Changelog

---------
- improved the user information page.
- improved the story submission page.
- fixed comments score bug: '.00' --> 'x.00'
- tried fixing the calendar wrapping - UnConeD, is it fixed now?
- provided a link back to the submission queue after having voted
  for a story.
- fixed comment subject bug (and security flaw) by replacing
  quotes by ".
- updated theme 'zaphod': fixed 2 bugs.
- updated theme 'marvin': fixed 1 bug and improved the layout so
  things wrap (hopefully) better in Windows.
- comments have by default no subject pre-set - if no subject is
  provided, the user is warned and when a comment eventually got
  submitted without a subject, a subject is composed using the x
  first characters of the comment's body.
- improved comments on submit.php
- corrected a typo in the FAQ.

UnConeD
-------
- replace 'article.php' by 'discussion.php'
- comment() still uses old references to account.php: the
  parameters you supply to account.php does no longer hold.
  You have to update those links to the new syntax.
- commentcontrol() is outdated - copy paste the one of
  theme 'marvin' and adjust it to your likings.

1 files changed, 13 insertions, 13 deletions

diff --git a/submit.php b/submit.php
index 60b761c1b..b921c6a3f 100644
--- a/submit.php
+++ b/submit.php
@@ -1,7 +1,7 @@
 <?
 
 function submit_enter() {
-  global $anonymous, $categories, $theme, $user;
+  global $anonymous, $categories, $allowed_html, $theme, $user;
   
   ### Guidlines:
   $output .= "<P>Got some news or some thoughts you would like to share?  Fill out this form and they will automatically get whisked away to our submission queue where our moderators will frown at it, poke at it and hopefully post it.  Every registered user is automatically a moderator and can vote whether or not your sumbission should be carried to the front page for discussion.</P>\n";
@@ -12,7 +12,7 @@ function submit_enter() {
   $output .= "<FORM ACTION=\"submit.php\" METHOD=\"post\">\n";
 
   $output .= "<P>\n <B>Your name:</B><BR>\n";
-  if ($user->id) $output .= " <A HREF=\"account.php\">$user->userid</A> &nbsp; &nbsp; <SMALL>[ <A HREF=\"account.php?op=logout\">logout</A> ]</SMALL>\n";
+  if ($user->id) $output .= " $user->userid &nbsp; &nbsp; <SMALL>[ <A HREF=\"account.php\">edit</A> | <A HREF=\"account.php?op=logout\">logout</A> ]</SMALL>\n";
   else $output .= " $anonymous &nbsp; &nbsp; <SMALL>[ <A HREF=\"account.php\">login</A> | <A HREF=\"account.php\">create an account</A> ]</SMALL>\n"; 
   $output .= "</P>\n";
  
@@ -35,13 +35,13 @@ function submit_enter() {
   $output .= "<P>\n"; 
   $output .= " <B>Abstract:</B><BR>\n";
   $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"abstract\" MAXLENGTH=\"20\"></TEXTAREA><BR>\n";
-  $output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n";
+  $output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n";
   $output .= "</P>\n";
 
   $output .= "<P>\n"; 
   $output .= " <B>Extended story:</B><BR>\n";
   $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"article\"></TEXTAREA><BR>\n";
-  $output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n";
+  $output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n";
   $output .= "</P>\n";
  
   $output .= "<P>\n";
@@ -57,19 +57,19 @@ function submit_enter() {
 }
 
 function submit_preview($subject, $abstract, $article, $category) {
-  global $anonymous, $categories, $theme, $user;
+  global $anonymous, $categories, $allowed_html, $theme, $user;
 
   $output .= "<FORM ACTION=\"submit.php\" METHOD=\"post\">\n";
 
   $output .= "<P>\n";
   $output .= " <B>Your name:</B><BR>\n";
-  if ($user->id) $output .= " <A HREF=\"account.php\">$user->userid</A> &nbsp; &nbsp; <SMALL> [ <A HREF=\"account.php?op=logout\">logout</A> ]</SMALL>\n";
+  if ($user->id) $output .= " $user->userid &nbsp; &nbsp; <SMALL> [ <A HREF=\"account.php\">edit</A> | <A HREF=\"account.php?op=logout\">logout</A> ]</SMALL>\n";
   else $output .= " $anonymous &nbsp; &nbsp; <SMALL>[ <A HREF=\"account.php\">login</A> | <A HREF=\"account.php\">create an account</A> ]</SMALL>\n";
   $output .= "</P>\n";
 
   $output .= "<P>\n";
   $output .= " <B>Subject:</B><BR>\n";
-  $output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"". stripslashes($subject) ."\"><BR>\n";
+  $output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"". check_input($subject) ."\"><BR>\n";
   $output .= " <SMALL><I>Bad subjects are 'Check this out!' or 'An article'.  Be descriptive, clear and simple!</I></SMALL>\n";
   $output .= "</P>\n";
 
@@ -85,14 +85,14 @@ function submit_preview($subject, $abstract, $article, $category) {
 
   $output .= "<P>\n";
   $output .= "<B>Abstract:</B><BR>\n";
-  $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"abstract\">". stripslashes($abstract) ."</TEXTAREA><BR>\n";
-  $output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n";
+  $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"abstract\">". check_input($abstract) ."</TEXTAREA><BR>\n";
+  $output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n";
   $output .= "</P>\n";
 
   $output .= "<P>\n";
   $output .= " <B>Extended story:</B><BR>\n";
-  $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"article\">". stripslashes($article) ."</TEXTAREA><BR>\n";
-  $output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n";
+  $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"article\">". check_input($article) ."</TEXTAREA><BR>\n";
+  $output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n";
   $output .= "</P>\n";
 
   if (empty($subject)) {
@@ -120,7 +120,7 @@ function submit_preview($subject, $abstract, $article, $category) {
   $output .= "</FORM>\n";
   
   $theme->header();
-  $theme->preview($user->userid, check(stripslashes($subject)), check(stripslashes($abstract)), "", check(stripslashes($article)), date("l, F d, Y - H:i A", time()), check(stripslashes($category)), "we-hate-typoes");
+  $theme->preview($user->userid, check_output(stripslashes($subject)), check_output(stripslashes($abstract)), "", check_output(stripslashes($article)), date("l, F d, Y - H:i A", time()), check_output(stripslashes($category)), "we-hate-typoes");
   $theme->box("Submit a story", $output);
   $theme->footer();
 }
@@ -129,7 +129,7 @@ function submit_submit($subject, $abstract, $article, $category) {
   global $user, $theme;
 
   ### Add submission to SQL table:
-  db_insert("INSERT INTO stories (author, subject, abstract, article, category, timestamp) VALUES ('$user->id', '". check(addslashes($subject)) ."', '". check(addslashes($abstract)) ."', '". check(addslashes($article)) ."', '". check(addslashes($category)) ."', '". time() ."')");
+  db_insert("INSERT INTO stories (author, subject, abstract, article, category, timestamp) VALUES ('$user->id', '". check_output(addslashes($subject)) ."', '". check_output(addslashes($abstract)) ."', '". check_output(addslashes($article)) ."', '". check_output(addslashes($category)) ."', '". time() ."')");
   
   ### Display confirmation message:
   $theme->header();