From 00de0ce0817f36b5acba70362a4c30c8fa7aaf11 Mon Sep 17 00:00:00 2001
From: Cassio de Campos <cassiopc@gmail.com>
Date: Mon, 31 Jul 2017 20:29:41 +0100
Subject: sanitising

---
 src/frun.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'src/frun.php')

diff --git a/src/frun.php b/src/frun.php
index 923fbf8..359b395 100644
--- a/src/frun.php
+++ b/src/frun.php
@@ -620,7 +620,9 @@ function DBNewRun($param,$c=null) {
 	if(isset($param['runproblem']) && !isset($param['problem'])) $param['problem']=$param['runproblem'];
 	if(isset($param['runfilename']) && !isset($param['filename'])) $param['filename']=$param['runfilename'];
 	if(isset($param['rundata']) && !isset($param['filepath'])) $param['filepath']=$param['rundata'];
-
+	$param['filename']=sanitizeFilename($param['filename']);
+	$param['filepath']=sanitizeFilename($param['filepath']);
+	
 	$ac=array('contest','site','user','problem','lang','filename','filepath');
 	$ac1=array('runnumber','rundate','rundatediff','rundatediffans','runanswer','runstatus','runjudge','runjudgesite',
 			   'runjudge1','runjudgesite1','runanswer1','runjudge2','runjudgesite2','runanswer2',
@@ -654,7 +656,7 @@ function DBNewRun($param,$c=null) {
 			MSGError("DBNewRun param error: $key is not numeric");
 			return false;
 		}
-		$$key = sanitizeText($param[$key]);
+		$$key = myhtmlspecialchars($param[$key]);
 	}
 	$t = time();
 	$autoip='';
@@ -680,7 +682,7 @@ function DBNewRun($param,$c=null) {
 	$runstatus='openrun';
 	foreach($ac1 as $key) {
 		if(isset($param[$key])) {
-			$$key = sanitizeText($param[$key]);
+			$$key = myhtmlspecialchars($param[$key]);
 			if(isset($type[$key]) && !is_numeric($param[$key])) {
 				MSGError("DBNewRun param error: $key is not numeric");
 				return false;
-- 
cgit v1.2.3