From: Roland Häder Date: Sun, 1 Nov 2009 13:57:54 +0000 (+0000) Subject: secureString() does now no longer encode in entities by default, XHTML fixes, missing... X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=commitdiff_plain;h=a561ee57ede150edcf7fe57924ab0e60454aa642 secureString() does now no longer encode in entities by default, XHTML fixes, missing language string fixed --- diff --git a/inc/libs/security_functions.php b/inc/libs/security_functions.php index c42280607d..a1f6813269 100644 --- a/inc/libs/security_functions.php +++ b/inc/libs/security_functions.php @@ -51,15 +51,20 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { * @param $strip Strip tags * @return $str A (hopefully) secured string against XSS and other bad things */ -function secureString ($str, $strip=true) { +function secureString ($str, $strip = true, $encode = false) { // Shall we strip HTML code? if ($strip === true) $str = strip_tags($str); // Trim string $str = trim($str); - // Encode in entities - $str = htmlentities($str, ENT_QUOTES); + // Encode in entities if requested + if ($encode === true) { + // Encode in entities (this breakes UTF-8!) + $str = htmlentities($str, ENT_QUOTES); + } // END - if + + // Return result return $str; } @@ -71,17 +76,17 @@ ini_set('magic_quotes_gpc', false); // This may not work on some systems if (!isset($_SERVER)) { global $_SERVER; $_SERVER = $GLOBALS['_SERVER']; -} +} // END - if if (!isset($_GET)) { global $_GET; $_GET = $GLOBALS['_GET']; -} +} // END - if if (!isset($_POST)) { global $_POST; $_POST = $GLOBALS['_POST']; -} +} // END - if // Include IP-Filter here //require("/usr/share/php/ipfilter.php"); @@ -89,7 +94,7 @@ if (!isset($_POST)) { // Generate arrays which holds the relevante chars to replace $GLOBALS['security_chars'] = array( // The chars we are looking for... - 'from' => array('{', '}', '/', '.', "'", "$", '(', ')', '{--', '--}', '{?', '?}', '%', ';', '[', ']', ':', '--'), + 'from' => array('{', '}', '/', '.', "'", '$', '(', ')', '{--', '--}', '{?', '?}', '%', ';', '[', ']', ':', '--'), // ... and we will replace to. 'to' => array( '{OPEN_ANCHOR2}', diff --git a/inc/modules/member/what-unconfirmed.php b/inc/modules/member/what-unconfirmed.php index 5c1a4d6583..9632ab6f43 100644 --- a/inc/modules/member/what-unconfirmed.php +++ b/inc/modules/member/what-unconfirmed.php @@ -68,7 +68,7 @@ LIMIT 1", $content['category'] = getCategory($content['cat_id']); $content['points'] = translateComma($content['points']); $content['is_notify'] = translateYesNo($content['is_notify']); - $content['sender'] = getMessage('_ADMIN_SHORT'); + $content['sender'] = getMessage('USERNAME_ADMIN_SHORT'); $content['time'] = createFancyTime($content['time']); $content['userid'] = getUserId(); @@ -197,7 +197,7 @@ LIMIT 1", $sender = bigintval($sender); } elseif ($type == 'bonusid') { // Is admin - $sender = getMessage('_ADMIN_SHORT'); + $sender = getMessage('USERNAME_ADMIN_SHORT'); } else { // Deleted $sender = getMessage('EMAIL_STATUS_DELETED'); diff --git a/templates/de/html/theme/theme_one.tpl b/templates/de/html/theme/theme_one.tpl index 11bff0301c..070abdbccb 100644 --- a/templates/de/html/theme/theme_one.tpl +++ b/templates/de/html/theme/theme_one.tpl @@ -1,5 +1,5 @@ {--CURR_THEME_IS_1--} -
-
$content
-
+
+ $content +
{--CURR_THEME_IS_2--} diff --git a/templates/de/html/theme/theme_select_box.tpl b/templates/de/html/theme/theme_select_box.tpl index 704d93be6d..a2fd10785d 100644 --- a/templates/de/html/theme/theme_select_box.tpl +++ b/templates/de/html/theme/theme_select_box.tpl @@ -1,7 +1,5 @@ - - - - -
- $content -
+
+
+ $content +
+