[Fusionforge-commits] r14922 - trunk/src/www/my

Alain Peyrat aljeux at fusionforge.org
Wed Nov 23 20:40:33 CET 2011


Author: aljeux
Date: 2011-11-23 20:40:33 +0100 (Wed, 23 Nov 2011)
New Revision: 14922

Modified:
   trunk/src/www/my/diary.php
Log:
Use new getHtmlTextFromRequest() in diary

Modified: trunk/src/www/my/diary.php
===================================================================
--- trunk/src/www/my/diary.php	2011-11-23 19:40:28 UTC (rev 14921)
+++ trunk/src/www/my/diary.php	2011-11-23 19:40:33 UTC (rev 14922)
@@ -43,18 +43,10 @@
 			exit_form_double_submit('my');
 		}
 
-		$summary = getStringFromRequest('summary');
-		$details = getStringFromRequest('details');
+		$summary   = getHtmlStringFromRequest('summary');
+		$details   = getHtmlTextFromRequest('details');
 		$is_public = getIntFromRequest('is_public', 0);
 
-		// Secure code sent by user.
-		$summary = htmlspecialchars($summary);
-		if (getStringFromRequest('_details_content_type') == 'html') {
-			$details = TextSanitizer::purify($details);
-		} else {
-			$details = htmlspecialchars($details);
-		}
-
 		//make changes to the database
 		if (getStringFromRequest('update')) {
 			//updating an existing diary entry
@@ -219,10 +211,11 @@
 	} else {
 		echo ' </td></tr>';
 		for ($i=0; $i<$rows; $i++) {
+			$date   = relative_date(db_result($result,$i,'date_posted'));
 			echo '
 			<tr '. $GLOBALS['HTML']->boxGetAltRowStyle($i) .'><td><a href="'. getStringFromServer('PHP_SELF') .'?diary_id='.
 				db_result($result,$i,'id').'">'.db_result($result,$i,'summary').'</a></td>'.
-				'<td>'. date(_('Y-m-d H:i'), db_result($result,$i,'date_posted')).'</td></tr>';
+				'<td>'. $date.'</td></tr>';
 		}
 		echo '
 		<tr><td colspan="2" class="tablecontent">';




More information about the Fusionforge-commits mailing list