Changeset 1058 for trunk/upload.php

Timestamp:

Feb 28, 2006, 2:13:16 AM (18 years ago)

Author:

rvelices

Message:

remake of Remote sites and synchronize: final integration and old code cleanup

fix: xml getAttribute always decodes html entities and added encodeAttribute
function

File:

• trunk/upload.php (modified) (3 diffs)

trunk/upload.php

@@ -3 +3 @@
 // | PhpWebGallery - a PHP based picture gallery                           |
 // | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
-// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
+// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net |
 // +-----------------------------------------------------------------------+
 // | branch        : BSF (Best So Far)
@@ -126 +126 @@
   $page['cat_name']       = $result['name'];
   $page['cat_uploadable'] = $result['uploadable'];
-  if ($page['cat_site_id'] != 1 or !$page['cat_uploadable'])
+  if ( url_is_remote($page['cat_dir']) or !$page['cat_uploadable'])
   {
     echo '<div style="text-align:center;">'.$lang['upload_forbidden'].'<br />';
@@ -183 +183 @@
   //        date_creation="2004-08-14" name="" />
   $xml_infos = '<infos';
-  $xml_infos.= ' author="'.htmlspecialchars($_POST['author'],ENT_QUOTES).'"';
-  $xml_infos.= ' comment="'.htmlspecialchars($_POST['comment'],ENT_QUOTES).'"';
-  $xml_infos.= ' date_creation="'.$date_creation.'"';
-  $xml_infos.= ' name="'.htmlspecialchars( $_POST['name'], ENT_QUOTES).'"';
+  $xml_infos.= encodeAttribute('author', $_POST['author']);
+  $xml_infos.= encodeAttribute('comment', $_POST['comment']);
+  $xml_infos.= encodeAttribute('date_creation', $date_creation);
+  $xml_infos.= encodeAttribute('name', $_POST['name']);
   $xml_infos.= ' />';