mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-06 14:46:56 +02:00
Code Issues Releases Wiki Activity

Parser cleanup

Browse Source
This commit is contained in:
Cameron
2017-09-19 16:19:39 -07:00
parent 80d69c4293
commit 02e80f50de
8 changed files with 170 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
comment.php
View File

@@ -103,21 +103,22 @@ if(e_AJAX_REQUEST) // TODO improve security
}
// Insert Comment and return rendered html.
if(vartrue($_POST['comment'])) // ajax render comment
if(!empty($_POST['comment'])) // ajax render comment
{
$pid = intval(varset($_POST['pid'], 0)); // ID of the specific comment being edited (nested comments - replies)
$row = array();
$clean_authorname = vartrue($_POST['author_name'],USERNAME);
$clean_comment = $_POST['comment'];
$clean_subject = $_POST['subject'];
$clean_authorname = vartrue(filter_var($_POST['author_name'],FILTER_SANITIZE_STRING),USERNAME);
$clean_comment = e107::getParser()->toText($_POST['comment']);
$clean_subject = e107::getParser()->filter($_POST['subject'],'str');
$clean_table = e107::getParser()->filter($_POST['table'],'str');
$_SESSION['comment_author_name'] = $clean_authorname;
$row['comment_pid'] = $pid;
$row['comment_item_id'] = intval($_POST['itemid']);
$row['comment_type'] = e107::getComment()->getCommentType($tp->toDB($_POST['table'],true));
$row['comment_subject'] = $tp->toDB($_POST['subject']);
$row['comment_comment'] = $tp->toDB($_POST['comment']);
$row['comment_type'] = e107::getComment()->getCommentType($tp->toDB($clean_table,true));
$row['comment_subject'] = $tp->toDB($clean_subject);
$row['comment_comment'] = $tp->toDB($clean_comment);
$row['user_image'] = USERIMAGE;
$row['user_id'] = (USERID) ? USERID : 0;
$row['user_name'] = USERNAME;