diff options
| -rw-r--r-- | actions/import/opendd.php | 2 | ||||
| -rw-r--r-- | engine/lib/input.php | 18 |
2 files changed, 12 insertions, 8 deletions
diff --git a/actions/import/opendd.php b/actions/import/opendd.php index 67c5cec07..050d49844 100644 --- a/actions/import/opendd.php +++ b/actions/import/opendd.php @@ -17,7 +17,7 @@ admin_gatekeeper(); // Get input - $data = $_REQUEST['data'];//get_input('data'); + $data = get_input('data', '', false); // Import $return = import($data); diff --git a/engine/lib/input.php b/engine/lib/input.php index e6929f6c0..e200f8866 100644 --- a/engine/lib/input.php +++ b/engine/lib/input.php @@ -15,9 +15,10 @@ * Get some input from variables passed on the GET or POST line.
*
* @param $variable string The variable we want to return.
- * @param $default mixed A default value for the variable if it is not found.
+ * @param $default mixed A default value for the variable if it is not found. + * @param $filter_result If true then the result is filtered for bad tags.
*/
- function get_input($variable, $default = "")
+ function get_input($variable, $default = "", $filter_result = true)
{
if (isset($_REQUEST[$variable])) { @@ -27,12 +28,15 @@ } else { $var = trim($_REQUEST[$variable]);
}
-
- global $CONFIG;
- if (@include_once(dirname(dirname(dirname(__FILE__)))) . "/vendors/kses/kses.php") {
- $var = kses($var, $CONFIG->allowedtags);
+ + if ($filter_result) + {
+ global $CONFIG;
+ if (@include_once(dirname(dirname(dirname(__FILE__)))) . "/vendors/kses/kses.php") {
+ $var = kses($var, $CONFIG->allowedtags);
+ } }
-
+
return $var;
}
|