diff --git a/include/functions.inc b/include/functions.inc
index 9935be3..847bb3a 100644
--- a/include/functions.inc
+++ b/include/functions.inc
@@ -1,13 +1,17 @@
$message"; }
function warn($message) { echo format_warn($message); }
function real_clean($var) { return mysql_real_escape_string($var); }
@@ -473,10 +475,10 @@ function fetch_user($user) {
}
function invalid_input($in) {
if (!empty($in['email']) && strlen($in['email']) && !is_emailable_address($in['email'])) {
- return "'".clean($in['email'])."' does not look like a valid email address";
+ return "'". hsc($in['email']) ."' does not look like a valid email address";
}
if (!empty($in['username']) && !preg_match("/^[-\w]+\$/",$in['username'])) {
- return "'".clean($in['username'])."' is not a valid username";
+ return "'". hsc($in['username']) ."' is not a valid username";
}
if (!empty($in['rawpasswd']) && $in['rawpasswd'] != $in['rawpasswd2']) {
return "the passwords you specified did not match!";
diff --git a/include/login.inc b/include/login.inc
index efe54c3..af286e3 100644
--- a/include/login.inc
+++ b/include/login.inc
@@ -35,10 +35,10 @@ if (!$cuser || !$cpw || !verify_password($cuser,$cpw)) {
// IS_DEV was 1 or 0 until 22 Feb 2012. It's now a @php.net username hint.
$cuser = '';
if (isset($_COOKIE['IS_DEV']) && !is_numeric($_COOKIE['IS_DEV'])) {
- $cuser = clean($_COOKIE['IS_DEV']);
+ $cuser = hsc($_COOKIE['IS_DEV']);
} else {
if (!empty($_POST['user'])) {
- $cuser = clean($_POST['user']);
+ $cuser = hsc($_POST['user']);
}
}
?>
@@ -58,7 +58,7 @@ if (!$cuser || !$cpw || !verify_password($cuser,$cpw)) {
| Password: |
-
+ |
Forgot your password?
diff --git a/manage/challenge-response.php b/manage/challenge-response.php
index d49c7c9..90c1a3c 100644
--- a/manage/challenge-response.php
+++ b/manage/challenge-response.php
@@ -63,9 +63,9 @@ function sort_by_domain($a, $b)
$bgcolor = ($i & 1) ? '#eeeeee' : '#ffffff';
?>
|
- |
- |
- @ |
+ |
+ |
+ @ |
' . hscr($_REQUEST['keyword']) . '';
+ $search_heading = 'Search results for ' . hsc($_REQUEST['keyword']) . '';
$section = real_clean(str_replace('*', '%', substr($_REQUEST['keyword'], 5)));
$sql .= "note.sect LIKE '$section' GROUP BY note.id ORDER BY note.sect, note.ts LIMIT $limit, 10";
} else {
- $search_heading = 'Search results for ' . hscr($_REQUEST['keyword']) . '';
+ $search_heading = 'Search results for ' . hsc($_REQUEST['keyword']) . '';
$sql .= "note.note LIKE '%" . real_clean($_REQUEST['keyword']) . "%' GROUP BY note.id LIMIT $limit, 10";
}
} else {
@@ -149,7 +149,7 @@
"(hostip >= $start AND hostip <= $end) OR (ip >= $start AND ip <= $end)");
$resultCount = mysql_fetch_assoc($resultCount);
$resultCount = $resultCount['total_votes'];
- $isSearch = '&votessearch=' . hscr($search);
+ $isSearch = '&votessearch=' . hsc($search);
$sql = "SELECT votes.id, UNIX_TIMESTAMP(votes.ts) AS ts, votes.vote, votes.note_id, note.sect, votes.hostip, votes.ip ".
"FROM votes ".
"JOIN(note) ON (votes.note_id = note.id) ".
