Menu
▾
▴
[Xoops-svn] SF.net SVN: xoops-svn:[12843] XoopsCore/branches/2.5.x/2.5.8/htdocs
|
From: <rgr...@us...> - 2014-11-12 18:40:22
|
Revision: 12843
http://sourceforge.net/p/xoops/svn/12843
Author: rgriffith
Date: 2014-11-12 18:40:18 +0000 (Wed, 12 Nov 2014)
Log Message:
-----------
Some code cleanup for private messages
Modified Paths:
--------------
XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/pm/pmlite.php
XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/pm/readpmsg.php
XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/pm/viewpmsg.php
XoopsCore/branches/2.5.x/2.5.8/htdocs/pmlite.php
XoopsCore/branches/2.5.x/2.5.8/htdocs/readpmsg.php
XoopsCore/branches/2.5.x/2.5.8/htdocs/viewpmsg.php
Modified: XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/pm/pmlite.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/pm/pmlite.php 2014-11-12 18:38:49 UTC (rev 12842)
+++ XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/pm/pmlite.php 2014-11-12 18:40:18 UTC (rev 12843)
@@ -25,21 +25,27 @@
xoops_loadLanguage('main', 'pm');
}
-$reply = !empty($_GET['reply']) ? 1 : 0;
-$send = !empty($_GET['send']) ? 1 : 0;
-$send2 = !empty($_GET['send2']) ? 1 : 0;
-$sendmod = !empty($_POST['sendmod']) ? 1 : 0; // send from other modules with post data
-$to_userid = isset($_GET['to_userid']) ? intval($_GET['to_userid']) : 0;
-$msg_id = isset($_GET['msg_id']) ? intval($_GET['msg_id']) : 0;
+XoopsLoad::load('XoopsRequest');
-if (empty($_GET['refresh']) && isset($_POST['op']) && $_POST['op'] != "submit") {
+$subject_icons = XoopsLists::getSubjectsList();
+
+$op = XoopsRequest::getCmd('op', '', 'POST');
+
+$reply = XoopsRequest::getBool('reply', 0, 'GET');
+$send = XoopsRequest::getBool('send', 0, 'GET');
+$send2 = XoopsRequest::getBool('send2', 0, 'GET');
+$sendmod = XoopsRequest::getBool('sendmod', 0, 'POST'); // send from other modules with post data
+$to_userid = XoopsRequest::getInt('to_userid', 0, 'GET');
+$msg_id = XoopsRequest::getInt('msg_id', 0, 'GET');
+
+if (empty($_GET['refresh']) && $op != "submit") {
$jump = "pmlite.php?refresh=" . time();
if ($send == 1) {
- $jump .= "&send={$send}";
- } else if ($send2 == 1) {
- $jump .= "&send2={$send2}&to_userid={$to_userid}";
- } else if ($reply == 1) {
- $jump .= "&reply={$reply}&msg_id={$msg_id}";
+ $jump .= "&send={$send}";
+ } elseif ($send2 == 1) {
+ $jump .= "&send2={$send2}&to_userid={$to_userid}";
+ } elseif ($reply == 1) {
+ $jump .= "&reply={$reply}&msg_id={$msg_id}";
} else {
}
header('location: ' . $jump);
@@ -53,28 +59,26 @@
xoops_header();
$myts =& MyTextSanitizer::getInstance();
-if (isset($_POST['op']) && $_POST['op'] == "submit") {
+if ($op == "submit") {
$member_handler =& xoops_gethandler('member');
- $count = $member_handler->getUserCount(new Criteria('uid', intval($_POST['to_userid'])));
+ $count = $member_handler->getUserCount(new Criteria('uid', XoopsRequest::getInt('to_userid', 0, 'POST')));
if ($count != 1) {
echo "<br /><br /><div><h4>"._PM_USERNOEXIST."<br />";
echo _PM_PLZTRYAGAIN."</h4><br />";
echo "[ <a href='javascript:history.go(-1)'>"._PM_GOBACK."</a> ]</div>";
- } else if ($GLOBALS['xoopsSecurity']->check()) {
+ } elseif ($GLOBALS['xoopsSecurity']->check()) {
$pm_handler =& xoops_getModuleHandler('message', 'pm');
$pm =& $pm_handler->create();
$pm->setVar("msg_time", time());
