diff options
Diffstat (limited to 'submit.php')
| -rw-r--r-- | submit.php | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/submit.php b/submit.php index 60b761c1b..b921c6a3f 100644 --- a/submit.php +++ b/submit.php @@ -1,7 +1,7 @@ <? function submit_enter() { - global $anonymous, $categories, $theme, $user; + global $anonymous, $categories, $allowed_html, $theme, $user; ### Guidlines: $output .= "<P>Got some news or some thoughts you would like to share? Fill out this form and they will automatically get whisked away to our submission queue where our moderators will frown at it, poke at it and hopefully post it. Every registered user is automatically a moderator and can vote whether or not your sumbission should be carried to the front page for discussion.</P>\n"; @@ -12,7 +12,7 @@ function submit_enter() { $output .= "<FORM ACTION=\"submit.php\" METHOD=\"post\">\n"; $output .= "<P>\n <B>Your name:</B><BR>\n"; - if ($user->id) $output .= " <A HREF=\"account.php\">$user->userid</A> <SMALL>[ <A HREF=\"account.php?op=logout\">logout</A> ]</SMALL>\n"; + if ($user->id) $output .= " $user->userid <SMALL>[ <A HREF=\"account.php\">edit</A> | <A HREF=\"account.php?op=logout\">logout</A> ]</SMALL>\n"; else $output .= " $anonymous <SMALL>[ <A HREF=\"account.php\">login</A> | <A HREF=\"account.php\">create an account</A> ]</SMALL>\n"; $output .= "</P>\n"; @@ -35,13 +35,13 @@ function submit_enter() { $output .= "<P>\n"; $output .= " <B>Abstract:</B><BR>\n"; $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"abstract\" MAXLENGTH=\"20\"></TEXTAREA><BR>\n"; - $output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n"; + $output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n"; $output .= "</P>\n"; $output .= "<P>\n"; $output .= " <B>Extended story:</B><BR>\n"; $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"article\"></TEXTAREA><BR>\n"; - $output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n"; + $output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n"; $output .= "</P>\n"; $output .= "<P>\n"; @@ -57,19 +57,19 @@ function submit_enter() { } function submit_preview($subject, $abstract, $article, $category) { - global $anonymous, $categories, $theme, $user; + global $anonymous, $categories, $allowed_html, $theme, $user; $output .= "<FORM ACTION=\"submit.php\" METHOD=\"post\">\n"; $output .= "<P>\n"; $output .= " <B>Your name:</B><BR>\n"; - if ($user->id) $output .= " <A HREF=\"account.php\">$user->userid</A> <SMALL> [ <A HREF=\"account.php?op=logout\">logout</A> ]</SMALL>\n"; + if ($user->id) $output .= " $user->userid <SMALL> [ <A HREF=\"account.php\">edit</A> | <A HREF=\"account.php?op=logout\">logout</A> ]</SMALL>\n"; else $output .= " $anonymous <SMALL>[ <A HREF=\"account.php\">login</A> | <A HREF=\"account.php\">create an account</A> ]</SMALL>\n"; $output .= "</P>\n"; $output .= "<P>\n"; $output .= " <B>Subject:</B><BR>\n"; - $output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"". stripslashes($subject) ."\"><BR>\n"; + $output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"". check_input($subject) ."\"><BR>\n"; $output .= " <SMALL><I>Bad subjects are 'Check this out!' or 'An article'. Be descriptive, clear and simple!</I></SMALL>\n"; $output .= "</P>\n"; @@ -85,14 +85,14 @@ function submit_preview($subject, $abstract, $article, $category) { $output .= "<P>\n"; $output .= "<B>Abstract:</B><BR>\n"; - $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"abstract\">". stripslashes($abstract) ."</TEXTAREA><BR>\n"; - $output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n"; + $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"abstract\">". check_input($abstract) ."</TEXTAREA><BR>\n"; + $output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n"; $output .= "</P>\n"; $output .= "<P>\n"; $output .= " <B>Extended story:</B><BR>\n"; - $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"article\">". stripslashes($article) ."</TEXTAREA><BR>\n"; - $output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n"; + $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"article\">". check_input($article) ."</TEXTAREA><BR>\n"; + $output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n"; $output .= "</P>\n"; if (empty($subject)) { @@ -120,7 +120,7 @@ function submit_preview($subject, $abstract, $article, $category) { $output .= "</FORM>\n"; $theme->header(); - $theme->preview($user->userid, check(stripslashes($subject)), check(stripslashes($abstract)), "", check(stripslashes($article)), date("l, F d, Y - H:i A", time()), check(stripslashes($category)), "we-hate-typoes"); + $theme->preview($user->userid, check_output(stripslashes($subject)), check_output(stripslashes($abstract)), "", check_output(stripslashes($article)), date("l, F d, Y - H:i A", time()), check_output(stripslashes($category)), "we-hate-typoes"); $theme->box("Submit a story", $output); $theme->footer(); } @@ -129,7 +129,7 @@ function submit_submit($subject, $abstract, $article, $category) { global $user, $theme; ### Add submission to SQL table: - db_insert("INSERT INTO stories (author, subject, abstract, article, category, timestamp) VALUES ('$user->id', '". check(addslashes($subject)) ."', '". check(addslashes($abstract)) ."', '". check(addslashes($article)) ."', '". check(addslashes($category)) ."', '". time() ."')"); + db_insert("INSERT INTO stories (author, subject, abstract, article, category, timestamp) VALUES ('$user->id', '". check_output(addslashes($subject)) ."', '". check_output(addslashes($abstract)) ."', '". check_output(addslashes($article)) ."', '". check_output(addslashes($category)) ."', '". time() ."')"); ### Display confirmation message: $theme->header(); |