From c49056ed7f2e6d3e3cb1bbd8f4406b8ef90ebaa8 Mon Sep 17 00:00:00 2001 From: Isaac Flores Date: Mon, 18 May 2009 21:16:59 +0200 Subject: [PATCH] [svn r20801] minor - logic changes - replace COURSEMANAGER by COURSEMANAGERLOWSECURITY in message tool - (partial FS#3909) --- main/messages/inbox.php | 2 +- main/messages/send_message.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/main/messages/inbox.php b/main/messages/inbox.php index 747a3a2747..72b504f6aa 100755 --- a/main/messages/inbox.php +++ b/main/messages/inbox.php @@ -99,7 +99,7 @@ if (isset($_GET['form_reply']) || isset($_GET['form_delete'])) { $title = api_convert_encoding(urldecode($info_reply[0]),'UTF-8',$charset); $content = api_convert_encoding(str_replace("\\","",urldecode($info_reply[1])),'UTF-8',$charset); $title = Security::remove_XSS($title); - $content = Security::remove_XSS($content,COURSEMANAGER); + $content = Security::remove_XSS($content,COURSEMANAGERLOWSECURITY); $user_reply= $info_reply[2]; $user_email_base=str_replace(')','(',$info_reply[5]); diff --git a/main/messages/send_message.php b/main/messages/send_message.php index cf3fe639c4..e892909b19 100755 --- a/main/messages/send_message.php +++ b/main/messages/send_message.php @@ -37,7 +37,7 @@ if (api_is_anonymous()) { $user_id=intval($_POST['user_id']); $panel_id=intval($_POST['panel_id']); -$content_message=Security::remove_XSS($_POST['txt_content'],COURSEMANAGER); //check this is filtered on output +$content_message=Security::remove_XSS($_POST['txt_content'],COURSEMANAGERLOWSECURITY); //check this is filtered on output $subject_message=Security::remove_XSS($_POST['txt_subject']); //check this is filtered on output $user_info=array(); $user_info=api_get_user_info($user_id);