- fixed a bug in check_input: html stripping was not 100% correct.

- fixed a bug in account.php: the confirmation url is now correct.
- improved error checking + security in diary.php.
- fixed a bug in the html code of theme zaphod.
- improved the date handling: always call format_date().
- expanded account information in administration pages.
- added a new variable $siteurl to ./includes/config.inc.
- added comment moderation to theme zaphod.
- "alter table users add timezone varchar(8);"

- !!! added new timezone feature !!! :o)

1 files changed, 9 insertions, 3 deletions

diff --git a/includes/function.inc b/includes/function.inc
index c9b80e0a6..1331a21e6 100644
--- a/includes/function.inc
+++ b/includes/function.inc
@@ -24,12 +24,14 @@ function check_field($message) {
 }
 
 function check_input($message) {
-  return strip_tags($message);
+  global $allowed_html;
+  return strip_tags(addslashes($message), $allowed_html);
 }
 
-function check_output($message) {
+function check_output($message, $nl2br = 0) {
   global $allowed_html;
-  return strip_tags(stripslashes($message), $allowed_html);
+  if ($nl2br == 1) return nl2br(strip_tags(stripslashes($message), $allowed_html));
+  else return strip_tags(stripslashes($message), $allowed_html);
 }
 
 function discussion_num_replies($id, $count = 0) {
@@ -49,6 +51,10 @@ function format_plural($count, $one, $more) {
 }
 
 function format_date($timestamp, $type = "medium") {
+  global $user;
+
+  $timestamp += ($user->timezone) ? $user->timezone - date("Z") : 0;
+
   switch ($type) {
     case "small":
       $date = date("D, m/d/y - H:i", $timestamp);