diff --git a/include/class.category.php b/include/class.category.php
index 5f67c6ee5d182e1b837a4fdc8187f05d0bb40c66..e890b079ee3532ddb53bf6851ac3dc9a7ba167fa 100644
--- a/include/class.category.php
+++ b/include/class.category.php
@@ -30,7 +30,7 @@ class Category {
.' WHERE cat.category_id='.db_input($id)
.' GROUP BY cat.category_id';
- if (!($res=db_query($sql)) || !db_num_rows($res))
+ if (!($res=db_query($sql)) || !db_num_rows($res))
return false;
$this->ht = db_fetch_array($res);
@@ -54,14 +54,14 @@ class Category {
function isPublic() { return ($this->ht['ispublic']); }
function getHashtable() { return $this->ht; }
-
+
/* ------------------> Setter methods <--------------------- */
function setName($name) { $this->ht['name']=$name; }
function setNotes($notes) { $this->ht['notes']=$notes; }
function setDescription($desc) { $this->ht['description']=$desc; }
/* --------------> Database access methods <---------------- */
- function update($vars, &$errors) {
+ function update($vars, &$errors) {
if(!$this->save($this->getId(), $vars, $errors))
return false;
@@ -81,7 +81,7 @@ class Category {
if(db_query($sql) && ($num=db_affected_rows())) {
db_query('DELETE FROM '.FAQ_TABLE
.' WHERE category_id='.db_input($this->getId()));
-
+
}
return $num;
diff --git a/include/class.dynamic_forms.php b/include/class.dynamic_forms.php
index 26e93d7fd776b82ebbe7ad93c238815ce2102c73..84080172d5a1ac82ca985256e76eeb9058b37aeb 100644
--- a/include/class.dynamic_forms.php
+++ b/include/class.dynamic_forms.php
@@ -153,8 +153,6 @@ class DynamicForm extends VerySimpleModel {
function save($refetch=false) {
if (count($this->dirty))
$this->set('updated', new SqlFunction('NOW'));
- if (isset($this->dirty['notes']))
- $this->notes = Format::sanitize($this->notes);
return parent::save($refetch);
}
diff --git a/include/class.forms.php b/include/class.forms.php
index b2c1aed1cad67777e2970a4fdf66d430d95005b5..6d5e9cf63dbca1d9cbe6680732c597c7bb6f094c 100644
--- a/include/class.forms.php
+++ b/include/class.forms.php
@@ -747,6 +747,10 @@ class TextboxField extends FormField {
if (!call_user_func($func[0], $value))
$this->_errors[] = $error;
}
+
+ function parse($value) {
+ return Format::striptags($value);
+ }
}
class PasswordField extends TextboxField {
diff --git a/include/class.organization.php b/include/class.organization.php
index f2c092d9d94b1a507f509563759a38a5ca2ddb3d..9e5bedb7553b92d4b2c4964be08dbcf915fdf49f 100644
--- a/include/class.organization.php
+++ b/include/class.organization.php
@@ -356,6 +356,7 @@ class Organization extends OrganizationModel {
static function fromVars($vars) {
+ $vars['name'] = Format::striptags($vars['name']);
if (!($org = Organization::lookup(array('name' => $vars['name'])))) {
$org = Organization::create(array(
'name' => $vars['name'],
diff --git a/include/class.team.php b/include/class.team.php
index 11670c8537b843e3223c182ebc42d74dd81c574e..1ae093c9427b4e6d587abc146d8ca3de04311094 100644
--- a/include/class.team.php
+++ b/include/class.team.php
@@ -232,6 +232,7 @@ class Team {
if($id && $vars['id']!=$id)
$errors['err']=__('Missing or invalid team');
+ $vars['name'] = Format::striptags($vars['name']);
if(!$vars['name']) {
$errors['name']=__('Team name is required');
} elseif(strlen($vars['name'])<3) {
diff --git a/include/client/open.inc.php b/include/client/open.inc.php
index ea0a100e7f67eeab48c0d1e61df43e14eda47f28..5bd45eed8ca30fdc5a76f0ce411ce2780bd12f6d 100644
--- a/include/client/open.inc.php
+++ b/include/client/open.inc.php
@@ -72,7 +72,8 @@ if ($info['topicId'] && ($topic=Topic::lookup($info['topicId']))) {
else { ?>
<tr><td colspan="2"><hr /></td></tr>
<tr><td><?php echo __('Email'); ?>:</td><td><?php echo $thisclient->getEmail(); ?></td></tr>
- <tr><td><?php echo __('Client'); ?>:</td><td><?php echo $thisclient->getName(); ?></td></tr>
+ <tr><td><?php echo __('Client'); ?>:</td><td><?php echo
+ Format::htmlchars($thisclient->getName()); ?></td></tr>
<?php } ?>
</tbody>
<tbody id="dynamic-form">