updates from sein

2009-11-24 13:57:37 +00:00 · 2009-11-24 13:57:37 +00:00 · 4e95149c4b
commit 4e95149c4b
parent a14b2a8a63
2 changed files with 9 additions and 7 deletions
--- a/contrib/forum/main.php
+++ b/contrib/forum/main.php
@ -197,7 +197,7 @@ class Forum extends SimpleExtension {
                $hasErrors = true;
                $errors .= "<div id='error'>You cannot have an empty title.</div>";
            }
-            else if (strlen(mysql_real_escape_string(htmlspecialchars($_POST["title"]))) > 255)
+            else if (strlen(mysql_real_escape_string(html_escape($_POST["title"]))) > 255)
            {
                $hasErrors = true;
                $errors .= "<div id='error'>Your title is too long.</div>";
@ -274,7 +274,7 @@ class Forum extends SimpleExtension {
                "INNER JOIN forum_posts AS p ".
                "ON p.thread_id = f.id ".
                "GROUP BY f.id, f.sticky, f.title, f.date, u.name, u.email, u.admin ".
-                "ORDER BY f.sticky DESC, f.uptodate DESC LIMIT ?, ?"
+                "ORDER BY f.sticky ASC, f.uptodate DESC LIMIT ?, ?"
                , array($pageNumber * $threadsPerPage, $threadsPerPage)
            );
 			
@ -318,7 +318,7 @@ class Forum extends SimpleExtension {

        private function save_new_thread($user)
        {
-            $title = mysql_real_escape_string(htmlspecialchars($_POST["title"]));
+            $title = mysql_real_escape_string(html_escape($_POST["title"]));
 			$sticky = html_escape($_POST["sticky"]);
 			
 			if($sticky == ""){
@ -344,7 +344,7 @@ class Forum extends SimpleExtension {
        {
 			global $config;
            $userID = $user->id;
-            $message = mysql_real_escape_string(htmlspecialchars($_POST["message"]));
+            $message = mysql_real_escape_string(html_escape($_POST["message"]));
 			
 			$max_characters = $config->get_int('forumMaxCharsPerPost');
 			$message = substr($message, 0, $max_characters);
--- a/contrib/forum/theme.php
+++ b/contrib/forum/theme.php
@ -110,9 +110,11 @@ class ForumTheme extends Themelet {
            $message = str_replace('\n', '<br>', $message);
            $message = str_replace('\r', '<br>', $message);
 			
+			$message = stripslashes($message);
+			
            $user = "<a href='".make_link("user/".$post["user_name"]."")."'>".$post["user_name"]."</a>";

-			$poster = User::by_name($post["user_name"]);
+            $poster = User::by_name($post["user_name"]);
 			$gravatar = $poster->get_avatar_html();

            $oe = ($n++ % 2 == 0) ? "even" : "odd";
@ -120,7 +122,7 @@ class ForumTheme extends Themelet {
 			if ($post["user_admin"] == "Y") {
 			$rank = "<sup>admin</sup>";
 			} else {
-			$rank = "<small>user</small>";
+			$rank = "<sup>user</sup>";
 			}
 			
 			$postID = $post['id'];
@ -224,4 +226,4 @@ class ForumTheme extends Themelet {
        return $html;
    }
 }
-?>
+?>