From a561ee57ede150edcf7fe57924ab0e60454aa642 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Roland=20H=C3=A4der?= <roland@mxchange.org>
Date: Sun, 1 Nov 2009 13:57:54 +0000
Subject: [PATCH] secureString() does now no longer encode in entities by
default, XHTML fixes, missing language string fixed
---
inc/libs/security_functions.php | 19 ++++++++++++-------
inc/modules/member/what-unconfirmed.php | 4 ++--
templates/de/html/theme/theme_one.tpl | 6 +++---
templates/de/html/theme/theme_select_box.tpl | 12 +++++-------
4 files changed, 22 insertions(+), 19 deletions(-)
diff --git a/inc/libs/security_functions.php b/inc/libs/security_functions.php
index c42280607d..a1f6813269 100644
--- a/inc/libs/security_functions.php
+++ b/inc/libs/security_functions.php
@@ -51,15 +51,20 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
* @param $strip Strip tags
* @return $str A (hopefully) secured string against XSS and other bad things
*/
-function secureString ($str, $strip=true) {
+function secureString ($str, $strip = true, $encode = false) {
// Shall we strip HTML code?
if ($strip === true) $str = strip_tags($str);
// Trim string
$str = trim($str);
- // Encode in entities
- $str = htmlentities($str, ENT_QUOTES);
+ // Encode in entities if requested
+ if ($encode === true) {
+ // Encode in entities (this breakes UTF-8!)
+ $str = htmlentities($str, ENT_QUOTES);
+ } // END - if
+
+ // Return result
return $str;
}
@@ -71,17 +76,17 @@ ini_set('magic_quotes_gpc', false); // This may not work on some systems
if (!isset($_SERVER)) {
global $_SERVER;
$_SERVER = $GLOBALS['_SERVER'];
-}
+} // END - if
if (!isset($_GET)) {
global $_GET;
$_GET = $GLOBALS['_GET'];
-}
+} // END - if
if (!isset($_POST)) {
global $_POST;
$_POST = $GLOBALS['_POST'];
-}
+} // END - if
// Include IP-Filter here
//require("/usr/share/php/ipfilter.php");
@@ -89,7 +94,7 @@ if (!isset($_POST)) {
// Generate arrays which holds the relevante chars to replace
$GLOBALS['security_chars'] = array(
// The chars we are looking for...
- 'from' => array('{', '}', '/', '.', "'", "$", '(', ')', '{--', '--}', '{?', '?}', '%', ';', '[', ']', ':', '--'),
+ 'from' => array('{', '}', '/', '.', "'", '$', '(', ')', '{--', '--}', '{?', '?}', '%', ';', '[', ']', ':', '--'),
// ... and we will replace to.
'to' => array(
'{OPEN_ANCHOR2}',
diff --git a/inc/modules/member/what-unconfirmed.php b/inc/modules/member/what-unconfirmed.php
index 5c1a4d6583..9632ab6f43 100644
--- a/inc/modules/member/what-unconfirmed.php
+++ b/inc/modules/member/what-unconfirmed.php
@@ -68,7 +68,7 @@ LIMIT 1",
$content['category'] = getCategory($content['cat_id']);
$content['points'] = translateComma($content['points']);
$content['is_notify'] = translateYesNo($content['is_notify']);
- $content['sender'] = getMessage('_ADMIN_SHORT');
+ $content['sender'] = getMessage('USERNAME_ADMIN_SHORT');
$content['time'] = createFancyTime($content['time']);
$content['userid'] = getUserId();
@@ -197,7 +197,7 @@ LIMIT 1",
$sender = bigintval($sender);
} elseif ($type == 'bonusid') {
// Is admin
- $sender = getMessage('_ADMIN_SHORT');
+ $sender = getMessage('USERNAME_ADMIN_SHORT');
} else {
// Deleted
$sender = getMessage('EMAIL_STATUS_DELETED');
diff --git a/templates/de/html/theme/theme_one.tpl b/templates/de/html/theme/theme_one.tpl
index 11bff0301c..070abdbccb 100644
--- a/templates/de/html/theme/theme_one.tpl
+++ b/templates/de/html/theme/theme_one.tpl
@@ -1,5 +1,5 @@
{--CURR_THEME_IS_1--}
-<br />
-<div class="theme_note">$content</div>
-<br />
+<div class="theme_note">
+ $content
+</div>
{--CURR_THEME_IS_2--}
diff --git a/templates/de/html/theme/theme_select_box.tpl b/templates/de/html/theme/theme_select_box.tpl
index 704d93be6d..a2fd10785d 100644
--- a/templates/de/html/theme/theme_select_box.tpl
+++ b/templates/de/html/theme/theme_select_box.tpl
@@ -1,7 +1,5 @@
-<table border="0" cellspacing="0" cellpadding="0" class="theme_box">
- <tr>
- <td align="center" class="theme_content">
- $content
- </td>
- </tr>
-</table>
+<div class="theme_box">
+ <div align="center" class="theme_content">
+ $content
+ </div>
+</div>
--
2.39.5