-//------------------ mamba
-if (isset($_POST['icon'])) {
- $pm->setVar("msg_image", $_POST['icon']);
+ $msg_image = XoopsRequest::getCmd('icon', null, 'POST');
+ if (in_array($msg_image, $subject_icons)) {
+ $pm->setVar("msg_image", $msg_image);
}
- //else $pm->setVar("msg_image", 'icon1.gif');
-//----------------- mamba
- $pm->setVar("subject", $_POST['subject']);
- $pm->setVar("msg_text", $_POST['message']);
- $pm->setVar("to_userid", $_POST['to_userid']);
+ $pm->setVar("subject", XoopsRequest::getString('subject', null, 'POST'));
+ $pm->setVar("msg_text", XoopsRequest::getString('message', null, 'POST'));
+ $pm->setVar("to_userid", XoopsRequest::getInt('to_userid', 0, 'POST'));
$pm->setVar("from_userid", $GLOBALS['xoopsUser']->getVar("uid"));
- if (isset($_REQUEST['savecopy']) && $_REQUEST['savecopy'] == 1) {
+ if (XoopsRequest::getBool('savecopy', 0)) {
//PMs are by default not saved in outbox
$pm->setVar('from_delete', 0);
}
@@ -91,14 +95,14 @@
echo "<br /><a href=\"javascript:window.close();\">"._PM_ORCLOSEWINDOW."</a>";
}
-} else if ($reply == 1 || $send == 1 || $send2 == 1 || $sendmod == 1) {
+} elseif ($reply == 1 || $send == 1 || $send2 == 1 || $sendmod == 1) {
if ($reply == 1) {
$pm_handler =& xoops_getModuleHandler('message', 'pm');
$pm =& $pm_handler->get($msg_id);
if ($pm->getVar("to_userid") == $GLOBALS['xoopsUser']->getVar('uid')) {
$pm_uname = XoopsUser::getUnameFromId($pm->getVar("from_userid"));
$message = "[quote]\n";
- $message .= sprintf(_PM_USERWROTE , $pm_uname);
+ $message .= sprintf(_PM_USERWROTE, $pm_uname);
$message .= "\n" . $pm->getVar("msg_text", "E") . "\n[/quote]";
} else {
unset($pm);
@@ -118,11 +122,11 @@
}
$GLOBALS['xoopsTpl']->assign('to_username', $pm_uname);
$pmform->addElement(new XoopsFormHidden('to_userid', $pm->getVar("from_userid")));
- } else if ($sendmod == 1) {
- $GLOBALS['xoopsTpl']->assign('to_username', XoopsUser::getUnameFromId($_POST["to_userid"]));
- $pmform->addElement(new XoopsFormHidden('to_userid', intval($_POST["to_userid"])));
- $subject = $myts->htmlSpecialChars($myts->stripSlashesGPC($_POST['subject']));
- $message = $myts->htmlSpecialChars($myts->stripSlashesGPC($_POST['message']));
+ } elseif ($sendmod == 1) {
+ $GLOBALS['xoopsTpl']->assign('to_username', XoopsUser::getUnameFromId(XoopsRequest::getInt("to_userid", 0, 'POST')));
+ $pmform->addElement(new XoopsFormHidden('to_userid', XoopsRequest::getInt("to_userid", 0, 'POST')));
+ $subject = $myts->htmlSpecialChars(XoopsRequest::getString('subject', '', 'POST'));
+ $message = $myts->htmlSpecialChars(XoopsRequest::getString('message', '', 'POST'));
} else {
if ($send2 == 1) {
$GLOBALS['xoopsTpl']->assign('to_username', XoopsUser::getUnameFromId($to_userid, false));
@@ -136,19 +140,11 @@
}
$pmform->addElement(new XoopsFormText('', 'subject', 30, 100, $subject), true);
-//----------------------------- mamba
- $msg_image='';
- $icons_radio = new XoopsFormRadio(_MESSAGEICON, 'msg_image', $msg_image);
- $subject_icons = XoopsLists::getSubjectsList();
- // foreach ($subject_icons as $iconfile) {
- // $icons_radio->addOption($iconfile, '<img src="' . XOOPS_URL . '/images/subject/' . $iconfile . '" alt="" />');
- // }
- // $pmform->addElement($icons_radio, true);
+ $msg_image='';
+ $icons_radio = new XoopsFormRadio(_MESSAGEICON, 'msg_image', $msg_image);
