CVS update: affelio/apps/diary/Diary (Affelio-cvs 1099) - Affelio

Index: affelio/apps/diary/Diary/WriteDiary.pm
diff -u affelio/apps/diary/Diary/WriteDiary.pm:1.1 affelio/apps/diary/Diary/WriteDiary.pm:1.2

--- affelio/apps/diary/Diary/WriteDiary.pm:1.1	Wed Mar  1 14:40:35 2006
+++ affelio/apps/diary/Diary/WriteDiary.pm	Wed Mar  1 18:33:13 2006
@@ -58,8 +58,8 @@
 
 	my $wi = new Affelio::misc::WebInput();
 	my $sub_mode = $wi->PTN_mode($cgi->param("action"));
-	my $title = $cgi->param("title");
-	my $contents = $cgi->param("contents");
+	my $title = $diary->escape($cgi->param("title"));
+	my $contents = $diary->escape($cgi->param("contents"));
 	my $category = $wi->PTN_num($cgi->param("category"));
 	my $tping = $wi->PTN_URL($cgi->param("tping_url"));
 	my $id = $wi->PTN_num($cgi->param("id"));
@@ -95,8 +95,8 @@
 		}
 
 	    }elsif( $sub_mode eq "update" && ($id) ){
-		$title=$diary->escape($title);
-		$contents = $diary->escape($contents);
+#		$title=$diary->escape($title);
+#		$contents = $diary->escape($contents);
 		# update entry
 		debug_print("Diary::Write::show: before update entry");
 		updateEntry($diary,$id,$title,$contents,$category);
@@ -109,8 +109,8 @@
 		$output_ref->{tmpl_file} = $diary->{afap}->{app__fs_root}."/templates/write_diary_done.tmpl";
 	    }
 	    elsif( $sub_mode eq "submit" ){
-		$title=$diary->escape($title);
-		$contents = $diary->escape($contents);
+#		$title=$diary->escape($title);
+#		$contents = $diary->escape($contents);
 		# add entry
 		debug_print("Diary::Write::show: before add entry");
 		my $new_id = addEntry($diary, $title, $contents, $category);
@@ -161,8 +161,8 @@
 
     sub addEntry {
 	my $diary     = shift;
-	my $title    = $diary->escape(shift);
-	my $contents = $diary->escape(shift);
+	my $title    = shift;
+	my $contents = shift;
 	my $c_id = shift;
 	my $user = $diary->{nickname};
 	my $uri = $diary->{afid};
@@ -191,10 +191,10 @@
 ##############################################
 sub updateEntry {
 	my $diary    = shift;
-	my $id       = $diary->escape(shift, 'int');
-	my $title    = $diary->escape(shift);
-	my $contents = $diary->escape(shift);
-	my $c_id       = $diary->escape(shift, 'int');
+	my $id       = shift;
+	my $title    = shift;
+	my $contents = shift;
+	my $c_id       = shift;
 	$diary->{dbh}->do("UPDATE $diary->{entry_table} SET title = '$title', contents = '$contents', c_id=$c_id WHERE id = $id");
 }
 


Affelio

[Affelio-cvs 1099] CVS update: affelio/apps/diary/Diary