ChangeSet ID: 26331 CVSROOT: /opt/cvs-commit Module name: appdb Changes by: wineowner(a)winehq.org 2006/07/07 12:16:42 Modified files: . : deletecomment.php commentview.php Log message: Jonathan Ernst <jonathan(a)ernstfamily.ch> Enable filtering in commentview.php and deletecomment.php Patch: http://cvs.winehq.org/patch.py?id=26331 Old revision New revision Changes Path 1.28 1.29 +1 -6 appdb/deletecomment.php 1.12 1.13 +1 -10 appdb/commentview.php Index: appdb/deletecomment.php diff -u -p appdb/deletecomment.php:1.28 appdb/deletecomment.php:1.29 --- appdb/deletecomment.php:1.28 7 Jul 2006 17:16:42 -0000 +++ appdb/deletecomment.php 7 Jul 2006 17:16:42 -0000 @@ -13,15 +13,10 @@ // application environment include("path.php"); require(BASE."include/incl.php"); +require(BASE."include/filter.php"); require(BASE."include/application.php"); require(BASE."include/mail.php"); -$aClean = array(); //array of filtered user input - -$aClean['sWhy'] = makeSafe($_REQUEST['sWhy']); -$aClean['iCommentId'] = makeSafe($_REQUEST['iCommentId']); -$aClean['iDeleteIt'] = makeSafe($_REQUEST['iDeleteIt']); - $oComment = new Comment($aClean['iCommentId']); /** Index: appdb/commentview.php diff -u -p appdb/commentview.php:1.12 appdb/commentview.php:1.13 --- appdb/commentview.php:1.12 7 Jul 2006 17:16:42 -0000 +++ appdb/commentview.php 7 Jul 2006 17:16:42 -0000 @@ -10,20 +10,11 @@ */ include("path.php"); include(BASE."include/incl.php"); +include(BASE."include/filter.php"); require_once(BASE."include/comment.php"); -$aClean = array(); //array of filtered user input - -$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']); -$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']); -$aClean['iThreadId'] = makeSafe($_REQUEST['iThreadId']); - apidb_header("Comments"); - -if(!is_numeric($aClean['iAppId']) OR !is_numeric($aClean['iVersionId']) OR (!empty($aClean['iThreadId']) AND !is_numeric($aClean['iThreadId']))) - util_show_error_page_and_exit("Wrong IDs"); - view_app_comments($aClean['iVersionId'], $aClean['iThreadId']); apidb_footer();