From e7019c257742aeeac1665682786131fb59733a4b Mon Sep 17 00:00:00 2001 From: Dries Buytaert Date: Mon, 2 Oct 2000 07:32:17 +0000 Subject: Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by ". - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings. --- function.inc | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) (limited to 'function.inc') diff --git a/function.inc b/function.inc index 957ddf2ac..2c69e4fb9 100644 --- a/function.inc +++ b/function.inc @@ -21,15 +21,11 @@ function dbsave($dbase, $data, $id=0) { else { db_query("INSERT INTO $dbase SET $query") or die(mysql_error()); return mysql_insert_id(); } } -function FixQuotes ($what = "") { - $what = ereg_replace("'","''",$what); - while (eregi("\\\\'", $what)) { - $what = ereg_replace("\\\\'","'",$what); - } - return $what; +function check_input($message) { + return str_replace("\"", """, stripslashes($message)); } -function check($message) { +function check_output($message) { include "config.inc"; return nl2br(strip_tags(stripslashes($message), $allowed_html)); } -- cgit v1.2.3