From cbeb5ee4684df20dc35cd79e375df862170dd752 Mon Sep 17 00:00:00 2001 From: Dries Buytaert Date: Tue, 24 Oct 2000 07:24:24 +0000 Subject: This significant commit fixes 99% of all known bugs and improves drop.org by means of better security checks in order to avoid malicious behavior. In addition, quite some code has been fine-tuned. However, as a result, every theme will require a small update ... --- includes/function.inc | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'includes/function.inc') diff --git a/includes/function.inc b/includes/function.inc index ec3ad0a90..c9b80e0a6 100644 --- a/includes/function.inc +++ b/includes/function.inc @@ -19,13 +19,17 @@ function load_theme() { return new Theme(); } -function check_input($message) { +function check_field($message) { return str_replace("\"", """, stripslashes($message)); } +function check_input($message) { + return strip_tags($message); +} + function check_output($message) { global $allowed_html; - return nl2br(strip_tags(stripslashes($message), $allowed_html)); + return strip_tags(stripslashes($message), $allowed_html); } function discussion_num_replies($id, $count = 0) { @@ -33,6 +37,13 @@ function discussion_num_replies($id, $count = 0) { return ($result) ? db_result($result, 0) : 0; } +function discussion_num_filtered($sid, $pid) { + global $user; + $threshold = ($user->id) ? $user->threshold : "0"; + $result = db_query("SELECT COUNT(cid) FROM comments WHERE sid = $sid AND pid = $pid AND (votes != 0 AND score / votes < $threshold)"); + return ($result) ? db_result($result, 0) : 0; +} + function format_plural($count, $one, $more) { return ($count == 1) ? "$count $one" : "$count $more"; } -- cgit v1.2.3