Permalink
Browse files

Don't use addslashes on data coming from form and don't use stripslas…

…hes on data coming from database
  • Loading branch information...
1 parent e1088a9 commit 4ae8c9aca1621a3da35f1bde340a0425ebe14005 gustav_delius committed Oct 7, 2006
Showing with 9 additions and 9 deletions.
  1. +6 −6 blog/edit.php
  2. +3 −3 blog/lib.php
View
@@ -115,8 +115,8 @@
$blogEntry = get_record('post','id',$editid);
//using an unformatted entry body here so that extra formatting information is not stored in the db
- $post->body = stripslashes_safe($blogEntry->summary);
- $post->etitle = stripslashes_safe($blogEntry->subject);
+ $post->body = $blogEntry->summary;
+ $post->etitle = $blogEntry->subject;
$post->postid = $editid;
$post->userid = $blogEntry->userid;
$post->format = $blogEntry->format;
@@ -194,8 +194,8 @@ function do_save($post) {
/// Write a blog entry into database
$blogEntry = new object;
- $blogEntry->subject = addslashes($post->etitle);
- $blogEntry->summary = addslashes($post->body);
+ $blogEntry->subject = $post->etitle;
+ $blogEntry->summary = $post->body;
$blogEntry->module = 'blog';
$blogEntry->userid = $USER->id;
$blogEntry->format = $post->format;
@@ -267,8 +267,8 @@ function do_update($post) {
// echo "id id ".$post->postid;
// print_object($blogentry); //debug
- $blogEntry->subject = addslashes($post->etitle);
- $blogEntry->summary = addslashes($post->body);
+ $blogEntry->subject = $post->etitle;
+ $blogEntry->summary = $post->body;
if ($blogEntry->summary == '<br />') {
$blogEntry->summary = '';
}
View
@@ -151,10 +151,10 @@ function blog_print_entry($blogEntry, $viewtype='full', $filtertype='', $filters
global $USER, $CFG, $course, $ME;
- $template['body'] = get_formatted_entry_body(stripslashes_safe($blogEntry->summary), $blogEntry->format);
+ $template['body'] = get_formatted_entry_body($blogEntry->summary, $blogEntry->format);
$template['title'] = '<a name="'. $blogEntry->subject .'"></a>';
//enclose the title in nolink tags so that moodle formatting doesn't autolink the text
- $template['title'] .= '<span class="nolink">'. stripslashes_safe($blogEntry->subject);
+ $template['title'] .= '<span class="nolink">'. $blogEntry->subject;
$template['title'] .= '</span>';
$template['userid'] = $blogEntry->userid;
$template['author'] = fullname(get_record('user','id',$blogEntry->userid));
@@ -339,7 +339,7 @@ function get_formatted_entry_body($body, $format) {
if ($format) {
return format_text($body, $format);
}
- return stripslashes_safe($body);
+ return $body;
}
/// Main filter function

0 comments on commit 4ae8c9a

Please sign in to comment.