[geeklog-cvs] geeklog: Fixed backslashes in comment titles when magic_quotes_g...

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Sun Aug 28 11:08:52 EDT 2011 

changeset 8360:fbac38af8fc7
url:  http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/fbac38af8fc7
user: Dirk Haun <dirk at haun-online.de>
date: Sun Jun 19 09:43:46 2011 +0200
description:
Fixed backslashes in comment titles when magic_quotes_gpc = On (bug #0000941)

diffstat:

 public_html/comment.php |  12 +++++++-----
 1 files changed, 7 insertions(+), 5 deletions(-)

diffs (43 lines):

diff -r 6d2060ebebbb -r fbac38af8fc7 public_html/comment.php
--- a/public_html/comment.php	Sat Jun 18 22:50:18 2011 +0200
+++ b/public_html/comment.php	Sun Jun 19 09:43:46 2011 +0200
@@ -109,8 +109,10 @@
 
     $display = '';
 
-    $type = COM_applyFilter ($_POST['type']);
-    $sid = COM_applyFilter ($_POST['sid']);
+    $type = COM_applyFilter($_POST['type']);
+    $sid = COM_applyFilter($_POST['sid']);
+    $title = strip_tags(COM_stripslashes($_POST['title']));
+
     switch ( $type ) {
         case 'article':
             $commentcode = DB_getItem ($_TABLES['stories'], 'commentcode',
@@ -121,7 +123,7 @@
                 return COM_refresh($_CONF['site_url'] . '/index.php');
             }
 
-            $ret = CMT_saveComment ( strip_tags ($_POST['title']), 
+            $ret = CMT_saveComment ( $title,
                 $_POST['comment'], $sid, COM_applyFilter ($_POST['pid'], true), 
                 'article', COM_applyFilter ($_POST['postmode']));
 
@@ -132,7 +134,7 @@
                 $display = COM_refresh($url);
             } elseif ( $ret > 0 ) { // failure //FIXME: some failures should not return to comment form
                 $display .= COM_siteHeader ('menu', $LANG03[1])
-                         . CMT_commentForm ($_POST['title'], $_POST['comment'],
+                         . CMT_commentForm ($title, $_POST['comment'],
                            $sid, COM_applyFilter($_POST['pid']), $type,
                            $LANG03[14], COM_applyFilter($_POST['postmode']))
                          . COM_siteFooter();
@@ -145,7 +147,7 @@
             }
             break;
         default: // assume plugin
-            if ( !($display = PLG_commentSave($type, strip_tags ($_POST['title']), 
+            if ( !($display = PLG_commentSave($type, $title,
                                 $_POST['comment'], $sid, COM_applyFilter ($_POST['pid'], true),
                                 COM_applyFilter ($_POST['postmode']))) ) {
                 $display = COM_refresh ($_CONF['site_url'] . '/index.php');

More information about the geeklog-cvs mailing list