diff options
| author | Dries Buytaert <dries@buytaert.net> | 2000-09-21 07:20:17 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2000-09-21 07:20:17 +0000 |
| commit | 6ca7f1e2f3536cc2713944d70264cf01d135f1c8 (patch) | |
| tree | a2ecac6b607f8bbb01d90cfc262454f918ddcc90 | |
| parent | 525ae78d8682f12769a33305ae51761581749b5d (diff) | |
| download | brdo-6ca7f1e2f3536cc2713944d70264cf01d135f1c8.tar.gz brdo-6ca7f1e2f3536cc2713944d70264cf01d135f1c8.tar.bz2 | |
Various smaller changes: one of the more interesing is the addition of a
check()-function which validates input from forms. The allowed HTML tags
can be configured in config.inc.
| -rw-r--r-- | config.inc | 8 | ||||
| -rw-r--r-- | diary.php | 21 | ||||
| -rw-r--r-- | function.inc | 11 | ||||
| -rw-r--r-- | submit.php | 4 | ||||
| -rw-r--r-- | template.inc | 20 |
5 files changed, 38 insertions, 26 deletions
diff --git a/config.inc b/config.inc index ece0ba5f8..4ec1da330 100644 --- a/config.inc +++ b/config.inc @@ -45,12 +45,8 @@ $notify_from = "droppies@zind.net"; # # Comment meta reasons: -# The comment meta reasons are the various meta reasons used to -# moderate comments. The array should always be 'balanced': that -# the number of good reasons should equal the number of bad reason -# and those should be ordered from bad to good. # -$comments_meta_reasons = array('Off topic', 'Redundant', 'Insightfull', 'As is', 'Interesting', 'Informative', 'Funny'); +$comments_votes = array("-1" => "-1", "0" => "0", "+1" => "+ 1", "+2" => "+ 2", "+3" => "+ 3", "+4" => "+ 4", "+5" => "+ 5"); # # Categories: @@ -60,7 +56,7 @@ $categories = array('Announcements', 'Arts & Humanities', 'Business & Economy', # # Allowed HTML tags: # -$allowableHTML = array('B','/B','I','/I','P .*','P','/P','A .*','/A','LI','OL','/OL','UL','/UL','EM','/EM','BR','STRONG','/STRONG','BLOCKQUOTE','/BLOCKQUOTE','HR','DIV .*','DIV','/DIV','TT','/TT'); +$allowed_html = "<A> <B> <BR> <DD> <DL> <DT> <EM> <I> <IL> <OL> <U> <UL>"; # # Name of the 'anonymous' user account: @@ -1,5 +1,6 @@ <? include "function.inc"; +include "config.inc"; include "theme.inc"; @@ -65,7 +66,7 @@ function diary_display($username) { } function diary_add_enter() { - global $theme, $user; + global $theme, $user, $allowed_html; ### Submission form: $output .= "<FORM ACTION=\"diary.php\" METHOD=\"post\">\n"; @@ -73,7 +74,7 @@ function diary_add_enter() { $output .= "<P>\n"; $output .= " <B>Enter new diary entry:</B><BR>\n"; $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\" MAXLENGTH=\"20\"></TEXTAREA><BR>\n"; - $output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n"; + $output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) ."</I></SMALL>\n"; $output .= "</P>\n"; $output .= "<P>\n"; @@ -88,19 +89,19 @@ function diary_add_enter() { } function diary_edit_enter($id) { - global $theme, $user; + global $theme, $user, $allowed_html; $result = db_query("SELECT * FROM diaries WHERE id = $id"); $diary = db_fetch_object($result); - $output .= diary_entry($diary->timestamp, $diary->text); + $output .= diary_entry($diary->timestamp, check($diary->text)); $output .= "<FORM ACTION=\"diary.php\" METHOD=\"post\">\n"; $output .= "<P>\n"; $output .= " <B>Edit diary entry:</B><BR>\n"; $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\">". stripslashes($diary->text) ."</TEXTAREA><BR>\n"; - $output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n"; + $output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) ."</I></SMALL>\n"; $output .= "</P>\n"; $output .= "<P>\n"; @@ -117,16 +118,16 @@ function diary_edit_enter($id) { } function diary_preview($text, $timestamp, $id = 0) { - global $theme, $user; + global $theme, $user, $allowed_html; - $output .= diary_entry($timestamp, $text); + $output .= diary_entry($timestamp, check($text)); $output .= "<FORM ACTION=\"diary.php\" METHOD=\"post\">\n"; $output .