/2003-February/022233.html. Patch by Ax.

4.2.x
Dries Buytaert 2003-02-26 22:02:46 +00:00
parent f44fe74058
commit 8ae2520965
3 changed files with 9 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
includes/common.inc
View File

@ -340,8 +340,6 @@ function search_form($action = 0, $query = 0, $options = 0) {
function search_data() { function search_data() {
global $keys, $edit; global $keys, $edit;
$keys = check_input($keys);
if (isset($keys)) { if (isset($keys)) {
foreach (module_list() as $name) { foreach (module_list() as $name) {
if (module_hook($name, "search") && (!$edit["type"] || $edit["type"][$name]) && ($result = module_invoke($name, "search", check_query($keys)))) { if (module_hook($name, "search") && (!$edit["type"] || $edit["type"][$name]) && ($result = module_invoke($name, "search", check_query($keys)))) {
@ -451,15 +449,15 @@ function referer_load() {
} }
function check_form($text) { function check_form($text) {
return htmlspecialchars(stripslashes($text)); return htmlspecialchars($text);
} }
function check_query($text) { function check_query($text) {
return addslashes(stripslashes($text)); return addslashes($text);
} }
function check_input($text) { function check_input($text) {
return addslashes(stripslashes($text)); return addslashes($text);
} }
function filter($text) { function filter($text) {
@ -511,8 +509,6 @@ function check_output($text) {
// temporary: for development purpose // temporary: for development purpose
$text = rewrite_old_urls($text); $text = rewrite_old_urls($text);
$text = stripslashes($text);
if (strip_tags($text, "<a><i><b><u><tt><code><cite><strong><img>") == $text) { if (strip_tags($text, "<a><i><b><u><tt><code><cite><strong><img>") == $text) {
$text = nl2br($text); $text = nl2br($text);
} }

20
modules/book.module
View File

@ -200,12 +200,6 @@ function book_form(&$node, &$help, &$error) {
$output = form_select(t("Parent"), "parent", $node->parent, book_toc(), t("The parent subject or category the page belongs in.")); $output = form_select(t("Parent"), "parent", $node->parent, book_toc(), t("The parent subject or category the page belongs in."));
if ($node->format) {
if ($op != t("Preview")) {
$node->body = addslashes($node->body);
}
}
if (function_exists("taxonomy_node_form")) { if (function_exists("taxonomy_node_form")) {
$output .= implode("", taxonomy_node_form("book", $node)); $output .= implode("", taxonomy_node_form("book", $node));
} }
@ -341,17 +335,9 @@ function book_body($node) {
global $op; global $op;
if ($node->format == 1) { if ($node->format == 1) {
/* // Make sure only authorized users can preview PHP pages.
** Make sure only authorized users can preview PHP pages. if ($op == t("Preview") && !user_access("create php content")) {
*/ return;
if ($op == t("Preview")) {
if (user_access("create php content")) {
$node->body = stripslashes($node->body); // see also book_form()
}
else {
return;
}
} }
ob_start(); ob_start();

20
modules/book/book.module
View File

@ -200,12 +200,6 @@ function book_form(&$node, &$help, &$error) {
$output = form_select(t("Parent"), "parent", $node->parent, book_toc(), t("The parent subject or category the page belongs in.")); $output = form_select(t("Parent"), "parent", $node->parent, book_toc(), t("The parent subject or category the page belongs in."));
if ($node->format) {
if ($op != t("Preview")) {
$node->body = addslashes($node->body);
}
}
if (function_exists("taxonomy_node_form")) { if (function_exists("taxonomy_node_form")) {
$output .= implode("", taxonomy_node_form("book", $node)); $output .= implode("", taxonomy_node_form("book", $node));
} }
@ -341,17 +335,9 @@ function book_body($node) {
global $op; global $op;
if ($node->format == 1) { if ($node->format == 1) {
/* // Make sure only authorized users can preview PHP pages.
** Make sure only authorized users can preview PHP pages. if ($op == t("Preview") && !user_access("create php content")) {
*/ return;
if ($op == t("Preview")) {
if (user_access("create php content")) {
$node->body = stripslashes($node->body); // see also book_form()
}
else {
return;
}
} }
ob_start(); ob_start();