Skip to content
Browse files

cleaned text from forms

  • Loading branch information...
1 parent f54d5ea commit 2c9f5a3a00f167a8dd9fb91d9745497f13756960 skodak committed
Showing with 22 additions and 22 deletions.
  1. +8 −8 mod/dialogue/dialogues.php
  2. +14 −14 mod/dialogue/locallib.php
View
16 mod/dialogue/dialogues.php
@@ -1,4 +1,4 @@
-<?PHP // $Id$
+<?php // $Id$
/*************************************************
ACTIONS handled are:
@@ -104,9 +104,9 @@
print_heading(get_string("addsubject", "dialogue"));
echo "<form name=\"getsubjectform\" method=\"post\" action=\"dialogues.php\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"updatesubject\">\n";
- echo "<input type=\"hidden\" name=\"id\" value=\"$_GET[id]\">\n";
- echo "<input type=\"hidden\" name=\"cid\" value=\"$_GET[cid]\">\n";
- echo "<input type=\"hidden\" name=\"pane\" value=\"$_GET[pane]\">\n";
+ echo "<input type=\"hidden\" name=\"id\" value=\"".p($_GET[id])."\">\n";
+ echo "<input type=\"hidden\" name=\"cid\" value=\"".p($_GET[cid])."\">\n";
+ echo "<input type=\"hidden\" name=\"pane\" value=\"".p($_GET[pane])."\">\n";
echo "<center><table border=\"1\" width=\"60%\">\n";
echo "<tr><td align=\"right\"><b>".get_string("subject", "dialogue")."</b></td>";
echo "<td><input type=\"text\" size=\"50\" maxsize=\"100\" name=\"subject\"
@@ -138,7 +138,7 @@
$item->timecreated = time();
// reverse the dialogue mail default
$item->mailed = !$dialogue->maildefault;
- $item->text = $_POST[$textarea_name];
+ $item->text = clean_text($_POST[$textarea_name]);
if (!$item->id = insert_record("dialogue_entries", $item)) {
error("Insert Entries: Could not insert dialogue record!");
}
@@ -210,7 +210,7 @@
$conversation->recipientid = $recipient->id;
$conversation->lastid = $USER->id; // this USER is adding an entry too
$conversation->timemodified = time();
- $conversation->subject = $_POST['subject']; // may be blank
+ $conversation->subject = clean_text($_POST['subject']); // may be blank
if (!$conversation->id = insert_record("dialogue_conversations", $conversation)) {
error("Open dialogue: Could not insert dialogue record!");
}
@@ -224,7 +224,7 @@
$entry->timecreated = time();
// reverse the dialogue default value
$entry->mailed = !$dialogue->maildefault;
- $entry->text = $_POST['firstentry'];
+ $entry->text = clean_text($_POST['firstentry']);
if (!$entry->id = insert_record("dialogue_entries", $entry)) {
error("Insert Entries: Could not insert dialogue record!");
}
@@ -295,7 +295,7 @@
if (!$_POST['subject']) {
redirect("view.php?id=$cm->id&pane=$_POST[pane]", get_string("nosubject", "dialogue"));
- } elseif (!set_field("dialogue_conversations", "subject", $_POST['subject'], "id", $_POST['cid'])) {
+ } elseif (!set_field("dialogue_conversations", "subject", clean_text($_POST['subject']), "id", $_POST['cid'])) {
error("Update subject: could not update conversation record");
}
redirect("view.php?id=$cm->id&pane=$_POST[pane]", get_string("subjectadded", "dialogue"));
View
28 mod/dialogue/locallib.php
@@ -1,4 +1,4 @@
-<?PHP // $Id$
+<?php // $Id$
/// Library of extra functions for the dialogue module
@@ -328,7 +328,7 @@ function dialogue_list_conversations_closed($dialogue) {
$status = get_string("open", "dialogue");
}
$table->data[] = array("<a href=\"dialogues.php?id=$cm->id&action=showdialogues&cid=$conversation->id\">".
- "$name</a>", $conversation->subject, $byuser." ".get_string("of", "dialogue")." ".$total,
+ "$name</a>", clean_text($conversation->subject), $byuser." ".get_string("of", "dialogue")." ".$total,
userdate($conversation->timemodified), $status);
}
print_table($table);
@@ -389,7 +389,7 @@ function dialogue_list_conversations_other($dialogue) {
$status = get_string("notyetseen", "dialogue");
}
$table->data[] = array("<a href=\"dialogues.php?id=$cm->id&action=printdialogue&cid=$conversation->id\">".
- "$name</a>", $conversation->subject, $byuser." ".get_string("of", "dialogue")." ".$total,
+ "$name</a>", clean_text($conversation->subject), $byuser." ".get_string("of", "dialogue")." ".$total,
userdate($conversation->timemodified), $status);
}
print_table($table);
@@ -448,7 +448,7 @@ function dialogue_list_conversations_self($dialogue) {
// print_user_picture($user->id, $course->id, $user->picture);
echo "<b>".get_string("dialoguewith", "dialogue", fullname($otheruser)).
"</b></td>";
