Changeset 47 for dev/common/comments.php

Show
Ignore:
Timestamp:
11/04/06 05:44:08 (14 years ago)
Author:
exi
Message:

Added Custom Shipvalue System, to be enabled in options, as always with autoupgrade(tm) ;)
Changed commenttablefield id to lowercase via autoupgrade.php, compat added in comments.php
Disabled immediate portrait update on IGB-Access

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • dev/common/comments.php

    r45 r47  
    44function bbencode($string) 
    55{ 
    6     $string = strip_tags(&$string); 
     6    $string = strip_tags(stripslashes($string)); 
    77    $string = str_replace(array('[b]','[/b]','[i]','[/i]','[u]','[/u]'), 
    88                          array('<b>','</b>','<i>','</i>','<u>','</u>'), $string); 
     
    1010    $string = preg_replace('^\[kill=(.*?)](.*?)\[/kill]^', '<a href="\?a=kill_detail&kll_id=\1">\2</a>', $string); 
    1111    $string = preg_replace('^\[pilot=(.*?)](.*?)\[/pilot]^', '<a href="\?a=pilot_detail&plt_id=\1">\2</a>', $string); 
    12         return nl2br($string); 
     12        return nl2br(addslashes($string)); 
    1313} 
    1414 
     
    3030        if ($_POST['comment'] == '') 
    3131        { 
    32             $html .= "Error: Sillent type hey? good for you, bad for a comment."; 
     32            $html .= "Error: Silent type hey? good for you, bad for a comment."; 
    3333        } 
    3434        else 
     
    5656 
    5757$qry = new DBQuery(); 
    58 $qry->execute("SELECT * FROM kb3_comments WHERE `kll_id` = $kll_id"); 
     58$qry->execute("SELECT id,* FROM kb3_comments WHERE `kll_id` = $kll_id"); 
    5959if ($qry->recordCount() == 0) 
    6060{ 
     
    6767    { 
    6868        $name = $data['name']; 
    69         $comment = $data['comment']; 
     69        $comment = stripslashes($data['comment']); 
    7070        $html .= "\n<div class=\"comment-text\" style=\"position: relative;\"><a href=\"?a=search&searchtype=pilot&searchphrase=".$name."\">".$name."</a>:"; 
    7171        if ($data['posttime'] && $data['posttime'] != '0000-00-00 00:00:00') 
     
    7676        if ($page->isAdmin()) 
    7777        { 
    78             $html .= "<a href=\"javascript:openWindow('?a=comments_delete&c_id=".$data['ID']."', null, 480, 350, '' );\">Delete Comment</a>"; 
     78            $html .= "<a href=\"javascript:openWindow('?a=comments_delete&c_id=".$data['id']."', null, 480, 350, '' );\">Delete Comment</a>"; 
    7979        } 
    8080        $html .= "</div>";