1.1 --- a/plugins/staticpages/functions.inc Sat Oct 03 20:40:08 2009 +0200
1.2 +++ b/plugins/staticpages/functions.inc Sat Oct 03 21:15:34 2009 +0200
1.3 @@ -276,8 +276,8 @@
1.4
1.5 // Meta Tags
1.6 If ($_SP_CONF['meta_tags'] > 0) {
1.7 - $meta_description = stripslashes ($A['meta_description']);
1.8 - $meta_keywords = stripslashes ($A['meta_keywords']);
1.9 + $meta_description = $A['meta_description'];
1.10 + $meta_keywords = $A['meta_keywords'];
1.11 $headercode .= COM_createMetaTags($meta_description, $meta_keywords);
1.12 }
1.13
2.1 --- a/plugins/staticpages/services.inc.php Sat Oct 03 20:40:08 2009 +0200
2.2 +++ b/plugins/staticpages/services.inc.php Sat Oct 03 21:15:34 2009 +0200
2.3 @@ -563,15 +563,18 @@
2.4 }
2.5 $sql = array();
2.6 $sql['mysql'] = "SELECT sp_title,sp_content,sp_hits,sp_date,sp_format,"
2.7 - . "commentcode,meta_description,meta_keywords,owner_id,group_id,perm_owner,perm_group,"
2.8 + . "commentcode,meta_description,meta_keywords,owner_id,"
2.9 + . "group_id,perm_owner,perm_group,"
2.10 . "perm_members,perm_anon,sp_tid,sp_help,sp_php,"
2.11 . "sp_inblock FROM {$_TABLES['staticpage']} "
2.12 . "WHERE (sp_id = '$page')" . $perms;
2.13 $sql['mssql'] = "SELECT sp_title,"
2.14 . "CAST(sp_content AS text) AS sp_content,sp_hits,"
2.15 - . "sp_date,sp_format,commentcode,owner_id,group_id,"
2.16 - . "perm_owner,perm_group,perm_members,perm_anon,sp_tid,"
2.17 - . "sp_help,sp_php,sp_inblock "
2.18 + . "sp_date,sp_format,commentcode,"
2.19 + . "CAST(meta_description AS text) AS meta_description,"
2.20 + . "CAST(meta_keywords AS text) AS meta_keywords,"
2.21 + . "owner_id,group_id,perm_owner,perm_group,perm_members,"
2.22 + . "perm_anon,sp_tid,sp_help,sp_php,sp_inblock "
2.23 . "FROM {$_TABLES['staticpage']} WHERE (sp_id = '$page')"
2.24 . $perms;
2.25 $result = DB_query ($sql);
3.1 --- a/public_html/admin/plugins/polls/index.php Sat Oct 03 20:40:08 2009 +0200
3.2 +++ b/public_html/admin/plugins/polls/index.php Sat Oct 03 21:15:34 2009 +0200
3.3 @@ -164,8 +164,8 @@
3.4 list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon);
3.5
3.6 $topic = COM_stripslashes($topic);
3.7 - $meta_description = COM_stripslashes($meta_description);
3.8 - $meta_keywords = COM_stripslashes($meta_keywords);
3.9 + $meta_description = strip_tags(COM_stripslashes($meta_description));
3.10 + $meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
3.11 $pid = COM_sanitizeID($pid);
3.12 $old_pid = COM_sanitizeID($old_pid);
3.13 if (empty($pid)) {
3.14 @@ -249,9 +249,9 @@
3.15 DB_delete($_TABLES['pollanswers'], 'pid', $del_pid);
3.16 DB_delete($_TABLES['pollquestions'], 'pid', $del_pid);
3.17
3.18 - $topic = addslashes ($topic);
3.19 - $meta_description = addslashes ($meta_description);
3.20 - $meta_keywords = addslashes ($meta_keywords);
3.21 + $topic = addslashes($topic);
3.22 + $meta_description = addslashes($meta_description);
3.23 + $meta_keywords = addslashes($meta_keywords);
3.24
3.25 $k = 0; // set up a counter to make sure we do assign a straight line of question id's
3.26 $v = 0; // re-count votes sine they might have been changed
3.27 @@ -305,9 +305,7 @@
3.28 $sql .= ",'$statuscode','$commentcode',$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon";
3.29
3.30 // Save poll topic
3.31 - DB_save($_TABLES['polltopics'],"pid, topic, meta_description, meta_keywords, voters, questions, date, display, "
3.32 - . "is_open, hideresults, statuscode, commentcode, owner_id, group_id, "
3.33 - . "perm_owner, perm_group, perm_members, perm_anon",$sql);
3.34 + DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, date, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon", $sql);
3.35
3.36 if (empty($old_pid) || ($old_pid == $pid)) {
3.37 PLG_itemSaved($pid, 'polls');
3.38 @@ -618,8 +616,9 @@
3.39 $hideresults = COM_applyFilter ($_POST['hideresults']);
3.40 }
3.41 $display .= savepoll ($pid, $old_pid, $_POST['question'], $mainpage,
3.42 - $_POST['topic'], $_POST['meta_description'], $_POST['meta_keywords'],
3.43 - $statuscode, $open, $hideresults,
3.44 + $_POST['topic'], $_POST['meta_description'],
3.45 + $_POST['meta_keywords'], $statuscode, $open,
3.46 + $hideresults,
3.47 COM_applyFilter ($_POST['commentcode'], true),