- echo "<td bgcolor=\"$THEME->cellheading2\"><i>$conversation->subject&nbsp;</i><br />\n";
+ echo "<td bgcolor=\"$THEME->cellheading2\"><i>".clean_text($conversation->subject)."&nbsp;</i><br />\n";
echo "<div align=\"right\">\n";
if (!$conversation->subject) {
// conversation does not have a subject, show add subject link
@@ -473,14 +473,14 @@ function dialogue_list_conversations_self($dialogue) {
if ($entry->userid == $USER->id) {
echo "<tr><td colspan=\"2\" bgcolor=\"#FFFFFF\">\n";
echo text_to_html("<font size=\"1\">".get_string("onyouwrote", "dialogue",
- userdate($entry->timecreated)).":</font><br />".$entry->text);
+ userdate($entry->timecreated)).":</font><br />".clean_text($entry->text));
echo "</td></tr>\n";
}
else {
echo "<tr><td colspan=\"2\" bgcolor=\"$THEME->body\">\n";
echo text_to_html("<font size=\"1\">".get_string("onwrote", "dialogue",
userdate($entry->timecreated)." ".$otheruser->firstname).
- ":</font><br />".$entry->text);
+ ":</font><br />".clean_text($entry->text));
echo "</td></tr>\n";
}
}
@@ -552,7 +552,7 @@ function dialogue_print_conversation($dialogue, $conversation) {
// print_user_picture($user->id, $course->id, $user->picture);
echo "<b>".get_string("dialoguewith", "dialogue", fullname($otheruser)).
"</b></td>";
- echo "<td bgcolor=\"$THEME->cellheading2\"><i>$conversation->subject&nbsp;</i><br />\n";
+ echo "<td bgcolor=\"$THEME->cellheading2\"><i>".clean_text($conversation->subject)."&nbsp;</i><br />\n";
echo "<div align=\"right\">\n";
if (!$conversation->subject) {
// conversation does not have a subject, show add subject link
@@ -571,13 +571,13 @@ function dialogue_print_conversation($dialogue, $conversation) {
if ($entry->userid == $USER->id) {
echo "<tr><td colspan=\"2\" bgcolor=\"#FFFFFF\">\n";
echo text_to_html("<font size=\"1\">".get_string("onyouwrote", "dialogue",
- userdate($entry->timecreated)).":</font><br />".$entry->text);
+ userdate($entry->timecreated)).":</font><br />".clean_text($entry->text));
}
else {
echo "<tr><td colspan=\"2\" bgcolor=\"$THEME->body\">\n";
echo text_to_html("<font size=\"1\">".get_string("onwrote", "dialogue",
userdate($entry->timecreated)." ".$otheruser->firstname).":</font><br />".
- $entry->text);
+ clean_text($entry->text));
}
}
echo "</td></tr>\n";
@@ -720,7 +720,7 @@ function dialogue_show_conversation($dialogue, $conversation) {
// print_user_picture($user->id, $course->id, $user->picture);
echo "<b>".get_string("dialoguewith", "dialogue", fullname($otheruser)).
"</b></td>";
- echo "<td bgcolor=\"$THEME->cellheading2\" valign=\"top\"><i>$conversation->subject&nbsp;</i></td></tr>";
+ echo "<td bgcolor=\"$THEME->cellheading2\" valign=\"top\"><i>".clean_text($conversation->subject)."&nbsp;</i></td></tr>";
if ($entries = get_records_select("dialogue_entries", "conversationid = $conversation->id", "id")) {
foreach ($entries as $entry) {
@@ -728,13 +728,13 @@ function dialogue_show_conversation($dialogue, $conversation) {
echo "<tr><td colspan=\"2\" bgcolor=\"#FFFFFF\">\n";
echo text_to_html("<font size=\"1\">".get_string("onyouwrote", "dialogue",
userdate($entry->timecreated)).
- ":</font><br />".$entry->text);
+ ":</font><br />".clean_text($entry->text));
echo "</td></tr>\n";
}
else {
echo "<tr><td colspan=\"2\" bgcolor=\"$THEME->body\">\n";
echo text_to_html("<font size=\"1\">".get_string("onwrote", "dialogue",
- userdate($entry->timecreated)." ".$otheruser->firstname).":</font><br />".$entry->text);
+ userdate($entry->timecreated)." ".$otheruser->firstname).":</font><br />".clean_text($entry->text));
echo "</td></tr>\n";
}
}
@@ -797,14 +797,14 @@ function dialogue_show_other_conversations($dialogue, $conversation) {
if ($entry->userid == $user->id) {
echo "<tr><td colspan=\"2\" bgcolor=\"#FFFFFF\">\n";
echo text_to_html("<font size=\"1\">".get_string("onyouwrote", "dialogue",
- userdate($entry->timecreated)).":</font><br />".$entry->text);
+ userdate($entry->timecreated)).":</font><br />".clean_text($entry->text));
echo "</td></tr>\n";
}
else {
echo "<tr><td colspan=\"2\" bgcolor=\"$THEME->body\">\n";
echo text_to_html("<font size=\"1\">".get_string("onwrote", "dialogue",
userdate($entry->timecreated)." ".$otheruser->firstname).
- ":</font><br />".$entry->text);
+ ":</font><br />".clean_text($entry->text));
echo "</td></tr>\n";
}
}

0 comments on commit 2c9f5a3

Please sign in to comment.
Something went wrong with that request. Please try again.