Permalink
Browse files

only htmlspecialchars when post. fixes #452

  • Loading branch information...
claudehohl committed Oct 4, 2017
1 parent 6059120 commit 615119a496a5229cf59534c540f9ccafddb53520
@@ -426,7 +426,7 @@ function _form_prep($lang = false, $title = '', $paste = '', $reply = false)
$data['expire_set'] = $this->input->post('expire');
$data['private_set'] = $this->input->post('private');
$data['snipurl_set'] = $this->input->post('snipurl');
$data['paste_set'] = $this->input->post('code');
$data['paste_set'] = htmlspecialchars($this->input->post('code'));
$data['title_set'] = $this->input->post('title');
$data['reply'] = $this->input->post('reply');
$data['lang_set'] = $this->input->post('lang');
@@ -42,7 +42,7 @@
</div>
<div class="control-group">
<div class="controls">
<textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea>
<textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea>
</div>
</div>
@@ -47,7 +47,7 @@
<span class="instruction"><a href="#" id="enable_codemirror" data-lang-enablesynhl="<?php echo lang('paste_enablesynhl'); ?>" data-lang-disablesynhl="<?php echo lang('paste_disablesynhl'); ?>"></a></span>
</label>
<textarea id="code" name="code" cols="40" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea>
<textarea id="code" name="code" cols="40" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea>
</div>
<?php if($this->config->item('enable_captcha') && $this->session->userdata('is_human') === null){ ?>
@@ -43,7 +43,7 @@
<span class="instruction"><a href="#" id="enable_codemirror" data-lang-enablesynhl="<?php echo lang('paste_enablesynhl'); ?>" data-lang-disablesynhl="<?php echo lang('paste_disablesynhl'); ?>"></a></span>
</label>
<textarea id="code" name="code" cols="40" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea>
<textarea id="code" name="code" cols="40" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea>
</div>
@@ -49,7 +49,7 @@
</div>
<div class="control-group">
<div class="controls">
<textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea>
<textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea>
</div>
</div>
@@ -49,7 +49,7 @@
</div>
<div class="control-group">
<div class="controls">
<textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea>
<textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea>
</div>
</div>
@@ -48,7 +48,7 @@
</div>
<div class="control-group">
<div class="controls">
<textarea id="code" class="form-control" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea>
<textarea id="code" class="form-control" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea>
</div>
</div>

0 comments on commit 615119a

Please sign in to comment.