From: Pierre Habouzit (MadCoder Date: Wed, 29 Dec 2004 09:22:16 +0000 (+0000) Subject: slashes X-Git-Tag: xorg/old~580 X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=1873611e9b905b9a3ca5b9c2f20c7ed06ff0cc1f;p=platal.git slashes git-archimport-id: opensource@polytechnique.org--2005/platal--mainline--0.9--patch-168 --- diff --git a/htdocs/admin/homonymes.php b/htdocs/admin/homonymes.php index bc34720..ed20e12 100644 --- a/htdocs/admin/homonymes.php +++ b/htdocs/admin/homonymes.php @@ -60,7 +60,7 @@ if ($target) { $mymail->setSubject("Dans 2 semaines, suppression de $loginbis@polytechnique.org"); $mymail->addTo("$prenom $nom <$forlife@polytechnique.org>"); $mymail->addCc($cc); - $mymail->setTxtBody(stripslashes(Env::get('mailbody'))); + $mymail->setTxtBody(Env::get('mailbody')); $mymail->send(); $op = 'list'; break; @@ -72,7 +72,7 @@ if ($target) { $mymail->setSubject("Mise en place du robot $loginbis@polytechnique.org"); $mymail->addTo("$prenom $nom <$forlife@polytechnique.org>"); $mymail->addCc($cc); - $mymail->setTxtBody(stripslashes(Env::get('mailbody'))); + $mymail->setTxtBody(Env::get('mailbody')); $mymail->send(); $op = 'list'; break; diff --git a/htdocs/auth-groupex.php b/htdocs/auth-groupex.php index fe2f90d..c78b4f9 100644 --- a/htdocs/auth-groupex.php +++ b/htdocs/auth-groupex.php @@ -49,7 +49,7 @@ function gpex_make_auth($chlg, $privkey, $datafields) { /* on verifie qu'on n'a pas demandé une variable inexistante ! */ if (isset($_SESSION[$val])) { - $tohash .= stripslashes($_SESSION[$val]); + $tohash .= $_SESSION[$val]; } else if ($val == 'username') { $sql = "SELECT alias FROM aliases AS al @@ -58,7 +58,7 @@ function gpex_make_auth($chlg, $privkey, $datafields) { ORDER BY LENGTH(alias)"; $res = mysql_query($sql); list($min_username) = mysql_fetch_array($res); - $tohash .= stripslashes($min_username); + $tohash .= $min_username; } } $tohash .= "1"; diff --git a/htdocs/emails/send.php b/htdocs/emails/send.php index aafae3d..08b4a01 100644 --- a/htdocs/emails/send.php +++ b/htdocs/emails/send.php @@ -25,13 +25,13 @@ new_skinned_page('emails/send.tpl',AUTH_MDP); // action si on recoit un formulaire if (Env::get('submit') == 'Envoyer') { - $to2 = stripslashes(join(', ', Env::getMixed('contacts', Array()))); - $txt = str_replace('^M', '', stripslashes(Env::get('contenu'))); - $to = stripslashes(Env::get('to')); - $subj = stripslashes(Env::get('sujet')); - $from = stripslashes(Env::get('from')); - $cc = stripslashes(Env::get('cc')); - $bcc = stripslashes(Env::get('bcc')); + $to2 = join(', ', Env::getMixed('contacts', Array())); + $txt = str_replace('^M', '', Env::get('contenu')); + $to = Env::get('to'); + $subj = Env::get('sujet'); + $from = Env::get('from'); + $cc = Env::get('cc'); + $bcc = Env::get('bcc'); if (empty($to) && empty($cc) && empty($to2)) { $page->trig("Indique au moins un destinataire."); diff --git a/htdocs/evenements.php b/htdocs/evenements.php index 99bfd13..e92a946 100644 --- a/htdocs/evenements.php +++ b/htdocs/evenements.php @@ -22,8 +22,8 @@ require_once("xorg.inc.php"); new_skinned_page('evenements.tpl', AUTH_MDP); -$titre = stripslashes(Post::get('titre')); -$texte = stripslashes(Post::get('texte')); +$titre = Post::get('titre'); +$texte = Post::get('texte'); $promo_min = Post::getInt('promo_min'); $promo_max = Post::getInt('promo_max'); $peremption = Post::getInt('peremption'); diff --git a/htdocs/inscription/step4.php b/htdocs/inscription/step4.php index 33ff384..5547ead 100644 --- a/htdocs/inscription/step4.php +++ b/htdocs/inscription/step4.php @@ -61,8 +61,6 @@ if (mysql_num_rows($res)) { mot de passe."); } -$nom = stripslashes($nom); -$prenom = stripslashes($prenom); $sql = "UPDATE auth_user_md5 SET password='$password', nationalite='$nationalite', perms='user', date='$date', naissance='$naissance', date_ins = NULL WHERE