/ - Diff - UnivNautes - Redmine Entr’ouvert

« Précédent | Suivant »

Révision bef10560

Make sure single quotes are encoded and avoid javascript injection

     	puts( "   var arrRecallBuffer = new Array(" );
     	$arrBuffer = explode( "&", $_POST['txtRecallBuffer'] );
     	for ($i=0; $i < (count( $arrBuffer ) - 1); $i++)
     		puts( "      '" . htmlspecialchars($arrBuffer[$i]) . "'," );
     	puts( "      '" . htmlspecialchars($arrBuffer[count( $arrBuffer ) - 1]) . "'" );
     		puts( "      '" . htmlspecialchars($arrBuffer[$i], ENT_QUOTES | ENT_HTML401) . "'," );
     	puts( "      '" . htmlspecialchars($arrBuffer[count( $arrBuffer ) - 1], ENT_QUOTES | ENT_HTML401) . "'" );
     	puts( "   );" );
+    }

Formats disponibles : Unified diff