From: Kazuki Przyborowski Date: Sun, 5 Aug 2007 09:04:52 +0000 (+0000) Subject: Small bug fix. (Some thanks at Jcink for helping) X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=f0cd22bef1ab1fd5a0bf9eee2d0aa821bb722ad1;p=idb%2FiDB.git.git Small bug fix. (Some thanks at Jcink for helping) git-svn-id: svn://svn.code.sf.net/p/intdb/svn/trunk@68 2b68903e-0b30-0410-9a39-a2e4f3c5be39 --- diff --git a/inc/members.php b/inc/members.php index ed7c6c9..6d021a1 100644 --- a/inc/members.php +++ b/inc/members.php @@ -11,7 +11,7 @@ Copyright 2004-2007 Cool Dude 2k - http://intdb.sourceforge.net/ Copyright 2004-2007 Game Maker 2k - http://upload.idb.s1.jcink.com/ - $FileInfo: members.php - Last Update: 08/02/2007 SVN 62 - Author: cooldude2k $ + $FileInfo: members.php - Last Update: 08/05/2007 SVN 68 - Author: cooldude2k $ */ $File3Name = basename($_SERVER['SCRIPT_NAME']); if ($File3Name=="members.php"||$File3Name=="/members.php") { @@ -643,6 +643,7 @@ $_GET['YourPost'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_GET $NewSignature = $_GET['YourPost']; $_GET['YourPost'] = preg_replace("/\t+/"," ",$_GET['YourPost']); $_GET['YourPost'] = preg_replace("/\s\s+/"," ",$_GET['YourPost']); +$_GET['YourPost'] = remove_bad_entities($_GET['YourPost']); $Avatar = stripcslashes(htmlspecialchars($_POST['Avatar'], ENT_QUOTES)); $Avatar = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $Avatar); $Avatar = @remove_spaces($Avatar); diff --git a/inc/misc/functions.php b/inc/misc/functions.php index 2d8dd8b..b7b3cca 100644 --- a/inc/misc/functions.php +++ b/inc/misc/functions.php @@ -11,7 +11,7 @@ Copyright 2004-2007 Cool Dude 2k - http://intdb.sourceforge.net/ Copyright 2004-2007 Game Maker 2k - http://upload.idb.s1.jcink.com/ - $FileInfo: functions.php - Last Update: 08/02/2007 SVN 62 - Author: cooldude2k $ + $FileInfo: functions.php - Last Update: 08/05/2007 SVN 68 - Author: cooldude2k $ */ $File3Name = basename($_SERVER['SCRIPT_NAME']); if ($File3Name=="functions.php"||$File3Name=="/functions.php") { @@ -154,6 +154,9 @@ if($ReplaceType=="yes") { $Text = preg_replace("/".$Smile1."/i",$Smile2,$Text); } ++$renees; } return $Text; } // Remove the bad stuff +function remove_bad_entities($Text) { +$Text = preg_replace("/‮/isU","",$Text); +return $Text; } function remove_spaces($Text) { $Text = preg_replace("/(^\t+|\t+$)/","",$Text); $Text = preg_replace("/(^\n+|\n+$)/","",$Text); @@ -161,6 +164,7 @@ $Text = preg_replace("/(^\r+|\r+$)/","",$Text); $Text = preg_replace("/(\r|\n|\t)+/"," ",$Text); $Text = preg_replace("/\s\s+/"," ",$Text); $Text = preg_replace("/(^\s+|\s+$)/","",$Text); +$Text = @remove_bad_entities($Text); return $Text; } // Fix some chars function fixbamps($text) { diff --git a/inc/pm.php b/inc/pm.php index ceaee14..33f8e73 100644 --- a/inc/pm.php +++ b/inc/pm.php @@ -11,7 +11,7 @@ Copyright 2004-2007 Cool Dude 2k - http://intdb.sourceforge.net/ Copyright 2004-2007 Game Maker 2k - http://upload.idb.s1.jcink.com/ - $FileInfo: pm.php - Last Update: 08/02/2007 SVN 62 - Author: cooldude2k $ + $FileInfo: pm.php - Last Update: 08/05/2007 SVN 68 - Author: cooldude2k $ */ $File3Name = basename($_SERVER['SCRIPT_NAME']); if ($File3Name=="pm.php"||$File3Name=="/pm.php") { @@ -430,6 +430,7 @@ $_POST['GuestName'] = @remove_spaces($_POST['GuestName']); $_POST['Message'] = stripcslashes(htmlspecialchars($_POST['Message'], ENT_QUOTES)); $_POST['Message'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['Message']); //$_POST['Message'] = @remove_spaces($_POST['Message']); +$_POST['Message'] = remove_bad_entities($_POST['Message']); $requery = query("select * from `".