diff --git a/action.php b/action.php
index 99712b3..fef297f 100644
--- a/action.php
+++ b/action.php
@@ -102,12 +102,17 @@ switch ($VARS['action']) {
die();
}
+ $config = HTMLPurifier_Config::createDefault();
+ $purifier = new HTMLPurifier($config);
+ $taskdesc = $purifier->purify($VARS['taskdesc']);
+ //$taskdesc = $VARS['taskdesc'];
+
if (is_empty($VARS['taskid'])) {
- $database->insert('tasks', ['tasktitle' => $VARS['tasktitle'], 'taskdesc' => $VARS['taskdesc'], 'taskcreatoruid' => $_SESSION['uid']]);
+ $database->insert('tasks', ['tasktitle' => $VARS['tasktitle'], 'taskdesc' => $taskdesc, 'taskcreatoruid' => $_SESSION['uid']]);
$VARS['taskid'] = $database->id();
header('Location: app.php?page=edittask&taskid=' . $database->id() . '&msg=task_saved');
} else {
- $database->update('tasks', ['tasktitle' => $VARS['tasktitle'], 'taskdesc' => $VARS['taskdesc']], ['taskid' => $VARS['taskid']]);
+ $database->update('tasks', ['tasktitle' => $VARS['tasktitle'], 'taskdesc' => $taskdesc], ['taskid' => $VARS['taskid']]);
header('Location: app.php?page=edittask&taskid=' . $VARS['taskid'] . '&msg=task_saved');
}
diff --git a/composer.json b/composer.json
index 5afe65b..1120b75 100644
--- a/composer.json
+++ b/composer.json
@@ -4,7 +4,8 @@
"type": "project",
"require": {
"catfan/medoo": "^1.2",
- "guzzlehttp/guzzle": "^6.2"
+ "guzzlehttp/guzzle": "^6.2",
+ "ezyang/htmlpurifier": "^4.9"
},
"license": "OTHER",
"authors": [
diff --git a/composer.lock b/composer.lock
index 1896297..5d26db5 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,8 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
- "content-hash": "1c8b61c5d506ae016285b99b20040cf0",
+ "hash": "8e38254e3739787b4de62b754445585d",
+ "content-hash": "63c81acf75eb3b29eebe3171a18b4d9f",
"packages": [
{
"name": "catfan/medoo",
@@ -63,7 +64,54 @@
"sql",
"sqlite"
],
- "time": "2017-05-22T04:39:48+00:00"
+ "time": "2017-05-22 04:39:48"
+ },
+ {
+ "name": "ezyang/htmlpurifier",
+ "version": "v4.9.3",
+ "source": {
+ "type": "git",
+ "url": "https://github.com/ezyang/htmlpurifier.git",
+ "reference": "95e1bae3182efc0f3422896a3236e991049dac69"
+ },
+ "dist": {
+ "type": "zip",
+ "url": "https://api.github.com/repos/ezyang/htmlpurifier/zipball/95e1bae3182efc0f3422896a3236e991049dac69",
+ "reference": "95e1bae3182efc0f3422896a3236e991049dac69",
+ "shasum": ""
+ },
+ "require": {
+ "php": ">=5.2"
+ },
+ "require-dev": {
+ "simpletest/simpletest": "^1.1"
+ },
+ "type": "library",
+ "autoload": {
+ "psr-0": {
+ "HTMLPurifier": "library/"
+ },
+ "files": [
+ "library/HTMLPurifier.composer.php"
+ ]
+ },
+ "notification-url": "https://packagist.org/downloads/",
+ "license": [
+ "LGPL"
+ ],
+ "authors": [
+ {
+ "name": "Edward Z. Yang",
+ "email": "admin@htmlpurifier.org",
+ "homepage": "http://ezyang.com"
+ }
+ ],
+ "description": "Standards compliant HTML filter written in PHP",
+ "homepage": "http://htmlpurifier.org/",
+ "keywords": [
+ "html"
+ ],
+ "time": "2017-06-03 02:28:16"
},
{
"name": "guzzlehttp/guzzle",
@@ -125,7 +173,7 @@
"rest",
"web service"
],
- "time": "2017-02-28T22:50:30+00:00"
+ "time": "2017-02-28 22:50:30"
},
{
"name": "guzzlehttp/promises",
@@ -176,7 +224,7 @@
"keywords": [
"promise"
],
- "time": "2016-12-20T10:07:11+00:00"
+ "time": "2016-12-20 10:07:11"
},
{
"name": "guzzlehttp/psr7",
@@ -241,7 +289,7 @@
"uri",
"url"
],
- "time": "2017-03-20T17:10:46+00:00"
+ "time": "2017-03-20 17:10:46"
},
{
"name": "psr/http-message",
@@ -291,7 +339,7 @@
"request",
"response"
],
- "time": "2016-08-06T14:39:51+00:00"
+ "time": "2016-08-06 14:39:51"
}
],
"packages-dev": [],
diff --git a/pages/edittask.php b/pages/edittask.php
index b6ac8b0..16467df 100644
--- a/pages/edittask.php
+++ b/pages/edittask.php
@@ -57,10 +57,10 @@ if (!is_empty($taskid) && $database->has('assigned_tasks', ['taskid' => $taskid]
:
" placeholder="" />
- :
-
+ : " /> +