+ //$subject_icons = XoopsLists::getSubjectsList();
+ $xoopsTpl->assign('radio_icons', $subject_icons);
- $xoopsTpl->assign('radio_icons', $subject_icons);
-//------------------------------- mamba
-
-
$pmform->addElement(new XoopsFormDhtmlTextArea('', 'message', $message, 8, 37), true);
$pmform->addElement(new XoopsFormRadioYN('', 'savecopy', 0));
Modified: XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/pm/readpmsg.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/pm/readpmsg.php 2014-11-12 18:38:49 UTC (rev 12842)
+++ XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/pm/readpmsg.php 2014-11-12 18:40:18 UTC (rev 12843)
@@ -36,12 +36,12 @@
if (is_object($pm) && ($pm->getVar('from_userid') != $GLOBALS['xoopsUser']->getVar('uid'))
&& ($pm->getVar('to_userid') != $GLOBALS['xoopsUser']->getVar('uid'))
-){
+) {
redirect_header(XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar("dirname", "n") . '/index.php', 2, _NOPERM);
exit();
}
-if (is_object($pm) && !empty($_POST['action']) ) {
+if (is_object($pm) && !empty($_POST['action'])) {
if (!$GLOBALS['xoopsSecurity']->check()) {
echo implode('<br />', $GLOBALS['xoopsSecurity']->getErrors());
exit();
@@ -49,7 +49,7 @@
$res = false;
if (!empty($_REQUEST['email_message'])) {
$res = $pm_handler->sendEmail($pm, $GLOBALS['xoopsUser']);
- } else if (!empty($_REQUEST['move_message'])
+ } elseif (!empty($_REQUEST['move_message'])
&& $_REQUEST['op'] != 'save'
&& !$GLOBALS['xoopsUser']->isAdmin()
&& $pm_handler->getSavecount() >= $GLOBALS['xoopsModuleConfig']['max_save']
@@ -58,10 +58,12 @@
} else {
switch ($_REQUEST['op']) {
case 'out':
- if ($pm->getVar('from_userid') != $GLOBALS['xoopsUser']->getVar('uid')) break;
+ if ($pm->getVar('from_userid') != $GLOBALS['xoopsUser']->getVar('uid')) {
+ break;
+ }
if (!empty($_REQUEST['delete_message'])) {
$res = $pm_handler->setFromdelete($pm);
- } else if (!empty($_REQUEST['move_message'])) {
+ } elseif (!empty($_REQUEST['move_message'])) {
$res = $pm_handler->setFromsave($pm);
}
break;
@@ -70,7 +72,7 @@
if (!empty($_REQUEST['delete_message'])) {
$res1 = $pm_handler->setTodelete($pm);
$res1 = ($res1) ? $pm_handler->setTosave($pm, 0) : false;
- } else if (!empty($_REQUEST['move_message'])) {
+ } elseif (!empty($_REQUEST['move_message'])) {
$res1 = $pm_handler->setTosave($pm, 0);
}
}
@@ -78,7 +80,7 @@
if (!empty($_REQUEST['delete_message'])) {
$res2 = $pm_handler->setFromDelete($pm);
$res2 = ($res2) ? $pm_handler->setFromsave($pm, 0) : false;
- } else if (!empty($_REQUEST['move_message'])) {
+ } elseif (!empty($_REQUEST['move_message'])) {
$res2 = $pm_handler->setFromsave($pm, 0);
}
}
@@ -92,14 +94,14 @@
}
if (!empty($_REQUEST['delete_message'])) {
$res = $pm_handler->setTodelete($pm);
- } else if (!empty($_REQUEST['move_message'])) {
+ } elseif (!empty($_REQUEST['move_message'])) {
$res = $pm_handler->setTosave($pm);
}
break;
}
}
$res_message = isset($res_message) ? $res_message : (($res) ? _PM_ACTION_DONE : _PM_ACTION_ERROR);
- redirect_header('viewpmsg.php?op=' . htmlspecialchars($_REQUEST['op'] ) , 2, $res_message);
+ redirect_header('viewpmsg.php?op=' . htmlspecialchars($_REQUEST['op']), 2, $res_message);
}
$start = !empty($_GET['start']) ? intval($_GET['start']) : 0;
$total_messages = !empty($_GET['total_messages']) ? intval($_GET['total_messages']) : 0;
