From 9da69ce25b0c7e24bccd90a596f7f55793d54b91 Mon Sep 17 00:00:00 2001 From: Cristian Fasanando Date: Thu, 14 May 2009 22:23:56 +0200 Subject: [PATCH] [svn r20659] Fixed bug when you add a comment and add an image with the FCKeditor, the image is not displayed - partial FS#4207 --- main/blog/blog.php | 4 ++-- main/inc/introductionSection.inc.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/main/blog/blog.php b/main/blog/blog.php index 23f653d826..5de2ed7b7e 100644 --- a/main/blog/blog.php +++ b/main/blog/blog.php @@ -78,8 +78,8 @@ $current_page = $_GET['action']; $safe_post_title = Security::remove_XSS($_POST['post_title']); $safe_post_file_comment = Security::remove_XSS($_POST['post_file_comment']); -$safe_post_full_text = Security::remove_XSS($_POST['post_full_text']); -$safe_comment_text = Security::remove_XSS($_POST['comment_text']); +$safe_post_full_text = Security::remove_XSS(stripslashes(api_html_entity_decode($_POST['post_full_text'])), COURSEMANAGER); +$safe_comment_text = Security::remove_XSS(stripslashes(api_html_entity_decode($_POST['comment_text'])), COURSEMANAGER); $safe_comment_title = Security::remove_XSS($_POST['comment_title']); $safe_task_name = Security::remove_XSS($_POST['task_name']); $safe_task_description = Security::remove_XSS($_POST['task_description']); diff --git a/main/inc/introductionSection.inc.php b/main/inc/introductionSection.inc.php index ca15ae6cd9..5c0f507b32 100644 --- a/main/inc/introductionSection.inc.php +++ b/main/inc/introductionSection.inc.php @@ -63,7 +63,7 @@ if ($intro_editAllowed) { if ( $form->validate()) { $form_values = $form->exportValues(); - $intro_content = $form_values['intro_content']; + $intro_content = Security::remove_XSS(stripslashes(api_html_entity_decode($form_values['intro_content'])), COURSEMANAGER); if ( ! empty($intro_content) ) { $sql = "REPLACE $TBL_INTRODUCTION SET id='$moduleId',intro_text='".Database::escape_string($intro_content)."'";