james/fembooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

updates from sein

Browse Source
This commit is contained in:
Shish 2009-11-24 13:57:37 +00:00
parent a14b2a8a63
commit 4e95149c4b
2 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
contrib/forum/main.php
View File

@ -197,7 +197,7 @@ class Forum extends SimpleExtension {
$hasErrors = true; $hasErrors = true;
$errors .= "<div id='error'>You cannot have an empty title.</div>"; $errors .= "<div id='error'>You cannot have an empty title.</div>";
} }
else if (strlen(mysql_real_escape_string(htmlspecialchars($_POST["title"]))) > 255) else if (strlen(mysql_real_escape_string(html_escape($_POST["title"]))) > 255)
{ {
$hasErrors = true; $hasErrors = true;
$errors .= "<div id='error'>Your title is too long.</div>"; $errors .= "<div id='error'>Your title is too long.</div>";
@ -274,7 +274,7 @@ class Forum extends SimpleExtension {
"INNER JOIN forum_posts AS p ". "INNER JOIN forum_posts AS p ".
"ON p.thread_id = f.id ". "ON p.thread_id = f.id ".
"GROUP BY f.id, f.sticky, f.title, f.date, u.name, u.email, u.admin ". "GROUP BY f.id, f.sticky, f.title, f.date, u.name, u.email, u.admin ".
"ORDER BY f.sticky DESC, f.uptodate DESC LIMIT ?, ?" "ORDER BY f.sticky ASC, f.uptodate DESC LIMIT ?, ?"
, array($pageNumber * $threadsPerPage, $threadsPerPage) , array($pageNumber * $threadsPerPage, $threadsPerPage)
); );
@ -318,7 +318,7 @@ class Forum extends SimpleExtension {
private function save_new_thread($user) private function save_new_thread($user)
{ {
$title = mysql_real_escape_string(htmlspecialchars($_POST["title"])); $title = mysql_real_escape_string(html_escape($_POST["title"]));
$sticky = html_escape($_POST["sticky"]); $sticky = html_escape($_POST["sticky"]);
if($sticky == ""){ if($sticky == ""){
@ -344,7 +344,7 @@ class Forum extends SimpleExtension {
{ {
global $config; global $config;
$userID = $user->id; $userID = $user->id;
$message = mysql_real_escape_string(htmlspecialchars($_POST["message"])); $message = mysql_real_escape_string(html_escape($_POST["message"]));
$max_characters = $config->get_int('forumMaxCharsPerPost'); $max_characters = $config->get_int('forumMaxCharsPerPost');
$message = substr($message, 0, $max_characters); $message = substr($message, 0, $max_characters);

6
contrib/forum/theme.php
View File

@ -110,9 +110,11 @@ class ForumTheme extends Themelet {
$message = str_replace('\n', '<br>', $message); $message = str_replace('\n', '<br>', $message);
$message = str_replace('\r', '<br>', $message); $message = str_replace('\r', '<br>', $message);
$message = stripslashes($message);
$user = "<a href='".make_link("user/".$post["user_name"]."")."'>".$post["user_name"]."</a>"; $user = "<a href='".make_link("user/".$post["user_name"]."")."'>".$post["user_name"]."</a>";
$poster = User::by_name($post["user_name"]); $poster = User::by_name($post["user_name"]);
$gravatar = $poster->get_avatar_html(); $gravatar = $poster->get_avatar_html();
$oe = ($n++ % 2 == 0) ? "even" : "odd"; $oe = ($n++ % 2 == 0) ? "even" : "odd";
@ -120,7 +122,7 @@ class ForumTheme extends Themelet {
if ($post["user_admin"] == "Y") { if ($post["user_admin"] == "Y") {
$rank = "<sup>admin</sup>"; $rank = "<sup>admin</sup>";
} else { } else {
$rank = "<small>user</small>"; $rank = "<sup>user</sup>";
} }
$postID = $post['id']; $postID = $post['id'];