@@ -111,10 +113,10 @@
$criteria = new CriteriaCompo(new Criteria('from_delete', 0));
$criteria->add(new Criteria('from_userid', $GLOBALS['xoopsUser']->getVar('uid')));
$criteria->add(new Criteria('from_save', 0));
- } else if ($_REQUEST['op'] == "save") {
+ } elseif ($_REQUEST['op'] == "save") {
$crit_to = new CriteriaCompo(new Criteria('to_delete', 0));
$crit_to->add(new Criteria('to_save', 1));
- $crit_to->add(new Criteria('to_userid',$GLOBALS['xoopsUser']->getVar('uid')));
+ $crit_to->add(new Criteria('to_userid', $GLOBALS['xoopsUser']->getVar('uid')));
$crit_from = new CriteriaCompo(new Criteria('from_delete', 0));
$crit_from->add(new Criteria('from_save', 1));
$crit_from->add(new Criteria('from_userid', $GLOBALS['xoopsUser']->getVar('uid')));
@@ -139,7 +141,7 @@
if (is_object($pm) && !empty($pm)) {
if ($pm->getVar('from_userid') != $GLOBALS['xoopsUser']->getVar('uid')) {
$reply_button = new XoopsFormButton('', 'send', _PM_REPLY);
- $reply_button->setExtra("onclick='javascript:openWithSelfMain(\"" . XOOPS_URL . "/modules/pm/pmlite.php?reply=1&msg_id=".$pm->getVar("msg_id")."\", \"pmlite\", 565,500);'");
+ $reply_button->setExtra("onclick='javascript:openWithSelfMain(\"" . XOOPS_URL . "/modules/pm/pmlite.php?reply=1&msg_id=".$pm->getVar("msg_id")."\", \"pmlite\", 565,500);'");
$pmform->addElement($reply_button);
}
$pmform->addElement(new XoopsFormButton('', 'delete_message', _PM_DELETE, 'submit'));
@@ -168,6 +170,7 @@
$message = $pm->getValues();
$message['msg_time'] = formatTimestamp($pm->getVar("msg_time"));
+ $message['msg_image'] = htmlspecialchars($message['msg_image'], ENT_QUOTES);
}
$GLOBALS['xoopsTpl']->assign('message', $message);
$GLOBALS['xoopsTpl']->assign('op', $_REQUEST['op']);
Modified: XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/pm/viewpmsg.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/pm/viewpmsg.php 2014-11-12 18:38:49 UTC (rev 12842)
+++ XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/pm/viewpmsg.php 2014-11-12 18:40:18 UTC (rev 12843)
@@ -37,7 +37,7 @@
if (isset($_POST['delete_messages']) && (isset($_POST['msg_id']) || isset($_POST['msg_ids']))) {
if (!$GLOBALS['xoopsSecurity']->check()) {
$GLOBALS['xoopsTpl']->assign('errormsg', implode('<br />', $GLOBALS['xoopsSecurity']->getErrors()));
- } else if (empty($_REQUEST['ok'])) {
+ } elseif (empty($_REQUEST['ok'])) {
xoops_confirm(array('ok' => 1, 'delete_messages' => 1, 'op' => $_REQUEST['op'], 'msg_ids'=> json_encode(array_map("intval", $_POST['msg_id']))), $_SERVER['REQUEST_URI'], _PM_SURE_TO_DELETE);
include $GLOBALS['xoops']->path('footer.php');
exit();
@@ -52,7 +52,7 @@
$pm =& $pm_handler->get($msg[$i]);
if ($pm->getVar('to_userid') == $GLOBALS['xoopsUser']->getVar('uid')) {
$pm_handler->setTodelete($pm);
- } else if ($pm->getVar('from_userid') == $GLOBALS['xoopsUser']->getVar('uid')) {
+ } elseif ($pm->getVar('from_userid') == $GLOBALS['xoopsUser']->getVar('uid')) {
$pm_handler->setFromdelete($pm);
}
unset($pm);
@@ -63,7 +63,7 @@
if (isset($_POST['move_messages']) && isset($_POST['msg_id'])) {
if (!$GLOBALS['xoopsSecurity']->check()) {
$GLOBALS['xoopsTpl']->assign('errormsg', implode('<br />', $GLOBALS['xoopsSecurity']->getErrors()));
- } else{
+ } else {
$size = count($_POST['msg_id']);
$msg = $_POST['msg_id'];
