From 55679210c2e7c4f9755907d1672cc7b682eb350e Mon Sep 17 00:00:00 2001 From: Dries Buytaert Date: Sat, 13 Jan 2001 08:29:50 +0000 Subject: [PATCH] - created 2 new functions; check_textfield() and check_textarea() and integrated them were appropriate. It works better and the code is more readable then it used to be: (see http://drop.org/discussion.php?id=44&pid=0#0) - story authors can no longer moderate their own stories (requested by Natrak) - fix inie-winnie small detail in theme marvin --- discussion.php | 6 +++--- includes/function.inc | 10 ++++++++-- includes/theme.inc | 12 ++++-------- modules/box.module | 6 +++--- modules/comment.module | 4 ++-- modules/comment/comment.module | 4 ++-- modules/diary.module | 6 +++--- modules/documentation.module | 2 +- modules/story.module | 8 ++++---- modules/story/story.module | 8 ++++---- submission.php | 20 ++++++++++---------- submit.php | 6 +++--- themes/marvin/marvin.theme | 2 +- 13 files changed, 48 insertions(+), 46 deletions(-) diff --git a/discussion.php b/discussion.php index 52de6bdbb41..1b5192da372 100644 --- a/discussion.php +++ b/discussion.php @@ -177,7 +177,7 @@ function discussion_reply($pid, $sid) { // Comment field: $output .= "

\n"; $output .= " Comment:
\n"; - $output .= "
\n"; + $output .= "
\n"; $output .= " Allowed HTML tags: ". htmlspecialchars($allowed_html) .".\n"; $output .= "

\n"; @@ -210,13 +210,13 @@ function comment_preview($pid, $sid, $subject, $comment) { // Subject field: $output .= "

\n"; $output .= " Subject:
\n"; - $output .= " \n"; + $output .= " \n"; $output .= "

\n"; // Comment field: $output .= "

\n"; $output .= " Comment:
\n"; - $output .= "
\n"; + $output .= "
\n"; $output .= " Allowed HTML tags: ". htmlspecialchars($allowed_html) .".\n"; $output .= "

\n"; diff --git a/includes/function.inc b/includes/function.inc index adcb4c5188c..71276e7801a 100644 --- a/includes/function.inc +++ b/includes/function.inc @@ -17,8 +17,14 @@ function discussion_score($comment) { return (strpos($value, ".")) ? substr($value ."00", 0, 4) : $value .".00"; } -function check_field($message) { - return str_replace("\"", """, stripslashes($message)); +function check_textfield($message) { + global $allowed_html; + return strip_tags(str_replace("\"", """, stripslashes($message)), $allowed_html); +} + +function check_textarea($message) { + global $allowed_html; + return htmlspecialchars(strip_tags(stripslashes($message), $allowed_html)); } function check_input($message) { diff --git a/includes/theme.inc b/includes/theme.inc index c799a0f3c1f..d6a4dd3e459 100644 --- a/includes/theme.inc +++ b/includes/theme.inc @@ -98,17 +98,13 @@ function theme_morelink($theme, $story) { function theme_moderation_results($theme, $story) { global $user; - if ($user->id && $story->id && $vote = user_getHistory($user->history, "s$story->id")) { - $output .= "

You voted `$vote'.

\n"; - $output .= "

\n"; - $output .= "Other people voted:
\n"; - - $result = db_query("SELECT * FROM users WHERE id != $user->id AND history LIKE '%s$story->id%'"); + if ($user->id && $story->id && ($user->id == $story->author || user_getHistory($user->history, "s$story->id"))) { + $result = db_query("SELECT * FROM users WHERE history LIKE '%s$story->id%'"); while ($account = db_fetch_object($result)) { - $output .= "". format_username($account->userid) ." voted `". user_getHistory($account->history, "s$story->id") ."'.
"; + $output .= format_username($account->userid) ." voted `". user_getHistory($account->history, "s$story->id") ."'.
"; } - $theme->box("Moderation results", $output); + $theme->box("Moderation results", ($output ? $output : "This story has not been moderated yet.")); } } diff --git a/modules/box.module b/modules/box.module index 70124bc31a0..a271462aa4e 100644 --- a/modules/box.module +++ b/modules/box.module @@ -111,7 +111,7 @@ function box_admin_edit($id) { $output .= "

\n"; $output .= " Subject:
\n"; - $output .= " subject) ."\">\n"; + $output .= " subject) ."\">\n"; $output .= "

\n"; $output .= "

\n"; $output .= " Content:
\n"; @@ -127,11 +127,11 @@ function box_admin_edit($id) { $output .= "

\n"; $output .= "

\n"; $output .= " Description:
\n"; - $output .= " info\">\n"; + $output .= " info) ."\">\n"; $output .= "

\n"; $output .= "

\n"; $output .= " Link:
\n"; - $output .= " link\">\n"; + $output .= " link) ."\">\n"; $output .= "

