mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 05:50:42 +02:00
Code Issues Releases Wiki Activity

[ticket/12202] Apply htmlspecialchars to style.cfg data

Browse Source 
PHPBB3-12202
This commit is contained in:
Nathan Guse
2014-03-09 11:26:06 -05:00
parent 00f8fe24d2
commit f2d3879da4
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
phpBB/includes/functions.php
View File

@@ -3367,8 +3367,8 @@ function parse_cfg_file($filename, $lines = false)
} }
// Determine first occurrence, since in values the equal sign is allowed // Determine first occurrence, since in values the equal sign is allowed
$key = strtolower(trim(substr($line, 0, $delim_pos))); $key = htmlspecialchars(strtolower(trim(substr($line, 0, $delim_pos))));
$value = trim(substr($line, $delim_pos + 1)); $value = htmlspecialchars(trim(substr($line, $delim_pos + 1)));
if (in_array($value, array('off', 'false', '0'))) if (in_array($value, array('off', 'false', '0')))
{ {
@@ -3384,7 +3384,7 @@ function parse_cfg_file($filename, $lines = false)
} }
else if (($value[0] == "'" && $value[sizeof($value) - 1] == "'") || ($value[0] == '"' && $value[sizeof($value) - 1] == '"')) else if (($value[0] == "'" && $value[sizeof($value) - 1] == "'") || ($value[0] == '"' && $value[sizeof($value) - 1] == '"'))
{ {
$value = substr($value, 1, sizeof($value)-2); $value = htmlspecialchars(substr($value, 1, sizeof($value)-2));
} }
$parsed_items[$key] = $value; $parsed_items[$key] = $value;