From b15313c30c5299da41010b94c87c0142a2cbf6b9 Mon Sep 17 00:00:00 2001 From: Garvin Hicking Date: Wed, 26 Nov 2014 10:57:17 +0100 Subject: [PATCH] Found two other issues with the analyze script --- serendipity_event_amazonchooser/Amazon_s9y_lib.php | 6 +++--- serendipity_event_guestbook/serendipity_event_guestbook.php | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/serendipity_event_amazonchooser/Amazon_s9y_lib.php b/serendipity_event_amazonchooser/Amazon_s9y_lib.php index 54e1b2d4..6d5938ed 100644 --- a/serendipity_event_amazonchooser/Amazon_s9y_lib.php +++ b/serendipity_event_amazonchooser/Amazon_s9y_lib.php @@ -460,7 +460,7 @@ function Amazon_AttributesText ($SearchIndex,$items,$country_url) { case 'KindleStore': if (isset($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_AUTHOR'])) { if (is_array($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_AUTHOR'])) { - $item['strings']['author'] = (function_exists('serendipity_specialchars') ? serendipity_specialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_AUTHOR'])) : htmlspecialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_AUTHOR'], ENT_COMPAT, LANG_CHARSET))); + $item['strings']['author'] = (function_exists('serendipity_specialchars') ? serendipity_specialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_AUTHOR'])) : htmlspecialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_AUTHOR']), ENT_COMPAT, LANG_CHARSET)); } else { $item['strings']['author'] = (function_exists('serendipity_specialchars') ? serendipity_specialchars($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_AUTHOR']) : htmlspecialchars($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_AUTHOR'], ENT_COMPAT, LANG_CHARSET)); } @@ -481,7 +481,7 @@ function Amazon_AttributesText ($SearchIndex,$items,$country_url) { case 'DVD': if (isset($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ACTOR'])) { if (is_array($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ACTOR'])) { - $item['strings']['actor'] = (function_exists('serendipity_specialchars') ? serendipity_specialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ACTOR'])) : htmlspecialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ACTOR'], ENT_COMPAT, LANG_CHARSET))); + $item['strings']['actor'] = (function_exists('serendipity_specialchars') ? serendipity_specialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ACTOR'])) : htmlspecialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ACTOR']), ENT_COMPAT, LANG_CHARSET)); } else { $item['strings']['actor'] = (function_exists('serendipity_specialchars') ? serendipity_specialchars($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ACTOR']) : htmlspecialchars($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ACTOR'], ENT_COMPAT, LANG_CHARSET)); } @@ -504,7 +504,7 @@ function Amazon_AttributesText ($SearchIndex,$items,$country_url) { case 'MusicTracks': if (isset($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ARTIST'])) { if (is_array($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ARTIST'])) { - $item['strings']['artist'] = (function_exists('serendipity_specialchars') ? serendipity_specialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ARTIST'])) : htmlspecialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ARTIST'], ENT_COMPAT, LANG_CHARSET))); + $item['strings']['artist'] = (function_exists('serendipity_specialchars') ? serendipity_specialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ARTIST'])) : htmlspecialchars(implode(', ',$item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ARTIST']), ENT_COMPAT, LANG_CHARSET)); } else { $item['strings']['artist']= (function_exists('serendipity_specialchars') ? serendipity_specialchars($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ARTIST']) : htmlspecialchars($item['ITEMATTRIBUTES']['ITEMATTRIBUTES_ARTIST'], ENT_COMPAT, LANG_CHARSET)); } diff --git a/serendipity_event_guestbook/serendipity_event_guestbook.php b/serendipity_event_guestbook/serendipity_event_guestbook.php index 30a358c3..6adb4837 100644 --- a/serendipity_event_guestbook/serendipity_event_guestbook.php +++ b/serendipity_event_guestbook/serendipity_event_guestbook.php @@ -477,12 +477,12 @@ class serendipity_event_guestbook extends serendipity_event { function strip_security($parr = null, $keys = null, $single = false, $compare = true) { $authenticated_user = serendipity_userLoggedIn() ? true : false; if ($single) { - return $authenticated_user ? (function_exists('serendipity_specialchars') ? serendipity_specialchars($parr) : htmlspecialchars($parr, ENT_COMPAT, LANG_CHARSET)) : (function_exists('serendipity_specialchars') ? serendipity_specialchars(strip_tags($parr)) : htmlspecialchars(strip_tags($parr, ENT_COMPAT, LANG_CHARSET))); + return $authenticated_user ? (function_exists('serendipity_specialchars') ? serendipity_specialchars($parr) : htmlspecialchars($parr, ENT_COMPAT, LANG_CHARSET)) : (function_exists('serendipity_specialchars') ? serendipity_specialchars(strip_tags($parr)) : htmlspecialchars(strip_tags($parr), ENT_COMPAT, LANG_CHARSET)); } else { foreach ($parr AS $k => $v) { if (in_array($k, $keys)) { $valuelength = strlen($v); - $parrsec[$k] = $authenticated_user ? (function_exists('serendipity_specialchars') ? serendipity_specialchars($v) : htmlspecialchars($v, ENT_COMPAT, LANG_CHARSET)) : (function_exists('serendipity_specialchars') ? serendipity_specialchars(strip_tags($v)) : htmlspecialchars(strip_tags($v, ENT_COMPAT, LANG_CHARSET))); + $parrsec[$k] = $authenticated_user ? (function_exists('serendipity_specialchars') ? serendipity_specialchars($v) : htmlspecialchars($v, ENT_COMPAT, LANG_CHARSET)) : (function_exists('serendipity_specialchars') ? serendipity_specialchars(strip_tags($v)) : htmlspecialchars(strip_tags($v), ENT_COMPAT, LANG_CHARSET)); if (!$authenticated_user && $compare && ($valuelength != strlen($parrsec[$k]))) { $parrsec['stripped'] = true; $parrsec['stripped-by-key'] = $k;