- Timestamp:
- Jan 13, 2023, 12:40:34 AM (23 months ago)
- Location:
- trunk
- Files:
-
- 1 deleted
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Application/Version.php
r888 r891 7 7 8 8 $Version = '1.0'; 9 $Revision = 8 87; // Subversion revision9 $Revision = 891; // Subversion revision 10 10 $DatabaseRevision = 887; // Database structure revision 11 $ReleaseDate = strtotime('202 2-12-27');11 $ReleaseDate = strtotime('2023-01-13'); -
trunk/Modules/Export/Export.php
r888 r891 664 664 665 665 '<p>Texty přebírány z projektu <a href="https://wowpreklad.zdechov.net/">wowpreklad.zdechov.net</a><br>'. 666 '<a href="http ://wowpreklad.zdechov.nets/export/?Action=View&ExportId='.$this->Id.'&Tab=0">Export '.$this->Id.'</a></p><br>'.666 '<a href="https://wowpreklad.zdechov.nets/export/?Action=View&ExportId='.$this->Id.'&Tab=0">Export '.$this->Id.'</a></p><br>'. 667 667 668 668 -
trunk/Modules/Forum/Forum.php
r888 r891 40 40 function ShowBox() 41 41 { 42 $Parser = new HTML_BBCodeParser2(array('filters' => array('Basic', 'Extended',43 'Images', 'Links', 'Lists', 'Email')));44 42 $Count = 20; 45 43 $Output = '<strong><a href="'.$this->System->Link('/forum/').'">'.T('Last forum posts').':</a></strong>'; … … 58 56 '<td><a href="'.$this->System->Link('/forum/?Thread='.$DbRow['Thread']).'">'.HumanDate($DbRow['Date']).'</a></td>'. 59 57 '<td><a href="'.$this->System->Link('/user/?user='.$DbRow['UserId']).'">'.$DbRow['UserName'].'</a></td>'. 60 '<td>'. $Parser->qparse(htmlspecialchars($DbRow['Text'])).'</td>'.58 '<td>'.ShowBBcodes(htmlspecialchars($DbRow['Text'])).'</td>'. 61 59 '</tr>'; 62 60 } … … 74 72 if (array_key_exists('a', $_POST)) $Action = $_POST['a']; 75 73 else if (array_key_exists('a', $_GET)) $Action = $_GET['a']; 76 74 else $Action = ''; 77 75 if (array_key_exists('Edit', $_GET)) { 78 76 if (array_key_exists('text', $_POST)) 79 77 $Output .= $this->Edit(); 80 78 $Output .= $this->ShowEditForm(); 81 82 79 } else 83 80 if (array_key_exists('search', $_GET)) … … 101 98 { 102 99 $Output = ''; 103 $Text = $_POST['text']; 104 $DbResult = $this->System->Database->query('UPDATE `ForumText` SET `Text`="'.$_POST['text'].'" WHERE `User` = '.$this->System->User->Id.' AND `ID` = '.$_GET['Edit']); 100 $this->System->Database->query('UPDATE `ForumText` SET `Text`="'.$_POST['text'].'" WHERE `User` = '.$this->System->User->Id.' AND `ID` = '.$_GET['Edit']); 105 101 $Output .= ShowMessage(T('Text edited.')); 106 102 return $Output; … … 132 128 function ShowSearchForum() 133 129 { 134 $parser = new HTML_BBCodeParser2(array('filters' => array('Basic','Extended','Images','Links','Lists','Email')));135 $Count = 20;136 130 $Output = ''; 137 131 … … 153 147 $Output .= '<div><a href="'.$this->System->Link('/forum/?Thread='.$Line['Thread']).'">'. 154 148 htmlspecialchars($Line['ThreadName']).'</a><br /><strong>'.$Line['UserName']. 155 '</strong> ('.HumanDate($Line['Date']).'): '. $parser->qparse(htmlspecialchars($Line['Text'])).'</div> ';149 '</strong> ('.HumanDate($Line['Date']).'): '.ShowBBcodes(htmlspecialchars($Line['Text'])).'</div> '; 156 150 $Output .= '</div>'.$PageList['Output']; 157 151 return $Output; … … 181 175 $Output = ''; 182 176 183 $Parser = new HTML_BBCodeParser2(array('filters' => array('Basic', 'Extended', 'Images', 'Links', 'Lists', 'Email')));184 185 177 if (array_key_exists('search', $_GET)) $_SESSION['search'] = $_GET['search']; 186 178 else if (!array_key_exists('search', $_SESSION)) $_SESSION['search'] = ''; … … 212 204 $edit = '<a href="?Edit='.$Line['ID'].'">'.T('edit').'