aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-08-01 11:15:59 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-08-01 11:15:59 +0000
commit677c4d7722473de9a9d32c03fd6be5b2f30e10c2 (patch)
tree06d4d7f65308b18efe7b7e06bc5b928a6bfee1ae
parent03ff9db0a5f658836ca8b76295e9badc565c42c5 (diff)
downloadelgg-677c4d7722473de9a9d32c03fd6be5b2f30e10c2.tar.gz
elgg-677c4d7722473de9a9d32c03fd6be5b2f30e10c2.tar.bz2
Fixes #194
git-svn-id: https://code.elgg.org/elgg/trunk@1646 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r--actions/import/opendd.php2
-rw-r--r--engine/lib/input.php18
2 files changed, 12 insertions, 8 deletions
diff --git a/actions/import/opendd.php b/actions/import/opendd.php
index 67c5cec07..050d49844 100644
--- a/actions/import/opendd.php
+++ b/actions/import/opendd.php
@@ -17,7 +17,7 @@
admin_gatekeeper();
// Get input
- $data = $_REQUEST['data'];//get_input('data');
+ $data = get_input('data', '', false);
// Import
$return = import($data);
diff --git a/engine/lib/input.php b/engine/lib/input.php
index e6929f6c0..e200f8866 100644
--- a/engine/lib/input.php
+++ b/engine/lib/input.php
@@ -15,9 +15,10 @@
* Get some input from variables passed on the GET or POST line.
*
* @param $variable string The variable we want to return.
- * @param $default mixed A default value for the variable if it is not found.
+ * @param $default mixed A default value for the variable if it is not found.
+ * @param $filter_result If true then the result is filtered for bad tags.
*/
- function get_input($variable, $default = "")
+ function get_input($variable, $default = "", $filter_result = true)
{
if (isset($_REQUEST[$variable])) {
@@ -27,12 +28,15 @@
} else {
$var = trim($_REQUEST[$variable]);
}
-
- global $CONFIG;
- if (@include_once(dirname(dirname(dirname(__FILE__)))) . "/vendors/kses/kses.php") {
- $var = kses($var, $CONFIG->allowedtags);
+
+ if ($filter_result)
+ {
+ global $CONFIG;
+ if (@include_once(dirname(dirname(dirname(__FILE__)))) . "/vendors/kses/kses.php") {
+ $var = kses($var, $CONFIG->allowedtags);
+ }
}
-
+
return $var;
}