if ($_POST['op'] == 'save') {
@@ -71,7 +71,7 @@
$pm =& $pm_handler->get($msg[$i]);
if ($pm->getVar('to_userid') == $GLOBALS['xoopsUser']->getVar('uid')) {
$pm_handler->setTosave($pm, 0);
- } else if ($pm->getVar('from_userid') == $GLOBALS['xoopsUser']->getVar('uid')) {
+ } elseif ($pm->getVar('from_userid') == $GLOBALS['xoopsUser']->getVar('uid')) {
$pm_handler->setFromsave($pm, 0);
}
unset($pm);
@@ -85,7 +85,7 @@
$pm =& $pm_handler->get($msg[$i]);
if ($_POST['op']=='in') {
$pm_handler->setTosave($pm);
- } else if ($_POST['op'] == 'out') {
+ } elseif ($_POST['op'] == 'out') {
$pm_handler->setFromsave($pm);
}
unset($pm);
@@ -93,7 +93,7 @@
}
if ($_POST['op'] == 'save') {
$GLOBALS['xoopsTpl']->assign('msg', _PM_UNSAVED);
- } else if (isset($total_save) && !$GLOBALS['xoopsUser']->isAdmin()) {
+ } elseif (isset($total_save) && !$GLOBALS['xoopsUser']->isAdmin()) {
$GLOBALS['xoopsTpl']->assign('msg', sprintf(_PM_SAVED_PART, $GLOBALS['xoopsModuleConfig']['max_save'], $i));
} else {
$GLOBALS['xoopsTpl']->assign('msg', _PM_SAVED_ALL);
@@ -103,25 +103,25 @@
if (isset($_REQUEST['empty_messages'])) {
if (!$GLOBALS['xoopsSecurity']->check()) {
$GLOBALS['xoopsTpl']->assign('errormsg', implode('<br />', $GLOBALS['xoopsSecurity']->getErrors()));
- } else if (empty($_REQUEST['ok'])) {
+ } elseif (empty($_REQUEST['ok'])) {
xoops_confirm(array('ok' => 1, 'empty_messages' => 1, 'op' => $_REQUEST['op']), $_SERVER['REQUEST_URI'], _PM_RUSUREEMPTY);
include $GLOBALS['xoops']->path('footer.php');
exit();
} else {
if ($_POST['op'] == 'save') {
$crit_to = new CriteriaCompo(new Criteria('to_delete', 0));
- $crit_to->add(new Criteria('to_save',1));
- $crit_to->add(new Criteria('to_userid',$GLOBALS['xoopsUser']->getVar('uid')));
+ $crit_to->add(new Criteria('to_save', 1));
+ $crit_to->add(new Criteria('to_userid', $GLOBALS['xoopsUser']->getVar('uid')));
$crit_from = new CriteriaCompo(new Criteria('from_delete', 0));
$crit_from->add(new Criteria('from_save', 1));
- $crit_from->add(new Criteria('from_userid',$GLOBALS['xoopsUser']->getVar('uid')));
+ $crit_from->add(new Criteria('from_userid', $GLOBALS['xoopsUser']->getVar('uid')));
$criteria = new CriteriaCompo($crit_to);
$criteria->add($crit_from, "OR");
- } else if ($_POST['op'] == 'out') {
+ } elseif ($_POST['op'] == 'out') {
$criteria = new CriteriaCompo(new Criteria('from_delete', 0));
$criteria->add(new Criteria('from_userid', $GLOBALS['xoopsUser']->getVar('uid')));
$criteria->add(new Criteria('from_save', 0));
- } else{
+ } else {
$criteria = new CriteriaCompo(new Criteria('to_delete', 0));
$criteria->add(new Criteria('to_userid', $GLOBALS['xoopsUser']->getVar('uid')));
$criteria->add(new Criteria('to_save', 0));
@@ -137,14 +137,14 @@
if ($pms[$i]->getVar('to_userid') == $GLOBALS['xoopsUser']->getVar('uid')) {
if ($_POST['op'] == 'save') {
$pm_handler->setTosave($pms[$i], 0);
- } else if ($_POST['op'] == 'in') {
+ } elseif ($_POST['op'] == 'in') {
$pm_handler->setTodelete($pms[$i]);
}
}
if ($pms[$i]->getVar('from_userid') == $GLOBALS['xoopsUser']->getVar('uid')) {
if ($_POST['op']=='save') {
- $pm_handler->setFromsave($pms[$i],0);
- } else if ($_POST['op']=='out') {
+ $pm_handler->setFromsave($pms[$i], 0);
+ } elseif ($_POST['op']=='out') {
$pm_handler->setFromdelete($pms[$i]);
}
}
@@ -158,7 +158,7 @@
