[geeklog-hg] geeklog: Merged with upstream

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Sun Sep 15 00:59:41 EDT 2013 

changeset 9296:11a94c0b4b5b
url:  http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/11a94c0b4b5b
user: Tom <websitemaster at cogeco.net>
date: Sun Sep 15 00:58:59 2013 -0400
description:
Merged with upstream

diffstat:

 system/lib-comment.php |  16 +++++++++-------
 1 files changed, 9 insertions(+), 7 deletions(-)

diffs (41 lines):

diff -r 87a980ba9e7b -r 11a94c0b4b5b system/lib-comment.php
--- a/system/lib-comment.php	Sun Sep 15 00:57:28 2013 -0400
+++ b/system/lib-comment.php	Sun Sep 15 00:58:59 2013 -0400
@@ -1297,8 +1297,12 @@
         return $someError;
     }
 
-    $comment = DB_escapeString(CMT_prepareText($comment, $postmode, $type));
-    $title = DB_escapeString(COM_checkWords(strip_tags($title)));
+    // Store unescaped comment and title for use in notification.
+    $comment0 = CMT_prepareText($comment, $postmode, $type);
+    $title0 = COM_checkWords(strip_tags($title));
+
+    $comment = DB_escapeString($comment0);
+    $title = DB_escapeString($title0);
     if (($uid == 1) && isset($_POST[CMT_USERNAME])) {
         $anon = COM_getDisplayName(1);
         if (strcmp($_POST[CMT_USERNAME], $anon) != 0) {
@@ -1440,9 +1444,9 @@
             $cid = 0; // comment went into the submission queue
         }
         if (($uid == 1) && isset($username)) {
-            CMT_sendNotification($title, $comment, $uid, $username, $_SERVER['REMOTE_ADDR'], $type, $cid);
+            CMT_sendNotification($title0, $comment0, $uid, $username, $_SERVER['REMOTE_ADDR'], $type, $cid);
         } else {
-            CMT_sendNotification($title, $comment, $uid, '', $_SERVER['REMOTE_ADDR'], $type, $cid);
+            CMT_sendNotification($title0, $comment0, $uid, '', $_SERVER['REMOTE_ADDR'], $type, $cid);
         }
     }
     
@@ -1473,9 +1477,7 @@
         return false;
     }
 
-    // we have to undo the addslashes() call from savecomment()
-    $title = stripslashes($title);
-    $comment = stripslashes($comment);
+    $comment = str_replace("\r\n", "\n", $comment);
 
     // strip HTML if posted in HTML mode
     if (preg_match('/<.*>/', $comment) != 0) {

More information about the geeklog-cvs mailing list