[geeklog-cvs] Geeklog-1.x/public_html profiles.php,1.55,1.56

Michael Jervis mjervis at qs1489.pair.com
Wed Feb 20 15:32:39 EST 2008 

Update of /cvsroot/geeklog/Geeklog-1.x/public_html
In directory qs1489.pair.com:/tmp/cvs-serv27176/public_html

Modified Files:
	profiles.php 
Log Message:
 Mail story to a friend: User message text is run through COM_applyFilter but shouldn't be because that will cut the message off at the first special character. The message doesn't go out as HTML, and isn't logged, so, we don't introduce a security hole by doing so (I checked carefully!)

Index: profiles.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/profiles.php,v
retrieving revision 1.55
retrieving revision 1.56
diff -C2 -d -r1.55 -r1.56
*** profiles.php	20 Feb 2008 20:27:25 -0000	1.55
--- profiles.php	20 Feb 2008 20:32:37 -0000	1.56
***************
*** 472,476 ****
                           . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
                                            COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
!                                           COM_applyFilter($_POST['shortmsg']), 52)
                           . COM_siteFooter ();
              } else if (empty ($_POST['to']) || empty ($_POST['from']) ||
--- 472,476 ----
                           . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
                                            COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
!                                           $_POST['shortmsg'], 52)
                           . COM_siteFooter ();
              } else if (empty ($_POST['to']) || empty ($_POST['from']) ||
***************
*** 479,483 ****
                           . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
                                            COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
!                                           COM_applyFilter($_POST['shortmsg']))
                           . COM_siteFooter ();
              } else {
--- 479,483 ----
                           . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
                                            COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
!                                           $_POST['shortmsg'])
                           . COM_siteFooter ();
              } else {
***************
*** 488,492 ****
                               . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
                                                COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
!                                               COM_applyFilter($_POST['shortmsg']))
                               . COM_siteFooter ();
                  } else {
--- 488,492 ----
                               . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
                                                COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
!                                               $_POST['shortmsg'])
                               . COM_siteFooter ();
                  } else {

More information about the geeklog-cvs mailing list