mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-19 23:42:11 +02:00
Code Issues Projects Releases Wiki Activity

MDL-8832 : Undid the stripslashes and changed calls to s($string) to s($string, true) instead.

Browse Source
This commit is contained in:
nicolasconnault 2007-03-20 05:21:31 +00:00
parent 529ccfa5bd
commit e9ff8e100a
1 changed files with 20 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
mod/forum/search.php
View File

@ -119,7 +119,7 @@
print_header_simple("$strsearchresults", "",
"<a href=\"index.php?id=$course->id\">$strforums</a> ->
<a href=\"search.php?id=$course->id\">$strsearch</a> -> ".s($search), 'search.words',
<a href=\"search.php?id=$course->id\">$strsearch</a> -> ".s($search, true), 'search.words',
"", "", "&nbsp;", navmenu($course));
print_heading(get_string("nopostscontaining", "forum", $search));
@ -135,7 +135,7 @@
print_header_simple("$strsearchresults", "",
"<a href=\"index.php?id=$course->id\">$strforums</a> ->
<a href=\"search.php?id=$course->id\">$strsearch</a> -> ".s($search), '',
<a href=\"search.php?id=$course->id\">$strsearch</a> -> ".s($search, true), '',
"", "", $searchform, navmenu($course));
echo '<div class="reportlink">';
@ -203,7 +203,7 @@
// Hack for posts of format FORMAT_PLAIN. Otherwise html tags added by
// the highlight() call bellow get stripped out by forum_print_post().
if ($post->format == FORMAT_PLAIN) {
$post->message = s($post->message);
$post->message = stripslashes_safe($post->message);
$post->message = rebuildnolinktag($post->message);
$post->message = str_replace(' ', '&nbsp; ', $post->message);
$post->message = nl2br($post->message);
@ -263,6 +263,9 @@
/**
* @todo Document this function
*/
function forum_print_big_search_form($course) {
global $CFG, $words, $subject, $phrase, $user, $userid, $fullwords, $notwords, $datefrom, $dateto;
@ -276,28 +279,28 @@ function forum_print_big_search_form($course) {
echo "</script>\n";
echo '<form id="searchform" action="search.php" method="get">';
echo '<input type="hidden" value="'.$course->id.'" name="id" alt="" />';
echo '<table cellpadding="10" class="searchbox" id="form">';
echo '<tr>';
echo '<td class="c0">'.get_string('searchwords', 'forum').':</td>';
echo '<td class="c1"><input type="text" size="35" name="words" value="'.s($words).'" alt="" /></td>';
echo '<td class="c0">'.get_string('searchwords', 'forum').':';
echo '<input type="hidden" value="'.$course->id.'" name="id" alt="" /></td>';
echo '<td class="c1"><input type="text" size="35" name="words" value="'.s($words, true).'" alt="" /></td>';
echo '</tr>';
echo '<tr>';
echo '<td class="c0">'.get_string('searchphrase', 'forum').':</td>';
echo '<td class="c1"><input type="text" size="35" name="phrase" value="'.s($phrase).'" alt="" /></td>';
echo '<td class="c1"><input type="text" size="35" name="phrase" value="'.s($phrase, true).'" alt="" /></td>';
echo '</tr>';
echo '<tr>';
echo '<td class="c0">'.get_string('searchnotwords', 'forum').':</td>';
echo '<td class="c1"><input type="text" size="35" name="notwords" value="'.s($notwords).'" alt="" /></td>';
echo '<td class="c1"><input type="text" size="35" name="notwords" value="'.s($notwords, true).'" alt="" /></td>';
echo '</tr>';
if ($CFG->dbfamily == 'mysql' || $CFG->dbfamily == 'postgres') {
echo '<tr>';
echo '<td class="c0">'.get_string('searchfullwords', 'forum').':</td>';
echo '<td class="c1"><input type="text" size="35" name="fullwords" value="'.s($fullwords).'" alt="" /></td>';
echo '<td class="c1"><input type="text" size="35" name="fullwords" value="'.s($fullwords, true).'" alt="" /></td>';
echo '</tr>';
}
@ -356,12 +359,12 @@ function forum_print_big_search_form($course) {
echo '<tr>';
echo '<td class="c0">'.get_string('searchsubject', 'forum').':</td>';
echo '<td class="c1"><input type="text" size="35" name="subject" value="'.s($subject).'" alt="" /></td>';
echo '<td class="c1"><input type="text" size="35" name="subject" value="'.s($subject, true).'" alt="" /></td>';
echo '</tr>';
echo '<tr>';
echo '<td class="c0">'.get_string('searchuser', 'forum').':</td>';
echo '<td class="c1"><input type="text" size="35" name="user" value="'.s($user).'" alt="" /></td>';
echo '<td class="c1"><input type="text" size="35" name="user" value="'.s($user, true).'" alt="" /></td>';
echo '</tr>';
echo '<tr>';
@ -380,7 +383,9 @@ function forum_print_big_search_form($course) {
print_simple_box_end();
}
/**
* @todo Document this function
*/
function forum_clean_search_terms($words, $prefix='') {
$searchterms = explode(' ', $words);
foreach ($searchterms as $key => $searchterm) {
@ -393,6 +398,9 @@ function forum_clean_search_terms($words, $prefix='') {
return trim(implode(' ', $searchterms));
}
/**
* @todo Document this function
*/
function forum_menu_list($course) {
$menu = array();