Experimental branch: remove htmlspecialchars conversion from input to simplify usage of non ISO-8859-1 characters in translations as HTML-entities. Have to check for side effects...

This commit is contained in:
Bernhard Fröhlich 2015-09-02 23:11:58 +02:00
parent 9c1a43b741
commit 6605a64dca
2 changed files with 10 additions and 10 deletions

View file

@ -29,10 +29,10 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){
// Wertzuweisung // Wertzuweisung
$_SESSION ['values']['question']['t_id']=0; if($_POST["t_id"])$_SESSION ['values']['question']['t_id'] =abs(intval($_REQUEST["t_id"])); $_SESSION ['values']['question']['t_id']=0; if($_POST["t_id"])$_SESSION ['values']['question']['t_id'] =abs(intval($_REQUEST["t_id"]));
$_SESSION ['values']['question']['qt']=0;if($_POST["qt"])$_SESSION ['values']['question']['qt'] =abs(intval($_REQUEST["qt"])); $_SESSION ['values']['question']['qt']=0;if($_POST["qt"])$_SESSION ['values']['question']['qt'] =abs(intval($_REQUEST["qt"]));
$_SESSION ['values']['question']['questionText']=''; if($_POST["questionText"])$_SESSION ['values']['question']['questionText']= htmlspecialchars($_REQUEST["questionText"], ENT_COMPAT | ENT_HTML401, $encoding); // Umwandlung von Sonderzeichen in HTML-Code $_SESSION ['values']['question']['questionText']=''; if($_POST["questionText"])$_SESSION ['values']['question']['questionText']= $_REQUEST["questionText"];
$new=""; if($_REQUEST["new"])$new= htmlspecialchars($_POST["new"], ENT_COMPAT | ENT_HTML401, $encoding); // Umwandlung von Sonderzeichen in HTML-Code $new=""; if($_REQUEST["new"])$new= $_POST["new"];
$_SESSION ['values']['question']['description']=0; if($_POST["description"])$_SESSION ['values']['question']['description']=abs(intval($_POST["description"])); $_SESSION ['values']['question']['description']=0; if($_POST["description"])$_SESSION ['values']['question']['description']=abs(intval($_POST["description"]));
$_SESSION ['values']['question']['descriptionText']="";if($_POST["descriptionText"])$_SESSION ['values']['question']['descriptionText']=htmlspecialchars($_POST["descriptionText"], ENT_COMPAT | ENT_HTML401, $encoding); $_SESSION ['values']['question']['descriptionText']="";if($_POST["descriptionText"])$_SESSION ['values']['question']['descriptionText']=$_POST["descriptionText"];
// Session Variable setzen // Session Variable setzen
$_SESSION ['values']['question']['new']=1; $_SESSION ['values']['question']['new']=1;
@ -130,9 +130,9 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){
// Wertzuweisung // Wertzuweisung
$qt_id=0; if(isset($_GET['qt_id'])) $qt_id=abs(intval($_GET['qt_id'])); $qt_id=0; if(isset($_GET['qt_id'])) $qt_id=abs(intval($_GET['qt_id']));
$error=""; if(isset($_GET["error"])) $error= htmlspecialchars($_GET["error"], ENT_COMPAT | ENT_HTML401, $encoding); // Umwandlung von Sonderzeichen in HTML-Code $error=""; if(isset($_GET["error"])) $error= $_GET["error"];
$new=""; if(isset($_GET['new'])) $new=htmlspecialchars($_GET['new'], ENT_COMPAT | ENT_HTML401, $encoding); $new=""; if(isset($_GET['new'])) $new=$_GET['new'];
$questionText=""; if(isset($_REQUEST["questionText"])) $questionText= htmlspecialchars($_REQUEST["questionText"], ENT_COMPAT | ENT_HTML401, $encoding); $questionText=""; if(isset($_REQUEST["questionText"])) $questionText= $_REQUEST["questionText"];
// Sessionvariable setzen // Sessionvariable setzen
$_SESSION['values']['error']=$error; $_SESSION['values']['error']=$error;

View file

@ -51,7 +51,7 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){
// Wertzuweisung // Wertzuweisung
$questPerQuiz=0; if(isset($_REQUEST["questPerQuiz"]))$questPerQuiz =abs(intval($_REQUEST["questPerQuiz"])); $questPerQuiz=0; if(isset($_REQUEST["questPerQuiz"]))$questPerQuiz =abs(intval($_REQUEST["questPerQuiz"]));
$rawToPass=0; if(isset($_REQUEST["rawToPass"]))$rawToPass =abs(intval($_REQUEST["rawToPass"])); $rawToPass=0; if(isset($_REQUEST["rawToPass"]))$rawToPass =abs(intval($_REQUEST["rawToPass"]));
$name=""; if(isset($_REQUEST["new_topic"]))$name= htmlspecialchars($_REQUEST["new_topic"], ENT_COMPAT | ENT_HTML401, $encoding); // Umwandlung von Sonderzeichen in HTML-Code $name=""; if(isset($_REQUEST["new_topic"]))$name= $_REQUEST["new_topic"];
$topics->setTopicName($name); $topics->setTopicName($name);
$checkNum=$topics->setNumOfQu($questPerQuiz); $checkNum=$topics->setNumOfQu($questPerQuiz);
@ -163,8 +163,8 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){
case 'updateQuestion': { // Question updaten case 'updateQuestion': { // Question updaten
// Wertzuweisung // Wertzuweisung
$questionText=""; if(isset($_REQUEST["question"]))$questionText= htmlspecialchars($_REQUEST["question"], ENT_COMPAT | ENT_HTML401, $encoding); $questionText=""; if(isset($_REQUEST["question"]))$questionText= $_REQUEST["question"];
$descriptionText=""; if(isset($_REQUEST["descriptionText"]))$descriptionText= htmlspecialchars($_REQUEST["descriptionText"], ENT_COMPAT | ENT_HTML401, $encoding); $descriptionText=""; if(isset($_REQUEST["descriptionText"]))$descriptionText= $_REQUEST["descriptionText"];
$description=0; if(isset($_REQUEST["description"]))$description=$_REQUEST["description"]; $description=0; if(isset($_REQUEST["description"]))$description=$_REQUEST["description"];
$question->setID($q_id); $question->setID($q_id);
@ -240,7 +240,7 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){
case 'updateTopic':{ // Topic updaten case 'updateTopic':{ // Topic updaten
//Wertzuweisung //Wertzuweisung
$name=""; if(isset($_REQUEST["new_topic"]))$name= htmlspecialchars($_REQUEST["new_topic"], ENT_COMPAT | ENT_HTML401, $encoding); $name=""; if(isset($_REQUEST["new_topic"]))$name= $_REQUEST["new_topic"];
$numofQuiz=0; if(isset($_REQUEST["questPerQuiz"]))$numOfQuiz =abs(intval($_REQUEST["questPerQuiz"])); $numofQuiz=0; if(isset($_REQUEST["questPerQuiz"]))$numOfQuiz =abs(intval($_REQUEST["questPerQuiz"]));
$rawToPass=0; if(isset($_REQUEST["rawToPass"])) $rawToPass =abs(intval($_REQUEST["rawToPass"])); $rawToPass=0; if(isset($_REQUEST["rawToPass"])) $rawToPass =abs(intval($_REQUEST["rawToPass"]));