From 7035d1190610099bfffc206a662ae599b1db01d8 Mon Sep 17 00:00:00 2001 From: David Anderson Date: Sun, 9 Jan 2005 21:52:22 +0000 Subject: [PATCH] *** empty log message *** svn path=/trunk/boinc/; revision=5045 --- checkin_notes | 11 +++++ html/inc/forum.inc | 93 +++++++++++++++++++++----------------- html/inc/forum_show.inc | 38 +++++++++------- html/user/forum_thread.php | 7 +-- 4 files changed, 88 insertions(+), 61 deletions(-) diff --git a/checkin_notes b/checkin_notes index 1097f100f9..d45894a4d6 100755 --- a/checkin_notes +++ b/checkin_notes @@ -22439,3 +22439,14 @@ David 9 Jan 2005 html/inc/ forum.inc profile.inc + +David 9 Oct 2005 + - message board fixes - show thread titles using htmlspecialchars() + prevent invisible titles + + html/ + inc/ + forum.inc + forum_show.inc + user/ + forum_thread.php diff --git a/html/inc/forum.inc b/html/inc/forum.inc index 16b3260224..9e177c4b21 100644 --- a/html/inc/forum.inc +++ b/html/inc/forum.inc @@ -68,6 +68,14 @@ $post_ratings['0'] = "Neutral"; $post_ratings['-1'] = "Not helpful (-1)"; $post_ratings['-2'] = "Off topic (-2)"; +// process a user-supplied title to remove HTML stuff +// +function cleanup_title($title) { + $x = trim(htmlspecialchars(strip_tags($title))); + if (strlen($x)==0) return "(no title)"; + else return $x; +} + function getCategories() { $langID = (!empty($_SESSION['lang']['id']))?$_SESSION['lang']['id']:1; $sql = "SELECT * FROM category WHERE lang = ".$langID." AND is_helpdesk = 0 ORDER BY orderID ASC"; @@ -226,16 +234,16 @@ function getForumPreferences($user){ $user->jump_to_unread=$prefs->jump_to_unread; $user->hide_signatures=$prefs->hide_signatures; $user->rated_posts=$prefs->rated_posts; - $user->low_rating_threshold=$prefs->low_rating_threshold; - $user->high_rating_threshold=$prefs->high_rating_threshold; + $user->low_rating_threshold=$prefs->low_rating_threshold; + $user->high_rating_threshold=$prefs->high_rating_threshold; $user->ignorelist=$prefs->ignorelist; $user->forum_preferences=1; - - //Set defaults in certain cases: - if ($user->low_rating_threshold==0 and $user->high_rating_threshold==0){ - $user->low_rating_threshold=DEFAULT_LOW_RATING_THRESHOLD; - $user->high_rating_threshold=DEFAULT_HIGH_RATING_THRESHOLD; - } + + //Set defaults in certain cases: + if ($user->low_rating_threshold==0 and $user->high_rating_threshold==0){ + $user->low_rating_threshold=DEFAULT_LOW_RATING_THRESHOLD; + $user->high_rating_threshold=DEFAULT_HIGH_RATING_THRESHOLD; + } } else { mysql_query("insert into forum_preferences set userid='".$user->id."'"); $user->forum_preferences=0; @@ -272,7 +280,7 @@ function setSortStyle($user,$place,$new_style){ list($forum,$thread,$faq,$answer)=explode("|",$_COOKIE['sorting']); $$place=$new_style; setcookie('sorting', implode("|",array($forum,$thread,$faq,$answer)), time()+3600*24*365); - } + } } function getThreadLastVisited($user, $thread){ @@ -331,8 +339,9 @@ function createThread($forumID, $ownerID, $title, $content, $add_signature=false $title = addslashes(sanitize_html($title)); $content = addslashes(sanitize_html(stripslashes($content))); - $title = trim($title); - if (strlen(strip_tags($title)) == 0) { + $title = strip_tags(trim($title)); + if (strlen($title) == 0) { + echo "empty title\n"; return 0; } @@ -399,7 +408,7 @@ function updateThread($threadID, $title) { $result = mysql_query($sql); if (!