diff options
author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-08-01 11:15:59 +0000 |
---|---|---|
committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-08-01 11:15:59 +0000 |
commit | 677c4d7722473de9a9d32c03fd6be5b2f30e10c2 (patch) | |
tree | 06d4d7f65308b18efe7b7e06bc5b928a6bfee1ae | |
parent | 03ff9db0a5f658836ca8b76295e9badc565c42c5 (diff) | |
download | elgg-677c4d7722473de9a9d32c03fd6be5b2f30e10c2.tar.gz elgg-677c4d7722473de9a9d32c03fd6be5b2f30e10c2.tar.bz2 |
Fixes #194
git-svn-id: https://code.elgg.org/elgg/trunk@1646 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r-- | actions/import/opendd.php | 2 | ||||
-rw-r--r-- | engine/lib/input.php | 18 |
2 files changed, 12 insertions, 8 deletions
diff --git a/actions/import/opendd.php b/actions/import/opendd.php index 67c5cec07..050d49844 100644 --- a/actions/import/opendd.php +++ b/actions/import/opendd.php @@ -17,7 +17,7 @@ admin_gatekeeper(); // Get input - $data = $_REQUEST['data'];//get_input('data'); + $data = get_input('data', '', false); // Import $return = import($data); diff --git a/engine/lib/input.php b/engine/lib/input.php index e6929f6c0..e200f8866 100644 --- a/engine/lib/input.php +++ b/engine/lib/input.php @@ -15,9 +15,10 @@ * Get some input from variables passed on the GET or POST line.
*
* @param $variable string The variable we want to return.
- * @param $default mixed A default value for the variable if it is not found.
+ * @param $default mixed A default value for the variable if it is not found. + * @param $filter_result If true then the result is filtered for bad tags.
*/
- function get_input($variable, $default = "")
+ function get_input($variable, $default = "", $filter_result = true)
{
if (isset($_REQUEST[$variable])) { @@ -27,12 +28,15 @@ } else { $var = trim($_REQUEST[$variable]);
}
-
- global $CONFIG;
- if (@include_once(dirname(dirname(dirname(__FILE__)))) . "/vendors/kses/kses.php") {
- $var = kses($var, $CONFIG->allowedtags);
+ + if ($filter_result) + {
+ global $CONFIG;
+ if (@include_once(dirname(dirname(dirname(__FILE__)))) . "/vendors/kses/kses.php") {
+ $var = kses($var, $CONFIG->allowedtags);
+ } }
-
+
return $var;
}
|