diff --git a/checkin_notes b/checkin_notes index a7ab64e63c..33cc988f6d 100755 --- a/checkin_notes +++ b/checkin_notes @@ -8226,3 +8226,11 @@ David 7 Dec 2003 backend_lib.C create_work.C process_result_template.C + +David 7 Dec 2003 + - Changed db_dump so that it doesn't chdir() into the output directory + (it it does, and it crashes, that makes its core file + visible to the world, and that may contain private info) + + sched/ + db_dump.C diff --git a/html/forum/forum.inc b/html/forum/forum.inc index 07b3057b3a..26b6d5ad67 100644 --- a/html/forum/forum.inc +++ b/html/forum/forum.inc @@ -432,7 +432,7 @@ function show_forum_title($forum=NULL, $thread=NULL, $helpdesk=false) { echo "", " Message boards : "; } echo "id, "\">", $forum->title, " : "; - echo $thread->title; + echo stripslashes($thread->title); echo "
"; } else { echo "Invalid input to show_forum_title
"; diff --git a/html/forum/thread.php b/html/forum/thread.php index 012f5109c0..a4369c147f 100644 --- a/html/forum/thread.php +++ b/html/forum/thread.php @@ -43,24 +43,22 @@ if ($sort_style == NULL) { $is_subscribed = false; if ($logged_in_user) { - $result = mysql_query("SELECT * FROM subscriptions WHERE (userid = " . $logged_in_user->id . ") AND (threadid = " . $thread->id . ")"); + $result = mysql_query("SELECT * FROM subscriptions WHERE userid = " . $logged_in_user->id . " AND threadid = " . $thread->id); if ($result) { $is_subscribed = (mysql_num_rows($result) > 0); } } -// TODO: Include this in show_forum_title? +show_forum_title($forum, $thread, $category->is_helpdesk); echo " -
- + + - - + "; + echo "\n"; } echo "\n
+
"; -show_forum_title($forum, $thread, $category->is_helpdesk); - $link = "id; if ($category->is_helpdesk) { $link = $link . "&helpdesk=1#input>Answer this question"; @@ -72,9 +70,9 @@ echo $link, "
"; if ($is_subscribed) { if ($category->is_helpdesk) { - echo "You are currently subscribed to this question. "; + echo "You are subscribed to this question. "; } else { - echo "You are currently subscribed to this thread. "; + echo "You are subscribed to this thread. "; } echo "id>Click here to unsubscribe."; } else { @@ -91,7 +89,7 @@ if (!$category->is_helpdesk) { echo "		Sort / Filter "; show_combo_from_array("sort", $thread_sort_styles, $sort_style); show_combo_from_array("filter", $thread_filter_styles, $filter_min); - echo "\n
\n
\n"; diff --git a/sched/db_dump.C b/sched/db_dump.C index 1470a6ed93..da4eba9342 100644 --- a/sched/db_dump.C +++ b/sched/db_dump.C @@ -75,11 +75,18 @@ int nrecs_per_file_detail; bool zip_files = false; string zip_cmd; +char file_dir[256]; + +char* file_path(char* filename) { + static char buf[256]; + sprintf(buf, "%s/%s", file_dir, filename); + return buf; +} // class that automatically compresses on close class ZFILE { protected: - string tag; + string tag; // enclosing XML tag FILE* f; string filename; bool zip_file; @@ -98,7 +105,7 @@ public: vsprintf(filename_buf, filename_format, ap); va_end(ap); - filename = filename_buf; + filename = file_path(filename_buf); f = fopen(filename.c_str(), "w"); if (!f) { @@ -545,16 +552,15 @@ int tables_file() { int main(int argc, char** argv) { SCHED_CONFIG config; int retval, i; - char dir[256]; check_stop_trigger(); nrecs_per_file_summary = DEFAULT_NRECS_PER_FILE_SUMMARY; nrecs_per_file_detail = DEFAULT_NRECS_PER_FILE_DETAIL; - strcpy(dir, ""); + strcpy(file_dir, "."); for (i=1; i