[Fusionforge-commits] r11268 - trunk/src/www/news

Alain Peyrat aljeux at libremir.placard.fr.eu.org
Fri Oct 29 20:08:48 CEST 2010


Author: aljeux
Date: 2010-10-29 20:08:48 +0200 (Fri, 29 Oct 2010)
New Revision: 11268

Modified:
   trunk/src/www/news/submit.php
Log:
Improve HTML vs text detection when submitting news.

Modified: trunk/src/www/news/submit.php
===================================================================
--- trunk/src/www/news/submit.php	2010-10-29 18:08:42 UTC (rev 11267)
+++ trunk/src/www/news/submit.php	2010-10-29 18:08:48 UTC (rev 11268)
@@ -71,8 +71,6 @@
 		exit_permission_denied(_('You cannot submit news for a project unless you are an admin on that project'),'home');
 	}
 
-	$group_id = getIntFromRequest('group_id');
-
 	if ($group_id == forge_get_config('news_group')) {
 		exit_permission_denied(_('Submitting news from the news group is not allowed.'),'home');
 	}
@@ -86,8 +84,11 @@
 
 		//check to make sure both fields are there
 		if ($summary && $details) {
-			$sanitizer = new TextSanitizer();
-			$details = $sanitizer->purify($details);
+			if (getStringFromRequest('_details_content_type') == 'html') {
+				$details = TextSanitizer::purify($details);
+			} else {
+				$details = htmlspecialchars($details);
+			}
 
 			/*
 				Insert the row into the db if it's a generic message




More information about the Fusionforge-commits mailing list