</a>'; 213 205 } else $edit = ''; 214 $Text = str_replace("\n", '<br />', $Parser->qparse(htmlspecialchars($Line['Text'])));206 $Text = str_replace("\n", '<br />', ShowBBcodes(htmlspecialchars($Line['Text']))); 215 207 $Output .= '<div><span style="float:right;">'.$edit.' ('.HumanDate($Line['Date']). 216 208 ')</span><strong>'.$Line['UserName'].'</strong>: '.$Text.' </div> '; … … 306 298 function ShowRSS() 307 299 { 308 $parser = new HTML_BBCodeParser2(array('filters' => array('Basic','Extended','Images','Links','Lists','Email')));309 310 300 $Items = array(); 311 301 $TitleLength = 50; … … 322 312 'Title' => htmlspecialchars($DbRow['ThreadText']).' - '.$DbRow['UserName'].': ', 323 313 'Link' => 'http://'.$this->System->Config['Web']['Host'].$this->System->Link('/forum/?Thread='.$DbRow['Thread']), 324 'Description' => $parser->qparse(htmlspecialchars($DbRow['Text'])),314 'Description' => ShowBBcodes(htmlspecialchars($DbRow['Text'])), 325 315 'Time' => $DbRow['UnixDate'], 326 316 ); -
trunk/Modules/Log/Log.php
r888 r891 91 91 ( 92 92 'Title' => $LogType['Name'].' ('.$Line['UserName'].', '.$Line['IP'].')', 93 'Link' => 'http ://'.$this->System->Config['Web']['Host'].$this->System->Link('/log/'),93 'Link' => 'https://'.$this->System->Config['Web']['Host'].$this->System->Link('/log/'), 94 94 'Description' => $LogType['Name'].': '.$Line['Text'].' ('.$Line['UserName']. 95 95 ', '.$Line['IP'].', '.HumanDate($Line['Date']).')', … … 101 101 ( 102 102 'Title' => $this->System->Config['Web']['Title'].' - '.T('Logs'), 103 'Link' => 'http ://'.$this->System->Config['Web']['Host'].$this->System->Link('/'),103 'Link' => 'https://'.$this->System->Config['Web']['Host'].$this->System->Link('/'), 104 104 'Description' => $this->System->Config['Web']['Description'], 105 105 'WebmasterEmail' => $this->System->Config['Web']['AdminEmail'], -
trunk/Modules/News/News.php
r888 r891 165 165 ( 166 166 'Title' => $DbRow['Title'], 167 'Link' => 'http ://'.$this->System->Config['Web']['Host'].$this->System->Link('/news/?a=item&i='.$DbRow['Id']),167 'Link' => 'https://'.$this->System->Config['Web']['Host'].$this->System->Link('/news/?a=item&i='.$DbRow['Id']), 168 168 'Description' => $DbRow['Text'].' ('.$DbRow['Name'].')', 169 169 'Time' => $DbRow['UnixTime'], … … 173 173 ( 174 174 'Title' => $this->System->Config['Web']['Title'].' - '.T('System changes'), 175 'Link' => 'http ://'.$this->System->Config['Web']['Host'].$this->System->Link('/news/'),175 'Link' => 'https://'.$this->System->Config['Web']['Host'].$this->System->Link('/news/'), 176 176 'Description' => $this->System->Config['Web']['Description'], 177 177 'WebmasterEmail' => $this->System->Config['Web']['AdminEmail'], -
trunk/Modules/Referrer/Referrer.php
r888 r891 77 77 function ShowList() 78 78 { 79 $Banner = '<a href="http ://'.$this->System->Config['Web']['Host'].$this->System->Link('/').'">'.80 '<img src="http ://'.$this->System->Config['Web']['Host'].$this->System->Link('/banners/wowpreklad_big.jpg').'" '.79 $Banner = '<a href="https://'.$this->System->Config['Web']['Host'].$this->System->Link('/').'">'. 80 '<img src="https://'.$this->System->Config['Web']['Host'].$this->System->Link('/banners/wowpreklad_big.jpg').'" '. 81 81 'alt="wowpreklad" title="Otevřený projekt překládání celé hry World of Warcraft" '. 82 82 'class="banner" height="60" width="468" /></a>'; 83 83 84 $BannerSmall = '<a href="http ://'.$this->System->Config['Web']['Host'].$this->System->Link('/').'">'.85 '<img src="http ://'.$this->System->Config['Web']['Host'].$this->System->Link('/banners/wowpreklad_small.jpg').'" '.84 $BannerSmall = '<a href="https://'.$this->System->Config['Web']['Host'].$this->System->Link('/').'">'. 85 '<img src="https://'.$this->System->Config['Web']['Host'].$this->System->Link('/banners/wowpreklad_small.jpg').'" '. 86 86 'alt="wowpreklad" title="Otevřený projekt překládání celé hry World of Warcraft" '. 87 87 'class="banner" height="31" width="88" /></a>'; -