$criteria = new CriteriaCompo(new Criteria('from_delete', 0));
$criteria->add(new Criteria('from_userid', $GLOBALS['xoopsUser']->getVar('uid')));
$criteria->add(new Criteria('from_save', 0));
-} else if ($_REQUEST['op'] == "save") {
+} elseif ($_REQUEST['op'] == "save") {
$crit_to = new CriteriaCompo(new Criteria('to_delete', 0));
$crit_to->add(new Criteria('to_save', 1));
$crit_to->add(new Criteria('to_userid', $GLOBALS['xoopsUser']->getVar('uid')));
@@ -200,9 +200,10 @@
}
}
$member_handler =& xoops_gethandler('member');
- $senders = $member_handler->getUserList(new Criteria('uid', "(" . implode(", ", array_unique($uids) ) . ")", "IN"));
+ $senders = $member_handler->getUserList(new Criteria('uid', "(" . implode(", ", array_unique($uids)) . ")", "IN"));
foreach (array_keys($pm_arr) as $i) {
$message = $pm_arr[$i];
+ $message['msg_image'] = htmlspecialchars($message['msg_image'], ENT_QUOTES);
$message['msg_time'] = formatTimestamp($message["msg_time"]);
if (isset($_REQUEST['op']) && $_REQUEST['op'] == "out") {
$message['postername'] = $senders[$pm_arr[$i]['to_userid']];
Modified: XoopsCore/branches/2.5.x/2.5.8/htdocs/pmlite.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.8/htdocs/pmlite.php 2014-11-12 18:38:49 UTC (rev 12842)
+++ XoopsCore/branches/2.5.x/2.5.8/htdocs/pmlite.php 2014-11-12 18:40:18 UTC (rev 12843)
@@ -21,27 +21,27 @@
$xoopsPreload->triggerEvent('core.pmlite.start');
xoops_loadLanguage('pmsg');
+XoopsLoad::load('XoopsRequest');
-
-//------------------------------ mamba
include $GLOBALS['xoops']->path('class/xoopsformloader.php');
$icon='';
$icons_radio = new XoopsFormRadio(_MESSAGEICON, 'icon', $icon);
$subject_icons = XoopsLists::getSubjectsList();
-//------------------------------- mamba
-$reply = !empty($_GET['reply']) ? 1 : 0;
-$send = !empty($_GET['send']) ? 1 : 0;
-$send2 = !empty($_GET['send2']) ? 1 : 0;
-$to_userid = !empty($_GET['to_userid']) ? intval($_GET['to_userid']) : 0;
-$msg_id = !empty($_GET['msg_id']) ? intval($_GET['msg_id']) : 0;
-if (empty($_GET['refresh']) && isset($_POST['op']) && $_POST['op'] != "submit") {
+$op = XoopsRequest::getCmd('op', '', 'POST');
+
+$reply = XoopsRequest::getBool('reply', 0, 'GET');
+$send = XoopsRequest::getBool('send', 0, 'GET');
+$send2 = XoopsRequest::getBool('send2', 0, 'GET');
+$to_userid = XoopsRequest::getInt('to_userid', 0, 'GET');
+$msg_id = XoopsRequest::getInt('msg_id', 0, 'GET');
+if (empty($_GET['refresh']) && $op != "submit") {
$jump = "pmlite.php?refresh=" . time() . "";
if ($send == 1) {
$jump .= "&send=" . $send . "";
- } else if ($send2 == 1) {
+ } elseif ($send2 == 1) {
$jump .= "&send2=" . $send2 . "&to_userid=" . $to_userid . "";
- } else if ($reply == 1) {
+ } elseif ($reply == 1) {
$jump .= "&reply=" . $reply . "&msg_id=" . $msg_id . "";
} else {
}
@@ -50,32 +50,37 @@
}
xoops_header();
+
+$method = XoopsRequest::getMethod();
+$safeMethods = array('GET', 'HEAD');
+if (!in_array($method, $safeMethods)) {
+ if (!$GLOBALS['xoopsSecurity']->check()) {
+ echo "<br /><br /><div><h4>" . _ERRORS . "</h4><br />";
+ echo "[ <a href='javascript:history.go(-1)' title=''>" . _PM_GOBACK . "</a> ]</div>";
+ xoops_footer();
+ exit;
+ }
+}
+
if (is_object($xoopsUser)) {
$myts =& MyTextSanitizer::getInstance();
- if (isset($_POST['op']) && $_POST['op'] == "submit") {
- if (!$GLOBALS['xoopsSecurity']->check()) {
