Various smaller changes: one of the more interesing is the addition of a
check()-function which validates input from forms. The allowed HTML tags can be configured in config.inc.3-00
Dries Buytaert
parent
525ae78d86
commit
6ca7f1e2f3
|
|
@ -45,12 +45,8 @@ $notify_from = "droppies@zind.net";
|
|||
|
||||
#
|
||||
# Comment meta reasons:
|
||||
# The comment meta reasons are the various meta reasons used to
|
||||
# moderate comments. The array should always be 'balanced': that
|
||||
# the number of good reasons should equal the number of bad reason
|
||||
# and those should be ordered from bad to good.
|
||||
#
|
||||
$comments_meta_reasons = array('Off topic', 'Redundant', 'Insightfull', 'As is', 'Interesting', 'Informative', 'Funny');
|
||||
$comments_votes = array("-1" => "-1", "0" => "0", "+1" => "+ 1", "+2" => "+ 2", "+3" => "+ 3", "+4" => "+ 4", "+5" => "+ 5");
|
||||
|
||||
#
|
||||
# Categories:
|
||||
|
|
@ -60,7 +56,7 @@ $categories = array('Announcements', 'Arts & Humanities', 'Business & Economy',
|
|||
#
|
||||
# Allowed HTML tags:
|
||||
#
|
||||
$allowableHTML = array('B','/B','I','/I','P .*','P','/P','A .*','/A','LI','OL','/OL','UL','/UL','EM','/EM','BR','STRONG','/STRONG','BLOCKQUOTE','/BLOCKQUOTE','HR','DIV .*','DIV','/DIV','TT','/TT');
|
||||
$allowed_html = "<A> <B> <BR> <DD> <DL> <DT> <EM> <I> <IL> <OL> <U> <UL>";
|
||||
|
||||
#
|
||||
# Name of the 'anonymous' user account:
|
||||
|
|
|
|||
21
diary.php
21
diary.php
|
|
@ -1,5 +1,6 @@
|
|||
<?
|
||||
include "function.inc";
|
||||
include "config.inc";
|
||||
include "theme.inc";
|
||||
|
||||
|
||||
|
|
@ -65,7 +66,7 @@ function diary_display($username) {
|
|||
}
|
||||
|
||||
function diary_add_enter() {
|
||||
global $theme, $user;
|
||||
global $theme, $user, $allowed_html;
|
||||
|
||||
### Submission form:
|
||||
$output .= "<FORM ACTION=\"diary.php\" METHOD=\"post\">\n";
|
||||
|
|
@ -73,7 +74,7 @@ function diary_add_enter() {
|
|||
$output .= "<P>\n";
|
||||
$output .= " <B>Enter new diary entry:</B><BR>\n";
|
||||
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\" MAXLENGTH=\"20\"></TEXTAREA><BR>\n";
|
||||
$output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n";
|
||||
$output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) ."</I></SMALL>\n";
|
||||
$output .= "</P>\n";
|
||||
|
||||
$output .= "<P>\n";
|
||||
|
|
@ -88,19 +89,19 @@ function diary_add_enter() {
|
|||
}
|
||||
|
||||
function diary_edit_enter($id) {
|
||||
global $theme, $user;
|
||||
global $theme, $user, $allowed_html;
|
||||
|
||||
$result = db_query("SELECT * FROM diaries WHERE id = $id");
|
||||
$diary = db_fetch_object($result);
|
||||
|
||||
$output .= diary_entry($diary->timestamp, $diary->text);
|
||||
$output .= diary_entry($diary->timestamp, check($diary->text));
|
||||
|
||||
$output .= "<FORM ACTION=\"diary.php\" METHOD=\"post\">\n";
|
||||
|
||||
$output .= "<P>\n";
|
||||
$output .= " <B>Edit diary entry:</B><BR>\n";
|
||||
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\">". stripslashes($diary->text) ."</TEXTAREA><BR>\n";
|
||||
$output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n";
|
||||
$output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) ."</I></SMALL>\n";
|
||||
$output .= "</P>\n";
|
||||
|
||||
$output .= "<P>\n";
|
||||
|
|
@ -117,16 +118,16 @@ function diary_edit_enter($id) {
|
|||
}
|
||||
|
||||
function diary_preview($text, $timestamp, $id = 0) {
|
||||
global $theme, $user;
|
||||
global $theme, $user, $allowed_html;
|
||||
|
||||
$output .= diary_entry($timestamp, $text);
|
||||
$output .= diary_entry($timestamp, check($text));
|
||||
|
||||
$output .= "<FORM ACTION=\"diary.php\" METHOD=\"post\">\n";
|
||||
|
||||
$output .= "<P>\n";
|
||||
$output .= " <B>Preview diary entry:</B><BR>\n";
|
||||
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\">". stripslashes($text) ."</TEXTAREA><BR>\n";
|
||||
$output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n";
