Changeset 28343 for extensions
- Timestamp:
- May 4, 2014, 4:00:55 PM (10 years ago)
- Location:
- extensions/ContactForm
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/ContactForm/admin/config.php
r25872 r28343 25 25 'cf_must_initialize' => false, 26 26 'cf_menu_link' => isset($_POST['cf_menu_link']), 27 'cf_subject_prefix' => trim($_POST['cf_subject_prefix']),28 'cf_default_subject' => trim($_POST['cf_default_subject']),27 'cf_subject_prefix' => stripslashes(trim($_POST['cf_subject_prefix'])), 28 'cf_default_subject' => stripslashes(trim($_POST['cf_default_subject'])), 29 29 'cf_allow_guest' => isset($_POST['cf_allow_guest']), 30 30 'cf_mandatory_mail' => isset($_POST['cf_mandatory_mail']), … … 36 36 $conf['ContactForm_after'] = $_POST['cf_after']; 37 37 38 conf_update_param('ContactForm', serialize($conf['ContactForm']));38 conf_update_param('ContactForm', pwg_db_real_escape_string(serialize($conf['ContactForm']))); 39 39 conf_update_param('ContactForm_before', $conf['ContactForm_before']); 40 40 conf_update_param('ContactForm_after', $conf['ContactForm_after']); -
extensions/ContactForm/admin/template/config.tpl
r25872 r28343 58 58 <li> 59 59 <label> 60 <input type="text" name="cf_default_subject" value="{$cf_default_subject }" size="50">60 <input type="text" name="cf_default_subject" value="{$cf_default_subject|escape:html}" size="50"> 61 61 {'Default e-mail subject'|translate} ({'can be translated with LocalFiles Editor plugin'|translate}) 62 62 </label> … … 64 64 <li> 65 65 <label> 66 <input type="text" name="cf_subject_prefix" value="{$cf_subject_prefix }" size="50">66 <input type="text" name="cf_subject_prefix" value="{$cf_subject_prefix|escape:html}" size="50"> 67 67 {'Prefix of the sent e-mail subject'|translate} ({'you can use "%gallery_title%"'|translate}) 68 68 </label> -
extensions/ContactForm/maintain.inc.php
r26057 r28343 95 95 // save config 96 96 $conf['ContactForm'] = serialize($new_conf); 97 conf_update_param('ContactForm', $conf['ContactForm']);97 conf_update_param('ContactForm', pwg_db_real_escape_string($conf['ContactForm'])); 98 98 } 99 99
Note: See TracChangeset
for help on using the changeset viewer.