ChangeSet ID: 26321 CVSROOT: /opt/cvs-commit Module name: appdb Changes by: wineowner@winehq.org 2006/07/07 11:22:04
Modified files: . : addcomment.php
Log message: Jonathan Ernst jonathan@ernstfamily.ch Enable filtering in addcomment.php
Patch: http://cvs.winehq.org/patch.py?id=26321
Old revision New revision Changes Path 1.31 1.32 +1 -15 appdb/addcomment.php
Index: appdb/addcomment.php diff -u -p appdb/addcomment.php:1.31 appdb/addcomment.php:1.32 --- appdb/addcomment.php:1.31 7 Jul 2006 16:22: 4 -0000 +++ appdb/addcomment.php 7 Jul 2006 16:22: 4 -0000 @@ -14,16 +14,10 @@ // application environment include("path.php"); require(BASE."include/incl.php"); +require(BASE."include/filter.php"); require(BASE."include/application.php"); require(BASE."include/mail.php");
-$aClean = array(); //array of filtered user input - -$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']); -$aClean['iThread'] = makeSafe($_REQUEST['iThread']); -$aClean['sBody'] = makeSafe($_REQUEST['sBody']); -$aClean['sSubject'] = makeSafe($_REQUEST['sSubject']); - // you must be logged in to submit comments if(!$_SESSION['current']->isLoggedIn()) { @@ -32,14 +26,6 @@ if(!$_SESSION['current']->isLoggedIn()) exit; }
-if( !is_numeric($aClean['iVersionId']) ) - util_show_error_page_and_exit('Internal Database Access Error'); - -if(!is_numeric($aClean['iThread'])) -{ - $aClean['iThread'] = 0; -} - // the user submitted his comment if(!empty($aClean['sBody'])) {