[Phpbbkb-checkins] SF.net SVN: phpbbkb: [63] main/trunk

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 63
          http://svn.sourceforge.net/phpbbkb/?rev=63&view=rev
Author:   softphp
Date:     2007-02-24 12:51:19 -0800 (Sat, 24 Feb 2007)

Log Message:
-----------
- Bug #17, #18.

Modified Paths:
--------------
    main/trunk/includes/functions_kb.php
    main/trunk/kb.php

Modified: main/trunk/includes/functions_kb.php
===================================================================

--- main/trunk/includes/functions_kb.php	2007-02-24 13:59:19 UTC (rev 62)
+++ main/trunk/includes/functions_kb.php	2007-02-24 20:51:19 UTC (rev 63)
@@ -294,9 +294,9 @@
 			$smilies_on = ( !empty($HTTP_POST_VARS['disable_smilies']) ) ? 0 : 1;
 		}
 		
-		$article_desc = ( !empty($HTTP_POST_VARS['desc']) ) ? trim(stripslashes($HTTP_POST_VARS['desc'])) : '';
-		$article_title = ( !empty($HTTP_POST_VARS['title']) ) ? trim(stripslashes($HTTP_POST_VARS['title'])) : '';
-		$message = ( !empty($HTTP_POST_VARS['message']) ) ? stripslashes($HTTP_POST_VARS['message']) : '';
+		$article_desc = ( !empty($HTTP_POST_VARS['desc']) ) ? trim(addslashes($HTTP_POST_VARS['desc'])) : '';
+		$article_title = ( !empty($HTTP_POST_VARS['title']) ) ? trim(addslashes($HTTP_POST_VARS['title'])) : '';
+		$message = ( !empty($HTTP_POST_VARS['message']) ) ? addslashes($HTTP_POST_VARS['message']) : '';
 		$article_author = ($mode == 'edit') ? $article['article_author'] : $userdata['user_id'];
 		$article_authorname = ( $mode == 'edit' ) ? ( ( empty($HTTP_POST_VARS['authorname']) ) ? $article['article_authorname'] : $HTTP_POST_VARS['authorname'] ) : ( ( empty($HTTP_POST_VARS['authorname']) ) ? $userdata['username'] : $HTTP_POST_VARS['authorname'] );
 		$bbcode_uid = ($mode == 'edit' ) ? $article['bbcode_uid'] : '';

Modified: main/trunk/kb.php
===================================================================
--- main/trunk/kb.php	2007-02-24 13:59:19 UTC (rev 62)
+++ main/trunk/kb.php	2007-02-24 20:51:19 UTC (rev 63)
@@ -229,8 +229,8 @@
 			
 			$template->assign_block_vars('articlerow', array(
 				'TOPIC_FOLDER_IMG' => $images['folder'],
-				'ARTICLE_TITLE' => $articles[$i]['article_title'],
-				'ARTICLE_DESC' => $articles[$i]['article_desc'],
+				'ARTICLE_TITLE' => stripslashes($articles[$i]['article_title']),
+				'ARTICLE_DESC' => stripslashes($articles[$i]['article_desc']),
 				'ARTICLE_AUTHOR' => $author,
 				'ARTICLE_HITS' => $articles[$i]['article_hits'],
 				'ARTICLE_LAST_ACTION' => $last_action,
@@ -270,7 +270,7 @@
 	
 	$sql = "SELECT a.*, u.*
 			FROM " . KB_ARTICLES_TABLE . " a, " . USERS_TABLE . " u
-			WHERE a.article_title LIKE %'$article_query'%
+			WHERE a.article_title LIKE '%$article_query%'
 			AND a.article_author = u.user_id";
 	if( !($result = $db->sql_query($sql)) )
 	{
@@ -315,8 +315,9 @@
 		message_die(GENERAL_MESSAGE, "The category specified in GET variables did not exist along with this article in the database.");
 	}
 	
-	$article_title = $article['article_title'];
-	$article_text = $article['article_text'];
+	$article_title = stripslashes($article['article_title']);
+	$article_text = stripslashes($article['article_text']);
+	$article_desc = stripslashes($article['article_desc']);
 	$article_bbcode_uid = $article['bbcode_uid'];
 	
 	$user_sig = ( $article['enable_sig'] && $article['user_sig'] != '' && $board_config['allow_sig'] ) ? $article['user_sig'] : '';


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