$result) return false; return true; -} +} /* display functions */ @@ -418,8 +427,7 @@ function show_posts($thread, $sort_style, $filter, $show_controls=true, $do_colo $posts = getPosts($thread->id, -1, -1, $sort_style); $logged_in_user = getThreadLastVisited($logged_in_user,$thread); setThreadLastVisited($logged_in_user,$thread); - - + $firstPost = getFirstPost($thread->id); if ($is_helpdesk) { @@ -440,7 +448,7 @@ function show_posts($thread, $sort_style, $filter, $show_controls=true, $do_colo } } } - + if ($logged_in_user->jump_to_unread){ if ($first_unread_post->id!=""){ echo ""; @@ -451,7 +459,7 @@ function show_posts($thread, $sort_style, $filter, $show_controls=true, $do_colo } function show_post($post, $thread, $logged_in_user, $n, $controls=FORUM_CONTROLS, $separate=false, $filter=true) { - global $post_ratings; // <------ Old obsolete rating method (remove someday) + global $post_ratings; // <------ Old obsolete rating method (remove someday) $user = lookup_user_id($post->user); $user = getForumPreferences($user); @@ -462,15 +470,14 @@ function show_post($post, $thread, $logged_in_user, $n, $controls=FORUM_CONTROLS //If the user that made this post is on the list of people to ignore, change thresholds to be more strict if (in_array($user->id,explode("|",$logged_in_user->ignorelist))){ - $user_is_on_ignorelist=true; - $rated_below_threshold = ($logged_in_user->high_rating_threshold>($post->score*$post->votes)); - $rated_above_threshold = ($logged_in_user->high_rating_threshold+abs($logged_in_user->low_rating_threshold)<($post->score*$post->votes)); - } else { //Use normal threshold values + $user_is_on_ignorelist=true; + $rated_below_threshold = ($logged_in_user->high_rating_threshold>($post->score*$post->votes)); + $rated_above_threshold = ($logged_in_user->high_rating_threshold+abs($logged_in_user->low_rating_threshold)<($post->score*$post->votes)); + } else { //Use normal threshold values $rated_below_threshold = ($logged_in_user->low_rating_threshold>($post->score*$post->votes)); - $rated_above_threshold = ($logged_in_user->high_rating_threshold<($post->score*$post->votes)); + $rated_above_threshold = ($logged_in_user->high_rating_threshold<($post->score*$post->votes)); } - $can_edit = $logged_in_user && $user->id == $logged_in_user->id; echo " @@ -480,7 +487,7 @@ function show_post($post, $thread, $logged_in_user, $n, $controls=FORUM_CONTROLS "; echo user_links($user, URL_BASE); - + if ($user->special_user) { //If this user is somehow special if ($user->special_user==1) $fstatus=ST_ADMIN; //this is displayed in the forums if ($user->special_user==2) $fstatus=ST_MODERATOR; //so that people know who they are @@ -498,14 +505,15 @@ function show_post($post, $thread, $logged_in_user, $n, $controls=FORUM_CONTROLS echo "
", $user->id, ""; // Try and circumvent various forms of // of identity spoofing by displaying the - // user id of the poster, its cheep, easy, + // user id of the poster, its cheep, easy, // and doesn't require any additional database // calls. if (!$filter || !$rated_below_threshold){ echo "

"; - if ($user->has_avatar and $logged_in_user->hide_avatars!=1) - echo "avatar."\" alt=\"Avatar\">
"; - echo "Joined: ", gmdate('M j, Y', $user->create_time), "
Posts: ", $user->posts, "

"; + if ($user->has_avatar and $logged_in_user->hide_avatars!=1) { + echo "avatar."\" alt=\"Avatar\">
"; + } + echo "Joined: ", gmdate('M j, Y', $user->create_time), "
Posts: ", $user->posts, "

"; } echo " @@ -515,7 +523,7 @@ function show_post($post, $thread, $logged_in_user, $n, $controls=FORUM_CONTROLS if ($controls == FORUM_CONTROLS || $controls == HELPDESK_CONTROLS) { echo "
