Make WordPress Core


Ignore:
Timestamp:
12/12/2004 08:41:19 PM (20 years ago)
Author:
saxmatt
Message:

Axing htmlspecialchars because it double-encodes-encodes. Better error handling around queries.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/link-categories.php

    r1818 r1940  
    2929          die (__("Cheatin' uh ?"));
    3030
    31       $cat_name = addslashes($_POST['cat_name']);
     31      $cat_name = wp_specialchars($_POST['cat_name']);
    3232      $auto_toggle = $_POST['auto_toggle'];
    3333      if ($auto_toggle != 'Y') {
     
    8080  case 'Delete':
    8181  {
    82     $cat_id = $_GET['cat_id'];
     82    $cat_id = (int) $_GET['cat_id'];
    8383    $cat_name=get_linkcatname($cat_id);
    8484
     
    9898  {
    9999    include_once ('admin-header.php');
    100     $cat_id = $_GET['cat_id'];
     100    $cat_id = (int) $_GET['cat_id'];
    101101    $row = $wpdb->get_row("SELECT cat_id, cat_name, auto_toggle, show_images, show_description, "
    102102         . " show_rating, show_updated, sort_order, sort_desc, text_before_link, text_after_link, "
     
    109109
    110110<div class="wrap">
    111   <h2>Edit &#8220;<?php echo htmlspecialchars($row->cat_name)?>&#8221; Category </h2>
     111  <h2>Edit &#8220;<?php echo wp_specialchars($row->cat_name)?>&#8221; Category </h2>
    112112
    113113  <form name="editcat" method="post">
     
    119119<tr>
    120120    <th width="33%" scope="row"><?php _e('Name:') ?></th>
    121     <td width="67%"><input name="cat_name" type="text" value="<?php echo htmlspecialchars($row->cat_name)?>" size="30" /></td>
     121    <td width="67%"><input name="cat_name" type="text" value="<?php echo wp_specialchars($row->cat_name)?>" size="30" /></td>
    122122</tr>
    123123<tr>
     
    177177<tr>
    178178    <th width="33%" scope="row"><?php _e('Before Link:') ?></th>
    179     <td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo htmlspecialchars($row->text_before_link)?>" /></td>
     179    <td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo wp_specialchars($row->text_before_link)?>" /></td>
    180180</tr>
    181181<tr>
    182182<th scope="row"><?php _e('Between Link and Description:') ?></th>
    183 <td><input type="text" name="text_after_link" size="45" value="<?php echo htmlspecialchars($row->text_after_link)?>" /></td>
     183<td><input type="text" name="text_after_link" size="45" value="<?php echo wp_specialchars($row->text_after_link)?>" /></td>
    184184</tr>
    185185<tr>
    186186<th scope="row"><?php _e('After Link:') ?></th>
    187 <td><input type="text" name="text_after_all" size="45" value="<?php echo htmlspecialchars($row->text_after_all)?>"/></td>
     187<td><input type="text" name="text_after_all" size="45" value="<?php echo wp_specialchars($row->text_after_all)?>"/></td>
    188188</tr>
    189189</table>
     
    205205    if (isset($submit)) {
    206206
    207     $cat_id=$_POST["cat_id"];
    208 
    209     $cat_name= $_POST["cat_name"];
     207    $cat_id = (int)$_POST["cat_id"];
     208
     209    $cat_name= wp_specialchars($_POST["cat_name"]);
    210210    $auto_toggle = $_POST["auto_toggle"];
    211211    if ($auto_toggle != 'Y') {
     
    311311?>
    312312              <tr valign="middle" align="center" <?php echo $style ?> style="border-bottom: 1px dotted #9C9A9C;">
    313                 <td><?php echo htmlspecialchars($row->cat_name)?></td>
     313                <td><?php echo wp_specialchars($row->cat_name)?></td>
    314314                <td ><?php echo $row->cat_id?></td>
    315315                <td><?php echo $row->auto_toggle?></td>
Note: See TracChangeset for help on using the changeset viewer.