iger
/
engelsystem
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

comments: Don't strip characters 

closes #510 (htmlentities-like content in a comment gets removed)
This commit is contained in:
Igor Scheller 2018-12-28 22:52:00 +01:00 committed by msquare
parent 6df3dc8489
commit 1bb2c57842
1 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
includes/pages/user_news.php
View File

@ -143,11 +143,7 @@ function user_news_comments()
$nid = $request->input('nid'); $nid = $request->input('nid');
$news = DB::selectOne('SELECT * FROM `News` WHERE `ID`=? LIMIT 1', [$nid]); $news = DB::selectOne('SELECT * FROM `News` WHERE `ID`=? LIMIT 1', [$nid]);
if ($request->hasPostData('submit') && $request->has('text')) { if ($request->hasPostData('submit') && $request->has('text')) {
$text = preg_replace( $text = $request->input('text');
"/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui",
'',
strip_tags($request->input('text'))
);
DB::insert(' DB::insert('
INSERT INTO `NewsComments` (`Refid`, `Datum`, `Text`, `UID`) INSERT INTO `NewsComments` (`Refid`, `Datum`, `Text`, `UID`)
VALUES (?, ?, ?, ?) VALUES (?, ?, ?, ?)
@ -159,7 +155,8 @@ function user_news_comments()
$user->id, $user->id,
] ]
); );
engelsystem_log('Created news_comment: ' . $text);
engelsystem_log('Created news_comment: ' . htmlspecialchars($text));
$html .= success(__('Entry saved.'), true); $html .= success(__('Entry saved.'), true);
} }
@ -227,6 +224,7 @@ function user_news()
$isMeeting, $isMeeting,
] ]
); );
engelsystem_log('Created news: ' . $request->postData('betreff') . ', treffen: ' . $isMeeting); engelsystem_log('Created news: ' . $request->postData('betreff') . ', treffen: ' . $isMeeting);
success(__('Entry saved.')); success(__('Entry saved.'));
redirect(page_link_to('news')); redirect(page_link_to('news'));