id, "\" method=\"post\">"; } - + echo " @@ -527,8 +535,8 @@ function show_post($post, $thread, $logged_in_user, $n, $controls=FORUM_CONTROLS if ($rated_above_threshold){ echo "\"!\""; } - - echo " + + echo " Posted: ", pretty_time_str($post->timestamp); ; @@ -536,14 +544,14 @@ function show_post($post, $thread, $logged_in_user, $n, $controls=FORUM_CONTROLS if ($can_edit && $controls != NO_CONTROLS) echo " id\">[Edit this post]"; if ($post->modified) echo "
Last modified: ", pretty_time_Str($post->modified); if ($rated_below_threshold && $filter){ - if ($user_is_on_ignorelist) $andtext=" and the user is on your ignore list"; - echo "
This post has been filtered (rating: ".($post->score * $post->votes).")$andtext, press id."&filter=false#".$post->id."\">here to view this thread without filtering"; + if ($user_is_on_ignorelist) $andtext=" and the user is on your ignore list"; + echo "
This post has been filtered (rating: ".($post->score * $post->votes).")$andtext, press id."&filter=false#".$post->id."\">here to view this thread without filtering"; } - + echo "\n\n"; if ($controls == FORUM_CONTROLS) { - //no special controls in forum + //no special controls in forum } else if ($controls == HELPDESK_CONTROLS && $separate) { echo " "; } - + if ($controls == FORUM_CONTROLS) { echo ""; } else if ($controls == HELPDESK_CONTROLS && !$separate) { echo ""; } - echo "
@@ -565,12 +573,13 @@ function show_post($post, $thread, $logged_in_user, $n, $controls=FORUM_CONTROLS echo ""; } - if (!$filter || !$rated_below_threshold){ //If either filtering is turned off of this post is not below the threshold + //If either filtering is turned off of this post is not below the threshold + if (!$filter || !$rated_below_threshold){ $posttext=nl2br(stripslashes($post->content)); if ($post->signature && !$logged_in_user->hide_signatures){ //If the creator of this post has a signature and $posttext.=nl2br("\n".stripslashes($user->signature)); //wants it to be shown for this post AND the logged in } //user has signatures enabled: show it - + if ($logged_in_user->images_as_links==1){ $posttext=image_as_link($posttext); } @@ -588,13 +597,13 @@ function show_post($post, $thread, $logged_in_user, $n, $controls=FORUM_CONTROLS } else { echo " / Rating: ", round(intval(($post->score * $post->votes)+0.01),0), " - rate: id."&choice=p\">+ / id."&choice=n\">-[id . "&post=" . $post->id . "#input\">Reply to this post][id . "&post=" . $post->id . "&helpdesk=1#input\">Reply to this answer]
"; + echo ""; } echo ""; if ($separate) { @@ -642,7 +651,7 @@ function image_as_link($text){ $out.=substr($text,$i); //Output the rest return $out; } - + function start_forum_table($headings, $span=NULL) { echo " @@ -712,7 +721,7 @@ function show_forum_title($forum=NULL, $thread=NULL, $helpdesk=false) { echo "", " Message boards : "; } echo "id\">", $forum->title, " : "; - echo strip_tags(stripslashes($thread->title)); + echo cleanup_title($thread->title); echo "
"; } else { echo "Invalid input to show_forum_title
