aboutsummaryrefslogtreecommitdiff
path: root/src/fproblem.php
diff options
context:
space:
mode:
authorCassio de Campos <cassiopc@gmail.com>2017-07-31 19:29:41 +0000
committerCassio de Campos <cassiopc@gmail.com>2017-07-31 19:29:41 +0000
commit00de0ce0817f36b5acba70362a4c30c8fa7aaf11 (patch)
treea1212e95b472d75687741132d9055e416a558830 /src/fproblem.php
parente90144b4cc0feba26ee2f972b032c44d187b6bff (diff)
downloadboca-00de0ce0817f36b5acba70362a4c30c8fa7aaf11.tar.gz
boca-00de0ce0817f36b5acba70362a4c30c8fa7aaf11.zip
sanitising
Diffstat (limited to 'src/fproblem.php')
-rw-r--r--src/fproblem.php11
1 files changed, 6 insertions, 5 deletions
diff --git a/src/fproblem.php b/src/fproblem.php
index c3eed4a..6954836 100644
--- a/src/fproblem.php
+++ b/src/fproblem.php
@@ -168,8 +168,8 @@ function DBGetFullProblemData($contestnumber,$freeproblems=false) {
if(!$failed) {
$descfile='';
if(isset($info['descfile']))
- $descfile=trim(sanitizeText($info['descfile']));
- $basename=trim(sanitizeText($info['basename']));
+ $descfile=trim(sanitizeFilename($info['descfile']));
+ $basename=trim(sanitizeFilename($info['basename']));
$fullname=trim(sanitizeText($info['fullname']));
if($basename=='' || $fullname=='')
$failed=3;
@@ -229,7 +229,7 @@ function DBDeleteProblem($contestnumber, $param, $c=null) {
$ac=array('number','inputfilename');
foreach($ac as $key) {
if(!isset($param[$key])) return false;
- $$key = sanitizeText($param[$key]);
+ $$key = myhtmlspecialchars($param[$key]);
}
$sql = "select * from problemtable where problemnumber=$number and contestnumber=$contestnumber and fake='f'";
@@ -289,6 +289,7 @@ function DBNewProblem($contestnumber, $param, $c=null) {
if(isset($param['problemcolor']) && !isset($param['color'])) $param['color']=$param['problemcolor'];
if(isset($param['probleminputfile']) && !isset($param['inputfilepath'])) $param['inputfilepath']=$param['probleminputfile'];
if(isset($param['probleminputfilename']) && !isset($param['inputfilename'])) $param['inputfilename']=$param['probleminputfilename'];
+ $param['basename'] = sanitizeFilename($param['basename']);
$ac=array('number','name');
$type['number']=1;
@@ -307,7 +308,7 @@ function DBNewProblem($contestnumber, $param, $c=null) {
MSGError("DBNewProblem param error: $key is not numeric");
return false;
}
- $$key = sanitizeText($param[$key]);
+ $$key = myhtmlspecialchars($param[$key]);
}
$basename='';
$inputfilename='';
@@ -320,7 +321,7 @@ function DBNewProblem($contestnumber, $param, $c=null) {
MSGError("DBNewProblem param error: $key is not numeric");
return false;
}
- $$key = sanitizeText($param[$key]);
+ $$key = myhtmlspecialchars($param[$key]);
}
}
$t = time();
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-24 09:41:23 +0000