\n"; $output .= "

\n"; $output .= " \n"; diff --git a/modules/comment.module b/modules/comment.module index 85b7b54dce9..db863616f2b 100644 --- a/modules/comment.module +++ b/modules/comment.module @@ -16,12 +16,12 @@ function comment_edit($id) { $output .= "

\n"; $output .= " Subject:
\n"; - $output .= " subject)) ."\">\n"; + $output .= " subject) ."\">\n"; $output .= "

\n"; $output .= "

\n"; $output .= "Comment:
\n"; - $output .= " \n"; + $output .= " \n"; $output .= "

\n"; $output .= "

\n"; diff --git a/modules/comment/comment.module b/modules/comment/comment.module index 85b7b54dce9..db863616f2b 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -16,12 +16,12 @@ function comment_edit($id) { $output .= "

\n"; $output .= " Subject:
\n"; - $output .= " subject)) ."\">\n"; + $output .= " subject) ."\">\n"; $output .= "

\n"; $output .= "

\n"; $output .= "Comment:
\n"; - $output .= " \n"; + $output .= " \n"; $output .= "

\n"; $output .= "

\n"; diff --git a/modules/diary.module b/modules/diary.module index eb3610b752b..4f9f392039d 100644 --- a/modules/diary.module +++ b/modules/diary.module @@ -107,7 +107,7 @@ function diary_page_edit($id) { $output .= "

\n"; $output .= " Edit diary entry:
\n"; - $output .= "
\n"; + $output .= "
\n"; $output .= " Allowed HTML tags: ". htmlspecialchars($allowed_html) .".\n"; $output .= "

\n"; @@ -133,7 +133,7 @@ function diary_page_preview($text, $timestamp, $id = 0) { $output .= "

\n"; $output .= " Preview diary entry:
\n"; - $output .= "
\n"; + $output .= "
\n"; $output .= " Allowed HTML tags: ". htmlspecialchars($allowed_html) .".\n"; $output .= "

\n"; @@ -256,7 +256,7 @@ function diary_admin_edit($id) { $output .= "

\n"; $output .= "Diary entry:
\n"; - $output .= "
\n"; + $output .= "
\n"; $output .= "

\n"; $output .= "

\n"; diff --git a/modules/documentation.module b/modules/documentation.module index 04d04c19f5f..283d6b89501 100644 --- a/modules/documentation.module +++ b/modules/documentation.module @@ -38,7 +38,7 @@ function documentation() {

Make sure to consult the MySQL documentation on how to setup the correct access rights and permissions in your MySQL grant tables.

4. Once you have a proper database, dump the required tables into your database:

$ mysql -h <hostname> -u <username> -p<password> <database> < database/database.mysql
-

5. Copy the file includes/hostname.conf to match your server's hostname:

+

5. Rename the configuration file includes/hostname.conf to match your server's hostname:

$ cp includes/hostname.conf includes/www.yourdomain.com.conf

6. Edit your configuration file to set the required settings such as the database options and to customize your site to your likings.

7. Launch your browser and point it to http://yourdomain.com/, create an account, log in and head on to http://yourdomain.com/admin.php. The first user will automatically have administrator permissions. Play with it for a bit and spend some time getting used to the administration interfaces.

diff --git a/modules/story.module b/modules/story.module index fc75e0035e1..4eb1534d49d 100644 --- a/modules/story.module +++ b/modules/story.module @@ -115,7 +115,7 @@ function story_edit($id) { $output .= "

\n"; $output .= " Subject:
\n"; - $output .= " subject)) ."\">
\n"; + $output .= " subject) ."\">
\n"; $output .= "

\n"; $output .= "

\n"; @@ -129,19 +129,19 @@ function story_edit($id) { $output .= "

\n"; $output .= " Abstract:
\n"; - $output .= "
\n"; + $output .= "
\n"; $output .= " Allowed HTML tags: ". htmlspecialchars($allowed_html) .".\n"; $output .= "

\n"; $output .= "

\n"; $output .= " Editor's note/updates:
\n"; - $output .= "
\n"; + $output .= "
\n"; $output .= " Allowed HTML tags: ". htmlspecialchars($allowed_html) .".\n"; $output .= "

\n"; $output .= "

\n"; $output .= " Extended story:
\n"; - $output .= "
\n"; + $output .= "
\n"; $output .= " Allowed HTML tags: ". htmlspecialchars($allowed_html) .".\n"; $output .= "

\n"; diff --git a/modules/story/story.module b/modules/story/story.module index fc75e0035e1..4eb1534d49d 100644 --- a/modules/story/story.module +++ b/modules/story/story.module @@ -115,7 +115,7 @@ function story_edit($id) { $output .= "

\n"; $output .= " Subject:
\n"; - $output .= " subject)) ."\">
\n"; + $output .= " subject) ."\">
\n"; $output .= "

