From e727168305eaf781e5640690a0369eaa4614ffc6 Mon Sep 17 00:00:00 2001 From: Patrick Canterino Date: Sat, 3 Dec 2011 13:16:48 +0000 Subject: [PATCH 1/1] htmlentities() durch htmlspecialchars() ersetzt --- form-email/functions.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/form-email/functions.php b/form-email/functions.php index eb7f920..d8d6f71 100644 --- a/form-email/functions.php +++ b/form-email/functions.php @@ -67,7 +67,7 @@ function formdata($param) { # Rueckgabe: Bearbeiteter Text (String) function &plain(&$text,$linebreak='
') { - $htmltext = htmlentities($text); + $htmltext = htmlspecialchars($text); $htmltext = preg_replace("/\015\012|\012|\015/",$linebreak,$htmltext); for($x=0;$xparse_if_block('CAPTCHA',$captcha_enable); - $tpl->set_var('EMAIL', htmlentities($email)); + $tpl->set_var('EMAIL', htmlspecialchars($email)); $tpl->set_var('ERROR', $errmsg); - $tpl->set_var('NAME', htmlentities($name)); - $tpl->set_var('SUBJECT',htmlentities($subject)); - $tpl->set_var('TEXT', htmlentities($text)); + $tpl->set_var('NAME', htmlspecialchars($name)); + $tpl->set_var('SUBJECT',htmlspecialchars($subject)); + $tpl->set_var('TEXT', htmlspecialchars($text)); reset($user_fields); while(list($user_field,$user_field_data) = each($user_fields)) { - $tpl->set_var($user_field_data['tpl_var'],htmlentities(formdata($user_field))); + $tpl->set_var($user_field_data['tpl_var'],htmlspecialchars(formdata($user_field))); } $tpl->parse(); -- 2.34.1