= "<P>\n"; $output .= " <B>Preview diary entry:</B><BR>\n"; $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\">". stripslashes($text) ."</TEXTAREA><BR>\n"; - $output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n"; + $output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) ."</I></SMALL>\n"; $output .= "</P>\n"; $output .= "<P>\n"; @@ -145,11 +146,11 @@ function diary_submit($text, $id = 0) { global $user, $theme; if ($id) { - db_query("UPDATE diaries SET text = '".addslashes($text) ."' WHERE id = $id"); + db_query("UPDATE diaries SET text = '". check(addslashes($text)) ."' WHERE id = $id"); watchdog(1, "old diary entry updated"); } else { - db_query("INSERT INTO diaries (author, text, timestamp) VALUES ('$user->id', '". addslashes($text) ."', '". time() ."')"); + db_query("INSERT INTO diaries (author, text, timestamp) VALUES ('$user->id', '". check(addslashes($text)) ."', '". time() ."')"); watchdog(1, "new diary entry added"); } header("Location: diary.php?op=view&name=$user->userid"); diff --git a/function.inc b/function.inc index ff03936d5..0ff35e5a8 100644 --- a/function.inc +++ b/function.inc @@ -29,14 +29,9 @@ function FixQuotes ($what = "") { return $what; } -function check_html($message) { - ## TODO - return $message; -} - -function filter_text($message, $strip="") { - ### TODO - return check_html($text, $strip); +function check($message) { + include "config.inc"; + return strip_tags(nl2br($message), $allowed_html); } function discussion_num_replies($id, $count = 0) { diff --git a/submit.php b/submit.php index 45b8c1e41..fa28e2c69 100644 --- a/submit.php +++ b/submit.php @@ -120,7 +120,7 @@ function submit_preview($subject, $abstract, $article, $category) { $output .= "</FORM>\n"; $theme->header(); - $theme->preview($user->userid, stripslashes($subject), stripslashes($abstract), "", stripslashes($article), date("l, F d, Y - H:i A", time()), stripslashes($category), "we-hate-typoes"); + $theme->preview($user->userid, check(stripslashes($subject)), check(stripslashes($abstract)), "", check(stripslashes($article)), date("l, F d, Y - H:i A", time()), check(stripslashes($category)), "we-hate-typoes"); $theme->box("Submit a story", $output); $theme->footer(); } @@ -129,7 +129,7 @@ function submit_submit($subject, $abstract, $article, $category) { global $user, $theme; ### Add submission to SQL table: - db_query("INSERT INTO stories (author, subject, abstract, article, category, timestamp) VALUES ('$user->id', '". addslashes($subject) ."', '". addslashes($abstract) ."', '". addslashes($article) ."', '". addslashes($category) ."', '". time() ."')"); + db_query("INSERT INTO stories (author, subject, abstract, article, category, timestamp) VALUES ('$user->id', '". check(addslashes($subject)) ."', '". check(addslashes($abstract)) ."', '". check(addslashes($article)) ."', '". check(addslashes($category)) ."', '". time() ."')"); ### Display confirmation message: $theme->header(); diff --git a/template.inc b/template.inc index 75197fda9..4a2d808b0 100644 --- a/template.inc +++ b/template.inc @@ -58,6 +58,26 @@ function displayOldHeadlines($theme, $num = 10) { $theme->box("Older headlines", $content); } +function displayCommentModeration($id) { + global $user; + + print "VOTE: "; + if (($user) && !($vote = user_getHistory($user->history, "c$id"))) { + + $output .= " <SELECT NAME=\"meta:$cid\">"; + $output .= " <OPTION VALUE=\"-1\">Moderate</OPTION>\n"; + foreach ($comments_meta_reasons as $key=>$value) { + $output .= " <OPTION VALUE=\"$value\">$key</OPTION>\n"; + } + $output .= " </SELECT>"; + } + else { + $output .= "voted"; + } + + print $output; +} + function displayNewDiaries($theme, $num = 20) { $result = db_query("SELECT u.userid, d.timestamp FROM diaries d LEFT JOIN users u ON d.author = u.id ORDER BY timestamp DESC LIMIT $num"); |