git.shiar.nl
/
minimedit.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
issue: secure against external form submissions
[minimedit.git]
/
widget
/
reply.php
diff --git
a/widget/reply.php
b/widget/reply.php
index 1f6d0e2ff0352f709ff0223fdd455c1d3962eded..0a0e4e55848f275380f7a3d97ef910382e0545e7 100644
(file)
--- a/
widget/reply.php
+++ b/
widget/reply.php
@@
-4,6
+4,7
@@
require_once 'database.inc.php';
$journalcol = [
'assign' => 'Toegewezen aan',
$journalcol = [
'assign' => 'Toegewezen aan',
+ 'subject' => 'Onderwerp',
];
if ($_POST) {
];
if ($_POST) {
@@
-17,7
+18,14
@@
if ($_POST) {
}
$target .= '/' . $User->login;
if ($result = userupload($_FILES['image'], $target)) {
}
$target .= '/' . $User->login;
if ($result = userupload($_FILES['image'], $target)) {
- $html .= sprintf('<p><img src="/thumb/640x/%s" /></p>', $result);
+ if (preg_match('(^image/)', $_FILES['image']['type'])) {
+ $html .= sprintf('<p><img src="/thumb/640x/%s" /></p>', $result);
+ }
+ else {
+ $html .= sprintf('<p>Bijgevoegd bestand: <a href="/%s" />%s</a></p>',
+ $result, basename($result)
+ );
+ }
}
}
$query = $Db->set('comments', [
}
}
$query = $Db->set('comments', [
@@
-61,9
+69,8
@@
if ($_POST) {
}
}
}
}
- if ($Page->api) {
- abort("/{$Page->link}", '200 reply success');
- }
+ $target = "/{$Page->link}/$newcomment#$newcomment";
+ abort($target, ($Page->api ? 200 : 303) . ' reply success');
$_POST['reply'] = NULL;
}
catch (Exception $e) {
$_POST['reply'] = NULL;
}
catch (Exception $e) {
@@
-81,7
+88,7
@@
print '<ul class="replies">';
while ($row = $query->fetch()) {
$rowuser = new User("profile/{$row->author}");
while ($row = $query->fetch()) {
$rowuser = new User("profile/{$row->author}");
- print
'<li>'
;
+ print
f('<li id="%d">', $row->id)
;
printf('<strong>%s</strong> <small class=date>%s</small>',
$rowuser->html, showdate(preg_split('/\D/', $row->created))
);
printf('<strong>%s</strong> <small class=date>%s</small>',
$rowuser->html, showdate(preg_split('/\D/', $row->created))
);