Changeset 451

Show
Ignore:
Timestamp:
07/15/06 03:59:32 (2 years ago)
Author:
sven
Message:

elgglib: remove counterproductive add/stripslashes in clean_param() which was causing data to be doubly-escaped in the db despite the magic_quotes_gpc handler

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • devel/lib/elgglib.php

    r439 r451  
    136136 
    137137    if ($options & PARAM_CLEAN) { 
    138         $param = stripslashes($param);   // Needed by kses to work fine 
     138// this breaks backslashes in user input 
     139//        $param = stripslashes($param);   // Needed by kses to work fine 
    139140        $param = clean_text($param);     // Sweep for scripts, etc 
    140         $param = addslashes($param);     // Restore original request parameter slashes 
     141// and this unnecessarily escapes quotes, etc in user input 
     142//        $param = addslashes($param);     // Restore original request parameter slashes 
    141143    } 
    142144 
     
    270272 
    271273    if ($options & PARAM_CLEANHTML) { 
    272         $param = stripslashes($param);         // Remove any slashes  
     274//        $param = stripslashes($param);         // Remove any slashes  
    273275        $param = clean_text($param);           // Sweep for scripts, etc 
    274         $param = trim($param);                 // Sweep for scripts, etc 
     276//        $param = trim($param);                 // Sweep for scripts, etc 
    275277    } 
    276278