- $security_error = true;
- }
- $res = $xoopsDB->query("SELECT COUNT(*) FROM " . $xoopsDB->prefix("users") . " WHERE uid=" . intval($_POST['to_userid']) . "");
+ if ($op == 'submit') {
+ $res = $xoopsDB->query("SELECT COUNT(*) FROM " . $xoopsDB->prefix("users") . " WHERE uid=" . XoopsRequest::getInt('to_userid', 0, 'POST') . "");
list ($count) = $xoopsDB->fetchRow($res);
if ($count != 1) {
echo "<br /><br /><div><h4>" . _PM_USERNOEXIST . "<br />";
echo _PM_PLZTRYAGAIN . "</h4><br />";
- if (isset($security_error) && $security_error == true) {
- echo implode('<br />', $GLOBALS['xoopsSecurity']->getErrors());
- }
echo "[ <a href='javascript:history.go(-1)' title=''>" . _PM_GOBACK . "</a> ]</div>";
} else {
$pm_handler =& xoops_gethandler('privmessage');
$pm =& $pm_handler->create();
-//------------------ mamba
-if (isset($_POST['icon'])) {
- $pm->setVar("msg_image", $_POST['icon']);
+ $msg_image = XoopsRequest::getCmd('icon', null, 'POST');
+ if (in_array($msg_image, $subject_icons)) {
+ $pm->setVar("msg_image", $msg_image);
}
-//----------------- mamba
- $pm->setVar("subject", $_POST['subject']);
- $pm->setVar("msg_text", $_POST['message']);
- $pm->setVar("to_userid", $_POST['to_userid']);
+ $pm->setVar("subject", XoopsRequest::getString('subject', null, 'POST'));
+ $pm->setVar("msg_text", XoopsRequest::getString('message', null, 'POST'));
+ $pm->setVar("to_userid", XoopsRequest::getInt('to_userid', 0, 'POST'));
$pm->setVar("from_userid", $xoopsUser->getVar("uid"));
if (!$pm_handler->insert($pm)) {
echo $pm->getHtmlErrors();
@@ -84,7 +89,7 @@
echo "<br /><br /><div style='text-align:center;'><h4>" . _PM_MESSAGEPOSTED . "</h4><br /><a href=\"javascript:window.opener.location='" . XOOPS_URL . "/viewpmsg.php';window.close();\" title=\"\">" . _PM_CLICKHERE . "</a><br /><br /><a href=\"javascript:window.close();\" title=\"\">" . _PM_ORCLOSEWINDOW . "</a></div>";
}
}
- } else if ($reply == 1 || $send == 1 || $send2 == 1) {
+ } elseif ($reply == 1 || $send == 1 || $send2 == 1) {
include_once $GLOBALS['xoops']->path('include/xoopscodes.php');
if ($reply == 1) {
$pm_handler =& xoops_gethandler('privmessage');
@@ -103,14 +108,14 @@
echo "<table style=' text-align:left;' class='outer'><tr><td class='head txtright' style='width:25%'>" . _PM_TO . "</td>";
if ($reply == 1) {
echo "<td class='even'><input type='hidden' name='to_userid' value='" . $pm->getVar("from_userid") . "' />" . $pm_uname . "</td>";
- } else if ($send2 == 1) {
+ } elseif ($send2 == 1) {
$to_username = XoopsUser::getUnameFromId($to_userid);
echo "<td class='even'><input type='hidden' name='to_userid' value='" . $to_userid . "' />" . $to_username . "</td>";
} else {
- require_once $GLOBALS['xoops']->path('class/xoopsform/formelement.php');
- require_once $GLOBALS['xoops']->path('class/xoopsform/formselect.php');
- require_once $GLOBALS['xoops']->path('class/xoopsform/formlabel.php');
- require_once $GLOBALS['xoops']->path('class/xoopsform/formselectuser.php');
+ //require_once $GLOBALS['xoops']->path('class/xoopsform/formelement.php');
+ //require_once $GLOBALS['xoops']->path('class/xoopsform/formselect.php');
+ //require_once $GLOBALS['xoops']->path('class/xoopsform/formlabel.php');
+ //require_once $GLOBALS['xoops']->path('class/xoopsform/formselectuser.php');