3.48 $_POST['answer'], $_POST['votes'], $_POST['remark'],
3.49 COM_applyFilter ($_POST['owner_id'], true),
4.1 --- a/public_html/admin/plugins/staticpages/index.php Sat Oct 03 20:40:08 2009 +0200
4.2 +++ b/public_html/admin/plugins/staticpages/index.php Sat Oct 03 21:15:34 2009 +0200
4.3 @@ -551,12 +551,13 @@
4.4 * @param sp_inblock string Flag: wrap page in a block (or not)
4.5 *
4.6 */
4.7 -function submitstaticpage ($sp_id, $sp_uid, $sp_title, $sp_content, $sp_hits,
4.8 - $sp_format, $sp_onmenu, $sp_label, $commentcode,
4.9 - $owner_id, $group_id, $perm_owner, $perm_group,
4.10 - $perm_members, $perm_anon, $sp_php, $sp_nf,
4.11 - $sp_old_id, $sp_centerblock, $sp_help, $sp_tid,
4.12 - $sp_where, $sp_inblock, $postmode, $meta_description, $meta_keywords)
4.13 +function submitstaticpage($sp_id, $sp_uid, $sp_title, $sp_content, $sp_hits,
4.14 + $sp_format, $sp_onmenu, $sp_label, $commentcode,
4.15 + $owner_id, $group_id, $perm_owner, $perm_group,
4.16 + $perm_members, $perm_anon, $sp_php, $sp_nf,
4.17 + $sp_old_id, $sp_centerblock, $sp_help, $sp_tid,
4.18 + $sp_where, $sp_inblock, $postmode, $meta_description,
4.19 + $meta_keywords)
4.20 {
4.21 global $_CONF, $_TABLES, $LANG12, $LANG_STATIC, $_SP_CONF;
4.22
5.1 --- a/public_html/admin/topic.php Sat Oct 03 20:40:08 2009 +0200
5.2 +++ b/public_html/admin/topic.php Sat Oct 03 21:15:34 2009 +0200
5.3 @@ -178,16 +178,12 @@
5.4 $LANG_ADMIN['meta_description']);
5.5 $topic_templates->set_var('lang_metakeywords',
5.6 $LANG_ADMIN['meta_keywords']);
5.7 - $desc = '';
5.8 if (! empty($A['meta_description'])) {
5.9 - $desc = $A['meta_description'];
5.10 + $topic_templates->set_var('meta_description', $A['meta_description']);
5.11 }
5.12 - $keywords = '';
5.13 if (! empty($A['meta_keywords'])) {
5.14 - $keywords = $A['meta_keywords'];
5.15 + $topic_templates->set_var('meta_keywords', $A['meta_keywords']);
5.16 }
5.17 - $topic_templates->set_var('meta_description', $desc);
5.18 - $topic_templates->set_var('meta_keywords', $keywords);
5.19
5.20 $topic_templates->set_var ('lang_defaulttopic', $LANG27[22]);
5.21 $topic_templates->set_var ('lang_defaulttext', $LANG27[23]);
5.22 @@ -249,7 +245,7 @@
5.23 * @param string $is_archive 'on' if this is the archive topic
5.24 * @return string HTML redirect or error message
5.25 */
5.26 -function savetopic($tid,$topic,$imageurl,$meta_description, $meta_keywords,$sortnum,$limitnews,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon,$is_default,$is_archive)
5.27 +function savetopic($tid,$topic,$imageurl,$meta_description,$meta_keywords,$sortnum,$limitnews,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon,$is_default,$is_archive)
5.28 {
5.29 global $_CONF, $_TABLES, $LANG27, $MESSAGE;
5.30
5.31 @@ -258,7 +254,7 @@
5.32 // Convert array values to numeric permission values
5.33 list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon);
5.34
5.35 - $tid = COM_sanitizeID ($tid);
5.36 + $tid = COM_sanitizeID($tid);
5.37
5.38 $access = 0;
5.39 if (DB_count ($_TABLES['topics'], 'tid', $tid) > 0) {
5.40 @@ -608,15 +604,16 @@
5.41 if (isset($_POST['is_archive'])) {
5.42 $is_archive = $_POST['is_archive'];
5.43 }
5.44 - $display .= savetopic (COM_applyFilter ($_POST['tid']), $_POST['topic'],
5.45 - $imageurl, $_POST['meta_description'], $_POST['meta_keywords'],
5.46 - COM_applyFilter ($_POST['sortnum'], true),
5.47 - COM_applyFilter ($_POST['limitnews'], true),
5.48 - COM_applyFilter ($_POST['owner_id'], true),
5.49 - COM_applyFilter ($_POST['group_id'], true),
5.50 - $_POST['perm_owner'], $_POST['perm_group'],
5.51 - $_POST['perm_members'], $_POST['perm_anon'],
5.52 - $is_default, $is_archive);
5.53 + $display .= savetopic(COM_applyFilter($_POST['tid']), $_POST['topic'],
5.54 + $imageurl, $_POST['meta_description'],
5.55 + $_POST['meta_keywords'],
5.56 + COM_applyFilter($_POST['sortnum'], true),
5.57 + COM_applyFilter($_POST['limitnews'], true),
5.58 + COM_applyFilter($_POST['owner_id'], true),
5.59 + COM_applyFilter($_POST['group_id'], true),
5.60 + $_POST['perm_owner'], $_POST['perm_group'],
5.61 + $_POST['perm_members'], $_POST['perm_anon'],
5.62 + $is_default, $is_archive);
5.63 } else if ($mode == 'edit') {
5.64 $display .= COM_siteHeader('menu', $LANG27[1]);
5.65 $tid = '';