From: x2000habouzit <x2000habouzit>
Date: Tue, 24 Aug 2004 11:16:42 +0000 (+0000)
Subject: better escaping, type-prrof
X-Git-Tag: xorg/old~1727
X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=1ac697a520e6e75d1c73514bc39ea81dc128dfcf;p=platal.git

better escaping, type-prrof
---

diff --git a/include/xorg.page.inc.php b/include/xorg.page.inc.php
index 4ddd950..0a43e68 100644
--- a/include/xorg.page.inc.php
+++ b/include/xorg.page.inc.php
@@ -23,6 +23,10 @@ function function_dyn($params) {
     return stripslashes(htmlentities(implode(' ',$params)));
 }
 
+function escape_html(&$string) {
+    return is_string($string) ? htmlspecialchars($string) : $string;
+}
+
 class XorgPage extends DiogenesCorePage {
     var $_page_type;
     var $_tpl;
@@ -36,7 +40,8 @@ class XorgPage extends DiogenesCorePage {
         $this->config_dir   = $globals->spoolroot."/configs/";
         $this->cache_dir    = $globals->spoolroot."/cache/";
         
-	$this->default_modifiers = Array('escape');
+        $this->register_modifier('escape_html', 'escape_html');
+	$this->default_modifiers = Array('escape_html');
         $this->config_overwrite  = false;
         $this->compile_check     = isset($site_dev);
         $this->caching	         = ($type == SKINNED);
diff --git a/templates/database-debug.tpl b/templates/database-debug.tpl
index c146b0c..a53a527 100644
--- a/templates/database-debug.tpl
+++ b/templates/database-debug.tpl
@@ -5,7 +5,7 @@
   <tr class="impair">
     <td>
       <strong>QUERY:</strong><br />
-      {$query.query|regex_replace:"/(\n|^|$) */":"\n  "|replace:" ":"&nbsp;"|nl2br}
+      {$query.query|nl2br}
       <br />
     </td>
   </tr>