diff options
author | rvelices <rv-github@modusoptimus.com> | 2006-02-28 01:13:16 +0000 |
---|---|---|
committer | rvelices <rv-github@modusoptimus.com> | 2006-02-28 01:13:16 +0000 |
commit | 4cd5b05d406a9820a0523ac26f254f4ce4fd5147 (patch) | |
tree | b47f717b8fe3bc3e8a3357b112e22cea96bf9188 /upload.php | |
parent | d4646f39d2259d4b4ba619b8f2b8aa61f9be74b5 (diff) |
remake of Remote sites and synchronize: final integration and old code cleanup
fix: xml getAttribute always decodes html entities and added encodeAttribute
function
git-svn-id: http://piwigo.org/svn/trunk@1058 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | upload.php | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/upload.php b/upload.php index a3fb0e576..ea06794bf 100644 --- a/upload.php +++ b/upload.php @@ -2,7 +2,7 @@ // +-----------------------------------------------------------------------+ // | PhpWebGallery - a PHP based picture gallery | // | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net | -// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net | +// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net | // +-----------------------------------------------------------------------+ // | branch : BSF (Best So Far) // | file : $RCSfile$ @@ -125,7 +125,7 @@ if (isset($page['cat'])) $page['cat_site_id'] = $result['site_id']; $page['cat_name'] = $result['name']; $page['cat_uploadable'] = $result['uploadable']; - if ($page['cat_site_id'] != 1 or !$page['cat_uploadable']) + if ( url_is_remote($page['cat_dir']) or !$page['cat_uploadable']) { echo '<div style="text-align:center;">'.$lang['upload_forbidden'].'<br />'; echo '<a href="./category.php">'; @@ -182,10 +182,10 @@ if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) ) // <infos author="Pierrick LE GALL" comment="my comment" // date_creation="2004-08-14" name="" /> $xml_infos = '<infos'; - $xml_infos.= ' author="'.htmlspecialchars($_POST['author'],ENT_QUOTES).'"'; - $xml_infos.= ' comment="'.htmlspecialchars($_POST['comment'],ENT_QUOTES).'"'; - $xml_infos.= ' date_creation="'.$date_creation.'"'; - $xml_infos.= ' name="'.htmlspecialchars( $_POST['name'], ENT_QUOTES).'"'; + $xml_infos.= encodeAttribute('author', $_POST['author']); + $xml_infos.= encodeAttribute('comment', $_POST['comment']); + $xml_infos.= encodeAttribute('date_creation', $date_creation); + $xml_infos.= encodeAttribute('name', $_POST['name']); $xml_infos.= ' />'; if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) ) |