"; @@ -726,7 +735,7 @@ function show_thread($thread, $n) { $forum = getForum($thread->forum); $category = getCategory($forum->category); $first_post = getFirstPost($thread->id); - $title = stripslashes($thread->title); + $title = cleanup_title($thread->title); $where = $category->is_helpdesk?"Questions and answers":"Message boards"; $top_url = $category->is_helpdesk?"forum_help_desk.php":"forum_index.php"; $excerpt = sub_sentence(stripslashes($first_post->content), ' ', EXCERPT_LENGTH, true); @@ -762,7 +771,7 @@ function show_post2($post, $n) { $content = nl2br(stripslashes($post->content)); $when = time_diff_str($post->timestamp, time()); $user = lookup_user_id($post->user); - $title = stripslashes($thread->title); + $title = cleanup_title($thread->title); $m = $n%2; echo " diff --git a/html/inc/forum_show.inc b/html/inc/forum_show.inc index 1ab993c3cd..234d24d68d 100644 --- a/html/inc/forum_show.inc +++ b/html/inc/forum_show.inc @@ -87,29 +87,35 @@ function show_forum($category, $forum, $start, $sort_style, $logged_in_user) { while ($thread = mysql_fetch_object($threads)) { $user = lookup_user_id($thread->owner); - $logged_in_user=getThreadLastVisited($logged_in_user,$thread); - $unread = ($thread->timestamp>$logged_in_user->thread_last_visited); + $logged_in_user=getThreadLastVisited($logged_in_user,$thread); + $unread = ($thread->timestamp>$logged_in_user->thread_last_visited); echo " "; - - //Show thread icons: - if (!$category->is_helpdesk){ - echo ""; - if (!$user->disable_filtering){ - $first_post = getFirstPost($thread->id); - if ($first_post->score*$first_post->votes>$logged_in_user->high_rating_threshold) echo "\"Emphasized"; - if ($first_post->score*$first_post->votes<$logged_in_user->low_rating_threshold) echo "\"Filtered"; - } - if ($unread) echo "\"Unread"; - echo ""; - } - echo "id, "\">", strip_tags(stripslashes($thread->title)), "
"; + + //Show thread icons: + if (!$category->is_helpdesk) { + echo ""; + if (!$user->disable_filtering) { + $first_post = getFirstPost($thread->id); + if ($first_post->score*$first_post->votes>$logged_in_user->high_rating_threshold) { + echo "\"Emphasized"; + } + if ($first_post->score*$first_post->votes<$logged_in_user->low_rating_threshold) { + echo "\"Filtered"; + } + } + if ($unread) { + echo "\"Unread"; + } + echo ""; + } + echo "id, "\">", cleanup_title($thread->title), "
"; $n = ($n+1)%2; if ($category->is_helpdesk) { $first_post = getFirstPost($thread->id); - $excerpt = sub_sentence($first_post->content, ' ', EXCERPT_LENGTH, true); + $excerpt = sub_sentence($first_post->content, ' ', EXCERPT_LENGTH, true); echo strip_tags(stripslashes($excerpt)); $na = $thread->sufferers + 1; $x = time_diff_str($first_post->timestamp, time()); diff --git a/html/user/forum_thread.php b/html/user/forum_thread.php index 08751b239f..004e3d75da 100644 --- a/html/user/forum_thread.php +++ b/html/user/forum_thread.php @@ -31,13 +31,14 @@ $category = getCategory($forum->category); $logged_in_user = get_logged_in_user(false); $logged_in_user = getForumPreferences($logged_in_user); +$title = cleanup_title($thread->title); if ($category->is_helpdesk) { if (!$sort_style) { $sort_style = getSortStyle($logged_in_user,"answer"); } else { setSortStyle($logged_in_user,"answer", $sort_style); } - page_head(PROJECT.': Questions and problems : '.$thread->title); + page_head(PROJECT.': Questions and problems : '.$title); } else { if (!$sort_style) { $sort_style = getSortStyle($logged_in_user,"thread"); @@ -45,9 +46,9 @@ if ($category->is_helpdesk) { setSortStyle($logged_in_user,"thread", $sort_style); } if ($logged_in_user->jump_to_unread){ - page_head(PROJECT.': Message boards : '.$thread->title, 'jumpToUnread();'); + page_head(PROJECT.': Message boards : '.$title, 'jumpToUnread();'); } else { - page_head(PROJECT.': Message boards : '.$thread->title); + page_head(PROJECT.': Message boards : '.$title); } }