matricule='$matricule'"; $globals->db->query($sql); diff --git a/htdocs/listes/moderate.php b/htdocs/listes/moderate.php index 3c7c9be..251cef2 100644 --- a/htdocs/listes/moderate.php +++ b/htdocs/listes/moderate.php @@ -39,7 +39,7 @@ if(Env::has('sadd')) { } if(Post::has('sdel')) { - $client->handle_request($liste,Post::get('sdel'),2,stripslashes(Post::get('reason'))); /* 2 = REJECT */ + $client->handle_request($liste,Post::get('sdel'),2,Post::get('reason')); /* 2 = REJECT */ } if(Env::has('mid')) { @@ -58,7 +58,7 @@ if(Env::has('mid')) { } elseif (Env::has('mno')) { $action = 2; /** 2 = REJECT **/ $subject = "Message refusé"; - $reason = stripslashes(Post::get('reason')); + $reason = Post::get('reason'); $append = "a été refusé par $prenom $nom avec la raison :\n\n" . $reason; } elseif (Env::has('mdel')) { diff --git a/htdocs/listes/options.php b/htdocs/listes/options.php index 9c94413..3c0e0b2 100644 --- a/htdocs/listes/options.php +++ b/htdocs/listes/options.php @@ -29,7 +29,7 @@ require_once('lists.inc.php'); $client =& lists_xmlrpc(Session::getInt('uid'), Session::get('password')); if (Post::has('submit')) { - $values = array_map('stripslashes',$_POST); + $values = $_POST; $client->set_bogo_level($liste, intval($values['bogo_level'])); switch($values['moderate']) { case '0': diff --git a/htdocs/listes/soptions.php b/htdocs/listes/soptions.php index 0cedf03..2645f95 100644 --- a/htdocs/listes/soptions.php +++ b/htdocs/listes/soptions.php @@ -29,7 +29,7 @@ require_once('lists.inc.php'); $client =& lists_xmlrpc(Session::getInt('uid'), Session::get('password')); if(Post::has('submit')) { - $values = array_map('stripslashes', $_POST); + $values = $_POST; unset($values['submit']); $values['advertised'] = empty($values['advertised']) ? false : true; $values['archive'] = empty($values['archive']) ? false : true; diff --git a/htdocs/marketing/utilisateurs_marketing.php b/htdocs/marketing/utilisateurs_marketing.php index d6f6f44..16d7d2e 100644 --- a/htdocs/marketing/utilisateurs_marketing.php +++ b/htdocs/marketing/utilisateurs_marketing.php @@ -51,7 +51,7 @@ switch ($_REQUEST["submit"]) { if ($myrow = mysql_fetch_assoc($result)) exit_error("Le matricule existe déjà dans la table auth_user_md5."); - if (!isvalid_email_redirection(stripslashes($_REQUEST["mail"]))) + if (!isvalid_email_redirection($_REQUEST["mail"])) exit_error("L'email n'est pas valide."); $result=$globals->db->query("SELECT prenom,nom,promo,FIND_IN_SET('femme', flags) @@ -101,7 +101,7 @@ switch ($_REQUEST["submit"]) { $mymail = new XOrgMailer('marketing.utilisateur.tpl'); $mymail->assign('from', $_REQUEST["from"]); - $mymail->assign('to', stripslashes($_REQUEST["mail"])); + $mymail->assign('to', $_REQUEST["mail"]); $mymail->assign('femme', $femme); $mymail->assign('baseurl', $globals->baseurl); $mymail->assign('user_id', $user_id); diff --git a/include/emails.inc.php b/include/emails.inc.php index 3f2bac7..2e80a03 100644 --- a/include/emails.inc.php +++ b/include/emails.inc.php @@ -263,7 +263,7 @@ class Redirect function add_email($email) { global $globals; - $email_stripped = strtolower(stripslashes(trim($email))); + $email_stripped = strtolower(trim($email)); if (!isvalid_email($email_stripped)) { return ERROR_INVALID_EMAIL; } diff --git a/include/newsletter.inc.php b/include/newsletter.inc.php index 04a48a4..a7400e3 100644 --- a/include/newsletter.inc.php +++ b/include/newsletter.inc.php @@ -104,13 +104,13 @@ class NewsLetter // {{{ function title() function title() - { return stripslashes($this->_title); } + { return $this->_title; } // }}} // {{{ function head() function head() - { return stripslashes($this->_head); } + { return $this->_head; } // }}} // {{{ function getArt() @@ -365,19 +365,19 @@ class NLArticle // {{{ function title() function title() - { return stripslashes(trim($this->_title)); } + { return