CVS update: xoops2jp/html/include (xoops-cvslog 229) - XOOPS

Index: xoops2jp/html/include/comment_form.php
diff -u xoops2jp/html/include/comment_form.php:1.2.6.2.2.2 xoops2jp/html/include/comment_form.php:1.2.6.2.2.3

--- xoops2jp/html/include/comment_form.php:1.2.6.2.2.2	Thu Jun 30 00:16:19 2005
+++ xoops2jp/html/include/comment_form.php	Thu Jun 30 12:09:20 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: comment_form.php,v 1.2.6.2.2.2 2005/06/29 15:16:19 onokazu Exp $
+// $Id: comment_form.php,v 1.2.6.2.2.3 2005/06/30 03:09:20 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -105,12 +105,13 @@
 if ('system' != $xoopsModule->getVar('dirname')) {
     $comment_config = $xoopsModule->getInfo('comments');
     if (isset($comment_config['extraParams']) && is_array($comment_config['extraParams'])) {
+        $myts =& MyTextSanitizer::getInstance();
         foreach ($comment_config['extraParams'] as $extra_param) {
             // This routine is included from forms accessed via both GET and POST
             if (isset($_POST[$extra_param])) {
-                $hidden_value = $_POST[$extra_param];
+                $hidden_value = $myts->stripSlashesGPC($_POST[$extra_param]);
             } elseif (isset($_GET[$extra_param])) {
-                $hidden_value = $_GET[$extra_param];
+                $hidden_value = $myts->stripSlashesGPC($_GET[$extra_param]);
             } else {
                 $hidden_value = '';
             }
Index: xoops2jp/html/include/comment_post.php
diff -u xoops2jp/html/include/comment_post.php:1.2.6.3.2.1 xoops2jp/html/include/comment_post.php:1.2.6.3.2.2
--- xoops2jp/html/include/comment_post.php:1.2.6.3.2.1	Thu Jun 30 11:57:47 2005
+++ xoops2jp/html/include/comment_post.php	Thu Jun 30 12:09:20 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: comment_post.php,v 1.2.6.3.2.1 2005/06/30 02:57:47 onokazu Exp $
+// $Id: comment_post.php,v 1.2.6.3.2.2 2005/06/30 03:09:20 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -57,8 +57,9 @@
     $com_modid = $xoopsModule->getVar('mid');
     $redirect_page = $comment_config['pageName'].'?';
     if (isset($comment_config['extraParams']) && is_array($comment_config['extraParams'])) {
+        $myts =& MyTextSanitizer::getInstance();
         foreach ($comment_config['extraParams'] as $extra_param) {
-            $extra_params .= isset($_POST[$extra_param]) ? $extra_param.'='.$_POST[$extra_param].'&amp;' : $extra_param.'=&amp;';
+            $extra_params .= isset($_POST[$extra_param]) ? $extra_param.'='.$myts->stripSlashesGPC($_POST[$extra_param]).'&amp;' : $extra_param.'=&amp;';
         }
         $redirect_page .= $extra_params;
     }


XOOPS

[xoops-cvslog 229] CVS update: xoops2jp/html/include