Ticket #3698: edit.php.patch

File edit.php.patch, 2.7 KB (added by Steve VanDeBogart <vandebo-mythtvtrac@…>, 14 years ago)
  • mythweb/modules/video/edit.php

    old new  
    9999<table width="302" border="0" cellspacing="0" cellpadding="3">
    100100<tr>
    101101    <td width="99">Title:</td>
    102     <td width="301"><input name="title" type="text" value="<?php if (isset($title)) print $title ?>"></td>
     102    <td width="301"><input name="title" type="text" value="<?php if (isset($title)) print htmlspecialchars($title, ENT_QUOTES )?>"></td>
    103103</tr><tr>
    104104    <td>Director:</td>
    105     <td><input name="director" type="text" value="<?php if (isset($director)) print $director ?>"></td>
     105    <td><input name="director" type="text" value="<?php if (isset($director)) print htmlspecialchars($director, ENT_QUOTES) ?>"></td>
    106106</tr><tr>
    107107    <td>Plot:</td>
    108     <td><textarea name="plot" rows="5" cols="30" wrap="VIRTUAL"><?php if (isset($plot)) print $plot ?></textarea></td>
     108    <td><textarea name="plot" rows="5" cols="30" wrap="VIRTUAL"><?php if (isset($plot)) print htmlspecialchars($plot, ENT_QUOTES) ?></textarea></td>
    109109</tr><tr>
    110110    <td>Category:</td>
    111111    <td><select name="category">
     
    122122        ?></select></td>
    123123</tr><tr>
    124124    <td>Rating:</td>
    125     <td><input name="rating" type="text" value="<?php if (isset($rating)) print $rating ?>"></td>
     125    <td><input name="rating" type="text" value="<?php if (isset($rating)) print htmlspecialchars($rating, ENT_QUOTES) ?>"></td>
    126126</tr><tr>
    127127    <td>IMDB:</td>
    128     <td><input name="inetref" type="text" value="<?php if (isset($inetref)) print $inetref ?>"></td>
     128    <td><input name="inetref" type="text" value="<?php if (isset($inetref)) print htmlspecialchars($inetref, ENT_QUOTES) ?>"></td>
    129129</tr><tr>
    130130    <td>Year:</td>
    131     <td><input name="year" type="text" size=4 value="<?php if (isset($year)) print $year ?>"></td>
     131    <td><input name="year" type="text" size=4 value="<?php if (isset($year)) print htmlspecialchars($year, ENT_QUOTES) ?>"></td>
    132132</tr><tr>
    133133    <td>Userrating:</td>
    134     <td><input name="userrating" type="text" size=3 value="<?php if (isset($userrating)) print $userrating ?>"></td>
     134    <td><input name="userrating" type="text" size=3 value="<?php if (isset($userrating)) print htmlspecialchars($userrating, ENT_QUOTES) ?>"></td>
    135135</tr><tr>
    136136    <td>Length:</td>
    137     <td><input name="length" type="text" size=3 value="<?php if (isset($length)) print $length ?>"> in minutes</td>
     137    <td><input name="length" type="text" size=3 value="<?php if (isset($length)) print htmlspecialchars($length, ENT_QUOTES) ?>"> in minutes</td>
    138138</tr><tr>
    139139    <td></td>
    140140    <td><input type="hidden" name="intid" value="<?php if (isset($_REQUEST['intid'])) print $_REQUEST['intid'] ?>">