trim($this->_title); } // }}} // {{{ function body() function body() - { return stripslashes(trim($this->_body)); } + { return trim($this->_body); } // }}} // {{{ function append() function append() - { return stripslashes(trim($this->_append)); } + { return trim($this->_append); } // }}} // {{{ function toText() @@ -519,7 +519,7 @@ function justify($text,$n) function enriched_to_text($input,$html=false,$just=false,$indent=0,$width=68) { - $text = stripslashes(trim($input)); + $text = trim($input); if ($html) { $text = htmlspecialchars($text); $text = str_replace('[b]','', $text); diff --git a/include/profil.func.inc.php b/include/profil.func.inc.php index 96b6fb8..6da490a 100644 --- a/include/profil.func.inc.php +++ b/include/profil.func.inc.php @@ -24,25 +24,25 @@ require_once('applis.func.inc.php'); function replace_ifset(&$var,$req) { if (Env::has($req)){ - $var = stripslashes(Env::get($req)); + $var = Env::get($req); } } function replace_ifset_i(&$var,$req,$i) { if (isset($_REQUEST[$req][$i])){ - $var[$i] = stripslashes($_REQUEST[$req][$i]); + $var[$i] = $_REQUEST[$req][$i]; } } function replace_ifset_i_j(&$var,$req,$i,$j) { if (isset($_REQUEST[$req][$j])){ - $var[$i] = stripslashes($_REQUEST[$req][$j]); + $var[$i] = $_REQUEST[$req][$j]; } } //pour rentrer qqchose dans la base function put_in_db($string){ - return trim(addslashes($string)); + return trim($string); } ?> diff --git a/include/profil/get_mentor.inc.php b/include/profil/get_mentor.inc.php index f9deef6..c445d44 100644 --- a/include/profil/get_mentor.inc.php +++ b/include/profil/get_mentor.inc.php @@ -58,7 +58,7 @@ if(isset($_POST['mentor_pays_op']) && ($_POST['mentor_pays_op'] == 'ajouter') && $globals->db->query("INSERT INTO mentor_pays(uid, pid) VALUES('{$_SESSION['uid']}', '$id_ajoutee')"); $nb_mentor_pays++; $mentor_pid[$nb_mentor_pays] = $id_ajoutee; - $mentor_pays[$nb_mentor_pays] = stripslashes($_POST['mentor_pays_name']); + $mentor_pays[$nb_mentor_pays] = $_POST['mentor_pays_name']; } } @@ -96,9 +96,9 @@ if(isset($_POST['mentor_secteur_op']) && ($_POST['mentor_secteur_op'] == 'ajoute VALUES('{$_SESSION['uid']}', '$sid_ajoutee',".( ($ssid_ajoutee == '')?'NULL':"'$ssid_ajoutee'" ).")"); $nb_mentor_secteurs++; $mentor_sid[$nb_mentor_secteurs] = $sid_ajoutee; - $mentor_secteur[$nb_mentor_secteurs] = stripslashes($_POST['mentor_secteur_name']); + $mentor_secteur[$nb_mentor_secteurs] = $_POST['mentor_secteur_name']; $mentor_ssid[$nb_mentor_secteurs] = $ssid_ajoutee; - $mentor_ss_secteur[$nb_mentor_secteurs] = stripslashes($_POST['mentor_ss_secteur_name']); + $mentor_ss_secteur[$nb_mentor_secteurs] = $_POST['mentor_ss_secteur_name']; } } elseif(isset($_POST['mentor_secteur_id_new'])){ $mentor_secteur_id_new = $_POST['mentor_secteur_id_new']; diff --git a/include/profil/verif_adresses.inc.php b/include/profil/verif_adresses.inc.php index f6cdd46..fb69f92 100644 --- a/include/profil/verif_adresses.inc.php +++ b/include/profil/verif_adresses.inc.php @@ -44,7 +44,7 @@ function generate_new_adrid(){ function replace_ifset_adr($varname, $i){ if (isset($_REQUEST[$varname][$i])) - $GLOBALS['adresses'][$i][$varname] = stripslashes($_REQUEST[$varname][$i]); + $GLOBALS['adresses'][$i][$varname] = $_REQUEST[$varname][$i]; } function set_flag_adr($varname,$i){ diff --git a/include/profil/verif_emploi.inc.php b/include/profil/verif_emploi.inc.php index bd69f04..f1a46c2 100644 --- a/include/profil/verif_emploi.inc.php +++ b/include/profil/verif_emploi.inc.php @@ -63,7 +63,7 @@ $str_error = $str_error."Le champ 'Entreprise $j' contient un caract } //validité du poste -if (strlen(strtok(stripslashes($poste[$i]),"<>{}~?!§*`|%$^=+")) < strlen(stripslashes($poste[$i]))) +if (strlen(strtok($poste[$i],"<>{}~?!§*`|%$^=+")) < strlen($poste[$i])) { $str_error = $str_error."Le champ 'Poste $j' contient un caractère interdit.