$user_sel = new XoopsFormSelectUser("", "to_userid");
echo "<td class='even'>" . $user_sel->render();
echo "</td>";
@@ -129,16 +134,14 @@
}
echo "</tr>";
-//----------------------------- mamba
- echo "<tr>";
- echo "<td class='head txtright' style='width:25%;'>" . _MESSAGEICON. "</td>";
- foreach ($subject_icons as $iconfile) {
- $icons_radio->addOption($iconfile, '<img src="' . XOOPS_URL . '/images/subject/' . $iconfile . '" alt="" />');
+ echo "<tr>";
+ echo "<td class='head txtright' style='width:25%;'>" . _MESSAGEICON. "</td>";
+ foreach ($subject_icons as $iconfile) {
+ $icons_radio->addOption($iconfile, '<img src="' . XOOPS_URL . '/images/subject/' . $iconfile . '" alt="" />');
}
- echo "<td class='even'>" . $icons_radio->render();
- echo "</td>";
- echo "</tr>";
-//------------------------------- mamba
+ echo "<td class='even'>" . $icons_radio->render();
+ echo "</td>";
+ echo "</tr>";
echo "<tr style='vertical-align:top;'><td style='width:25%;' class='head txtright'>" . _PM_MESSAGEC . "</td>";
echo "<td class='even'>";
Modified: XoopsCore/branches/2.5.x/2.5.8/htdocs/readpmsg.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.8/htdocs/readpmsg.php 2014-11-12 18:38:49 UTC (rev 12842)
+++ XoopsCore/branches/2.5.x/2.5.8/htdocs/readpmsg.php 2014-11-12 18:40:18 UTC (rev 12843)
@@ -80,14 +80,12 @@
} else {
echo $xoopsConfig['anonymous']; // we need to do this for deleted users
}
-//------------- mamba
- $iconName=$pm_arr[0]->getVar("msg_image", "E");
+ $iconName=htmlspecialchars($pm_arr[0]->getVar("msg_image", "E"), ENT_QUOTES);
if ($iconName != '') {
- echo "</td><td><img src='images/subject/" .$iconName . "' alt='' /> " . _PM_SENTC . "" . formatTimestamp($pm_arr[0]->getVar("msg_time"));
+ echo "</td><td><img src='images/subject/" .$iconName . "' alt='' /> " . _PM_SENTC . "" . formatTimestamp($pm_arr[0]->getVar("msg_time"));
} else {
- echo "</td><td>" . _PM_SENTC . "" . formatTimestamp($pm_arr[0]->getVar("msg_time"));
+ echo "</td><td>" . _PM_SENTC . "" . formatTimestamp($pm_arr[0]->getVar("msg_time"));
}
-//------------- mamba
echo "<hr /><br /><strong>" . $pm_arr[0]->getVar("subject") . "</strong><br /><br />\n";
echo $pm_arr[0]->getVar("msg_text") . "<br /><br /></td></tr><tr class='foot'><td class='width20 txtleft' colspan='2'>";
Modified: XoopsCore/branches/2.5.x/2.5.8/htdocs/viewpmsg.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.8/htdocs/viewpmsg.php 2014-11-12 18:38:49 UTC (rev 12842)
+++ XoopsCore/branches/2.5.x/2.5.8/htdocs/viewpmsg.php 2014-11-12 18:40:18 UTC (rev 12843)
@@ -76,11 +76,11 @@
} else {
echo "<td class='aligntop width5 txtcenter'><img src='images/email_notread.png' alt='" . _PM_NOTREAD . "' title='" . _PM_NOTREAD . "' /></td>\n";
}
- $iconName=$pm_arr[$i]->getVar("msg_image", "E");
+ $iconName=htmlspecialchars($pm_arr[$i]->getVar("msg_image", "E"), ENT_QUOTES);
if ($iconName != '') {
- echo "<td class='aligntop width5 txtcenter'><img src='images/subject/" . $iconName . "' alt='' /></td>\n";
+ echo "<td class='aligntop width5 txtcenter'><img src='images/subject/" . $iconName . "' alt='' /></td>\n";
} else {
- echo "<td class='aligntop width5 txtcenter'></td>\n";
+ echo "<td class='aligntop width5 txtcenter'></td>\n";
}
$postername = XoopsUser::getUnameFromId($pm_arr[$i]->getVar("from_userid"));
echo "<td class='alignmiddle width10'>";
|
