[pmwiki-users] FOX Question.
Stirling Westrup
sti at pooq.com
Thu Oct 18 04:59:54 CDT 2007
Hans wrote:
> Thursday, October 18, 2007, 9:40:43 AM, Hans wrote:
> to me it appears the same needs doing for preserving quotes in
> $InputValues, and not have backslashes added. So the above will be
> better like:
>
> # POST input values will be preserved
> foreach ($_POST as $k=>$v) {
> $InputValues[$k] = stripmagic(htmlspecialchars($v));
> }
>
> I hope this is a legitimate approach.
Well, in script/forms.php, I find the following:
foreach($req as $k => $v)
if (!isset($InputValues[$k]))
$InputValues[$k] = htmlspecialchars(stripmagic($v), ENT_NOQUOTES);
So, it would seem valid, although I notice that PM does the stripmagic first,
and that he adds the ENT_NOQUOTES flag.
More information about the pmwiki-users
mailing list