"; } @@ -74,23 +74,23 @@ if (strlen(strtok($cv,"<>{}~ $str_error = $str_error."Le champ 'Curriculum vitae' contient un caractère interdit.
"; } -if (strlen(strtok(stripslashes($adrpro1[$i]),"<>{}@~?!§*`|%$^=+")) < strlen(stripslashes($adrpro1[$i]))) +if (strlen(strtok($adrpro1[$i],"<>{}@~?!§*`|%$^=+")) < strlen($adrpro1[$i])) { $str_error = $str_error."Le champ 'Adresse professionnelle $j - Ligne 1' contient un caractère interdit.
"; } - if (strlen(strtok(stripslashes($adrpro2[$i]),"<>{}@~?!§*`|%$^=+")) < strlen(stripslashes($adrpro2[$i]))) + if (strlen(strtok($adrpro2[$i],"<>{}@~?!§*`|%$^=+")) < strlen($adrpro2[$i])) { $str_error = $str_error."Le champ 'Adresse professionnelle $j - Ligne 2' contient un caractère interdit.
"; } - if (strlen(strtok(stripslashes($adrpro3[$i]),"<>{}@~?!§*`|%$^=+")) < strlen(stripslashes($adrpro3[$i]))) + if (strlen(strtok($adrpro3[$i],"<>{}@~?!§*`|%$^=+")) < strlen($adrpro3[$i])) { $str_error = $str_error."Le champ 'Adresse professionnelle $j - Ligne 3' contient un caractère interdit.
"; } - if (strlen(strtok(stripslashes($cppro[$i]),"<>{}@~?!§*`|%$^=+")) < strlen(stripslashes($cppro[$i]))) + if (strlen(strtok($cppro[$i],"<>{}@~?!§*`|%$^=+")) < strlen($cppro[$i])) { $str_error = $str_error."Le champ 'Code Postal professionnel $j' contient un caractère interdit.
"; } - if (strlen(strtok(stripslashes($villepro[$i]),"<>{}@~?!§*`|%$^=+")) < strlen(stripslashes($villepro[$i]))) + if (strlen(strtok($villepro[$i],"<>{}@~?!§*`|%$^=+")) < strlen($villepro[$i])) { $str_error = $str_error."Le champ 'Ville professionnelle $j' contient un caractère interdit.
"; } diff --git a/include/profil/verif_mentor.inc.php b/include/profil/verif_mentor.inc.php index c620d83..09ce531 100644 --- a/include/profil/verif_mentor.inc.php +++ b/include/profil/verif_mentor.inc.php @@ -22,7 +22,7 @@ //au cas ou le submit du formulaire vient d'un changement du nouveau secteur if(isset($_POST['mentor_expertise'])){ - $mentor_expertise = stripslashes($_POST['mentor_expertise']); + $mentor_expertise = $_POST['mentor_expertise']; if(!empty($mentor_expertise)){ if (strlen(strtok($mentor_expertise,"<>{}~§`|%$^")) < strlen($mentor_expertise)){//TODO: affiner la liste $page->trig("L'expertise contient un caractère interdit."); diff --git a/include/xorg.misc.inc.php b/include/xorg.misc.inc.php index 9b8ec80..113e0fb 100644 --- a/include/xorg.misc.inc.php +++ b/include/xorg.misc.inc.php @@ -102,15 +102,9 @@ function soundex_fr($sIn) } function make_forlife($prenom,$nom,$promo) { - /* on traite le prenom */ - $prenomUS=replace_accent(trim($prenom)); - $prenomUS=stripslashes($prenomUS); + $prenomUS = replace_accent(trim($prenom)); + $nomUS = replace_accent(trim($nom)); - /* on traite le nom */ - $nomUS=replace_accent(trim($nom)); - $nomUS=stripslashes($nomUS); - - // calcul du login $forlife = strtolower($prenomUS.".".$nomUS.".".$promo); $forlife = str_replace(" ","-",$forlife); $forlife = str_replace("'","",$forlife); diff --git a/plugins/modifier.stripslashes.php b/plugins/modifier.stripslashes.php deleted file mode 100644 index 0cfde40..0000000 --- a/plugins/modifier.stripslashes.php +++ /dev/null @@ -1,34 +0,0 @@ - diff --git a/templates/emails/send.tpl b/templates/emails/send.tpl index b2979e5..f1d4ff6 100644 --- a/templates/emails/send.tpl +++ b/templates/emails/send.tpl @@ -58,7 +58,7 @@ @@ -67,19 +67,19 @@ à : - + copie : - + copie cachée : - + @@ -130,7 +130,7 @@ - + @@ -141,7 +141,7 @@