From 258b58efd26fffc16c091d90ae1dce7061022758 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 22 Apr 2016 12:39:04 +0200 Subject: [PATCH] trim various fields from post request --- op/op.AddDocument.php | 8 ++++---- op/op.EditDocument.php | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/op/op.AddDocument.php b/op/op.AddDocument.php index 86e4fe18c..0771abee3 100644 --- a/op/op.AddDocument.php +++ b/op/op.AddDocument.php @@ -55,12 +55,12 @@ if($settings->_quota > 0) { } } -$comment = $_POST["comment"]; -$version_comment = $_POST["version_comment"]; +$comment = trim($_POST["comment"]); +$version_comment = trim($_POST["version_comment"]); if($version_comment == "" && isset($_POST["use_comment"])) $version_comment = $comment; -$keywords = $_POST["keywords"]; +$keywords = trim($_POST["keywords"]); $categories = isset($_POST["categories"]) ? $_POST["categories"] : null; if(isset($_POST["attributes"])) $attributes = $_POST["attributes"]; @@ -265,7 +265,7 @@ for ($file_num=0;$file_numisLocked()) { } } -$name = isset($_POST['name']) ? $_POST["name"] : ""; -$comment = isset($_POST['comment']) ? $_POST["comment"] : ""; -$keywords = isset($_POST["keywords"]) ? $_POST["keywords"] : ""; +$name = isset($_POST['name']) ? trim($_POST["name"]) : ""; +$comment = isset($_POST['comment']) ? trim($_POST["comment"]) : ""; +$keywords = isset($_POST["keywords"]) ? trim($_POST["keywords"]) : ""; if(isset($_POST['categoryidform1'])) { $categories = explode(',', preg_replace('/[^0-9,]+/', '', $_POST["categoryidform1"])); } elseif(isset($_POST["categories"])) {