[geeklog-cvs] geeklog: Fixed backslashes in comment titles when magic_quotes_g...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sun Aug 28 11:08:52 EDT 2011
changeset 8360:fbac38af8fc7
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/fbac38af8fc7
user: Dirk Haun <dirk at haun-online.de>
date: Sun Jun 19 09:43:46 2011 +0200
description:
Fixed backslashes in comment titles when magic_quotes_gpc = On (bug #0000941)
diffstat:
public_html/comment.php | 12 +++++++-----
1 files changed, 7 insertions(+), 5 deletions(-)
diffs (43 lines):
diff -r 6d2060ebebbb -r fbac38af8fc7 public_html/comment.php
--- a/public_html/comment.php Sat Jun 18 22:50:18 2011 +0200
+++ b/public_html/comment.php Sun Jun 19 09:43:46 2011 +0200
@@ -109,8 +109,10 @@
$display = '';
- $type = COM_applyFilter ($_POST['type']);
- $sid = COM_applyFilter ($_POST['sid']);
+ $type = COM_applyFilter($_POST['type']);
+ $sid = COM_applyFilter($_POST['sid']);
+ $title = strip_tags(COM_stripslashes($_POST['title']));
+
switch ( $type ) {
case 'article':
$commentcode = DB_getItem ($_TABLES['stories'], 'commentcode',
@@ -121,7 +123,7 @@
return COM_refresh($_CONF['site_url'] . '/index.php');
}
- $ret = CMT_saveComment ( strip_tags ($_POST['title']),
+ $ret = CMT_saveComment ( $title,
$_POST['comment'], $sid, COM_applyFilter ($_POST['pid'], true),
'article', COM_applyFilter ($_POST['postmode']));
@@ -132,7 +134,7 @@
$display = COM_refresh($url);
} elseif ( $ret > 0 ) { // failure //FIXME: some failures should not return to comment form
$display .= COM_siteHeader ('menu', $LANG03[1])
- . CMT_commentForm ($_POST['title'], $_POST['comment'],
+ . CMT_commentForm ($title, $_POST['comment'],
$sid, COM_applyFilter($_POST['pid']), $type,
$LANG03[14], COM_applyFilter($_POST['postmode']))
. COM_siteFooter();
@@ -145,7 +147,7 @@
}
break;
default: // assume plugin
- if ( !($display = PLG_commentSave($type, strip_tags ($_POST['title']),
+ if ( !($display = PLG_commentSave($type, $title,
$_POST['comment'], $sid, COM_applyFilter ($_POST['pid'], true),
COM_applyFilter ($_POST['postmode']))) ) {
$display = COM_refresh ($_CONF['site_url'] . '/index.php');
More information about the geeklog-cvs
mailing list