|
||||
$output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) ."</I></SMALL>\n";
|
||||
$output .= "</P>\n";
|
||||
|
||||
$output .= "<P>\n";
|
||||
|
|
@ -145,11 +146,11 @@ function diary_submit($text, $id = 0) {
|
|||
global $user, $theme;
|
||||
|
||||
if ($id) {
|
||||
db_query("UPDATE diaries SET text = '".addslashes($text) ."' WHERE id = $id");
|
||||
db_query("UPDATE diaries SET text = '". check(addslashes($text)) ."' WHERE id = $id");
|
||||
watchdog(1, "old diary entry updated");
|
||||
}
|
||||
else {
|
||||
db_query("INSERT INTO diaries (author, text, timestamp) VALUES ('$user->id', '". addslashes($text) ."', '". time() ."')");
|
||||
db_query("INSERT INTO diaries (author, text, timestamp) VALUES ('$user->id', '". check(addslashes($text)) ."', '". time() ."')");
|
||||
watchdog(1, "new diary entry added");
|
||||
}
|
||||
header("Location: diary.php?op=view&name=$user->userid");
|
||||
|
|
|
|||
11
function.inc
11
function.inc
|
|
@ -29,14 +29,9 @@ function FixQuotes ($what = "") {
|
|||
return $what;
|
||||
}
|
||||
|
||||
function check_html($message) {
|
||||
## TODO
|
||||
return $message;
|
||||
}
|
||||
|
||||
function filter_text($message, $strip="") {
|
||||
### TODO
|
||||
return check_html($text, $strip);
|
||||
function check($message) {
|
||||
include "config.inc";
|
||||
return strip_tags(nl2br($message), $allowed_html);
|
||||
}
|
||||
|
||||
function discussion_num_replies($id, $count = 0) {
|
||||
|
|
|
|||
|
|
@ -120,7 +120,7 @@ function submit_preview($subject, $abstract, $article, $category) {
|
|||
$output .= "</FORM>\n";
|
||||
|
||||
$theme->header();
|
||||
$theme->preview($user->userid, stripslashes($subject), stripslashes($abstract), "", stripslashes($article), date("l, F d, Y - H:i A", time()), stripslashes($category), "we-hate-typoes");
|
||||
$theme->preview($user->userid, check(stripslashes($subject)), check(stripslashes($abstract)), "", check(stripslashes($article)), date("l, F d, Y - H:i A", time()), check(stripslashes($category)), "we-hate-typoes");
|
||||
$theme->box("Submit a story", $output);
|
||||
$theme->footer();
|
||||
}
|
||||
|
|
@ -129,7 +129,7 @@ function submit_submit($subject, $abstract, $article, $category) {
|
|||
global $user, $theme;
|
||||
|
||||
### Add submission to SQL table:
|
||||
db_query("INSERT INTO stories (author, subject, abstract, article, category, timestamp) VALUES ('$user->id', '". addslashes($subject) ."', '". addslashes($abstract) ."', '". addslashes($article) ."', '". addslashes($category) ."', '". time() ."')");
|
||||
db_query("INSERT INTO stories (author, subject, abstract, article, category, timestamp) VALUES ('$user->id', '". check(addslashes($subject)) ."', '". check(addslashes($abstract)) ."', '". check(addslashes($article)) ."', '". check(addslashes($category)) ."', '". time() ."')");
|
||||
|
||||
### Display confirmation message:
|
||||
$theme->header();
|
||||
|
|
|
|||
20
template.inc
20
template.inc
|
|
@ -58,6 +58,26 @@ function displayOldHeadlines($theme, $num = 10) {
|
|||
$theme->box("Older headlines", $content);
|
||||
}
|
||||
|
||||
function displayCommentModeration($id) {
|
||||
global $user;
|
||||
|
||||
print "VOTE: ";
|
||||
if (($user) && !($vote = user_getHistory($user->history, "c$id"))) {
|
||||
|
||||
$output .= " <SELECT NAME=\"meta:$cid\">";
|
||||
$output .= " <OPTION VALUE=\"-1\">Moderate</OPTION>\n";
|
||||
foreach ($comments_meta_reasons as $key=>$value) {
|
||||
$output .= " <OPTION VALUE=\"$value\">$key</OPTION>\n";
|
||||
}
|
||||
$output .= " </SELECT>";
|
||||
}
|
||||
else {
|
||||
$output .= "voted";
|
||||
}
|
||||
|
||||
print $output;
|
||||
}
|
||||
|
||||
function displayNewDiaries($theme, $num = 20) {
|
||||
$result = db_query("SELECT u.userid, d.timestamp FROM diaries d LEFT JOIN users u ON d.author = u.id ORDER BY timestamp DESC LIMIT $num");
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue