Revision 42
Added by stefan about 19 years ago
view.php | ||
---|---|---|
55 | 55 |
while($group = $query_users->fetchRow()) { |
56 | 56 |
// Insert user info into users array |
57 | 57 |
$group_id = $group['group_id']; |
58 |
$groups[$group_id]['title'] = $this->strip_slashes($group['title']); |
|
58 |
$groups[$group_id]['title'] = $this->strip_slashes_dummy($group['title']);
|
|
59 | 59 |
$groups[$group_id]['active'] = $group['active']; |
60 | 60 |
if(file_exists(WB_PATH.MEDIA_DIRECTORY.'/.news/image'.$group_id.'.jpg')) { |
61 | 61 |
$groups[$group_id]['image'] = WB_URL.MEDIA_DIRECTORY.'/.news/image'.$group_id.'.jpg'; |
... | ... | |
82 | 82 |
$query_settings = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_news_settings WHERE section_id = '$section_id'"); |
83 | 83 |
if($query_settings->numRows() > 0) { |
84 | 84 |
$fetch_settings = $query_settings->fetchRow(); |
85 |
$setting_header = $this->strip_slashes($fetch_settings['header']); |
|
86 |
$setting_post_loop = $this->strip_slashes($fetch_settings['post_loop']); |
|
87 |
$setting_footer = $this->strip_slashes($fetch_settings['footer']); |
|
85 |
$setting_header = $this->strip_slashes_dummy($fetch_settings['header']);
|
|
86 |
$setting_post_loop = $this->strip_slashes_dummy($fetch_settings['post_loop']);
|
|
87 |
$setting_footer = $this->strip_slashes_dummy($fetch_settings['footer']);
|
|
88 | 88 |
$setting_posts_per_page = $fetch_settings['posts_per_page']; |
89 | 89 |
} else { |
90 | 90 |
$setting_header = ''; |
... | ... | |
185 | 185 |
if($group_image == '') { $display_image = 'none'; } else { $display_image = ''; } |
186 | 186 |
if($group_id == 0) { $display_group = 'none'; } else { $display_group = ''; } |
187 | 187 |
// Replace [wblink--PAGE_ID--] with real link |
188 |
$short = $this->strip_slashes($post['short']); |
|
188 |
$short = $this->strip_slashes_dummy($post['short']);
|
|
189 | 189 |
$this->preprocess($short); |
190 | 190 |
// Replace vars with values |
191 | 191 |
$vars = array('[PAGE_TITLE]', '[GROUP_ID]', '[GROUP_TITLE]', '[GROUP_IMAGE]', '[DISPLAY_GROUP]', '[DISPLAY_IMAGE]', '[TITLE]', '[SHORT]', '[LINK]', '[DATE]', '[TIME]', '[USER_ID]', '[USERNAME]', '[DISPLAY_NAME]', '[EMAIL]', '[TEXT_READ_MORE]'); |
192 | 192 |
if(isset($users[$uid]['username']) AND $users[$uid]['username'] != '') { |
193 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes($post['title']), $short, $post_link, $post_date, $post_time, $uid, $users[$uid]['username'], $users[$uid]['display_name'], $users[$uid]['email'], $TEXT['READ_MORE']); |
|
193 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes_dummy($post['title']), $short, $post_link, $post_date, $post_time, $uid, $users[$uid]['username'], $users[$uid]['display_name'], $users[$uid]['email'], $TEXT['READ_MORE']);
|
|
194 | 194 |
} else { |
195 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes($post['title']), $short, $post_link, $post_date, $post_time, '', '', '', '', $TEXT['READ_MORE']); |
|
195 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes_dummy($post['title']), $short, $post_link, $post_date, $post_time, '', '', '', '', $TEXT['READ_MORE']);
|
|
196 | 196 |
} |
197 | 197 |
echo str_replace($vars, $values, $setting_post_loop); |
198 | 198 |
} |
... | ... | |
212 | 212 |
$query_settings = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_news_settings WHERE section_id = '$section_id'"); |
213 | 213 |
if($query_settings->numRows() > 0) { |
214 | 214 |
$fetch_settings = $query_settings->fetchRow(); |
215 |
$setting_post_header = $this->strip_slashes($fetch_settings['post_header']); |
|
216 |
$setting_post_footer = $this->strip_slashes($fetch_settings['post_footer']); |
|
217 |
$setting_comments_header = $this->strip_slashes($fetch_settings['comments_header']); |
|
218 |
$setting_comments_loop = $this->strip_slashes($fetch_settings['comments_loop']); |
|
219 |
$setting_comments_footer = $this->strip_slashes($fetch_settings['comments_footer']); |
|
215 |
$setting_post_header = $this->strip_slashes_dummy($fetch_settings['post_header']);
|
|
216 |
$setting_post_footer = $this->strip_slashes_dummy($fetch_settings['post_footer']);
|
|
217 |
