diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/image/folder.php | 2 | ||||
| -rw-r--r-- | lib/notes/source.php | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/lib/image/folder.php b/lib/image/folder.php index 56166d8..574531c 100644 --- a/lib/image/folder.php +++ b/lib/image/folder.php @@ -14,7 +14,7 @@ $fld = mysql_fetch_assoc(sql( assert_error($fld && ($fld['public'] != 0 || $fld['owner'] == $user['id']), "This folder does not exist, or you are not allowed to see it."); -$can_edit = ($user['priv'] >= $apps['image']['editfld'] && $user['id'] = $fld['owner']); +$can_edit = ($user['priv'] >= $apps['image']['editfld'] && $user['id'] == $fld['owner']); $is_owner = ($user['id'] == $fld['owner']); $filters = array ( diff --git a/lib/notes/source.php b/lib/notes/source.php index cecf1c8..d032d33 100644 --- a/lib/notes/source.php +++ b/lib/notes/source.php @@ -15,7 +15,7 @@ assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id']), <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> </head> <body> -<pre><? echo $note['text']; ?></pre> +<pre><? echo htmlspecialchars($note['text']); ?></pre> </body> </html> <? |