From 445c109b0d73a971263a94f3e2ef00969eec8137 Mon Sep 17 00:00:00 2001 From: John Bintz Date: Wed, 25 Nov 2009 16:49:47 -0500 Subject: [PATCH 1/2] FS#139 --- comicpress_manager_library.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/comicpress_manager_library.php b/comicpress_manager_library.php index 55e8202..f5299cf 100644 --- a/comicpress_manager_library.php +++ b/comicpress_manager_library.php @@ -238,8 +238,9 @@ function generate_post_hash($filename_date, $filename_converted_title) { $override_title = $_POST['override-title-to-use']; $tags = $_POST['tags']; if (get_magic_quotes_gpc()) { - $override_title = stripslashes($override_title); - $tags = stripslashes($tags); + foreach (array('override_title', 'tags', 'post_content') as $field) { + ${$field} = stripslashes(${$field}); + } } $post_title = !empty($override_title) ? $override_title : $filename_converted_title; @@ -326,7 +327,7 @@ function cpm_read_comics_folder() { if ($glob_results === false) { //$cpm_config->messages[] = "FYI: glob({$cpm_config->path}/*) returned false. This can happen on some PHP installations if you have no files in your comic directory. This message will disappear once you upload a comic to your site."; - return array(); + return array(); } $filtered_glob_results = array(); From 3833bf0cb0351dac9e218938b3f3e0318421170f Mon Sep 17 00:00:00 2001 From: John Bintz Date: Mon, 14 Dec 2009 21:56:18 -0500 Subject: [PATCH 2/2] stripslashes: --- actions/comicpress_update-cpm-config.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/actions/comicpress_update-cpm-config.php b/actions/comicpress_update-cpm-config.php index 14952ce..25a94c7 100644 --- a/actions/comicpress_update-cpm-config.php +++ b/actions/comicpress_update-cpm-config.php @@ -17,10 +17,10 @@ function cpm_action_update_cpm_config() { $validate_function_name = "cpm_validate_cpm_option_" . str_replace("-", "_", $option_info['id']); $ok = true; if (function_exists($validate_function_name)) { - $ok = call_user_func($validate_function_name, $_POST[$option_info['id']]); + $ok = call_user_func($validate_function_name, stripslashes($_POST[$option_info['id']])); } - if ($ok) { - $target_update_options[$target_key] = $_POST[$option_info['id']]; + if ($ok) { + $target_update_options[$target_key] = stripslashes($_POST[$option_info['id']]); } else { $target_update_options[$target_key] = $option_info['default']; update_option($target_key, $option_info['default']);