-Åê¹ÆÆâÍƤΥ᡼¥ë¼«Æ°ÇÛ¿®Àè
¤òÀßÄê¤Î¾å¡¢¤´»ÈÍѤ¯¤À¤µ¤¤¡£
- $Id: article.inc.php,v 1.4 2002/07/01 07:08:57 masui Exp $
+ $Id: article.inc.php,v 1.5 2002/07/02 04:20:20 masui Exp $
*/
$body .= "<form action=\"$script?cmd=preview\" method=\"post\">\n"
."<div>\n"
- ."<input type=\"hidden\" name=\"refer\" value=\"".$post["refer"]."\" />\n"
- ."<input type=\"hidden\" name=\"digest\" value=\"".$post["digest"]."\" />\n"
- ."<textarea name=\"msg\" rows=\"$rows\" cols=\"$cols\" wrap=\"virtual\" id=\"textarea\">$postdata_input</textarea><br />\n"
+ ."<input type=\"hidden\" name=\"refer\" value=\"".htmlspecialchars($post["refer"])."\" />\n"
+ ."<input type=\"hidden\" name=\"digest\" value=\"".htmlspecialchars($post["digest"])."\" />\n"
+ ."<textarea name=\"msg\" rows=\"$rows\" cols=\"$cols\" wrap=\"virtual\" id=\"textarea\">".htmlspecialchars($postdata_input)."</textarea><br />\n"
."</div>\n"
."</form>\n";
}
$string = "<form action=\"$script\" method=\"post\">\n"
."<div>\n"
."<input type=\"hidden\" name=\"article_no\" value=\"$article_no\" />\n"
- ."<input type=\"hidden\" name=\"refer\" value=\"$vars[page]\" />\n"
+ ."<input type=\"hidden\" name=\"refer\" value=\"".htmlspecialchars($vars["page"])."\" />\n"
."<input type=\"hidden\" name=\"plugin\" value=\"article\" />\n"
- ."<input type=\"hidden\" name=\"digest\" value=\"$digest\" />\n"
+ ."<input type=\"hidden\" name=\"digest\" value=\"".htmlspecialchars($digest)."\" />\n"
."$_btn_name<input type=\"text\" name=\"name\" size=\"".NAME_COLS."\" /><br />\n"
."$_btn_subject<input type=\"text\" name=\"subject\" size=\"".SUBJECT_COLS."\" /><br />\n"
."<textarea name=\"msg\" rows=\"".article_ROWS."\" cols=\"".article_COLS."\">\n</textarea><br />\n"
// ¥×¥é¥°¥¤¥ó attach
// changed by Y.MASUI <masui@hisec.co.jp> http://masui.net/pukiwiki/
-// $Id: attach.inc.php,v 1.5 2002/07/01 07:08:57 masui Exp $
+// $Id: attach.inc.php,v 1.6 2002/07/02 04:20:20 masui Exp $
// set PHP value to enable file upload
ini_set("file_uploads","1");
$ret.= "<form enctype=\"multipart/form-data\" action=\"$script\" method=\"post\">\n";
$ret.= "<div>\n";
$ret.= "<input type=\"hidden\" name=\"plugin\" value=\"attach\" />\n";
- $ret.= "<input type=\"hidden\" name=\"refer\" value=\"$vars[page]\">\n";
+ $ret.= "<input type=\"hidden\" name=\"refer\" value=\"".htmlspecialchars($vars["page"])."\">\n";
$ret.= "<input type=\"hidden\" name=\"max_file_size\" value=\"".MAX_FILESIZE."\" />\n";
$ret.= "<span class=\"small\">[<a href=\"$script?plugin=attach&pcmd=list\">$_msg_attach_filelist</a>]</span><br />\n";
$ret.= "<span class=\"small\">".str_replace('$1',$max_size,$_msg_maxsize)."</span><br />\n";
$form = "<form action=\"$script\" method=\"post\">\n";
$form .= "<div>\n";
$form .= "<input type=\"hidden\" name=\"plugin\" value=\"attach\" />\n";
- $form .= "<input type=\"hidden\" name=\"refer\" value=\"$vars[refer]\" />\n";
- $form .= "<input type=\"hidden\" name=\"delfile\" value=\"$vars[delfile]\" />\n";
+ $form .= "<input type=\"hidden\" name=\"refer\" value=\"".htmlspecialchars($vars["refer"])."\" />\n";
+ $form .= "<input type=\"hidden\" name=\"delfile\" value=\"".htmlspecialchars($vars["delfile"])."\" />\n";
$form .= "<input type=\"submit\" value=\"$_btn_delete\" />\n";
$form .= "</div>\n";
$form .= "</form>";
$ret.= "<form enctype=\"multipart/form-data\" action=\"$script\" method=\"post\">\n";
$ret.= "<blockquote>\n";
$ret.= "<input type=\"hidden\" name=\"plugin\" value=\"attach\" />\n";
- $ret.= "<input type=\"hidden\" name=\"refer\" value=\"$vars[page]\" />\n";
+ $ret.= "<input type=\"hidden\" name=\"refer\" value=\"".htmlspecialchars($vars["page"])."\" />\n";
$ret.= "<input type=\"hidden\" name=\"max_file_size\" value=\"".MAX_FILESIZE."\" />\n";
$ret.= "<span class=\"small\">[<a href=\"$script?plugin=attach&pcmd=list\">$_msg_attach_filelist</a>]</span><br />\n";
$ret.= "<span class=\"small\">".str_replace('$1',$max_size,$_msg_maxsize)."</span><br />\n";
<?
