projects
/
mtweb
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
correction bug table_exists
[mtweb]
/
web
/
app
/
env
/
modules
/
mw_env_inputs.php
diff --git
a/web/app/env/modules/mw_env_inputs.php
b/web/app/env/modules/mw_env_inputs.php
index
526285a
..
0ebd042
100644
(file)
--- a/
web/app/env/modules/mw_env_inputs.php
+++ b/
web/app/env/modules/mw_env_inputs.php
@@
-1,37
+1,38
@@
<?php
<?php
- class mw_env_inputs extends mw_env
- {
+ class mw_env_inputs extends mw_env{
- function prepare_inputs()
- { if($_POST)
-
{
require_once $this->path("libs")."inputfilter.php";
- $allowed_tags = array
-
(
"p", "span", "pre", "blockquote", "address", "hr", "br",
+ function prepare_inputs()
{
+ if($_POST){
+
require_once $this->path("libs")."inputfilter.php";
+ $allowed_tags = array
(
+
"p", "span", "pre", "blockquote", "address", "hr", "br",
"img",
"strong", "em", "u", "i", "b", "s",
"a",
"ul", "ol", "li",
"h1", "h2", "h3", "h4", "h5", "h6"
);
"img",
"strong", "em", "u", "i", "b", "s",
"a",
"ul", "ol", "li",
"h1", "h2", "h3", "h4", "h5", "h6"
);
- $allowed_attrs = array
-
(
"style",
+ $allowed_attrs = array
(
+
"style",
"src", "alt", "width", "height",
"href", "title"
);
$input_filter = new InputFilter($allowed_tags, $allowed_attrs);
$_POST = $input_filter->process($_POST);
}
"src", "alt", "width", "height",
"href", "title"
);
$input_filter = new InputFilter($allowed_tags, $allowed_attrs);
$_POST = $input_filter->process($_POST);
}
- if($_FILES)
- { foreach($_FILES as $file_key => $file_infos)
-
{
$v_name = explode(".", $file_infos["name"]);
+ if($_FILES)
{
+ foreach($_FILES as $file_key => $file_infos){
+
$v_name = explode(".", $file_infos["name"]);
$ext = strtolower($v_name[count($v_name) - 1]);
$ext = strtolower($v_name[count($v_name) - 1]);
- if
-
(
$ext != "png"
+ if
(
+
$ext != "png"
&& $ext != "jpg"
&& $ext != "jpeg"
&& $ext != "gif"
&& $ext != "jpg"
&& $ext != "jpeg"
&& $ext != "gif"
- ) unset($_FILES[$file_key]);
+ ){
+ unset($_FILES[$file_key]);
+ }
}
}
return true;
}
}
return true;