From 95db8ea4cb7834151ca1c878984e5b6214457104 Mon Sep 17 00:00:00 2001
From: Tim Repke <timmothey@gmx.de>
Date: Thu, 15 Oct 2015 00:04:30 +0200
Subject: [PATCH] fixed trollable comment field through admin edit
---
registration-system/admin/pages_list.php | 8 ++++----
registration-system/frameworks/environment.php | 10 +++++-----
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/registration-system/admin/pages_list.php b/registration-system/admin/pages_list.php
index f419a39..9d01cec 100644
--- a/registration-system/admin/pages_list.php
+++ b/registration-system/admin/pages_list.php
@@ -18,7 +18,7 @@ $ecols = [
"abtyp" => function($d){ return $d; },
"anday" => function($d){ return date('Y-m-d', DateTime::createFromFormat('d.m.Y',$d)->getTimestamp()); },
"abday" => function($d){ return date('Y-m-d', DateTime::createFromFormat('d.m.Y',$d)->getTimestamp()); },
- "comment" => function($d){ return $d; },
+ "comment" => function($d){ return htmlspecialchars($d, ENT_QUOTES); },
"studityp"=> function($d){ return $d; },
"virgin" => function($d){ return (($d=="Nein") ? 1 : 0); }, // nein zu 18+ heißt ja zu virgin => 1
"public" => function($d){ return $d; },
@@ -260,9 +260,9 @@ END;
$people = $admin_db->select('bachelor',$columns, array("fahrt_id"=>$config_current_fahrt_id));
foreach($people as $person) {
$text .= "<tr>"; //".((explode(',',$columnFunctions['PaidReBack']($person))[2]==0) ? "" : "class='list-backstepped'")."
- foreach($columnFunctions as $key => $value)
- {
- $text .= "<td class='".$key.((explode(',',$columnFunctions['PaidReBack']($person))[2]==0) ? '' : ' list-backstepped')."'>".$value($person)."</td>";
+ foreach($columnFunctions as $key => $value) {
+ $text .= "<td class='".$key.((explode(',',$columnFunctions['PaidReBack']($person))[2]==0) ? '' :
+ ' list-backstepped')."'>".$value($person)."</td>";
}
$text .= "</tr>";
}
diff --git a/registration-system/frameworks/environment.php b/registration-system/frameworks/environment.php
index d0a1171..6c9faf3 100644
--- a/registration-system/frameworks/environment.php
+++ b/registration-system/frameworks/environment.php
@@ -1,10 +1,10 @@
<?php
-require __DIR__.'/../config.inc.php';
-require __DIR__.'/../lang.php';
-require 'medoo.php';
-require 'commons.php';
-require 'soft_protect.php';
+require_once __DIR__.'/../config.inc.php';
+require_once __DIR__.'/../lang.php';
+require_once 'medoo.php';
+require_once 'commons.php';
+require_once 'soft_protect.php';
class Environment {
--
GitLab