[geeklog-cvs] geeklog-1.3/public_html comment.php,1.65,1.66
dhaun at iowaoutdoors.org
dhaun at iowaoutdoors.org
Thu Jun 10 09:47:18 EDT 2004
Update of /var/cvs/geeklog-1.3/public_html
In directory www:/tmp/cvs-serv28646
Modified Files:
comment.php
Log Message:
Use 'view' mode in Comment Notifications and Abuse Reports. Also make sure $cid is filtered as an 'int' parameter.
Index: comment.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/comment.php,v
retrieving revision 1.65
retrieving revision 1.66
diff -C2 -d -r1.65 -r1.66
*** comment.php 31 May 2004 12:53:33 -0000 1.65
--- comment.php 10 Jun 2004 13:47:15 -0000 1.66
***************
*** 322,326 ****
if (isset ($_CONF['notification']) &&
in_array ('comment', $_CONF['notification'])) {
! sendNotification ($title, $comment, $uid, $REMOTE_ADDR, $type, $sid);
}
--- 322,327 ----
if (isset ($_CONF['notification']) &&
in_array ('comment', $_CONF['notification'])) {
! $cid = DB_insertId();
! sendNotification ($title, $comment, $uid, $REMOTE_ADDR, $type, $cid);
}
***************
*** 358,365 ****
* @param $ipaddress string poster's IP address
* @param $type string type of comment ('article', 'poll', ...)
! * @param $sid string id of story / poll / ...
*
*/
! function sendNotification ($title, $comment, $uid, $ipaddress, $type, $sid)
{
global $_CONF, $_TABLES, $LANG03, $LANG08, $LANG09;
--- 359,366 ----
* @param $ipaddress string poster's IP address
* @param $type string type of comment ('article', 'poll', ...)
! * @param $cid integer comment id
*
*/
! function sendNotification ($title, $comment, $uid, $ipaddress, $type, $cid)
{
global $_CONF, $_TABLES, $LANG03, $LANG08, $LANG09;
***************
*** 395,405 ****
}
! if ($type == 'article') {
! $mailbody .= $LANG08[33] . ' <' . $_CONF['site_url']
! . '/article.php?story=' . $sid . "#comments>\n\n";
! } else if ($type == 'poll') {
! $mailbody .= $LANG08[33] . ' <' . $_CONF['site_url']
! . '/pollbooth.php?qid=' . $sid . "&aid=-1>\n\n";
! }
$mailbody .= "\n------------------------------\n";
--- 396,401 ----
}
! $mailbody .= $LANG08[33] . ' <' . $_CONF['site_url']
! . '/comment.php?mode=view&cid=' . $cid . ">\n\n";
$mailbody .= "\n------------------------------\n";
***************
*** 636,646 ****
}
! if ($type == 'article') {
! $mailbody .= $LANG08[33] . ' <' . $_CONF['site_url']
! . '/article.php?story=' . $A['sid'] . "#comments>\n\n";
! } else if ($type == 'poll') {
! $mailbody .= $LANG08[33] . ' <' . $_CONF['site_url']
! . '/pollbooth.php?qid=' . $A['sid'] . "&aid=-1>\n\n";
! }
$mailbody .= "\n------------------------------\n";
--- 632,637 ----
}
! $mailbody .= $LANG08[33] . ' <' . $_CONF['site_url']
! . '/comment.php?mode=view&cid=' . $cid . ">\n\n";
$mailbody .= "\n------------------------------\n";
***************
*** 670,673 ****
--- 661,665 ----
. COM_siteFooter();
break;
+
case $LANG03[11]: // Submit Comment
$display .= savecomment (COM_applyFilter ($HTTP_POST_VARS['uid'], true),
***************
*** 678,688 ****
COM_applyFilter ($HTTP_POST_VARS['postmode']));
break;
case $LANG01[28]: // Delete
! $display .= deletecomment (COM_applyFilter ($cid),
COM_applyFilter ($sid), COM_applyFilter ($type));
break;
case 'view':
$cid = COM_applyFilter ($HTTP_GET_VARS['cid'], true);
! if (!empty($cid)) {
$sql = "SELECT sid, title, type FROM {$_TABLES['comments']} WHERE cid = $cid";
$A = DB_fetchArray( DB_query($sql) );
--- 670,682 ----
COM_applyFilter ($HTTP_POST_VARS['postmode']));
break;
+
case $LANG01[28]: // Delete
! $display .= deletecomment (COM_applyFilter ($cid, true),
COM_applyFilter ($sid), COM_applyFilter ($type));
break;
+
case 'view':
$cid = COM_applyFilter ($HTTP_GET_VARS['cid'], true);
! if ($cid > 0) {
$sql = "SELECT sid, title, type FROM {$_TABLES['comments']} WHERE cid = $cid";
$A = DB_fetchArray( DB_query($sql) );
***************
*** 720,723 ****
--- 714,718 ----
}
break;
+
case 'display':
$sid = COM_applyFilter ($HTTP_GET_VARS['sid']);
***************
*** 752,765 ****
}
break;
case 'report':
$display = COM_siteHeader ('menu')
! . report_abusive_comment (COM_applyFilter ($HTTP_GET_VARS['cid']),
! COM_applyFilter ($HTTP_GET_VARS['type']))
. COM_siteFooter ();
break;
case 'sendreport':
! $display = send_report (COM_applyFilter ($HTTP_POST_VARS['cid']),
COM_applyFilter ($HTTP_POST_VARS['type']));
break;
default:
if (isset ($HTTP_POST_VARS['sid'])) {
--- 747,763 ----
}
break;
+
case 'report':
$display = COM_siteHeader ('menu')
! . report_abusive_comment (COM_applyFilter ($HTTP_GET_VARS['cid'],
! true), COM_applyFilter ($HTTP_GET_VARS['type']))
. COM_siteFooter ();
break;
+
case 'sendreport':
! $display = send_report (COM_applyFilter ($HTTP_POST_VARS['cid'], true),
COM_applyFilter ($HTTP_POST_VARS['type']));
break;
+
default:
if (isset ($HTTP_POST_VARS['sid'])) {
***************
*** 800,806 ****
// This could still be a plugin wanting comments
if (isset ($HTTP_POST_VARS['cid'])) {
! $cid = COM_applyFilter ($HTTP_POST_VARS['cid']);
} else {
! $cid = COM_applyFilter ($HTTP_GET_VARS['cid']);
}
if (!empty ($type) && !empty ($cid)) {
--- 798,804 ----
// This could still be a plugin wanting comments
if (isset ($HTTP_POST_VARS['cid'])) {
! $cid = COM_applyFilter ($HTTP_POST_VARS['cid'], true);
} else {
! $cid = COM_applyFilter ($HTTP_GET_VARS['cid'], true);
}
if (!empty ($type) && !empty ($cid)) {
More information about the geeklog-cvs
mailing list