[geeklog-cvs] geeklog-1.3/public_html profiles.php,1.27,1.28
dhaun at geeklog.net
dhaun at geeklog.net
Fri Jan 2 11:32:21 EST 2004
Update of /usr/cvs/geeklog/geeklog-1.3/public_html
In directory geeklog_prod:/tmp/cvs-serv2245
Modified Files:
profiles.php
Log Message:
More GET/POST parameter filtering.
Index: profiles.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/profiles.php,v
retrieving revision 1.27
retrieving revision 1.28
diff -C2 -d -r1.27 -r1.28
*** profiles.php 4 Dec 2003 21:02:28 -0000 1.27
--- profiles.php 2 Jan 2004 16:32:18 -0000 1.28
***************
*** 203,207 ****
#
! function mailstory ($sid, $to, $toemail, $from, $fromemail, $sid, $shortmsg)
{
global $_CONF, $_TABLES, $_USER, $LANG01, $LANG08;
--- 203,207 ----
#
! function mailstory ($sid, $to, $toemail, $from, $fromemail, $shortmsg)
{
global $_CONF, $_TABLES, $_USER, $LANG01, $LANG08;
***************
*** 320,327 ****
# MAIN
switch ($what) {
! case 'contact':
! $uid = strip_tags ($HTTP_POST_VARS['uid']);
! if (is_numeric ($uid)) {
! $display .= contactemail ($uid, $HTTP_POST_VARS['author'],
$HTTP_POST_VARS['authoremail'], $HTTP_POST_VARS['subject'],
$HTTP_POST_VARS['message']);
--- 320,327 ----
# MAIN
switch ($what) {
! case 'contact':
! $uid = COM_applyFilter ($HTTP_POST_VARS['uid'], true);
! if ($uid > 1) {
! $display .= contactemail ($uid, $HTTP_POST_VARS['author'],
$HTTP_POST_VARS['authoremail'], $HTTP_POST_VARS['subject'],
$HTTP_POST_VARS['message']);
***************
*** 329,352 ****
$display .= COM_refresh ($_CONF['site_url'] . '/index.php');
}
! break;
! case 'emailstory':
! if ($_CONF['hideemailicon'] == 1) {
! $display = COM_refresh ($_CONF['site_url'] . '/article.php?story=' . $sid);
} else {
! $display .= COM_siteHeader() . mailstoryform($sid) . COM_siteFooter();
}
! break;
! case 'sendstory':
! $display .= mailstory($sid,$to,$toemail,$from,$fromemail,$sid,$shortmsg);
! break;
! default:
! $uid = strip_tags ($uid);
! if (!empty($uid) && is_numeric ($uid)) {
! $display .= COM_siteHeader()
! .contactform($uid)
! .COM_siteFooter();
! } else {
! $display .= COM_refresh($_CONF['site_url']);
! }
}
--- 329,364 ----
$display .= COM_refresh ($_CONF['site_url'] . '/index.php');
}
! break;
! case 'emailstory':
! $sid = COM_applyFilter ($HTTP_GET_VARS['sid']);
! if (empty ($sid)) {
! $display = COM_refresh ($_CONF['site_url'] . '/index.php');
! } else if ($_CONF['hideemailicon'] == 1) {
! $display = COM_refresh ($_CONF['site_url']
! . '/article.php?story=' . $sid);
} else {
! $display .= COM_siteHeader() . mailstoryform($sid) . COM_siteFooter();
}
! break;
! case 'sendstory':
! $sid = COM_applyFilter ($HTTP_POST_VARS['sid']);
! if (empty ($sid)) {
! $display = COM_refresh ($_CONF['site_url'] . '/index.php');
! } else {
! $display .= mailstory ($sid, $HTTP_POST_VARS['to'],
! $HTTP_POST_VARS['toemail'], $HTTP_POST_VARS['from'],
! $HTTP_POST_VARS['fromemail'], $HTTP_POST_VARS['shortmsg']);
! }
! break;
! default:
! $uid = COM_applyFilter ($HTTP_GET_VARS['uid'], true);
! if ($uid > 1) {
! $display .= COM_siteHeader ()
! . contactform ($uid)
! . COM_siteFooter ();
! } else {
! $display .= COM_refresh ($_CONF['site_url'] . '/index.php');
! }
! break;
}
More information about the geeklog-cvs
mailing list