Skip to content

Commit

Permalink
bug 471 fixed: quote in tags
Browse files Browse the repository at this point in the history 
git-svn-id: http://piwigo.org/svn/trunk@1487 68402e56-0260-453c-a942-63ccdbb3a9ee
  • Loading branch information
nikrou committed Jul 21, 2006
1 parent d44aa8a commit de1ff24
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 12 deletions.
17 changes: 5 additions & 12 deletions admin/tags.php
View file
Expand Up @@ -149,20 +149,13 @@

if (isset($_POST['add']) and !empty($_POST['add_tag']))
{
if (function_exists('mysql_real_escape_string'))
{
$tag_name = mysql_real_escape_string($_POST['add_tag']);
}
else
{
$tag_name = mysql_escape_string($_POST['add_tag']);
}
$tag_name = $_POST['add_tag'];

// does the tag already exists?
$query = '
SELECT id
FROM '.TAGS_TABLE.'
WHERE name = \''.$tag_name.'\'
WHERE name = \''.pwg_quotemeta($tag_name).'\'
;';
$existing_tags = array_from_query($query, 'id');

Expand All @@ -173,7 +166,7 @@
array('name', 'url_name'),
array(
array(
'name' => $tag_name,
'name' => pwg_quotemeta($tag_name),
'url_name' => str2url($tag_name),
)
)
Expand All @@ -183,7 +176,7 @@
$page['infos'],
sprintf(
l10n('Tag "%s" was added'),
$tag_name
pwg_stripslashes($tag_name)
)
);
}
Expand All @@ -193,7 +186,7 @@
$page['errors'],
sprintf(
l10n('Tag "%s" already exists'),
$tag_name
pwg_stripslashes($tag_name)
)
);
}
Expand Down
34 changes: 34 additions & 0 deletions include/functions.inc.php
View file
Expand Up @@ -460,6 +460,40 @@ function format_date($date, $type = 'us', $show_time = false)
return $formated_date;
}

function pwg_stripslashes($value)
{
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
return $value;
}

function pwg_addslashes($value)
{
if (!get_magic_quotes_gpc())
{
$value = addslashes($value);
}
return $value;
}

function pwg_quotemeta($value)
{
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if (function_exists('mysql_real_escape_string'))
{
$value = mysql_real_escape_string($value);
}
else
{
$value = mysql_escape_string($value);
}
return $value;
}

function pwg_query($query)
{
global $conf,$page,$debug,$t2;
Expand Down

0 comments on commit de1ff24

Please sign in to comment.