diff options
Diffstat (limited to 'src/frun.php')
| -rw-r--r-- | src/frun.php | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/frun.php b/src/frun.php index 923fbf8..359b395 100644 --- a/src/frun.php +++ b/src/frun.php @@ -620,7 +620,9 @@ function DBNewRun($param,$c=null) { if(isset($param['runproblem']) && !isset($param['problem'])) $param['problem']=$param['runproblem']; if(isset($param['runfilename']) && !isset($param['filename'])) $param['filename']=$param['runfilename']; if(isset($param['rundata']) && !isset($param['filepath'])) $param['filepath']=$param['rundata']; - + $param['filename']=sanitizeFilename($param['filename']); + $param['filepath']=sanitizeFilename($param['filepath']); + $ac=array('contest','site','user','problem','lang','filename','filepath'); $ac1=array('runnumber','rundate','rundatediff','rundatediffans','runanswer','runstatus','runjudge','runjudgesite', 'runjudge1','runjudgesite1','runanswer1','runjudge2','runjudgesite2','runanswer2', @@ -654,7 +656,7 @@ function DBNewRun($param,$c=null) { MSGError("DBNewRun param error: $key is not numeric"); return false; } - $$key = sanitizeText($param[$key]); + $$key = myhtmlspecialchars($param[$key]); } $t = time(); $autoip=''; @@ -680,7 +682,7 @@ function DBNewRun($param,$c=null) { $runstatus='openrun'; foreach($ac1 as $key) { if(isset($param[$key])) { - $$key = sanitizeText($param[$key]); + $$key = myhtmlspecialchars($param[$key]); if(isset($type[$key]) && !is_numeric($param[$key])) { MSGError("DBNewRun param error: $key is not numeric"); return false; |