$Settings['sqltable']."members` WHERE `Name`='%s'", array($_POST['SendMessageTo'])); $reresult=mysql_query($requery); $renum=mysql_num_rows($reresult); diff --git a/inc/profilemain.php b/inc/profilemain.php index 86d74f2..6bc04a9 100644 --- a/inc/profilemain.php +++ b/inc/profilemain.php @@ -11,7 +11,7 @@ Copyright 2004-2007 Cool Dude 2k - http://intdb.sourceforge.net/ Copyright 2004-2007 Game Maker 2k - http://upload.idb.s1.jcink.com/ - $FileInfo: profilemain.php - Last Update: 08/02/2007 SVN 62 - Author: cooldude2k $ + $FileInfo: profilemain.php - Last Update: 08/05/2007 SVN 68 - Author: cooldude2k $ */ $File3Name = basename($_SERVER['SCRIPT_NAME']); if ($File3Name=="profilemain.php"||$File3Name=="/profilemain.php") { @@ -120,6 +120,7 @@ if($_POST['update']=="now") { if($_POST['act']=="view"&& $_SESSION['UserGroup']!=$Settings['GuestGroup']) { $_POST['NotePad'] = htmlentities($_POST['NotePad'], ENT_QUOTES); + $_POST['NotePad'] = remove_bad_entities($_POST['NotePad']); $NewDay=GMTimeStamp(); $NewIP=$_SERVER['REMOTE_ADDR']; $querynewskin = query("update `".$Settings['sqltable']."members` set `Notes`='%s',`LastActive`=%i,`IP`='%s' WHERE `id`=%i", array($_POST['NotePad'],$NewDay,$NewIP,$_SESSION['UserID'])); @@ -167,6 +168,7 @@ if($_POST['act']=="signature"&& $_POST['Signature'] = htmlentities($_POST['Signature'], ENT_QUOTES); $_POST['Signature'] = preg_replace("/\t+/"," ",$_POST['Signature']); $_POST['Signature'] = preg_replace("/\s\s+/"," ",$_POST['Signature']); + $_POST['Signature'] = remove_bad_entities($_POST['Signature']); $NewDay=GMTimeStamp(); $NewIP=$_SERVER['REMOTE_ADDR']; $querynewskin = query("update `".$Settings['sqltable']."members` set `Signature`='%s',`LastActive`=%i,`IP`='%s' WHERE `id`=%i", array($_POST['Signature'],$NewDay,$NewIP,$_SESSION['UserID'])); diff --git a/inc/replys.php b/inc/replys.php index 8b29f47..79e1c19 100644 --- a/inc/replys.php +++ b/inc/replys.php @@ -11,7 +11,7 @@ Copyright 2004-2007 Cool Dude 2k - http://intdb.sourceforge.net/ Copyright 2004-2007 Game Maker 2k - http://upload.idb.s1.jcink.com/ - $FileInfo: replys.php - Last Update: 08/05/2007 SVN 67 - Author: cooldude2k $ + $FileInfo: replys.php - Last Update: 08/05/2007 SVN 68 - Author: cooldude2k $ */ $File3Name = basename($_SERVER['SCRIPT_NAME']); if ($File3Name=="replys.php"||$File3Name=="/replys.php") { @@ -250,6 +250,7 @@ $QuoteUserName = @remove_spaces($QuoteUserName); $QuoteReply = stripcslashes(htmlspecialchars($QuoteReply, ENT_QUOTES)); $QuoteReply = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $QuoteReply); //$QuoteReply = @remove_spaces($QuoteReply); +$QuoteReply = remove_bad_entities($QuoteReply); $QuoteDescription = str_replace("Re: ","",$QuoteDescription); $QuoteDescription = "Re: ".$QuoteDescription; $QuoteReply = $QuoteUserName.":\n("".$QuoteReply."")"; } @@ -349,6 +350,7 @@ $_POST['GuestName'] = @remove_spaces($_POST['GuestName']); $_POST['ReplyPost'] = stripcslashes(htmlspecialchars($_POST['ReplyPost'], ENT_QUOTES)); $_POST['ReplyPost'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['ReplyPost']); //$_POST['ReplyPost'] = @remove_spaces($_POST['ReplyPost']); +$_POST['ReplyPost'] = remove_bad_entities($_POST['ReplyPost']); if ($_POST['ReplyDesc']==null) { $Error="Yes"; ?