[php-blog-cvs] serendipity serendipity_functions.inc.php,1.419.2.16,1.419.2.17 serendipity_admin_com

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/php-blog/serendipity
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv13670

Modified Files:
      Tag: branch-smarty
	serendipity_functions.inc.php 
	serendipity_admin_comments.inc.php 
Log Message:
MFH


Index: serendipity_admin_comments.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/serendipity_admin_comments.inc.php,v
retrieving revision 1.17.2.2
retrieving revision 1.17.2.3
diff -u -d -r1.17.2.2 -r1.17.2.3

--- serendipity_admin_comments.inc.php	14 Sep 2004 13:11:16 -0000	1.17.2.2
+++ serendipity_admin_comments.inc.php	16 Sep 2004 12:18:09 -0000	1.17.2.3
@@ -255,17 +255,17 @@
         <table width="100%" cellspacing="0" cellpadding="2" border="0">
             <tr>
                 <td rowspan="2" width="20" align="center"><input type="checkbox" name="serendipity[delete][<?php echo $rs['id'] ?>]" value="<?php echo $rs['entry_id'] ?>" onclick="highlightComment('comment_<?php echo $rs['id'] ?>', this.checked)" tabindex="<?php echo $i ?>" /></td>
-                <td width="250"><strong><?php echo AUTHOR ?></strong>: <?php echo $rs['author'] ?></td>
-                <td><strong><?php echo EMAIL ?></strong>: <?php echo $rs['email'] ?></td>
+                <td width="250"><strong><?php echo AUTHOR ?></strong>: <?php echo htmlspecialchars($rs['author']) ?></td>
+                <td><strong><?php echo EMAIL ?></strong>: <?php echo htmlspecialchars($rs['email']) ?></td>
             </tr>
             <tr>
-                <td><strong>IP</strong>: <?php echo $rs['ip'] ?></td>
-                <td><strong>URL</strong>: <?php echo $rs['url'] ?></td>
+                <td><strong>IP</strong>: <?php echo htmlspecialchars($rs['ip']) ?></td>
+                <td><strong>URL</strong>: <?php echo htmlspecialchars($rs['url']) ?></td>
             </tr>
             <tr>
                 <td style="border-top: 1px solid #CCCCCC; border-bottom: 1px solid #CCCCCC" colspan="3">
                     <div id="<?php echo $rs['id'] ?>_summary"><?php echo $summary ?></div>
-                    <div id="<?php echo $rs['id'] ?>_full" style="display: none"><?php echo nl2br(strip_tags($rs['body'])) ?></div>
+                    <div id="<?php echo $rs['id'] ?>_full" style="display: none"><?php echo $fullBody ?></div>
                 </td>
             </tr>
         </table>

Index: serendipity_functions.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/serendipity_functions.inc.php,v
retrieving revision 1.419.2.16
retrieving revision 1.419.2.17
diff -u -d -r1.419.2.16 -r1.419.2.17
--- serendipity_functions.inc.php	15 Sep 2004 08:38:31 -0000	1.419.2.16
+++ serendipity_functions.inc.php	16 Sep 2004 12:18:08 -0000	1.419.2.17
@@ -1409,7 +1409,7 @@
     foreach ($comments as $comment) {
         if ($comment['parent_id'] == $parent) {
             $i++;
-            $retval .= '<option value="' . $comment['id'] . '"'. ($selected == $comment['id'] || (isset($serendipity['POST']['replyTo']) && $comment['id'] == $serendipity['POST']['replyTo']) ? ' selected="selected"' : '') .'>' . str_repeat('&nbsp;', $level * 2) . '#' . $indent . $i . ': ' . (empty($comment['username']) ? ANONYMOUS : $comment['username']) . ' ' . ON . ' ' . ucfirst(strftime('%b %e %Y, %H:%M', $comment['timestamp'])) . "</option>\n";
+            $retval .= '<option value="' . $comment['id'] . '"'. ($selected == $comment['id'] || (isset($serendipity['POST']['replyTo']) && $comment['id'] == $serendipity['POST']['replyTo']) ? ' selected="selected"' : '') .'>' . str_repeat('&nbsp;', $level * 2) . '#' . $indent . $i . ': ' . (empty($comment['username']) ? ANONYMOUS : htmlspecialchars($comment['username'])) . ' ' . ON . ' ' . ucfirst(strftime('%b %e %Y, %H:%M', $comment['timestamp'])) . "</option>\n";
             $retval .= serendipity_generateCommentList($id, $comments, $selected, $comment['id'], $level + 1, $indent . $i . '.');
         }
     }
@@ -1440,6 +1440,7 @@
             $i++;
 
             $comment['comment'] = htmlspecialchars(strip_tags($comment['body']));
+            $comment['url']     = strip_tags($comment['url']);
             if (!empty($comment['url']) && substr($comment['url'], 0, 7) != 'http://' && substr($comment['url'], 0, 8) != 'https://') {
                 $comment['url'] = 'http://' . $comment['url'];
             }
@@ -1463,7 +1464,7 @@
 <?php
         /* Link to the user's email */
             if (!empty($comment['email'])) {
-                echo  '<a href="mailto:' . htmlspecialchars($comment['email']) . '"  title="' . SEND_MAIL_TO . ' ' . htmlspecialchars($name) . ' (' . $comment['email'] . ')">' . htmlspecialchars($name) . '</a>';
+                echo  '<a href="mailto:' . htmlspecialchars($comment['email']) . '"  title="' . SEND_MAIL_TO . ' ' . htmlspecialchars($name) . ' (' . htmlspecialchars(strip_tags($comment['email'])) . ')">' . htmlspecialchars($name) . '</a>';
             } else {
                 echo htmlspecialchars($name);
             }





[php-blog-cvs] serendipity serendipity_functions.inc.php,1.419.2.16,1.419.2.17 serendipity_admin_com

A reliable, secure & extensible PHP blog | Not mainstream since 2002

[php-blog-cvs] serendipity serendipity_functions.inc.php,1.419.2.16,1.419.2.17 serendipity_admin_comments.inc.php,1.17.2.2,1.17.2.3