-// $Id: comment.inc.php,v 1.6 2002/07/02 01:31:25 masui Exp $
+// $Id: comment.inc.php,v 1.7 2002/07/02 04:20:20 masui Exp $
global $name_cols, $comment_cols, $msg_format, $name_format;
global $msg_format, $now_format, $comment_format;
}
if((arg_check("read")||$vars["cmd"] == ""||arg_check("unfreeze")||arg_check("freeze")||$vars["write"]||$vars["comment"]))
- $button = "<input type=\"submit\" name=\"comment\" value=\"$_btn_comment\" />\n";
+ $button = "<input type=\"submit\" name=\"comment\" value=\"".htmlspecialchars($_btn_comment)."\" />\n";
$string = "<br /><form action=\"$script\" method=\"post\">\n"
."<div>\n"
- ."<input type=\"hidden\" name=\"comment_no\" value=\"$comment_no\" />\n"
- ."<input type=\"hidden\" name=\"refer\" value=\"$vars[page]\" />\n"
+ ."<input type=\"hidden\" name=\"comment_no\" value=\"".htmlspecialchars($comment_no)."\" />\n"
+ ."<input type=\"hidden\" name=\"refer\" value=\"".htmlspecialchars($vars["page"])."\" />\n"
."<input type=\"hidden\" name=\"plugin\" value=\"comment\" />\n"
- ."<input type=\"hidden\" name=\"nodate\" value=\"$nodate\" />\n"
- ."<input type=\"hidden\" name=\"digest\" value=\"$digest\" />\n"
+ ."<input type=\"hidden\" name=\"nodate\" value=\"".htmlspecialchars($nodate)."\" />\n"
+ ."<input type=\"hidden\" name=\"digest\" value=\"".htmlspecialchars($digest)."\" />\n"
."$nametags"
- ."<input type=\"text\" name=\"msg\" size=\"$comment_cols\" />\n"
+ ."<input type=\"text\" name=\"msg\" size=\"".htmlspecialchars($comment_cols)."\" />\n"
.$button
."</div>\n"
."</form>";
<?
-// $Id: vote.inc.php,v 1.5 2002/07/01 07:08:57 masui Exp $
+// $Id: vote.inc.php,v 1.6 2002/07/02 04:20:20 masui Exp $
function plugin_vote_action()
{
$body .= "<form action=\"$script?cmd=preview\" method=\"post\">\n"
."<div>\n"
- ."<input type=\"hidden\" name=\"refer\" value=\"".$post["refer"]."\" />\n"
- ."<input type=\"hidden\" name=\"digest\" value=\"".$post["digest"]."\" />\n"
- ."<textarea name=\"msg\" rows=\"$rows\" cols=\"$cols\" wrap=\"virtual\" id=\"textarea\">$postdata_input</textarea><br />\n"
+ ."<input type=\"hidden\" name=\"refer\" value=\"".htmlspecialchars($post["refer"])."\" />\n"
+ ."<input type=\"hidden\" name=\"digest\" value=\"".htmlspecialchars($post["digest"])."\" />\n"
+ ."<textarea name=\"msg\" rows=\"$rows\" cols=\"$cols\" wrap=\"virtual\" id=\"textarea\">".htmlspecialchars($postdata_input)."</textarea><br />\n"
."</div>\n"
."</form>\n";
}
. "<tr>\n"
. "<td align=\"left\" class=\"vote_label\"><strong>The choices</strong>"
. "<input type=\"hidden\" name=\"plugin\" value=\"vote\" />\n"
- . "<input type=\"hidden\" name=\"refer\" value=\"$vars[page]\" />\n"
- . "<input type=\"hidden\" name=\"vote_no\" value=\"$vote_no\" />\n"
- . "<input type=\"hidden\" name=\"digest\" value=\"$digest\" />\n"
+ . "<input type=\"hidden\" name=\"refer\" value=\"".htmlspecialchars($vars["page"])."\" />\n"
+ . "<input type=\"hidden\" name=\"vote_no\" value=\"".htmlspecialchars($vote_no)."\" />\n"
+ . "<input type=\"hidden\" name=\"digest\" value=\"".htmlspecialchars($digest)."\" />\n"
. "</td>\n"
. "<td align=\"center\" class=\"vote_label\"><strong>Votes</strong></td>\n"
. "</tr>\n";
$string .= "<tr>"
. "<td width=\"80%\" class=\"$cls\" nowrap>$link</td>"
- . "<td class=\"$cls\" nowrap=\"nowrap\">$cnt <input type=\"submit\" name=\"vote[$arg]\" value=\"Vote\" /></td>"
+ . "<td class=\"$cls\" nowrap=\"nowrap\">$cnt <input type=\"submit\" name=\"vote[".htmlspecialchars($arg)."]\" value=\"Vote\" /></td>"
. "</tr>\n";
}