Changes in [791:f8f30fe55f7b:801:da8bc9d70ae7]
- Files:
-
- 7 edited
-
.hgtags (modified) (1 diff)
-
CHANGELOG (modified) (1 diff)
-
admin/auth.php (modified) (1 diff)
-
admin/blogs.php (modified) (1 diff)
-
admin/comments.php (modified) (5 diffs)
-
admin/posts.php (modified) (8 diffs)
-
plugins/tags/tag_posts.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
.hgtags
r369 r800 1 1 ec077f3c6b20bc6f7f40a113acaff0220457a2c4 2.3.0 2 2 4e0137ddb12474d62b88c4966d5895a391b6d382 2.3.1 3 43a9cace0f39c95463e66346dcc953ced40836be 2.4.2 4 43a9cace0f39c95463e66346dcc953ced40836be 2.4.2 5 0000000000000000000000000000000000000000 2.4.2 6 0000000000000000000000000000000000000000 2.4.2 7 6b3942c0cf7eee71ebd906ec0827c5962823dedf 2.4.2 -
CHANGELOG
r789 r801 1 Dotclear 2.4.2 - 2012-02-11 2 =========================================================== 3 * Security fix release 4 * 4 XSS vulnerabilities fixed, discovered by High-Tech Bridge 5 1 6 Dotclear 2.4.1.2 - 2011-12-24 2 7 =========================================================== -
admin/auth.php
r550 r794 31 31 32 32 $change_pwd = $core->auth->allowPassChange() && isset($_POST['new_pwd']) && isset($_POST['new_pwd_c']) && isset($_POST['login_data']); 33 $login_data = !empty($_POST['login_data']) ? $_POST['login_data']: null;33 $login_data = !empty($_POST['login_data']) ? html::escapeHTML($_POST['login_data']) : null; 34 34 $recover = $core->auth->allowPassChange() && !empty($_REQUEST['recover']); 35 35 $safe_mode = !empty($_REQUEST['safe_mode']); -
admin/blogs.php
r500 r792 35 35 36 36 if (!empty($_GET['nb']) && (integer) $_GET['nb'] > 0) { 37 $nb_per_page = $_GET['nb'];37 $nb_per_page = (integer) $_GET['nb']; 38 38 } 39 39 -
admin/comments.php
r747 r796 73 73 $params['q_author'] = $author; 74 74 $show_filters = true; 75 } else { 76 $author=''; 75 77 } 76 78 … … 79 81 $params['comment_trackback'] = ($type == 'tb'); 80 82 $show_filters = true; 83 } else { 84 $type=''; 81 85 } 82 86 … … 87 91 } elseif (!$with_spam) { 88 92 $params['comment_status_not'] = -2; 93 $status=''; 94 } else { 95 $status=''; 89 96 } 90 97 … … 99 106 if ($order !== '' && in_array($order,$order_combo)) { 100 107 $params['order'] = $sortby.' '.$order; 108 } else { 109 $order = 'desc'; 101 110 } 102 111 … … 104 113 $show_filters = true; 105 114 } 115 } else { 116 $sortby = 'comment_dt'; 117 $order = 'desc'; 106 118 } 107 119 -
admin/posts.php
r500 r796 166 166 $params['user_id'] = $user_id; 167 167 $show_filters = true; 168 } else { 169 $user_id=''; 168 170 } 169 171 … … 172 174 $params['cat_id'] = $cat_id; 173 175 $show_filters = true; 176 } else { 177 $cat_id=''; 174 178 } 175 179 … … 178 182 $params['post_status'] = $status; 179 183 $show_filters = true; 184 } else { 185 $status=''; 180 186 } 181 187 … … 184 190 $params['post_selected'] = $selected; 185 191 $show_filters = true; 192 } else { 193 $selected=''; 186 194 } 187 195 … … 191 199 $params['post_year'] = substr($month,0,4); 192 200 $show_filters = true; 201 } else { 202 $month=''; 193 203 } 194 204 … … 197 207 $params['post_lang'] = $lang; 198 208 $show_filters = true; 209 } else { 210 $lang=''; 199 211 } 200 212 … … 203 215 if ($order !== '' && in_array($order,$order_combo)) { 204 216 $params['order'] = $sortby.' '.$order; 217 } else { 218 $order='desc'; 205 219 } 206 220 … … 208 222 $show_filters = true; 209 223 } 224 } else { 225 $sortby='post_dt'; 226 $order='desc'; 210 227 } 211 228 -
plugins/tags/tag_posts.php
r711 r793 17 17 18 18 19 $page = !empty($_GET['page']) ? $_GET['page'] : 1;19 $page = !empty($_GET['page']) ? (integer) $_GET['page'] : 1; 20 20 $nb_per_page = 30; 21 21
Note: See TracChangeset
for help on using the changeset viewer.