summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorAlex AUVOLAT <alexis211@gmail.com>2012-06-20 22:29:00 +0200
committerAlex AUVOLAT <alexis211@gmail.com>2012-06-20 22:29:00 +0200
commit5abf9dc5c437c3c0dc3408c3a583106fa6babcc2 (patch)
tree62fbce00283d176481c3c55f19cfa1cad227ce55 /lib
parent42ab8ff48ca96d39bff5486a009fabb302e8ada5 (diff)
downloadBits-5abf9dc5c437c3c0dc3408c3a583106fa6babcc2.tar.gz
Bits-5abf9dc5c437c3c0dc3408c3a583106fa6babcc2.zip
minor bugfixes
Diffstat (limited to 'lib')
-rw-r--r--lib/image/folder.php2
-rw-r--r--lib/notes/source.php2
2 files changed, 2 insertions, 2 deletions
diff --git a/lib/image/folder.php b/lib/image/folder.php
index 56166d8..574531c 100644
--- a/lib/image/folder.php
+++ b/lib/image/folder.php
@@ -14,7 +14,7 @@ $fld = mysql_fetch_assoc(sql(
assert_error($fld && ($fld['public'] != 0 || $fld['owner'] == $user['id']),
"This folder does not exist, or you are not allowed to see it.");
-$can_edit = ($user['priv'] >= $apps['image']['editfld'] && $user['id'] = $fld['owner']);
+$can_edit = ($user['priv'] >= $apps['image']['editfld'] && $user['id'] == $fld['owner']);
$is_owner = ($user['id'] == $fld['owner']);
$filters = array (
diff --git a/lib/notes/source.php b/lib/notes/source.php
index cecf1c8..d032d33 100644
--- a/lib/notes/source.php
+++ b/lib/notes/source.php
@@ -15,7 +15,7 @@ assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id']),
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
-<pre><? echo $note['text']; ?></pre>
+<pre><? echo htmlspecialchars($note['text']); ?></pre>
</body>
</html>
<?