Commit f5028489 authored by Mac Newbold's avatar Mac Newbold
Browse files

Use addslashes/stripslashes on the expt meta data.

parent b4492a01
......@@ -53,7 +53,7 @@ $expstate = TBExptState($exp_pid, $exp_eid);
echo "<font size=+2>Experiment <b>".
"<a href='showproject.php3?pid=$pid'>$pid</a>/".
"$eid</b></font>\n";
"<a href='showexp.php3?pid=$pid&eid=$eid'>$eid</a></b></font>\n";
echo "<br /><br />\n";
SUBPAGESTART();
......@@ -151,6 +151,9 @@ SUBMENUEND_2B();
# if we got a submission of changes, update the db now...
if ($submit) {
$exp_name = addslashes(str_replace('"',"",$exp_name));
$noswap = addslashes(str_replace('"',"",$noswap));
$noidleswap = addslashes(str_replace('"',"",$noidleswap));
# exp name is always sent...
$str = "expt_name=\"$exp_name\"";
if (isset($noswap) && $noswap !="") {
......
......@@ -549,6 +549,7 @@ function SHOWEXP($pid, $eid, $edit=0) {
$exp_gid = $exprow[gid];
#$exp_expires = $exprow[expt_expires];
$exp_name_safe= htmlspecialchars(stripslashes($exprow[expt_name]));
$exp_name = stripslashes($exprow[expt_name]);
$exp_created = $exprow[expt_created];
$exp_swapped = $exprow[expt_swapped];
......@@ -564,10 +565,14 @@ function SHOWEXP($pid, $eid, $edit=0) {
$batchstate = $exprow[batchstate];
$priority = $exprow[priority];
$swappable = $exprow[swappable];
$noswap_reason = $exprow[noswap_reason];
$noswap_reason_safe =
htmlspecialchars(stripslashes($exprow[noswap_reason]));
$noswap_reason = stripslashes($exprow[noswap_reason]);
$idleswap = $exprow[idleswap];
$idleswap_timeout = $exprow[idleswap_timeout];
$noidleswap_reason = $exprow[noidleswap_reason];
$noidleswap_reason_safe =
htmlspecialchars(stripslashes($exprow[noidleswap_reason]));
$noidleswap_reason = stripslashes($exprow[noidleswap_reason]);
$autoswap = $exprow[autoswap];
$autoswap_timeout = $exprow[autoswap_timeout];
$idle_ignore = $exprow[idle_ignore];
......@@ -640,7 +645,8 @@ function SHOWEXP($pid, $eid, $edit=0) {
</tr>\n";
if ($edit) {
$exp_name_str = "<input type=text name=exp_name value=\"$exp_name\">";
$exp_name_str =
"<input type=text name=exp_name size=30 value=\"$exp_name_safe\">";
} else {
$exp_name_str = $exp_name;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment