Changeset 1487 for trunk

Timestamp:

Jul 21, 2006, 3:44:22 PM (18 years ago)

Author:

nikrou

Message:

bug 471 fixed: quote in tags

Location:

trunk

Files:

• admin/tags.php (modified) (5 diffs)
• include/functions.inc.php (modified) (1 diff)

trunk/admin/tags.php

@@ -150 +150 @@
 if (isset($_POST['add']) and !empty($_POST['add_tag']))
 {
-  if (function_exists('mysql_real_escape_string'))
-  {
-    $tag_name = mysql_real_escape_string($_POST['add_tag']);
-  }
-  else
-  {
-    $tag_name = mysql_escape_string($_POST['add_tag']);
-  }
+  $tag_name = $_POST['add_tag'];
 
   // does the tag already exists?
@@ -163 +156 @@
 SELECT id
   FROM '.TAGS_TABLE.'
-  WHERE name = \''.$tag_name.'\'
+  WHERE name = \''.pwg_quotemeta($tag_name).'\'
 ;';
   $existing_tags = array_from_query($query, 'id');
@@ -174 +167 @@
       array(
         array(
-          'name' => $tag_name,
+          'name' => pwg_quotemeta($tag_name),
           'url_name' => str2url($tag_name),
           )
@@ -184 +177 @@
       sprintf(
         l10n('Tag "%s" was added'),
-        $tag_name
+        pwg_stripslashes($tag_name)
         )
       );
@@ -194 +187 @@
       sprintf(
         l10n('Tag "%s" already exists'),
-        $tag_name
+        pwg_stripslashes($tag_name)
         )
       );

trunk/include/functions.inc.php

@@ -461 +461 @@
 }
 
+function pwg_stripslashes($value) 
+{
+  if (get_magic_quotes_gpc())
+  {
+    $value = stripslashes($value);
+  }
+  return $value;
+}
+
+function pwg_addslashes($value) 
+{
+  if (!get_magic_quotes_gpc())
+  {
+    $value = addslashes($value);
+  }
+  return $value;
+}
+
+function pwg_quotemeta($value) 
+{
+  if (get_magic_quotes_gpc()) {
+    $value = stripslashes($value);
+  }
+  if (function_exists('mysql_real_escape_string'))
+  {
+    $value = mysql_real_escape_string($value);
+  }
+  else
+  {
+    $value = mysql_escape_string($value);
+  }
+  return $value;
+}
+
 function pwg_query($query)
 {