Found two other issues with the analyze script

s9y · Nov 26, 2014 · b15313c · b15313c
1 parent 5871c64
commit b15313c
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/serendipity_event_amazonchooser/Amazon_s9y_lib.php b/serendipity_event_amazonchooser/Amazon_s9y_lib.php
@@ -460,7 +460,7 @@ function Amazon_AttributesText ($SearchIndex,$items,$country_url) {
             case 'KindleStore':
                if (isset($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_AUTHOR'])) {
                   if (is_array($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_AUTHOR'])) {
-                     $item['strings']['author'] =  (function_exists('serendipity_specialchars') ? serendipity_specialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_AUTHOR'])) : htmlspecialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_AUTHOR'], ENT_COMPAT, LANG_CHARSET)));
+                     $item['strings']['author'] =  (function_exists('serendipity_specialchars') ? serendipity_specialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_AUTHOR'])) : htmlspecialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_AUTHOR']), ENT_COMPAT, LANG_CHARSET));
                   } else {
                      $item['strings']['author'] =  (function_exists('serendipity_specialchars') ? serendipity_specialchars($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_AUTHOR']) : htmlspecialchars($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_AUTHOR'], ENT_COMPAT, LANG_CHARSET));
                   }
@@ -481,7 +481,7 @@ function Amazon_AttributesText ($SearchIndex,$items,$country_url) {
             case 'DVD':
                if (isset($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ACTOR'])) {
                   if (is_array($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ACTOR'])) {
-                     $item['strings']['actor'] =  (function_exists('serendipity_specialchars') ? serendipity_specialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ACTOR'])) : htmlspecialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ACTOR'], ENT_COMPAT, LANG_CHARSET)));
+                     $item['strings']['actor'] =  (function_exists('serendipity_specialchars') ? serendipity_specialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ACTOR'])) : htmlspecialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ACTOR']), ENT_COMPAT, LANG_CHARSET));
                   } else {
                      $item['strings']['actor'] =  (function_exists('serendipity_specialchars') ? serendipity_specialchars($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ACTOR']) : htmlspecialchars($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ACTOR'], ENT_COMPAT, LANG_CHARSET));
                   }
@@ -504,7 +504,7 @@ function Amazon_AttributesText ($SearchIndex,$items,$country_url) {
             case 'MusicTracks':
                if (isset($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ARTIST'])) {
                   if (is_array($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ARTIST'])) {
-                     $item['strings']['artist'] =  (function_exists('serendipity_specialchars') ? serendipity_specialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ARTIST'])) : htmlspecialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ARTIST'], ENT_COMPAT, LANG_CHARSET)));
+                     $item['strings']['artist'] =  (function_exists('serendipity_specialchars') ? serendipity_specialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ARTIST'])) : htmlspecialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ARTIST']), ENT_COMPAT, LANG_CHARSET));
                   } else {
                      $item['strings']['artist']=   (function_exists('serendipity_specialchars') ? serendipity_specialchars($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ARTIST']) : htmlspecialchars($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ARTIST'], ENT_COMPAT, LANG_CHARSET));
                   }

diff --git a/serendipity_event_guestbook/serendipity_event_guestbook.php b/serendipity_event_guestbook/serendipity_event_guestbook.php
@@ -477,12 +477,12 @@ function strip_input($string) {
     function strip_security($parr = null, $keys = null, $single = false, $compare = true) {
         $authenticated_user = serendipity_userLoggedIn() ? true : false;
         if ($single) {
-            return $authenticated_user ? (function_exists('serendipity_specialchars') ? serendipity_specialchars($parr) : htmlspecialchars($parr, ENT_COMPAT, LANG_CHARSET)) : (function_exists('serendipity_specialchars') ? serendipity_specialchars(strip_tags($parr)) : htmlspecialchars(strip_tags($parr, ENT_COMPAT, LANG_CHARSET)));
+            return $authenticated_user ? (function_exists('serendipity_specialchars') ? serendipity_specialchars($parr) : htmlspecialchars($parr, ENT_COMPAT, LANG_CHARSET)) : (function_exists('serendipity_specialchars') ? serendipity_specialchars(strip_tags($parr)) : htmlspecialchars(strip_tags($parr), ENT_COMPAT, LANG_CHARSET));
         } else {
             foreach ($parr AS $k => $v) {
                 if (in_array($k, $keys)) {
                     $valuelength = strlen($v);
-                    $parrsec[$k] = $authenticated_user ? (function_exists('serendipity_specialchars') ? serendipity_specialchars($v) : htmlspecialchars($v, ENT_COMPAT, LANG_CHARSET)) : (function_exists('serendipity_specialchars') ? serendipity_specialchars(strip_tags($v)) : htmlspecialchars(strip_tags($v, ENT_COMPAT, LANG_CHARSET)));
+                    $parrsec[$k] = $authenticated_user ? (function_exists('serendipity_specialchars') ? serendipity_specialchars($v) : htmlspecialchars($v, ENT_COMPAT, LANG_CHARSET)) : (function_exists('serendipity_specialchars') ? serendipity_specialchars(strip_tags($v)) : htmlspecialchars(strip_tags($v), ENT_COMPAT, LANG_CHARSET));
                     if (!$authenticated_user && $compare && ($valuelength != strlen($parrsec[$k]))) {
                         $parrsec['stripped'] = true;
                         $parrsec['stripped-by-key'] = $k;