I've found an issue regarding the pluginloader and its way to handle escape characters (particularly when magic_quotes_gpc is On). The following changes might suffice:
Code: Select all
Index: index.php
===================================================================
--- index.php (revision 2)
+++ index.php (working copy)
@@ -526,7 +526,7 @@
if (!empty($plugin)) {
$save_data .= '[\'' . $plugin . '\']';
}
- $save_data .= '[\'' . $key . '\']="' . trim(str_replace("\\'", "'", ((get_magic_quotes_gpc() === 1) ? $value : addslashes($value)))) . '";' . "\n";
+ $save_data .= '[\'' . $key . '\']="' . addcslashes($value, "\n\r\t\\\$\"") . '";' . "\n";
}
$save_data .= "\n?>";
return $save_data;
@@ -819,13 +819,13 @@
$config_data = ARRAY();
foreach ($data as $key => $value) {
global $pluginloader_cfg;
- $config_data[$key] = $_POST[$pluginloader_cfg['form_namespace'] . $key];
+ $config_data[$key] = stsl($_POST[$pluginloader_cfg['form_namespace'] . $key]);
}
$save_data = PluginPrepareConfigData($var_name, $config_data, $plugin);
}
if ($action == 'plugin_textsave') {
- $text_data = $_POST[$var_name];
- $save_data = PluginPrepareTextData($text_data);
+ $text_data = stsl($_POST[$var_name]);
+ $save_data = $text_data;
}
$is_saved = PluginWriteFile($pth['file'][$admin], $save_data);
$t .= tag('br') . '<b>' . $is_saved['msg'] . '</b>' . tag('br');
Christoph