claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-05-24. You can view files and clone it, but cannot push or open issues or pull requests.
Files
54c484de8c22fbb6c7fb30a5d343df7ba32d0247
qemudb/addcomment.php

101 lines
3.3 KiB
PHP
Raw Normal View History

- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility
2004-12-12 03:51:51 +00:00
<?php
Filter all user input to reduce the security impact of manipulated data
2006-06-17 06:10:10 +00:00
include("path.php");
require(BASE."include/incl.php");
require(BASE."include/application.php");
require(BASE."include/mail.php");
$aClean = array(); //array of filtered user input
Prefix all GPC variables according to our coding standard
2006-07-06 17:27:54 +00:00
$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
$aClean['iThread'] = makeSafe($_REQUEST['iThread']);
$aClean['sBody'] = makeSafe($_REQUEST['sBody']);
$aClean['sSubject'] = makeSafe($_REQUEST['sSubject']);
Filter all user input to reduce the security impact of manipulated data
2006-06-17 06:10:10 +00:00
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars)
2004-12-11 04:07:40 +00:00
/********************************/
/* code to submit a new comment */
/********************************/
Initial revision
2004-03-15 16:22:00 +00:00
- use mail_appdb() instead of mail() for better error handling and to avoid code duplication - use \r\n as line separator in mail (RFC compliant)
2005-01-30 00:57:34 +00:00
/*
* application environment
*/
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars)
2004-12-11 04:07:40 +00:00
// you must be logged in to submit comments
- OO version of user class - no more duplicated functions - improved performances (much less duplicated mysql queries) - less code and better error handling
2005-01-30 23:12:48 +00:00
if(!$_SESSION['current']->isLoggedIn())
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars)
2004-12-11 04:07:40 +00:00
{
apidb_header("Please login");
Prefix all GPC variables according to our coding standard
2006-07-06 17:27:54 +00:00
echo "To submit a comment for an application you must be logged in. Please <a href=\"account.php?sCmd=login\">login now</a> or create a <a href=\"account.php?sCmd=new\">new account</a>.","\n";
Security fixes
2005-01-15 05:59:21 +00:00
exit;
Initial revision
2004-03-15 16:22:00 +00:00
}
Prefix all GPC variables according to our coding standard
2006-07-06 17:27:54 +00:00
if( !is_numeric($aClean['iVersionId']) )
Remove unnecessary exit calls after redirect() and util_show_error_page() calls
2006-07-06 17:59:52 +00:00
util_show_error_page('Internal Database Access Error');
Initial revision
2004-03-15 16:22:00 +00:00
Prefix all GPC variables according to our coding standard
2006-07-06 17:27:54 +00:00
if(!is_numeric($aClean['iThread']))
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars)
2004-12-11 04:07:40 +00:00
{
Prefix all GPC variables according to our coding standard
2006-07-06 17:27:54 +00:00
$aClean['iThread'] = 0;
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars)
2004-12-11 04:07:40 +00:00
}
Initial revision
2004-03-15 16:22:00 +00:00
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars)
2004-12-11 04:07:40 +00:00
############################
# ADDS COMMENT TO DATABASE #
############################
Prefix all GPC variables according to our coding standard
2006-07-06 17:27:54 +00:00
if(!empty($aClean['sBody']))
Initial revision
2004-03-15 16:22:00 +00:00
{
- new Comment class - improved performances (much less duplicated mysql queries) - less code and better error handling - informs the whole thread when posting new comment - fix various bugs
2005-02-02 03:01:29 +00:00
$oComment = new Comment();
Prefix all GPC variables according to our coding standard
2006-07-06 17:27:54 +00:00
$oComment->create($aClean['sSubject'], $aClean['sBody'], $aClean['iThread'], $aClean['iVersionId']);
redirect(apidb_fullurl("appview.php?iVersionId=".$oComment->iVersionId));
Initial revision
2004-03-15 16:22:00 +00:00
}
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars)
2004-12-11 04:07:40 +00:00
################################
# USER WANTS TO SUBMIT COMMENT #
################################
Security fixes
2005-01-15 05:59:21 +00:00
else
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars)
2004-12-11 04:07:40 +00:00
{
apidb_header("Add Comment");
Initial revision
2004-03-15 16:22:00 +00:00
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars)
2004-12-11 04:07:40 +00:00
$mesTitle = "<b>Post New Comment</b>";
Initial revision
2004-03-15 16:22:00 +00:00
Prefix all GPC variables according to our coding standard
2006-07-06 17:27:54 +00:00
if($aClean['iThread'] > 0)
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars)
2004-12-11 04:07:40 +00:00
{
Use query_parameters() in SQL select, update and delete statements to protect against sql injection attacks
2006-06-27 19:16:27 +00:00
$hResult = query_parameters("SELECT * FROM appComments WHERE commentId = '?'",
Prefix all GPC variables according to our coding standard
2006-07-06 17:27:54 +00:00
$aClean['iThread']);
Make code more consistent by making it follow the appdb coding standards. Fix some spaces vs. tabs odd indenting.
