Changeset 851 for trunk/Modules/Forum/Forum.php
- Timestamp:
- Jan 17, 2016, 10:07:13 PM (9 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Modules/Forum/Forum.php
r850 r851 26 26 if(array_key_exists('Search', $this->System->ModuleManager->Modules)) 27 27 $this->System->ModuleManager->Modules['Search']->RegisterSearch('forumthread', 28 T('Name of thread forum'), array('UserName', 'Text'), '`ForumThread`', $this->System->Link('/forum/?search=')); 28 T('Name of thread forum'), array('UserName', 'Text'), '`ForumThread`', 29 $this->System->Link('/forum/?search=')); 29 30 30 31 $this->System->RegisterMenuItem(array( … … 56 57 '<td><a href="'.$this->System->Link('/forum/?Thread='.$DbRow['Thread']).'">'.HumanDate($DbRow['Date']).'</a></td>'. 57 58 '<td><a href="'.$this->System->Link('/user/?user='.$DbRow['UserId']).'">'.$DbRow['UserName'].'</a></td>'. 58 '<td>'. $Parser->qparse($DbRow['Text']).'</td>'.59 '<td>'.htmlspecialchars($Parser->qparse($DbRow['Text'])).'</td>'. 59 60 '</tr>'; 60 61 } … … 72 73 if(array_key_exists('a', $_POST)) $Action = $_POST['a']; 73 74 else if(array_key_exists('a', $_GET)) $Action = $_GET['a']; 74 75 else $Action = ''; 75 76 if (array_key_exists('Edit', $_GET)) { 76 77 if (array_key_exists('text', $_POST)) … … 117 118 T('User').': '; 118 119 if($this->System->User->Licence(LICENCE_USER)) $Output .= '<b>'.$this->System->User->Name.'</b><br />'; 119 else $Output .= '<input type="text" name="user" /><br />';120 else $Output .= '<input type="text" name="user" /><br />'; 120 121 $Output .= T('Message text').': ('.T('You can use').' <a href="http://www.bbcode.org/reference.php">'.T('BB code').'</a>)<br/>'. 121 '<textarea onkeydown="ResizeTextArea(this)" rows="8" name="text" cols="80">'. $DbRow['Text'].'</textarea> <br/>'.122 '<textarea onkeydown="ResizeTextArea(this)" rows="8" name="text" cols="80">'.htmlspecialchars($DbRow['Text']).'</textarea> <br/>'. 122 123 '<input type="hidden" name="a" value="add2"/>'. 123 124 '<input type="submit" value="'.T('Send').'" /><br /></fieldset>'. … … 149 150 '`ForumThread`.`Text` as `ThreadName`,`ForumText`.`Thread` FROM `ForumText` '.$join.' WHERE '.$where.' ORDER BY `ForumText`.`Date` DESC '.$PageList['SQLLimit']); 150 151 while($Line = $DbResult->fetch_assoc()) 151 $Output .= '<div><a href="'.$this->System->Link('/forum/?Thread='.$Line['Thread']).'">'.$Line['ThreadName'].'</a><br /><strong>'.$Line['UserName'].'</strong> ('.HumanDate($Line['Date']).'): '.$parser->qparse($Line['Text']).'</div> '; 152 $Output .= '<div><a href="'.$this->System->Link('/forum/?Thread='.$Line['Thread']).'">'. 153 htmlspecialchars($Line['ThreadName']).'</a><br /><strong>'.$Line['UserName']. 154 '</strong> ('.HumanDate($Line['Date']).'): '.htmlspecialchars($parser->qparse($Line['Text'])).'</div> '; 152 155 $Output .= '</div>'.$PageList['Output']; 153 156 return($Output); … … 166 169 $DbResult = $this->System->Database->query('SELECT * FROM `ForumThread` WHERE 1 ORDER BY `ID` DESC '.$PageList['SQLLimit']); 167 170 while($Line = $DbResult->fetch_assoc()) 168 $Output .= '<div><span style="float:right;"><strong>'.$Line['UserName'].'</strong> - ('.HumanDate($Line['Date']).')</span> <a href="?Thread='.$Line['ID'].'">'.str_replace("\n", '',$Line['Text']).'</a> </div>'; 171 $Output .= '<div><span style="float:right;"><strong>'.$Line['UserName']. 172 '</strong> - ('.HumanDate($Line['Date']).')</span> <a href="?Thread='.$Line['ID'].'">'. 173 str_replace("\n", '', htmlspecialchars($Line['Text'])).'</a></div>'; 169 174 $Output .= '</div>'.$PageList['Output']; 170 175 return($Output); … … 191 196 { 192 197 $Thread = $DbResult->fetch_assoc(); 193 $Output .= '<h3>'. $Thread['Text'].'</h3>';198 $Output .= '<h3>'.htmlspecialchars($Thread['Text']).'</h3>'; 194 199 195 200 $DbResult = $this->System->Database->query('SELECT COUNT(*) FROM `ForumText` WHERE `Thread` = '.($_GET['Thread']*1).' '.$SearchQuery); … … 206 211 else $edit = ''; 207 212 $Output .= '<div><span style="float:right;">'.$edit.' ('.HumanDate($Line['Date']). 208 ')</span><strong>'.$Line['UserName'].'</strong>: '.str_replace("\n", '<br />',$parser->qparse($Line['Text'])).' </div> '; 213 ')</span><strong>'.$Line['UserName'].'</strong>: '.str_replace("\n", '<br />', 214 htmlspecialchars($parser->qparse($Line['Text']))).' </div> '; 209 215 } 210 216 $Output .= '</div>'.$PageList['Output']; … … 313 319 $Items[] = array 314 320 ( 315 'Title' => $DbRow['ThreadText'].' - '.$DbRow['UserName'].': ',316 'Link' => 317 'Description' => $parser->qparse($DbRow['Text']),321 'Title' => htmlspecialchars($DbRow['ThreadText']).' - '.$DbRow['UserName'].': ', 322 'Link' => 'http://'.$this->System->Config['Web']['Host'].$this->System->Link('/forum/?Thread='.$DbRow['Thread']), 323 'Description' => htmlspecialchars($parser->qparse($DbRow['Text'])), 318 324 'Time' => $DbRow['UnixDate'], 319 325 );
Note:
See TracChangeset
for help on using the changeset viewer.