# geschrieben wurde.\r
#\r
# Autor: Patrick Canterino <patrick@patshaping.de>\r
-# Letzte Aenderung: 3.12.2011\r
+# Letzte Aenderung: 03.03.2012\r
#\r
-# Copyright (C) 2002-2011 Patrick Canterino\r
+# Copyright (C) 2002-2012 Patrick Canterino\r
#\r
# Diese Datei kann unter den Bedingungen der "Artistic License 2.0"\r
# weitergegeben und / oder veraendert werden.\r
#\r
# Rueckgabe: Bearbeiteter Text (String)\r
\r
-function &plain(&$text,$linebreak='<br>') {\r
- $htmltext = htmlentities($text);\r
+function plain($text,$linebreak='<br>') {\r
+ $htmltext = htmlspecialchars($text);\r
$htmltext = preg_replace("/\015\012|\012|\015/",$linebreak,$htmltext);\r
\r
for($x=0;$x<strlen($htmltext);$x++) {\r
#\r
# Parameter: Fehlermeldung\r
\r
-function show_fatal(&$errmsg) {\r
+function show_fatal($errmsg,$vars=array()) {\r
global $tpl_fatal;\r
\r
$tpl = new Template;\r
$tpl->read_file($tpl_fatal);\r
\r
- $tpl->fillin('ERROR',$errmsg);\r
+ if(sizeof($vars) > 0) {\r
+ while(list($var,$content) = each($vars)) {\r
+ $errmsg = str_replace('{'.$var.'}',htmlspecialchars($content),$errmsg);\r
+ }\r
+ }\r
+\r
+ $tpl->set_var('ERROR',$errmsg);\r
+\r
+ $tpl->parse();\r
\r
print $tpl->get_template();\r
exit;\r
#\r
# Parameter: Fehlermeldung\r
\r
-function show_user_error(&$errmsg) {\r
+function show_user_error($errmsg) {\r
global $captcha_enable, $email, $name, $subject, $text, $user_fields, $tpl_user_error;\r
\r
$tpl = new Template;\r
\r
$tpl->parse_if_block('CAPTCHA',$captcha_enable);\r
\r
- $tpl->set_var('EMAIL', htmlentities($email));\r
+ $tpl->set_var('EMAIL', htmlspecialchars($email));\r
$tpl->set_var('ERROR', $errmsg);\r
- $tpl->set_var('NAME', htmlentities($name));\r
- $tpl->set_var('SUBJECT',htmlentities($subject));\r
- $tpl->set_var('TEXT', htmlentities($text));\r
+ $tpl->set_var('NAME', htmlspecialchars($name));\r
+ $tpl->set_var('SUBJECT',htmlspecialchars($subject));\r
+ $tpl->set_var('TEXT', htmlspecialchars($text));\r
\r
- reset($user_fields);\r
+ if(isset($user_fields)) {\r
+ reset($user_fields);\r
+\r
+ while(list($user_field,$user_field_data) = each($user_fields)) {\r
+ if(isset($user_field_data['tpl_var']) && $user_field_data['tpl_var'] != '') {\r
+ $tpl_var = $user_field_data['tpl_var'];\r
+ }\r
+ else {\r
+ $tpl_var = 'USER_'.$user_field;\r
+ }\r
\r
- while(list($user_field,$user_field_data) = each($user_fields)) {\r
- $tpl->set_var($user_field_data['tpl_var'],htmlentities(formdata($user_field)));\r
+ $tpl->set_var($tpl_var,htmlspecialchars(formdata($user_field)));\r
+ }\r
}\r
\r
$tpl->parse();\r