MercurialGeeklog / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | raw
| help
public_html/admin/plugins/polls/index.php
branchHEAD
changeset 7354 82e167a0e3a4
parent 7325 27d076900eaf
child 7413 5db714583481 
     1.1 --- a/public_html/admin/plugins/polls/index.php	Mon Sep 14 09:33:05 2009 -0400
     1.2 +++ b/public_html/admin/plugins/polls/index.php	Sat Oct 03 21:15:34 2009 +0200
     1.3 @@ -164,8 +164,8 @@
     1.4      list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon);
     1.5  
     1.6      $topic = COM_stripslashes($topic);
     1.7 -    $meta_description = COM_stripslashes($meta_description);
     1.8 -    $meta_keywords = COM_stripslashes($meta_keywords);
     1.9 +    $meta_description = strip_tags(COM_stripslashes($meta_description));
    1.10 +    $meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
    1.11      $pid = COM_sanitizeID($pid);
    1.12      $old_pid = COM_sanitizeID($old_pid);
    1.13      if (empty($pid)) {
    1.14 @@ -249,9 +249,9 @@
    1.15      DB_delete($_TABLES['pollanswers'], 'pid', $del_pid);
    1.16      DB_delete($_TABLES['pollquestions'], 'pid', $del_pid);
    1.17  
    1.18 -    $topic = addslashes ($topic);
    1.19 -    $meta_description = addslashes ($meta_description);
    1.20 -    $meta_keywords = addslashes ($meta_keywords);
    1.21 +    $topic = addslashes($topic);
    1.22 +    $meta_description = addslashes($meta_description);
    1.23 +    $meta_keywords = addslashes($meta_keywords);
    1.24  
    1.25      $k = 0; // set up a counter to make sure we do assign a straight line of question id's
    1.26      $v = 0; // re-count votes sine they might have been changed
    1.27 @@ -305,9 +305,7 @@
    1.28      $sql .= ",'$statuscode','$commentcode',$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon";
    1.29  
    1.30      // Save poll topic
    1.31 -    DB_save($_TABLES['polltopics'],"pid, topic, meta_description, meta_keywords, voters, questions, date, display, "
    1.32 -           . "is_open, hideresults, statuscode, commentcode, owner_id, group_id, "
    1.33 -           . "perm_owner, perm_group, perm_members, perm_anon",$sql);
    1.34 +    DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, date, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon", $sql);
    1.35  
    1.36      if (empty($old_pid) || ($old_pid == $pid)) {
    1.37          PLG_itemSaved($pid, 'polls');
    1.38 @@ -618,8 +616,9 @@
    1.39              $hideresults = COM_applyFilter ($_POST['hideresults']);
    1.40          }
    1.41          $display .= savepoll ($pid, $old_pid, $_POST['question'], $mainpage,
    1.42 -                        $_POST['topic'], $_POST['meta_description'], $_POST['meta_keywords'], 
    1.43 -                        $statuscode, $open, $hideresults,
    1.44 +                        $_POST['topic'], $_POST['meta_description'],
    1.45 +                        $_POST['meta_keywords'], $statuscode, $open,
    1.46 +                        $hideresults,
    1.47                          COM_applyFilter ($_POST['commentcode'], true),
    1.48                          $_POST['answer'], $_POST['votes'], $_POST['remark'],
    1.49                          COM_applyFilter ($_POST['owner_id'], true),
Geeklog