Révision e4921058
Ajouté par Renato Botelho il y a presque 10 ans
usr/local/www/widgets/widgets/rss.widget.php | ||
---|---|---|
33 | 33 |
require_once("functions.inc"); |
34 | 34 |
|
35 | 35 |
if($_POST['rssfeed']) { |
36 |
$config['widgets']['rssfeed'] = str_replace("\n", ",", $_POST['rssfeed']);
|
|
37 |
$config['widgets']['rssmaxitems'] = str_replace("\n", ",", $_POST['rssmaxitems']);
|
|
38 |
$config['widgets']['rsswidgetheight'] = $_POST['rsswidgetheight'];
|
|
39 |
$config['widgets']['rsswidgettextlength'] = $_POST['rsswidgettextlength'];
|
|
36 |
$config['widgets']['rssfeed'] = str_replace("\n", ",", htmlspecialchars($_POST['rssfeed'], ENT_QUOTES | ENT_HTML401));
|
|
37 |
$config['widgets']['rssmaxitems'] = str_replace("\n", ",", htmlspecialchars($_POST['rssmaxitems'], ENT_QUOTES | ENT_HTML401));
|
|
38 |
$config['widgets']['rsswidgetheight'] = htmlspecialchars($_POST['rsswidgetheight'], ENT_QUOTES | ENT_HTML401);
|
|
39 |
$config['widgets']['rsswidgettextlength'] = htmlspecialchars($_POST['rsswidgettextlength'], ENT_QUOTES | ENT_HTML401);
|
|
40 | 40 |
write_config("Saved RSS Widget feed via Dashboard"); |
41 | 41 |
header("Location: /"); |
42 | 42 |
} |
... | ... | |
48 | 48 |
if($config['widgets']['rssmaxitems']) |
49 | 49 |
$max_items = $config['widgets']['rssmaxitems']; |
50 | 50 |
|
51 |
if($config['widgets']['rsswidgetheight'])
|
|
51 |
if(is_numeric($config['widgets']['rsswidgetheight']))
|
|
52 | 52 |
$rsswidgetheight = $config['widgets']['rsswidgetheight']; |
53 | 53 |
|
54 |
if($config['widgets']['rsswidgettextlength'])
|
|
54 |
if(is_numeric($config['widgets']['rsswidgettextlength']))
|
|
55 | 55 |
$rsswidgettextlength = $config['widgets']['rsswidgettextlength']; |
56 | 56 |
|
57 | 57 |
// Set a default feed if none exists |
Formats disponibles : Unified diff
Protect rssfeed parameters with htmlspecialchars()