diff options
author | Dries Buytaert <dries@buytaert.net> | 2000-10-02 07:32:17 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2000-10-02 07:32:17 +0000 |
commit | e7019c257742aeeac1665682786131fb59733a4b (patch) | |
tree | 0d4748ab667b606b2e293f0172463a261475eebd /submit.php | |
parent | 7dd86ad68d7ddb073ba62a2414c0e98d817cabc2 (diff) | |
download | brdo-e7019c257742aeeac1665682786131fb59733a4b.tar.gz brdo-e7019c257742aeeac1665682786131fb59733a4b.tar.bz2 |
Changelog
---------
- improved the user information page.
- improved the story submission page.
- fixed comments score bug: '.00' --> 'x.00'
- tried fixing the calendar wrapping - UnConeD, is it fixed now?
- provided a link back to the submission queue after having voted
for a story.
- fixed comment subject bug (and security flaw) by replacing
quotes by ".
- updated theme 'zaphod': fixed 2 bugs.
- updated theme 'marvin': fixed 1 bug and improved the layout so
things wrap (hopefully) better in Windows.
- comments have by default no subject pre-set - if no subject is
provided, the user is warned and when a comment eventually got
submitted without a subject, a subject is composed using the x
first characters of the comment's body.
- improved comments on submit.php
- corrected a typo in the FAQ.
UnConeD
-------
- replace 'article.php' by 'discussion.php'
- comment() still uses old references to account.php: the
parameters you supply to account.php does no longer hold.
You have to update those links to the new syntax.
- commentcontrol() is outdated - copy paste the one of
theme 'marvin' and adjust it to your likings.
Diffstat (limited to 'submit.php')
-rw-r--r-- | submit.php | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/submit.php b/submit.php index 60b761c1b..b921c6a3f 100644 --- a/submit.php +++ b/submit.php @@ -1,7 +1,7 @@ <? function submit_enter() { - global $anonymous, $categories, $theme, $user; + global $anonymous, $categories, $allowed_html, $theme, $user; ### Guidlines: $output .= "<P>Got some news or some thoughts you would like to share? Fill out this form and they will automatically get whisked away to our submission queue where our moderators will frown at it, poke at it and hopefully post it. Every registered user is automatically a moderator and can vote whether or not your sumbission should be carried to the front page for discussion.</P>\n"; @@ -12,7 +12,7 @@ function submit_enter() { $output .= "<FORM ACTION=\"submit.php\" METHOD=\"post\">\n"; $output .= "<P>\n <B>Your name:</B><BR>\n"; - if ($user->id) $output .= " <A HREF=\"account.php\">$user->userid</A> <SMALL>[ <A HREF=\"account.php?op=logout\">logout</A> ]</SMALL>\n"; + if ($user->id) $output .= " $user->userid <SMALL>[ <A HREF=\"account.php\">edit</A> | <A HREF=\"account.php?op=logout\">logout</A> ]</SMALL>\n"; else $output .= " $anonymous <SMALL>[ <A HREF=\"account.php\">login</A> | <A HREF=\"account.php\">create an account</A> ]</SMALL>\n"; $output .= "</P>\n"; @@ -35,13 +35,13 @@ function submit_enter() { $output .= "<P>\n"; $output .= " <B>Abstract:</B><BR>\n"; $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"abstract\" MAXLENGTH=\"20\"></TEXTAREA><BR>\n"; - $output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n"; + $output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n"; $output .= "</P>\n"; $output .= "<P>\n"; $output .= " <B>Extended story:</B><BR>\n"; $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"article\"></TEXTAREA><BR>\n"; - $output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n"; + $output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n"; $output .= "</P>\n"; $output .= "<P>\n"; @@ -57,19 +57,19 @@ function submit_enter() { } function submit_preview($subject, $abstract, $article, $category) { - global $anonymous, $categories, $theme, $user; + global $anonymous, $categories, $allowed_html, $theme, $user; $output .= "<FORM ACTION=\"submit.php\" METHOD=\"post\">\n"; $output .= "<P>\n"; $output .= " <B>Your name:</B><BR>\n"; - if ($user->id) $output .= " <A HREF=\"account.php\">$user->userid</A> <SMALL> [ <A HREF=\"account.php?op=logout\">logout</A> ]</SMALL>\n"; + if ($user->id) $output .= " $user->userid <SMALL> [ <A HREF=\"account.php\">edit</A> | <A HREF=\"account.php?op=logout\">logout</A> ]</SMALL>\n"; else $output .= " $anonymous <SMALL>[ <A HREF=\"account.php\">login</A> | <A HREF=\"account.php\">create an account</A> ]</SMALL>\n"; $output .= "</P>\n"; $output .= "<P>\n"; $output .= " <B>Subject:</B><BR>\n"; - $output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"". stripslashes($subject) ."\"><BR>\n"; + $output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"". check_input($subject) ."\"><BR>\n"; $output .= " <SMALL><I>Bad subjects are 'Check this out!' or 'An article'. Be descriptive, clear and simple!</I></SMALL>\n"; $output .= "</P>\n"; @@ -85,14 +85,14 @@ function submit_preview($subject, $abstract, $article, $category) { $output .= "<P>\n"; $output .= "<B>Abstract:</B><BR>\n"; - $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"abstract\">". stripslashes($abstract) ."</TEXTAREA><BR>\n"; - $output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n"; + $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"abstract\">". check_input($abstract) ."</TEXTAREA><BR>\n"; + $output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n"; $output .= "</P>\n"; $output .= "<P>\n"; $output .= " <B>Extended story:</B><BR>\n"; - $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"article\">". stripslashes($article) ."</TEXTAREA><BR>\n"; - $output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n"; + $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"article\">". check_input($article) ."</TEXTAREA><BR>\n"; + $output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n"; $output .= "</P>\n"; if (empty($subject)) { @@ -120,7 +120,7 @@ function submit_preview($subject, $abstract, $article, $category) { $output .= "</FORM>\n"; $theme->header(); - $theme->preview($user->userid, check(stripslashes($subject)), check(stripslashes($abstract)), "", check(stripslashes($article)), date("l, F d, Y - H:i A", time()), check(stripslashes($category)), "we-hate-typoes"); + $theme->preview($user->userid, check_output(stripslashes($subject)), check_output(stripslashes($abstract)), "", check_output(stripslashes($article)), date("l, F d, Y - H:i A", time()), check_output(stripslashes($category)), "we-hate-typoes"); $theme->box("Submit a story", $output); $theme->footer(); } @@ -129,7 +129,7 @@ function submit_submit($subject, $abstract, $article, $category) { global $user, $theme; ### Add submission to SQL table: - db_insert("INSERT INTO stories (author, subject, abstract, article, category, timestamp) VALUES ('$user->id', '". check(addslashes($subject)) ."', '". check(addslashes($abstract)) ."', '". check(addslashes($article)) ."', '". check(addslashes($category)) ."', '". time() ."')"); + db_insert("INSERT INTO stories (author, subject, abstract, article, category, timestamp) VALUES ('$user->id', '". check_output(addslashes($subject)) ."', '". check_output(addslashes($abstract)) ."', '". check_output(addslashes($article)) ."', '". check_output(addslashes($category)) ."', '". time() ."')"); ### Display confirmation message: $theme->header(); |