<td valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="5">
<tr>
<td width="150" align="right"><p><b><?php echo get_string("concept","glossary") ?>:</b></p></td>
- <td><input type="text" name="concept" size="30" value="<?php p($newentry->concept) ?>" /></td>
+ <td><input type="text" name="concept" size="30" value="<?php p(clean_text($newentry->concept)) ?>" /></td>
</tr>
<tr>
<td align="right"><p><b><?php echo get_string("categories","glossary") ?>:</b></p></td>
echo "selected=\"selected\" " ;
}
}
- echo "value=\"$category->id\">$category->name</option>\n";
+ echo "value=\"$category->id\">".clean_text($category->name)."</option>\n";
}
}
echo "</select>\n";
?></b></p>
</td>
<td valign="top">
- <textarea rows="2" name="aliases" cols="20"><?php p($newentry->aliases) ?></textarea>
+ <textarea rows="2" name="aliases" cols="20"><?php p(clean_text($newentry->aliases)) ?></textarea>
</td>
</tr>
<tr>
$newentry->course = $glossary->course;
$newentry->glossaryid = $glossary->id;
- $newentry->concept = trim($form->concept);
+ $newentry->concept = clean_text(trim($form->concept));
$newentry->definition = $form->text;
$newentry->format = $form->format;
$newentry->usedynalink = $form->usedynalink;
}
}
if ( isset($form->aliases) ) {
- if ( $aliases = explode("\n",$form->aliases) ) {
+ if ( $aliases = explode("\n",clean_text($form->aliases)) ) {
foreach ($aliases as $alias) {
$alias = trim($alias);
if ($alias) {
optional_variable($usedynalink); // category ID
optional_variable($confirm); // confirm the action
- optional_variable($name); // confirm the action
+ optional_variable($name); // confirm the name
+
+ $name = clean_text($name);
$action = strip_tags(urldecode($action)); //XSS
$hook = strip_tags(urldecode($hook)); //XSS
echo "<p align=\"center\">" . get_string("delete"). " " . get_string("category","glossary") . "<font size=\"3\">";
print_simple_box_start("center","40%", "#FFBBBB");
- echo "<center><b>$category->name</b><br />";
+ echo "<center><b>".format_text($category->name)."</b><br>";
$num_entries = count_records("glossary_entries_categories","categoryid",$category->id);
if ( $num_entries ) {
<tr bgcolor="<?php p($THEME->cellheading2)?>">
<td width="90%" align="left">
<?php
- echo "<b>$category->name</b> <font size=-1>($num_entries " . get_string("entries","glossary") . ")</font>";
+ echo "<b>".format_text($category->name)."</b> <font size=-1>($num_entries " . get_string("entries","glossary") . ")</font>";
?>
</td>
<td width="10%" align="center"><b>
projects / moodle.git / commitdiff