2006-06-21 01:04:12 +00:00
$oRow = mysql_fetch_object($hResult);
if($oRow)
send an email to the original poster if this is a reply.
2004-11-17 23:05:36 +00:00
{
Make code more consistent by making it follow the appdb coding standards. Fix some spaces vs. tabs odd indenting.
2006-06-21 01:04:12 +00:00
$mesTitle = "<b>Replying To ...</b> $oRow->subject\n";
$originator = $oRow->userId;
echo html_frame_start($oRow->subject,500);
echo htmlify_urls($oRow->body), "<br /><br />\n";
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars)
2004-12-11 04:07:40 +00:00
echo html_frame_end();
send an email to the original poster if this is a reply.
2004-11-17 23:05:36 +00:00
}
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars)
2004-12-11 04:07:40 +00:00
}
Initial revision
2004-03-15 16:22:00 +00:00
Html attributes and values are lowercase to be forward compatible with xhtml
2006-06-27 16:54:22 +00:00
echo "<form method=\"post\" action=\"addcomment.php\">\n";
Initial revision
2004-03-15 16:22:00 +00:00
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars)
2004-12-11 04:07:40 +00:00
echo html_frame_start($mesTitle,500,"",0);
echo '<table width="100%" border=0 cellpadding=0 cellspacing=1>',"\n";
Clean up HTML and PHP, remove extranious checks for loggedin()
2004-12-29 20:21:31 +00:00
echo "<tr class=\"color0\"><td align=right><b>From:</b>&nbsp;</td>\n";
- fix notifications - improves notifications
2005-02-02 00:14:01 +00:00
echo " <td>&nbsp;".$_SESSION['current']->sRealname."</td></tr>\n";
Clean up HTML and PHP, remove extranious checks for loggedin()
2004-12-29 20:21:31 +00:00
echo "<tr class=\"color0\"><td align=right><b>Subject:</b>&nbsp;</td>\n";
Prefix all GPC variables according to our coding standard
2006-07-06 17:27:54 +00:00
echo " <td>&nbsp;<input type=\"text\" size=\"35\" name=\"sSubject\" value=\"".$aClean['sSubject']."\" /> </td></tr>\n";
echo "<tr class=\"color1\"><td colspan=2><textarea name=\"body\" cols=\"70\" rows=\"15\" wrap=\"virtual\">".$aClean['sBody']."</textarea></td></tr>\n";
Clean up HTML and PHP, remove extranious checks for loggedin()
2004-12-29 20:21:31 +00:00
echo "<tr class=\"color1\"><td colspan=2 align=center>\n";
Html attributes and values are lowercase to be forward compatible with xhtml
2006-06-27 16:54:22 +00:00
echo " <input type=\"submit\" value=\"Post Comment\" class=\"button\" />\n";
echo " <input type=\"reset\" value=\"Reset\" class=\"button\" />\n";
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars)
2004-12-11 04:07:40 +00:00
echo "</td></tr>\n";
echo "</table>\n";
echo html_frame_end();
Prefix all GPC variables according to our coding standard
2006-07-06 17:27:54 +00:00
echo "<input type=\"hidden\" name=\"iThread\" value=\"".$aClean['iThread']."\" />\n";
echo "<input type=\"hidden\" name=\"iAppId\" value=\"".$aClean['iAppId']."\" />\n";
echo "<input type=\"hidden\" name=\"iVersionId\" value=\"".$aClean['iVersionId']."\" />\n";
if (!empty($aClean['iThread']))
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars)
2004-12-11 04:07:40 +00:00
{
Prefix all GPC variables according to our coding standard
2006-07-06 17:27:54 +00:00
echo "<input type=\"hidden\" name=\"iOriginator\" value=\"$originator\" />\n";
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars)
2004-12-11 04:07:40 +00:00
}
echo "</form>";
Initial revision
2004-03-15 16:22:00 +00:00
}
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars)
2004-12-11 04:07:40 +00:00
apidb_footer();
Initial revision
2004-03-15 16:22:00 +00:00
?>
Reference in New Issue Copy Permalink