diff options
| author | Cassio de Campos <cassiopc@gmail.com> | 2017-07-31 19:29:41 +0000 |
|---|---|---|
| committer | Cassio de Campos <cassiopc@gmail.com> | 2017-07-31 19:29:41 +0000 |
| commit | 00de0ce0817f36b5acba70362a4c30c8fa7aaf11 (patch) | |
| tree | a1212e95b472d75687741132d9055e416a558830 /src/fcontest.php | |
| parent | e90144b4cc0feba26ee2f972b032c44d187b6bff (diff) | |
| download | boca-00de0ce0817f36b5acba70362a4c30c8fa7aaf11.tar.gz boca-00de0ce0817f36b5acba70362a4c30c8fa7aaf11.zip | |
sanitising
Diffstat (limited to 'src/fcontest.php')
| -rw-r--r-- | src/fcontest.php | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/src/fcontest.php b/src/fcontest.php index d286763..b34658f 100644 --- a/src/fcontest.php +++ b/src/fcontest.php @@ -558,7 +558,7 @@ function DBUpdateSiteTime($contest,$param,$dodelete=false,$c=null) { LOGError("DBUpdateSiteTime param error: $key is not set"); return false; } - $$key = sanitizeText($param[$key]); + $$key = myhtmlspecialchars($param[$key]); if(isset($type[$key]) && !is_numeric($param[$key])) { LOGError("DBUpdateSiteTime param error: $key is not numeric"); return false; @@ -601,7 +601,7 @@ function DBUpdateSite ($param,$c=null) { MSGError("DBUpdateSite param error: $key is not set"); return false; } - $$key = sanitizeText($param[$key]); + $$key = myhtmlspecialchars($param[$key]); if(isset($type[$key]) && !is_numeric($param[$key])) { MSGError("DBUpdateSite param error: $key is not numeric"); return false; @@ -626,7 +626,7 @@ function DBUpdateSite ($param,$c=null) { $siteactive='f'; foreach($ac1 as $key) { if(isset($param[$key])) { - $$key = sanitizeText($param[$key]); + $$key = myhtmlspecialchars($param[$key]); if(isset($type[$key]) && !is_numeric($param[$key])) { MSGError("DBUpdateSite param error: $key is not numeric"); return false; @@ -757,7 +757,7 @@ function DBUpdateContest ($param, $c=null) { MSGError("DBUpdateContest param error: $key is not set"); return false; } - $$key = sanitizeText($param[$key]); + $$key = myhtmlspecialchars($param[$key]); if(isset($type[$key]) && !is_numeric($param[$key])) { MSGError("DBUpdateContest param error: $key is not numeric"); return false; @@ -780,7 +780,7 @@ function DBUpdateContest ($param, $c=null) { $updatetime=-1; foreach($ac1 as $key) { if(isset($param[$key])) { - $$key = sanitizeText($param[$key]); + $$key = myhtmlspecialchars($param[$key]); if(isset($type[$key]) && !is_numeric($param[$key])) { MSGError("DBUpdateContest param error: $key is not numeric"); return false; @@ -990,7 +990,7 @@ function DBNewContest ($param=array(), $c=null) { $unlockkey=''; foreach($ac as $key) { if(isset($param[$key]) && (!isset($type[$key]) || is_numeric($param[$key]))) - $$key = sanitizeText($param[$key]); + $$key = myhtmlspecialchars($param[$key]); else $$key = ""; } @@ -1084,7 +1084,7 @@ function DBNewSite ($contest, $c=null, $param=array()) { $type['updatetime']=1; foreach($ac as $key) { if(isset($param[$key]) && (!isset($type[$key]) || is_numeric($param[$key]))) - $$key = sanitizeText($param[$key]); + $$key = myhtmlspecialchars($param[$key]); else $$key = ""; } @@ -1218,7 +1218,7 @@ function DBNewUser($param, $c=null) { MSGError("DBNewUser param error: $key is not numeric"); return false; } - $$key = sanitizeText($param[$key]); + $$key = myhtmlspecialchars($param[$key]); } $username= "team" . $user; $updatetime=-1; @@ -1238,7 +1238,7 @@ function DBNewUser($param, $c=null) { $userlastlogout=null; foreach($ac1 as $key) { if(isset($param[$key])) { - $$key = sanitizeText($param[$key]); + $$key = myhtmlspecialchars($param[$key]); if(isset($typei[$key]) && !is_numeric($param[$key])) { MSGError("DBNewUser param error: $key is not numeric"); return false; |