commit 049d438515b264816ae88ea515e8858467b2bc4e
parent 4d8675b123548e54469d7eb130e1f524e2b53f75
Author: dankert <devnull@localhost>
Date: Wed, 16 Sep 2009 00:48:47 +0200
Eingabe von Texten mit Zeilenumbrüchen, welches die Sicherheitsprüfung bisher ablehnte.
Diffstat:
2 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/actionClasses/Action.class.php b/actionClasses/Action.class.php
@@ -135,8 +135,18 @@ class Action
$value = $REQ[ $varName ];
return Text::clean($value,'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789.,_-');
+ case 'mail':
+ $value = $REQ[ $varName ];
+ return Text::clean($value,'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789._-@');
+
+ case 'full':
+
+ case 'text':
+ $value = $REQ[ $varName ];
+ return Text::clean($value,'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789:!"§$%&/()=?._- '.chr(10).chr(13));
+
case 'full':
- default:
+ default:
$value = $REQ[ $varName ];
$allowed = ' ';
for ($i = 40; $i <= 59; $i++) $allowed .= chr($i); // Zahlen
diff --git a/actionClasses/ElementAction.class.php b/actionClasses/ElementAction.class.php
@@ -575,9 +575,9 @@ class ElementAction extends Action
$this->element->subtype = $this->getRequestVar('subtype');
if ( $this->hasRequestVar('default_longtext'))
- $this->element->defaultText = $this->getRequestVar('default_longtext');
+ $this->element->defaultText = $this->getRequestVar('default_longtext','text');
else
- $this->element->defaultText = $this->getRequestVar('default_text');
+ $this->element->defaultText = $this->getRequestVar('default_text','alphanum');
$this->element->wiki = in_array('wiki',explode(',',$this->getRequestVar('format')));
$this->element->html = in_array('html',explode(',',$this->getRequestVar('format')));
$this->element->withIcon = $this->getRequestVar('with_icon') != '';
@@ -591,7 +591,7 @@ class ElementAction extends Action
if ( $this->hasRequestVar('select_items'))
$this->element->code = $this->getRequestVar('select_items');
else
- $this->element->code = $this->getRequestVar('code' );
+ $this->element->code = $this->getRequestVar('code' ,'raw');
if ( $this->hasRequestVar('name') )
$this->element->name = $this->getRequestVar('name');
@@ -600,7 +600,7 @@ class ElementAction extends Action
$this->element->setPrefix( $this->getRequestVar('linkelement') );
if ( $this->hasRequestVar('parameters'))
- $this->element->code = $this->getRequestVar('parameters');
+ $this->element->code = $this->getRequestVar('parameters','text');
// Html::debug($this->element);
$this->element->save();