eliminating possible xss
eliminating possible xss

--- a/include/classes/display.php
+++ b/include/classes/display.php
@@ -67,6 +67,8 @@
 		$this->smarty->assign ("cards", Anyfivecardpokerhand::$cards );
 		$this->smarty->assign ("types", Anyfivecardpokerhand::$types );
 		$this->smarty->assign ("databaseQuery", $databaseQuery);
+		$this->smarty->assign ("currentCard", $card);
+		$this->smarty->assign ("currentHand", $hand);
 
 		if ( $ajax == true ) {
 			$this->smarty->display ("table.tpl");

--- a/style/tpl/index.tpl
+++ b/style/tpl/index.tpl
@@ -29,14 +29,14 @@
 	    			<select name="hand" id="hand">
 	    				<option value="">all - {$stats.all}</option>
 						{foreach key=k item=v from=$hands}
-						<option value="{$k}"{if $smarty.get.hand && $smarty.get.hand == $k} selected="selected"{/if}>{$v} - {$stats.$k}</option>
+						<option value="{$k}"{if $currentHand && $currentHand == $k} selected="selected"{/if}>{$v} - {$stats.$k}</option>
 						{/foreach}
 					</select>
 					<select name="card" id="card">
 	    				<option value="">all</option>
 						{foreach key=k item=card from=$cards}
 							{foreach key=k2 item=type from=$types}
-							<option value="{$card} {$type}"{if $smarty.get.card && $smarty.get.card == "$card $type"} selected="selected"{/if}>{$card} {$type}</option>
+							<option value="{$card} {$type}"{if $currentCard && $currentCard == "$card $type"} selected="selected"{/if}>{$card} {$type}</option>
 							{/foreach}
 						{/foreach}
 					</select>

--- a/style/tpl/pagination.tpl
+++ b/style/tpl/pagination.tpl
@@ -1,11 +1,10 @@
 <table class="widefat post fixed">
 <tr>
 	<td id="pagination">
-		{if $smarty.get.hand != ""}
-			{assign var="_hand" value=$smarty.get.hand}
-			Showing <strong>{$hands.$_hand}{if $smarty.get.card}/{$smarty.get.card|htmlentities}{/if}</strong> combinations
+		{if $currentHand != ""}
+			Showing <strong>{$hands.$currentHand}{if $currentCard}/{$currentCard}{/if}</strong> combinations
 		{else}
-			Showing <strong>all{if $smarty.get.card}/{$smarty.get.card|htmlentities}{/if}</strong> combinations
+			Showing <strong>all{if $currentCard}/{$currentCard}{/if}</strong> combinations
 		{/if}
 		<br />
 

comments