Experimental branch: remove htmlspecialchars conversion from input to simplify usage of non ISO-8859-1 characters in translations as HTML-entities. Have to check for side effects...

9 years ago · 6605a64dca
parent 9c1a43b741
commit 6605a64dca
2 changed files with 10 additions and 10 deletions
--- a/collect_question.php
+++ b/collect_question.php
@ -29,10 +29,10 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){
                          // Wertzuweisung
                          $_SESSION ['values']['question']['t_id']=0; if($_POST["t_id"])$_SESSION ['values']['question']['t_id'] =abs(intval($_REQUEST["t_id"]));
                          $_SESSION ['values']['question']['qt']=0;if($_POST["qt"])$_SESSION ['values']['question']['qt'] =abs(intval($_REQUEST["qt"]));
-                          $_SESSION ['values']['question']['questionText']=''; if($_POST["questionText"])$_SESSION ['values']['question']['questionText']= htmlspecialchars($_REQUEST["questionText"], ENT_COMPAT | ENT_HTML401, $encoding); // Umwandlung von Sonderzeichen in HTML-Code
-                          $new=""; if($_REQUEST["new"])$new= htmlspecialchars($_POST["new"], ENT_COMPAT | ENT_HTML401, $encoding); // Umwandlung von Sonderzeichen in HTML-Code
+                          $_SESSION ['values']['question']['questionText']=''; if($_POST["questionText"])$_SESSION ['values']['question']['questionText']= $_REQUEST["questionText"];
+                          $new=""; if($_REQUEST["new"])$new= $_POST["new"];
                          $_SESSION ['values']['question']['description']=0; if($_POST["description"])$_SESSION ['values']['question']['description']=abs(intval($_POST["description"]));
-                          $_SESSION ['values']['question']['descriptionText']="";if($_POST["descriptionText"])$_SESSION ['values']['question']['descriptionText']=htmlspecialchars($_POST["descriptionText"], ENT_COMPAT | ENT_HTML401, $encoding);
+                          $_SESSION ['values']['question']['descriptionText']="";if($_POST["descriptionText"])$_SESSION ['values']['question']['descriptionText']=$_POST["descriptionText"];

                          // Session Variable setzen
                          $_SESSION ['values']['question']['new']=1;
@ -130,9 +130,9 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){

                // Wertzuweisung
                $qt_id=0; if(isset($_GET['qt_id'])) $qt_id=abs(intval($_GET['qt_id']));
-                $error=""; if(isset($_GET["error"])) $error= htmlspecialchars($_GET["error"], ENT_COMPAT | ENT_HTML401, $encoding); // Umwandlung von Sonderzeichen in HTML-Code
-                $new=""; if(isset($_GET['new'])) $new=htmlspecialchars($_GET['new'], ENT_COMPAT | ENT_HTML401, $encoding);
-                $questionText=""; if(isset($_REQUEST["questionText"])) $questionText= htmlspecialchars($_REQUEST["questionText"], ENT_COMPAT | ENT_HTML401, $encoding);
+                $error=""; if(isset($_GET["error"])) $error= $_GET["error"];
+                $new=""; if(isset($_GET['new'])) $new=$_GET['new'];
+                $questionText=""; if(isset($_REQUEST["questionText"])) $questionText= $_REQUEST["questionText"];

                // Sessionvariable setzen
                $_SESSION['values']['error']=$error;
--- a/topic.php
+++ b/topic.php
@ -51,7 +51,7 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){
                    // Wertzuweisung 
                    $questPerQuiz=0; if(isset($_REQUEST["questPerQuiz"]))$questPerQuiz =abs(intval($_REQUEST["questPerQuiz"]));
                    $rawToPass=0; if(isset($_REQUEST["rawToPass"]))$rawToPass =abs(intval($_REQUEST["rawToPass"]));
-                    $name=""; if(isset($_REQUEST["new_topic"]))$name= htmlspecialchars($_REQUEST["new_topic"], ENT_COMPAT | ENT_HTML401, $encoding); // Umwandlung von Sonderzeichen in HTML-Code
+                    $name=""; if(isset($_REQUEST["new_topic"]))$name= $_REQUEST["new_topic"];
  
                    $topics->setTopicName($name);
                    $checkNum=$topics->setNumOfQu($questPerQuiz);
@ -163,8 +163,8 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){
    case 'updateQuestion': { // Question updaten
    
                            // Wertzuweisung
-                            $questionText=""; if(isset($_REQUEST["question"]))$questionText= htmlspecialchars($_REQUEST["question"], ENT_COMPAT | ENT_HTML401, $encoding);
-                            $descriptionText=""; if(isset($_REQUEST["descriptionText"]))$descriptionText= htmlspecialchars($_REQUEST["descriptionText"], ENT_COMPAT | ENT_HTML401, $encoding);
+                            $questionText=""; if(isset($_REQUEST["question"]))$questionText= $_REQUEST["question"];
+                            $descriptionText=""; if(isset($_REQUEST["descriptionText"]))$descriptionText= $_REQUEST["descriptionText"];
                            $description=0; if(isset($_REQUEST["description"]))$description=$_REQUEST["description"];
                            
                            $question->setID($q_id);
@ -240,7 +240,7 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){
        case 'updateTopic':{ // Topic updaten
        
                            //Wertzuweisung
-                            $name=""; if(isset($_REQUEST["new_topic"]))$name= htmlspecialchars($_REQUEST["new_topic"], ENT_COMPAT | ENT_HTML401, $encoding); 
+                            $name=""; if(isset($_REQUEST["new_topic"]))$name= $_REQUEST["new_topic"]; 
                            $numofQuiz=0; if(isset($_REQUEST["questPerQuiz"]))$numOfQuiz =abs(intval($_REQUEST["questPerQuiz"]));
                            $rawToPass=0; if(isset($_REQUEST["rawToPass"])) $rawToPass =abs(intval($_REQUEST["rawToPass"]));