@@ -161,7 +161,7 @@
$resultCount = db_query("SELECT count(votes.id) AS total_votes FROM votes JOIN(note) ON (votes.note_id = note.id) WHERE hostip = $searchip OR ip = $searchip");
$resultCount = mysql_fetch_assoc($resultCount);
$resultCount = $resultCount['total_votes'];
- $isSearch = '&votessearch=' . hscr(long2ip($searchip));
+ $isSearch = '&votessearch=' . hsc(long2ip($searchip));
$sql = "SELECT votes.id, UNIX_TIMESTAMP(votes.ts) AS ts, votes.vote, votes.note_id, note.sect, votes.hostip, votes.ip ".
"FROM votes ".
"JOIN(note) ON (votes.note_id = note.id) ".
@@ -172,7 +172,7 @@
$resultCount = db_query("SELECT count(votes.id) AS total_votes FROM votes JOIN(note) ON (votes.note_id = note.id) WHERE votes.note_id = $search");
$resultCount = mysql_fetch_assoc($resultCount);
$resultCount = $resultCount['total_votes'];
- $isSearch = '&votessearch=' . hscr($search);
+ $isSearch = '&votessearch=' . hsc($search);
$sql = "SELECT votes.id, UNIX_TIMESTAMP(votes.ts) AS ts, votes.vote, votes.note_id, note.sect, votes.hostip, votes.ip ".
"FROM votes ".
"JOIN(note) ON (votes.note_id = note.id) ".
@@ -322,7 +322,7 @@
} elseif(!empty($votes_by_ip)) {
$from = date('Y-m-d H:i:s', $row['from']);
$to = date('Y-m-d H:i:s', $row['to']);
- $ip = hscr($row['ip']);
+ $ip = hsc($row['ip']);
echo " \n".
" | $ip | \n".
" {$row['votes']} | \n".
@@ -334,12 +334,12 @@
} else {
echo "",clean_note($row['note']),
"
",date("d-M-Y h:i",$row['ts'])," ",
- hscr($row['user']),"
",
+ hsc($row['user']),"
",
"Note id: $id
\n",
"http://php.net/manual/en/{$row['sect']}.php#{$id}
\n",
"Edit Note
";
foreach ($note_del_reasons AS $reason => $text) {
- echo '', 'Delete Note: ', hscr($text), "
\n";
+ echo '', 'Delete Note: ', hsc($text), "
\n";
}
echo "Delete Note: other reason
",
"Reject Note",
@@ -354,17 +354,17 @@
"\n".
"\n".
"".
"\n";
}
echo "
\n";
}
/* This is a special table only used for viewing top IPs by votes */
@@ -452,16 +452,16 @@
} else {
$step = 2;
$msg = "Are you sure to change section of $count note(s)";
- $msg .= (!empty($_REQUEST["ids"]) ? " with IDs " . hscr($_REQUEST['ids']) . "" : "");
- $msg .= (!empty($_REQUEST["old_sect"]) ? " from section " . hscr($_REQUEST['old_sect']) . "" : "");
- $msg .= " to section " . hscr($_REQUEST['new_sect']) . "?";
+ $msg .= (!empty($_REQUEST["ids"]) ? " with IDs " . hsc($_REQUEST['ids']) . "" : "");
+ $msg .= (!empty($_REQUEST["old_sect"]) ? " from section " . hsc($_REQUEST['old_sect']) . "" : "");
+ $msg .= " to section " . hsc($_REQUEST['new_sect']) . "?";
echo "$msg
\n";
?>
| Current section: |
- " size="30" maxlength="80" /> (filename without extension) |
+ " size="30" maxlength="80" /> (filename without extension) |
| Notes IDs: |
- " size="30" maxlength="80" /> (comma separated list) |
+ " size="30" maxlength="80" /> (comma separated list) |
| Move to section: |
- " size="30" maxlength="80" /> |
+ " size="30" maxlength="80" /> |
|
@@ -595,7 +595,7 @@
if ($action == "preview") {
echo " ",clean_note($note),
"
",date("d-M-Y h:i",$row['ts'])," ",
- hscr($email)," ";
+ hsc($email),"";
}
?>
|