diff --git a/html/inc/forum.inc b/html/inc/forum.inc
index f850901338..88792e4154 100644
--- a/html/inc/forum.inc
+++ b/html/inc/forum.inc
@@ -515,10 +515,6 @@ function show_post(
global $country_to_iso3166_2;
$user = BoincUser::lookup_id($post->user);
- BoincForumPrefs::lookup($user);
- if (is_banished($user) && !is_moderator($logged_in_user, $forum)) {
- return;
- }
// If the user no longer exists, skip the post
//
@@ -527,6 +523,11 @@ function show_post(
}
$config = get_config();
+ BoincForumPrefs::lookup($user);
+ if (is_banished($user) && !is_moderator($logged_in_user, $forum)) {
+ return;
+ }
+
$no_forum_rating = parse_bool($config, "no_forum_rating");
$tokens = "";
@@ -754,6 +755,11 @@ function show_post_and_context($post, $thread, $forum, $options, $n) {
$content = output_transform($post->content, $options);
$when = time_diff_str($post->timestamp, time());
$user = BoincUser::lookup_id($post->user);
+ if (!$user){
+ return;
+ }
+
+ $config = get_config();
$title = cleanup_title($thread->title);
if ($post->hidden) {
$deleted = "
[".tra("Hidden by a moderator")."]";
@@ -1322,6 +1328,7 @@ function show_thread_and_context($thread, $user) {
if (!$thread_forum) return;
if (!is_forum_visible_to_user($thread_forum, $user)) return;
$owner = BoincUser::lookup_id($thread->owner);
+ if (!$owner) return;
echo "| \n";
switch($thread_forum->parent_type) {
case 0:
diff --git a/html/inc/text_transform.inc b/html/inc/text_transform.inc
index 8df556efc0..d5d5f31621 100644
--- a/html/inc/text_transform.inc
+++ b/html/inc/text_transform.inc
@@ -68,7 +68,7 @@ function output_transform($text, $options = NULL) {
$options = new output_options; // Defaults in the class definition
}
if ($options->htmlitems) {
- $text = htmlspecialchars($text);
+ $text = htmlspecialchars($text, ENT_COMPAT | ENT_HTML401 | ENT_SUBSTITUTE);
}
if (is_array($options->highlight_terms)) {
$text = highlight_terms($text, $options->highlight_terms);
diff --git a/html/user/create_profile.php b/html/user/create_profile.php
index 8c810a04f4..7921d837e1 100644
--- a/html/user/create_profile.php
+++ b/html/user/create_profile.php
@@ -18,7 +18,7 @@
// TODO: the following is organized in a funky way. Clean it up
-require_once("..inc/util.inc");
+require_once("../inc/util.inc");
require_once("../inc/profile.inc");
require_once("../inc/akismet.inc");
require_once("../inc/recaptchalib.php");
@@ -54,11 +54,11 @@ function show_picture_option($profile) {
row1(tra("Picture"));
$warning = "";
- if (profile_screening() && $profile->has_picture) {
+ if (profile_screening() && $profile && $profile->has_picture) {
$warning = offensive_profile_warning($profile->verification);
}
- if (($profile) && ($profile->has_picture)) {
+ if ($profile && ($profile->has_picture)) {
echo "
|
thread);
+if (!$thread) error_page("No such thread.");
$forum = BoincForum::lookup_id($thread->forum);
+if (!$forum) error_page("No such forum.");
$user = get_logged_in_user();
BoincForumPrefs::lookup($user);
diff --git a/html/user/forum_thread.php b/html/user/forum_thread.php
index bf4d7eef56..a85ce95c12 100644
--- a/html/user/forum_thread.php
+++ b/html/user/forum_thread.php
@@ -53,11 +53,11 @@ if ($threadid < 1) {
}
$thread = BoincThread::lookup_id($threadid);
-$forum = BoincForum::lookup_id($thread->forum);
if (!$thread) {
error_page("Bad thread ID");
}
+$forum = BoincForum::lookup_id($thread->forum);
if (!is_forum_visible_to_user($forum, $logged_in_user)) {
if ($logged_in_user) {
|