\n"; $output .= "

\n"; @@ -129,19 +129,19 @@ function story_edit($id) { $output .= "

\n"; $output .= " Abstract:
\n"; - $output .= "
\n"; + $output .= "
\n"; $output .= " Allowed HTML tags: ". htmlspecialchars($allowed_html) .".\n"; $output .= "

\n"; $output .= "

\n"; $output .= " Editor's note/updates:
\n"; - $output .= "
\n"; + $output .= "
\n"; $output .= " Allowed HTML tags: ". htmlspecialchars($allowed_html) .".\n"; $output .= "

\n"; $output .= "

\n"; $output .= " Extended story:
\n"; - $output .= "
\n"; + $output .= "
\n"; $output .= " Allowed HTML tags: ". htmlspecialchars($allowed_html) .".\n"; $output .= "

\n"; diff --git a/submission.php b/submission.php index 148cfb9a20e..7a8bfae04df 100644 --- a/submission.php +++ b/submission.php @@ -4,7 +4,7 @@ include "includes/submission.inc"; include "includes/common.inc"; function submission_display_main() { - global $PHP_SELF, $theme, $user; + global $theme, $user; // Perform query: $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.status = 1 ORDER BY s.id"); @@ -13,8 +13,8 @@ function submission_display_main() { $content .= "\n"; $content .= " \n"; while ($submission = db_fetch_object($result)) { - if (user_getHistory($user->history, "s$submission->id")) $content .= " \n"; - else $content .= " \n"; + if ($user->id == $submission->author || user_getHistory($user->history, "s$submission->id")) $content .= " \n"; + else $content .= " \n"; } $content .= "
SubjectCategoryDateAuthorScore
id\">". stripslashes($submission->subject) ."$submission->category". date("Y-m-d", $submission->timestamp) ."
". date("H:m:s", $submission->timestamp) ."		". format_username($submission->userid) ."". submission_score($submission->id) ."
id\">". stripslashes($submission->subject) ."$submission->category". date("Y-m-d", $submission->timestamp) ."
". date("H:m:s", $submission->timestamp) ."		". format_username($submission->userid) ."id\">vote
id\">". stripslashes($submission->subject) ."$submission->category". date("Y-m-d", $submission->timestamp) ."
". date("H:m:s", $submission->timestamp) ."		". format_username($submission->userid) ."". submission_score($submission->id) ."
id\">". stripslashes($submission->subject) ."$submission->category". date("Y-m-d", $submission->timestamp) ."
". date("H:m:s", $submission->timestamp) ."		". format_username($submission->userid) ."id\">vote
\n"; @@ -24,19 +24,19 @@ function submission_display_main() { } function submission_display_item($id) { - global $PHP_SELF, $theme, $user, $submission_votes; + global $theme, $user, $submission_votes; - if ($vote = user_getHistory($user->history, "s$id")) { + $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = $id"); + $submission = db_fetch_object($result); + + if ($user->id == $submission->author || user_getHistory($user->history, "s$id")) { header("Location: discussion.php?id=$id"); } else { - $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = $id"); - $submission = db_fetch_object($result); - $theme->header(); - $theme->article($submission, "[ hlcolor2\">back ]"); + $theme->article($submission, "[ hlcolor2\">back ]"); - print "
\n"; + print "\n"; print "

\n"; print " Vote:
\n"; diff --git a/submit.php b/submit.php index 5d7711a41eb..49c4713c9a9 100644 --- a/submit.php +++ b/submit.php @@ -69,7 +69,7 @@ function submit_preview($subject, $abstract, $article, $category) { $output .= "

\n"; $output .= " Subject:
\n"; - $output .= "
\n"; + $output .= "
\n"; $output .= " Bad subjects are 'Check this out!' or 'An article'. Be descriptive, clear and simple!\n"; $output .= "

\n"; @@ -85,13 +85,13 @@ function submit_preview($subject, $abstract, $article, $category) { $output .= "

\n"; $output .= "Abstract:
\n"; - $output .= "
\n"; + $output .= "
\n"; $output .= " Allowed HTML tags: ". htmlspecialchars($allowed_html) .".\n"; $output .= "

\n"; $output .= "

\n"; $output .= " Extended story:
\n"; - $output .= "
\n"; + $output .= "
\n"; $output .= " Allowed HTML tags: ". htmlspecialchars($allowed_html) .".\n"; $output .= "

\n"; diff --git a/themes/marvin/marvin.theme b/themes/marvin/marvin.theme index 7e01cc2ba9a..ba7c1c64ee6 100644 --- a/themes/marvin/marvin.theme +++ b/themes/marvin/marvin.theme @@ -70,7 +70,7 @@ print "

\n\n"; } - function article($story, $reply) { + function article($story, $reply = "") { print "\n\n"; print "\n"; print " \n";
\"\"   ". check_output($story->subject) ."