diff options
| author | Dries Buytaert <dries@buytaert.net> | 2001-01-13 08:29:50 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2001-01-13 08:29:50 +0000 |
| commit | 55679210c2e7c4f9755907d1672cc7b682eb350e (patch) | |
| tree | cb210263bc4c719cd03c8431526e480a2c2fb397 /includes | |
| parent | f1a8ab536c66e4488537e17b445941f20bcb9c59 (diff) | |
| download | brdo-55679210c2e7c4f9755907d1672cc7b682eb350e.tar.gz brdo-55679210c2e7c4f9755907d1672cc7b682eb350e.tar.bz2 | |
- created 2 new functions; check_textfield() and check_textarea() and
integrated them were appropriate. It works better and the code is
more readable then it used to be:
(see http://drop.org/discussion.php?id=44&pid=0#0)
- story authors can no longer moderate their own stories
(requested by Natrak)
- fix inie-winnie small detail in theme marvin
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/function.inc | 10 | ||||
| -rw-r--r-- | includes/theme.inc | 12 |
2 files changed, 12 insertions, 10 deletions
diff --git a/includes/function.inc b/includes/function.inc index adcb4c518..71276e780 100644 --- a/includes/function.inc +++ b/includes/function.inc @@ -17,8 +17,14 @@ function discussion_score($comment) { return (strpos($value, ".")) ? substr($value ."00", 0, 4) : $value .".00"; } -function check_field($message) { - return str_replace("\"", """, stripslashes($message)); +function check_textfield($message) { + global $allowed_html; + return strip_tags(str_replace("\"", """, stripslashes($message)), $allowed_html); +} + +function check_textarea($message) { + global $allowed_html; + return htmlspecialchars(strip_tags(stripslashes($message), $allowed_html)); } function check_input($message) { diff --git a/includes/theme.inc b/includes/theme.inc index c799a0f3c..d6a4dd3e4 100644 --- a/includes/theme.inc +++ b/includes/theme.inc @@ -98,17 +98,13 @@ function theme_morelink($theme, $story) { function theme_moderation_results($theme, $story) { global $user; - if ($user->id && $story->id && $vote = user_getHistory($user->history, "s$story->id")) { - $output .= "<P><B>You voted `$vote'.</B></P>\n"; - $output .= "<P>\n"; - $output .= "<B>Other people voted:</B><BR>\n"; - - $result = db_query("SELECT * FROM users WHERE id != $user->id AND history LIKE '%s$story->id%'"); + if ($user->id && $story->id && ($user->id == $story->author || user_getHistory($user->history, "s$story->id"))) { + $result = db_query("SELECT * FROM users WHERE history LIKE '%s$story->id%'"); while ($account = db_fetch_object($result)) { - $output .= "". format_username($account->userid) ." voted `". user_getHistory($account->history, "s$story->id") ."'.<BR>"; + $output .= format_username($account->userid) ." voted `". user_getHistory($account->history, "s$story->id") ."'.<BR>"; } - $theme->box("Moderation results", $output); + $theme->box("Moderation results", ($output ? $output : "This story has not been moderated yet.")); } } |