> @@ -548,6 +550,7 @@ $ReplyPost=mysql_result($ersresult,0,"Post"); $ReplyPost = stripcslashes(htmlspecialchars($ReplyPost, ENT_QUOTES)); $ReplyPost = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $ReplyPost); //$ReplyPost = @remove_spaces($ReplyPost); +$ReplyPost = remove_bad_entities($ReplyPost); $ReplyDescription=mysql_result($ersresult,0,"Description"); $ReplyDescription = stripcslashes(htmlspecialchars($ReplyDescription, ENT_QUOTES)); $ReplyDescription = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $ReplyDescription); @@ -710,6 +713,7 @@ $_POST['GuestName'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_P $_POST['GuestName'] = @remove_spaces($_POST['GuestName']); $_POST['ReplyPost'] = stripcslashes(htmlspecialchars($_POST['ReplyPost'], ENT_QUOTES)); $_POST['ReplyPost'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['ReplyPost']); +$_POST['ReplyPost'] = remove_bad_entities($_POST['ReplyPost']); if($ShowEditTopic==true) { $_POST['TopicName'] = stripcslashes(htmlspecialchars($_POST['TopicName'], ENT_QUOTES)); $_POST['TopicName'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['TopicName']); diff --git a/inc/topics.php b/inc/topics.php index aef5601..4bce08d 100644 --- a/inc/topics.php +++ b/inc/topics.php @@ -11,7 +11,7 @@ Copyright 2004-2007 Cool Dude 2k - http://intdb.sourceforge.net/ Copyright 2004-2007 Game Maker 2k - http://upload.idb.s1.jcink.com/ - $FileInfo: topics.php - Last Update: 08/05/2007 SVN 67 - Author: cooldude2k $ + $FileInfo: topics.php - Last Update: 08/05/2007 SVN 68 - Author: cooldude2k $ */ $File3Name = basename($_SERVER['SCRIPT_NAME']); if ($File3Name=="topics.php"||$File3Name=="/topics.php") { @@ -322,6 +322,7 @@ $_POST['GuestName'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_P $_POST['GuestName'] = @remove_spaces($_POST['GuestName']); $_POST['TopicPost'] = stripcslashes(htmlspecialchars($_POST['TopicPost'], ENT_QUOTES)); $_POST['TopicPost'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['TopicPost']); +$_POST['TopicPost'] = remove_bad_entities($_POST['TopicPost']); //$_POST['TopicPost'] = @remove_spaces($_POST['TopicPost']); if ($_POST['TopicName']==null) { $Error="Yes"; ?> diff --git a/inc/versioninfo.php b/inc/versioninfo.php index 768b84e..3b30576 100644 --- a/inc/versioninfo.php +++ b/inc/versioninfo.php @@ -11,7 +11,7 @@ Copyright 2004-2007 Cool Dude 2k - http://intdb.sourceforge.net/ Copyright 2004-2007 Game Maker 2k - http://upload.idb.s1.jcink.com/ - $FileInfo: versioninfo.php - Last Update: 08/05/2007 SVN 67 - Author: cooldude2k $ + $FileInfo: versioninfo.php - Last Update: 08/05/2007 SVN 68 - Author: cooldude2k $ */ $File3Name = basename($_SERVER['SCRIPT_NAME']); if ($File3Name=="versioninfo.php"||$File3Name=="/versioninfo.php") { @@ -27,7 +27,7 @@ function version_info($proname,$subver,$ver,$supver,$reltype,$svnver,$showsvn) { return $return_var; } // Version number and date stuff. :P $VER1[0] = 0; $VER1[1] = 1; $VER1[2] = 8; $VERFull[1] = $VER1[0].".".$VER1[1].".".$VER1[2]; -$VER2[0] = "Pre-Alpha"; $VER2[1] = "PA"; $VER2[2] = "SVN"; $SubVerN = 67; $RName = "iDB"; $SFName = "IntDB"; +$VER2[0] = "Pre-Alpha"; $VER2[1] = "PA"; $VER2[2] = "SVN"; $SubVerN = 68; $RName = "iDB"; $SFName = "IntDB"; $SVNDay[0] = 08; $SVNDay[1] = 05; $SVNDay[2] = 2007; $SVNDay[3] = $SVNDay[0]."/".$SVNDay[1]."/".$SVNDay[2]; $VerInfo['iDB_Ver'] = version_info($RName,$VER1[0],$VER1[1],$VER1[2],$VER2[1],$SubVerN,false); $VerInfo['iDB_Ver_SVN'] = version_info($RName,$VER1[0],$VER1[1],$VER1[2],$VER2[1],$SubVerN,true);