mirror of
https://github.com/e107inc/e107.git
synced 2025-08-06 14:46:56 +02:00
Parser cleanup
This commit is contained in:
15
comment.php
15
comment.php
@@ -103,21 +103,22 @@ if(e_AJAX_REQUEST) // TODO improve security
|
||||
}
|
||||
|
||||
// Insert Comment and return rendered html.
|
||||
if(vartrue($_POST['comment'])) // ajax render comment
|
||||
if(!empty($_POST['comment'])) // ajax render comment
|
||||
{
|
||||
$pid = intval(varset($_POST['pid'], 0)); // ID of the specific comment being edited (nested comments - replies)
|
||||
$row = array();
|
||||
$clean_authorname = vartrue($_POST['author_name'],USERNAME);
|
||||
$clean_comment = $_POST['comment'];
|
||||
$clean_subject = $_POST['subject'];
|
||||
$clean_authorname = vartrue(filter_var($_POST['author_name'],FILTER_SANITIZE_STRING),USERNAME);
|
||||
$clean_comment = e107::getParser()->toText($_POST['comment']);
|
||||
$clean_subject = e107::getParser()->filter($_POST['subject'],'str');
|
||||
$clean_table = e107::getParser()->filter($_POST['table'],'str');
|
||||
|
||||
$_SESSION['comment_author_name'] = $clean_authorname;
|
||||
|
||||
$row['comment_pid'] = $pid;
|
||||
$row['comment_item_id'] = intval($_POST['itemid']);
|
||||
$row['comment_type'] = e107::getComment()->getCommentType($tp->toDB($_POST['table'],true));
|
||||
$row['comment_subject'] = $tp->toDB($_POST['subject']);
|
||||
$row['comment_comment'] = $tp->toDB($_POST['comment']);
|
||||
$row['comment_type'] = e107::getComment()->getCommentType($tp->toDB($clean_table,true));
|
||||
$row['comment_subject'] = $tp->toDB($clean_subject);
|
||||
$row['comment_comment'] = $tp->toDB($clean_comment);
|
||||
$row['user_image'] = USERIMAGE;
|
||||
$row['user_id'] = (USERID) ? USERID : 0;
|
||||
$row['user_name'] = USERNAME;
|
||||
|
Reference in New Issue
Block a user