* manage_custom_field_edit_page.php: use string_attribute() on string

variables (trying to keep those calls at the location where they are displayed so we don't accidentally do it twice or use it somewhere where it is uncertain whether it was escaped earlier) * manage_custom_field_page.php: use string_display() on string variables git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1894 f5dc347c-c33d-0410-90a0-b07cc1902cb9
mantisbt · Feb 17, 2003 · 51f52b6 · 51f52b6
1 parent 389889f
commit 51f52b6
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 11 deletions.
diff --git a/doc/ChangeLog b/doc/ChangeLog
@@ -1,5 +1,9 @@
 Mantis ChangeLog
 
+0.18.0??
+
+ * Fix: handle quotes and special characters in text fields in manage_custom_field_* pages
+
 2003.02.16  -  0.18.0a1
 
  This release contains literally hundreds, if not thousands, of changes.

diff --git a/manage_custom_field_edit_page.php b/manage_custom_field_edit_page.php
@@ -6,7 +6,7 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Id: manage_custom_field_edit_page.php,v 1.13 2003-02-16 23:16:32 vboctor Exp $
+	# $Id: manage_custom_field_edit_page.php,v 1.14 2003-02-17 00:29:47 jfitzell Exp $
 	# --------------------------------------------------------
 ?>
 <?php
@@ -30,7 +30,6 @@
 	print_manage_menu( 'manage_custom_field_edit_page.php' );
 
 	$t_definition = custom_field_get_definition( $f_field_id );
-	$t_definition['name'] = string_attribute( $t_definition['name'] );
 ?>
 <br />
 <div align="center">
@@ -49,7 +48,7 @@
 				<?php echo lang_get( 'custom_field_name' ) ?>
 			</td>
 			<td>
-				<input type="text" name="name" size="32" maxlength="64" value="<?php echo $t_definition['name'] ?>" />
+				<input type="text" name="name" size="32" maxlength="64" value="<?php echo string_attribute( $t_definition['name'] ) ?>" />
 			</td>
 		</tr>
 		<tr <?php echo helper_alternate_class() ?>>
@@ -67,23 +66,23 @@
 				<?php echo lang_get( 'custom_field_possible_values' ) ?>
 			</td>
 			<td>
-				<input type="text" name="possible_values" size="32" maxlength="255" value="<?php echo $t_definition['possible_values'] ?>" />
+				<input type="text" name="possible_values" size="32" maxlength="255" value="<?php echo string_attribute( $t_definition['possible_values'] ) ?>" />
 			</td>
 		</tr>
 		<tr <?php echo helper_alternate_class() ?>>
 			<td class="category">
 				<?php echo lang_get( 'custom_field_default_value' ) ?>
 			</td>
 			<td>
-				<input type="text" name="default_value" size="32" maxlength="255" value="<?php echo $t_definition['default_value'] ?>" />
+				<input type="text" name="default_value" size="32" maxlength="255" value="<?php echo string_attribute( $t_definition['default_value'] ) ?>" />
 			</td>
 		</tr>
 		<tr <?php echo helper_alternate_class() ?>>
 			<td class="category">
 				<?php echo lang_get( 'custom_field_valid_regexp' ) ?>
 			</td>
 			<td>
-				<input type="text" name="valid_regexp" size="32" maxlength="255" value="<?php echo $t_definition['valid_regexp'] ?>" />
+				<input type="text" name="valid_regexp" size="32" maxlength="255" value="<?php echo string_attribute( $t_definition['valid_regexp'] ) ?>" />
 			</td>
 		</tr>
 		<tr <?php echo helper_alternate_class() ?>>
@@ -145,7 +144,7 @@
 <div class="border-center">
 	<form method="post" action="manage_custom_field_delete.php">
 		<input type="hidden" name="field_id" value="<?php echo $f_field_id ?>" />
-		<input type="hidden" name="return" value="<?php echo $f_return ?>" />
+		<input type="hidden" name="return" value="<?php echo string_attribute( $f_return ) ?>" />
 		<input type="submit" value="<?php echo lang_get( 'delete_custom_field_button' ) ?>" />
 	</form>
 </div>

diff --git a/manage_custom_field_page.php b/manage_custom_field_page.php
@@ -6,7 +6,7 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Id: manage_custom_field_page.php,v 1.12 2003-02-16 13:20:04 jlatour Exp $
+	# $Id: manage_custom_field_page.php,v 1.13 2003-02-17 00:29:47 jfitzell Exp $
 	# --------------------------------------------------------
 ?>
 <?php
@@ -61,7 +61,7 @@
 	?>
 		<tr <?php echo helper_alternate_class() ?>>
 			<td>
-				<a href="manage_custom_field_edit_page.php?field_id=<?php echo $t_field_id ?>"><?php echo $t_desc['name'] ?></a>
+				<a href="manage_custom_field_edit_page.php?field_id=<?php echo $t_field_id ?>"><?php echo string_display( $t_desc['name'] ) ?></a>
 			</td>
 			<td>
 				<?php echo count( custom_field_get_project_ids( $t_field_id ) ) ?>
@@ -70,10 +70,10 @@
 				<?php echo get_enum_element( 'custom_field_type', $t_desc['type'] ) ?>
 			</td>
 			<td>
-				<?php echo $t_desc['possible_values'] ?>
+				<?php echo string_display( $t_desc['possible_values'] ) ?>
 			</td>
 			<td>
-				<?php echo $t_desc['default_value'] ?>
+				<?php echo string_display( $t_desc['default_value'] ) ?>
 			</td>
 			<td align="center">
 				<?php echo trans_bool( $t_desc['advanced'] ) ?>