diff --git a/upload/config.php b/upload/config.php index cd39fb0ab..39a783369 100644 --- a/upload/config.php +++ b/upload/config.php @@ -57,7 +57,7 @@ $bb_cfg['css_ver'] = 1; // Increase number of revision after update $bb_cfg['tp_version'] = '2.0.2'; -$bb_cfg['tp_release_state'] = 'TP II r86'; +$bb_cfg['tp_release_state'] = 'TP II r89'; $bb_cfg['tp_release_date'] = '05-07-2011'; $bb_cfg['board_disabled_msg'] = 'форум временно отключен'; // 'forums temporarily disabled'; // show this msg if board has been disabled via ON/OFF trigger diff --git a/upload/includes/init_bb.php b/upload/includes/init_bb.php index 96d9f22bb..6ad2a3b57 100644 --- a/upload/includes/init_bb.php +++ b/upload/includes/init_bb.php @@ -505,9 +505,13 @@ function vdump ($var, $title = '') echo ''; } -function htmlCHR ($txt, $replace_space = false) +function htmlCHR ($txt, $double_encode = false, $quote_style = ENT_QUOTES, $charset = 'UTF-8') { - return ($replace_space) ? str_replace(' ', ' ', htmlspecialchars($txt, ENT_QUOTES)) : htmlspecialchars($txt, ENT_QUOTES); + if (is_array($txt)) + { + log_request('htmlCHR'); + } + return (string) htmlspecialchars($txt, $quote_style, $charset, $double_encode); } function make_url ($path) diff --git a/upload/includes/ucp/usercp_register.php b/upload/includes/ucp/usercp_register.php index aa040a20a..e8d919d8a 100644 --- a/upload/includes/ucp/usercp_register.php +++ b/upload/includes/ucp/usercp_register.php @@ -440,6 +440,8 @@ foreach ($profile_fields as $field => $can_edit) $sig = isset($_POST['user_sig']) ? (string) $_POST['user_sig'] : $pr_data['user_sig']; if ($submit) { + $sig_esc = prepare_message($sig); + if (mb_strlen($sig) > $bb_cfg['max_sig_chars']) { $errors[] = $lang['SIGNATURE_TOO_LONG']; diff --git a/upload/posting.php b/upload/posting.php index 478cf9695..ad792444b 100644 --- a/upload/posting.php +++ b/upload/posting.php @@ -563,7 +563,7 @@ if( $refresh || isset($_POST['del_poll_option']) || $error_msg || ($submit && $t { $username = ( !empty($_POST['username']) ) ? clean_username($_POST['username']) : ''; $subject = ( !empty($_POST['subject']) ) ? clean_title($_POST['subject']) : ''; - $message = ( !empty($_POST['message']) ) ? $_POST['message'] : ''; + $message = ( !empty($_POST['message']) ) ? prepare_message($_POST['message']) : ''; $poll_title = ( !empty($_POST['poll_title']) ) ? clean_title($_POST['poll_title']) : ''; $poll_length = ( isset($_POST['poll_length']) ) ? max(0, intval($_POST['poll_length'])) : 0; @@ -594,15 +594,16 @@ if( $refresh || isset($_POST['del_poll_option']) || $error_msg || ($submit && $t { $preview_subject = $subject; $preview_username = $username; - $preview_message = bbcode2html($message); + $preview_message = htmlCHR($message, false, ENT_NOQUOTES); + $preview_message = bbcode2html($preview_message); $template->assign_vars(array( 'TPL_PREVIEW_POST' => true, - 'TOPIC_TITLE' => wbr($preview_subject), - 'POST_SUBJECT' => $preview_subject, - 'POSTER_NAME' => $preview_username, - 'POST_DATE' => bb_date(TIMENOW), - 'PREVIEW_MSG' => $preview_message, + 'TOPIC_TITLE' => wbr($preview_subject), + 'POST_SUBJECT' => $preview_subject, + 'POSTER_NAME' => $preview_username, + 'POST_DATE' => bb_date(TIMENOW), + 'PREVIEW_MSG' => $preview_message, )); } } diff --git a/upload/privmsg.php b/upload/privmsg.php index bbd868711..b07440f90 100644 --- a/upload/privmsg.php +++ b/upload/privmsg.php @@ -985,7 +985,7 @@ else if ( $submit || $refresh || $mode != '' ) $error_msg .= ( ( !empty($error_msg) ) ? '
' : '' ) . $lang['NO_TO_USER']; } - $privmsg_subject = trim(strip_tags($_POST['subject'])); + $privmsg_subject = htmlCHR($_POST['subject']); if ( empty($privmsg_subject) ) { $error = TRUE; @@ -996,7 +996,7 @@ else if ( $submit || $refresh || $mode != '' ) { if ( !$error ) { - $privmsg_message = $_POST['message']; + $privmsg_message = prepare_message($_POST['message']); } } else