diff options
author | Alex AUVOLAT <alexis211@gmail.com> | 2012-06-20 22:29:00 +0200 |
---|---|---|
committer | Alex AUVOLAT <alexis211@gmail.com> | 2012-06-20 22:29:00 +0200 |
commit | 5abf9dc5c437c3c0dc3408c3a583106fa6babcc2 (patch) | |
tree | 62fbce00283d176481c3c55f19cfa1cad227ce55 /lib | |
parent | 42ab8ff48ca96d39bff5486a009fabb302e8ada5 (diff) | |
download | Bits-5abf9dc5c437c3c0dc3408c3a583106fa6babcc2.tar.gz Bits-5abf9dc5c437c3c0dc3408c3a583106fa6babcc2.zip |
minor bugfixes
Diffstat (limited to 'lib')
-rw-r--r-- | lib/image/folder.php | 2 | ||||
-rw-r--r-- | lib/notes/source.php | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/lib/image/folder.php b/lib/image/folder.php index 56166d8..574531c 100644 --- a/lib/image/folder.php +++ b/lib/image/folder.php @@ -14,7 +14,7 @@ $fld = mysql_fetch_assoc(sql( assert_error($fld && ($fld['public'] != 0 || $fld['owner'] == $user['id']), "This folder does not exist, or you are not allowed to see it."); -$can_edit = ($user['priv'] >= $apps['image']['editfld'] && $user['id'] = $fld['owner']); +$can_edit = ($user['priv'] >= $apps['image']['editfld'] && $user['id'] == $fld['owner']); $is_owner = ($user['id'] == $fld['owner']); $filters = array ( diff --git a/lib/notes/source.php b/lib/notes/source.php index cecf1c8..d032d33 100644 --- a/lib/notes/source.php +++ b/lib/notes/source.php @@ -15,7 +15,7 @@ assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id']), <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> </head> <body> -<pre><? echo $note['text']; ?></pre> +<pre><? echo htmlspecialchars($note['text']); ?></pre> </body> </html> <? |