ChangeSet ID: 26321 CVSROOT: /opt/cvs-commit Module name: appdb Changes by: wineowner(a)winehq.org 2006/07/07 11:22:04 Modified files: . : addcomment.php Log message: Jonathan Ernst <jonathan(a)ernstfamily.ch> Enable filtering in addcomment.php Patch: http://cvs.winehq.org/patch.py?id=26321 Old revision New revision Changes Path 1.31 1.32 +1 -15 appdb/addcomment.php Index: appdb/addcomment.php diff -u -p appdb/addcomment.php:1.31 appdb/addcomment.php:1.32 --- appdb/addcomment.php:1.31 7 Jul 2006 16:22: 4 -0000 +++ appdb/addcomment.php 7 Jul 2006 16:22: 4 -0000 @@ -14,16 +14,10 @@ // application environment include("path.php"); require(BASE."include/incl.php"); +require(BASE."include/filter.php"); require(BASE."include/application.php"); require(BASE."include/mail.php"); -$aClean = array(); //array of filtered user input - -$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']); -$aClean['iThread'] = makeSafe($_REQUEST['iThread']); -$aClean['sBody'] = makeSafe($_REQUEST['sBody']); -$aClean['sSubject'] = makeSafe($_REQUEST['sSubject']); - // you must be logged in to submit comments if(!$_SESSION['current']->isLoggedIn()) { @@ -32,14 +26,6 @@ if(!$_SESSION['current']->isLoggedIn()) exit; } -if( !is_numeric($aClean['iVersionId']) ) - util_show_error_page_and_exit('Internal Database Access Error'); - -if(!is_numeric($aClean['iThread'])) -{ - $aClean['iThread'] = 0; -} - // the user submitted his comment if(!empty($aClean['sBody'])) {