trunk/Modules/ShoutBox/ShoutBox.php
r888 r891 150 150 ( 151 151 'Title' => $DbRow['UserName'].': '.$Title, 152 'Link' => 'http ://'.$this->System->Config['Web']['Host'].$this->System->Link('/shoutbox/'),152 'Link' => 'https://'.$this->System->Config['Web']['Host'].$this->System->Link('/shoutbox/'), 153 153 'Description' => $DbRow['Text'], 154 154 'Time' => $DbRow['UnixDate'], … … 158 158 ( 159 159 'Title' => $this->System->Config['Web']['Title'].' - '.T('Shoutbox'), 160 'Link' => 'http ://'.$this->System->Config['Web']['Host'].$this->System->Link('/shoutbox/'),160 'Link' => 'https://'.$this->System->Config['Web']['Host'].$this->System->Link('/shoutbox/'), 161 161 'Description' => $this->System->Config['Web']['Description'], 162 162 'WebmasterEmail' => $this->System->Config['Web']['AdminEmail'], -
trunk/Modules/User/Profile.php
r888 r891 120 120 function ShowLastForum() 121 121 { 122 $parser = new HTML_BBCodeParser2(array('filters' => array('Basic','Extended','Images','Links','Lists','Email')));123 122 $Count = 20; 124 123 $Output = '<strong>'.T('Latest forum posts').':</strong>'; … … 132 131 while ($Line = $DbResult->fetch_assoc()) 133 132 $Output .= '<div><a href="'.$this->System->Link('/forum/?Thread='.$Line['Thread']).'">'.htmlspecialchars($Line['ThreadName']).'</a><br />'. 134 '<strong>'.$Line['UserName'].'</strong> ('.HumanDate($Line['Date']).'): '. $parser->qparse(htmlspecialchars($Line['Text'])).'</div> ';133 '<strong>'.$Line['UserName'].'</strong> ('.HumanDate($Line['Date']).'): '.ShowBBcodes(htmlspecialchars($Line['Text'])).'</div> '; 135 134 $Output .= '</div>'; 136 135 return $Output; -
trunk/includes/Global.php
r888 r891 10 10 include_once(dirname(__FILE__).'/../Application/UpdateTrace.php'); 11 11 include_once(dirname(__FILE__).'/PageEdit.php'); 12 require_once(dirname(__FILE__).'/../HTML/BBCodeParser2.php');13 12 14 13 // Back compatibility, will be removed … … 134 133 $DbRow = $DbResult->fetch_assoc(); 135 134 $lang = $DbRow['Code']; 136 $url = 'http ://translate.google.cz/?sl=en&tl='.$lang.'&text='.$text;135 $url = 'https://translate.google.cz/?sl=en&tl='.$lang.'&text='.$text; 137 136 138 137 error_reporting(E_ALL ^ E_WARNING); … … 786 785 else return $_SERVER['PHP_SELF']; 787 786 } 787 788 function ShowBBcodes($text) 789 { 790 // NOTE : I had to update this sample code with below line to prevent obvious attacks as pointed out by many users. 791 // Always ensure that user inputs are scanned and filtered properly. 792 $text = htmlspecialchars($text, ENT_QUOTES, 'UTF-8'); 793 794 // BBcode array 795 $find = array( 796 '~\[b\](.*?)\[/b\]~s', 797 '~\[i\](.*?)\[/i\]~s', 798 '~\[u\](.*?)\[/u\]~s', 799 '~\[quote\](.*?)\[/quote\]~s', 800 '~\[size=(.*?)\](.*?)\[/size\]~s', 801 '~\[color=(.*?)\](.*?)\[/color\]~s', 802 '~\[url\]((?:ftp|https?)://.*?)\[/url\]~s', 803 '~\[img\](https?://.*?\.(?:jpg|jpeg|gif|png|bmp))\[/img\]~s' 804 ); 805 806 // HTML tags to replace BBcode 807 $replace = array( 808 '<b>$1</b>', 809 '<i>$1</i>', 810 '<span style="text-decoration:underline;">$1</span>', 811 '<pre>$1</'.'pre>', 812 '<span style="font-size:$1px;">$2</span>', 813 '<span style="color:$1;">$2</span>', 814 '<a href="$1">$1</a>', 815 '<img src="$1" alt="" />' 816 ); 817 818 // Replacing the BBcodes with corresponding HTML tags 819 return preg_replace($find, $replace, $text); 820 }
Note:
See TracChangeset
for help on using the changeset viewer.