[pmwiki-users] FOX Question.

Stirling Westrup sti at pooq.com
Thu Oct 18 04:59:54 CDT 2007


Hans wrote:
> Thursday, October 18, 2007, 9:40:43 AM, Hans wrote:

> to me it appears the same needs doing for preserving quotes in
> $InputValues, and not have backslashes added. So the above will be
> better like:
> 
> # POST input values will be preserved
> foreach ($_POST as $k=>$v) {
>      $InputValues[$k] = stripmagic(htmlspecialchars($v));
> }
> 
> I hope this is a legitimate approach.

Well, in script/forms.php, I find the following:

  foreach($req as $k => $v)
      if (!isset($InputValues[$k]))
        $InputValues[$k] = htmlspecialchars(stripmagic($v), ENT_NOQUOTES);


So, it would seem valid, although I notice that PM does the stripmagic first,
and that he adds the ENT_NOQUOTES flag.



More information about the pmwiki-users mailing list