$setting_comments_header = $this->strip_slashes_dummy($fetch_settings['comments_header']);
|
|
218 |
$setting_comments_loop = $this->strip_slashes_dummy($fetch_settings['comments_loop']);
|
|
219 |
$setting_comments_footer = $this->strip_slashes_dummy($fetch_settings['comments_footer']);
|
|
220 | 220 |
} else { |
221 | 221 |
$setting_post_header = ''; |
222 | 222 |
$setting_post_footer = ''; |
... | ... | |
258 | 258 |
if($group_id == 0) { $display_group = 'none'; } else { $display_group = ''; } |
259 | 259 |
$vars = array('[PAGE_TITLE]', '[GROUP_ID]', '[GROUP_TITLE]', '[GROUP_IMAGE]', '[DISPLAY_GROUP]', '[DISPLAY_IMAGE]', '[TITLE]', '[SHORT]', '[BACK]', '[DATE]', '[TIME]', '[USER_ID]', '[USERNAME]', '[DISPLAY_NAME]', '[EMAIL]'); |
260 | 260 |
if(isset($users[$uid]['username']) AND $users[$uid]['username'] != '') { |
261 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes($post['title']), $this->strip_slashes($post['short']), $page_link, $post_date, $post_time, $uid, $users[$uid]['username'], $users[$uid]['display_name'], $users[$uid]['email']);
|
|
261 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes_dummy($post['title']), $this->strip_slashes_dummy($post['short']), $page_link, $post_date, $post_time, $uid, $users[$uid]['username'], $users[$uid]['display_name'], $users[$uid]['email']);
|
|
262 | 262 |
} else { |
263 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes($post['title']), $this->strip_slashes($post['short']), $page_link, $post_date, $post_time, '', '', '', '');
|
|
263 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes_dummy($post['title']), $this->strip_slashes_dummy($post['short']), $page_link, $post_date, $post_time, '', '', '', '');
|
|
264 | 264 |
} |
265 |
$post_long = $this->strip_slashes($post['long']); |
|
265 |
$post_long = $this->strip_slashes_dummy($post['long']);
|
|
266 | 266 |
} |
267 | 267 |
} else { |
268 | 268 |
header('Location: '.WB_URL.'/pages/'); |
... | ... | |
290 | 290 |
if($query_comments->numRows() > 0) { |
291 | 291 |
while($comment = $query_comments->fetchRow()) { |
292 | 292 |
// Display Comments without slashes, but with new-line characters |
293 |
$comment['comment'] = nl2br($this->strip_slashes($comment['comment'])); |
|
294 |
$comment['title'] = $this->strip_slashes($comment['title']); |
|
293 |
$comment['comment'] = nl2br($this->strip_slashes_dummy($comment['comment']));
|
|
294 |
$comment['title'] = $this->strip_slashes_dummy($comment['title']);
|
|
295 | 295 |
// Print comments loop |
296 | 296 |
$commented_date = gmdate(DATE_FORMAT, $comment['commented_when']+TIMEZONE); |
297 | 297 |
$commented_time = gmdate(TIME_FORMAT, $comment['commented_when']+TIMEZONE); |
298 | 298 |
$uid = $comment['commented_by']; |
299 | 299 |
$vars = array('[TITLE]','[COMMENT]','[DATE]','[TIME]','[USER_ID]','[USERNAME]','[DISPLAY_NAME]', '[EMAIL]'); |
300 | 300 |
if(isset($users[$uid]['username']) AND $users[$uid]['username'] != '') { |
301 |
$values = array($this->strip_slashes($comment['title']), $this->strip_slashes($comment['comment']), $commented_date, $commented_time, $uid, $this->strip_slashes($users[$uid]['username']), $this->strip_slashes($users[$uid]['display_name']), $this->strip_slashes($users[$uid]['email']));
|
|
301 |
$values = array($this->strip_slashes_dummy($comment['title']), $this->strip_slashes_dummy($comment['comment']), $commented_date, $commented_time, $uid, $this->strip_slashes_dummy($users[$uid]['username']), $this->strip_slashes_dummy($users[$uid]['display_name']), $this->strip_slashes_dummy($users[$uid]['email']));
|
|
302 | 302 |
} else { |
303 |
$values = array($this->strip_slashes($comment['title']), $this->strip_slashes($comment['comment']), $commented_date, $commented_time, '0', strtolower($TEXT['UNKNOWN']), $TEXT['UNKNOWN'], '');
|
|
303 |
$values = array($this->strip_slashes_dummy($comment['title']), $this->strip_slashes_dummy($comment['comment']), $commented_date, $commented_time, '0', strtolower($TEXT['UNKNOWN']), $TEXT['UNKNOWN'], '');
|
|
304 | 304 |
} |
305 | 305 |
echo str_replace($vars, $values, $setting_comments_loop); |
306 | 306 |
} |
Also available in: Unified diff
Changed most occurrences of strip_slashes to new dummy method strip_slashes_dummy.