Fear In The Heart logo
     
Login: Password:

Navigation
Members

Register Members Members
New Post Listing

Forum Code View Fix

FORUM INDEX >> Public >> Website Enhancements/Updates


Login to reply!
Current Page: Viewing Posts:
1 to 3 of 3 posts


     
 
Poster Message
#6415
x REDRUM 781 x
Forum



Private
**This is taken from the PCW Core files so some line numbers may be different..**

This fix, fixes the code view in posts to where it displays the html code instead of executing the html code.

Open your /pcw/mysql_phpclanwebsite.inc file add the function to clean the slashes
Code:
function no_magic_quotes($query) {
        $data = explode("",$query);
        $cleaned = implode("",$data);
        return $cleaned;
}

I would add it at the top below the
Quote:
//** DO NOT EDIT BELOW **//
// EXTRA SECURITY SETTING To PREVENT DIRECT LINKING LEAK
If (realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME']))
{
// tell people trying To access this file directly goodbye...
Header("Location: ../index.php&quotWinks;
die();
}
//** DO NOT EDIT ABOVE **//
// *** Functions For the Page Load Timer *** //


Save it, close it, then open your /pcw/forum_post.php file look around lines 114 thru 121 for
Quote:
$insertSQL2 = sprintf("INSERT INTO cws_forum_data (thread_id, post_poster, post_ip, post_date_time, post_title, post_desc, post_data) VALUES (%s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString("$thread_id", "int&quotWinks,
GetSQLValueString($current_member_id, "int&quotWinks,
GetSQLValueString($_SERVER['REMOTE_ADDR'], "text&quotWinks,
GetSQLValueString($today, "date&quotWinks,
GetSQLValueString($_POST['post_title'], "text&quotWinks,
GetSQLValueString(htmlspecialchars($_POST['post_desc']), "text&quotWinks,
GetSQLValueString(htmlspecialchars($_POST['details']), "text&quotWinks);
and change to this
Code:
$post_details=$_POST['details'];
  $post_details=chop($post_details);
  $post_details=quotemeta($post_details);
  $post_details=addslashes($post_details);
  $insertSQL2 = sprintf("INSERT INTO cws_forum_data (thread_id, post_poster, post_ip, post_date_time, post_title, post_desc, post_data) VALUES (%s, %s, %s, %s, %s, %s, %s)",
  GetSQLValueString("$thread_id", "int"),
  GetSQLValueString($current_member_id, "int"),
  GetSQLValueString($_SERVER['REMOTE_ADDR'], "text"),
  GetSQLValueString($today, "date"),
  GetSQLValueString($_POST['post_title'], "text"),
  GetSQLValueString(htmlspecialchars($_POST['post_desc']), "text"),
  //GetSQLValueString(htmlspecialchars($_POST['details']), "text"));
  GetSQLValueString($post_details, "text"));
Save that, close that, then open /pcw/forum_reply.php and look around lines 111 thru line 118
Quote:
$insertSQL = sprintf("INSERT INTO cws_forum_data (thread_id, post_poster, post_ip, post_date_time, post_title, post_desc, post_data) VALUES (%s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($par, "int&quotWinks,
GetSQLValueString($current_member_id, "text&quotWinks,
GetSQLValueString($_SERVER['REMOTE_ADDR'], "text&quotWinks,
GetSQLValueString($today, "date&quotWinks,
quote_smart($row_thread_info['post_title']),
quote_smart($row_thread_info['post_desc']),
GetSQLValueString(htmlspecialchars($_POST['details']), "text&quotWinks);
and change it to this
Code:
  $post_details=$_POST['details'];
  $post_details=chop($post_details);
  $post_details=quotemeta($post_details);
  $post_details=addslashes($post_details);
  $insertSQL = sprintf("INSERT INTO cws_forum_data (thread_id, post_poster, post_ip, post_date_time, post_title, post_desc, post_data) VALUES (%s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($par, "int"),
                       GetSQLValueString($current_member_id, "text"),
                       GetSQLValueString($_SERVER['REMOTE_ADDR'], "text"),
                       GetSQLValueString($today, "date"),
                       quote_smart($row_thread_info['post_title']),
                       quote_smart($row_thread_info['post_desc']),
                       //GetSQLValueString(htmlspecialchars($_POST['details']), "text"));
             GetSQLValueString($post_details, "text"));
then go on down to around lines 309 thru 319 looking for the following
Quote:
// Display Results using a for loop
for ($a=0; $a < $SQL_Rows; $a++)
{
$SQL_Array=mysql_fetch_array($SQL_Result);
$post_id = htmlspecialchars($SQL_Array["post_id"]);
$post_poster = htmlspecialchars($SQL_Array["post_poster"]);
$date = htmlspecialchars($SQL_Array["post_date_time"]);
$post_title = htmlspecialchars($SQL_Array["post_title"]);
$post_desc = htmlspecialchars($SQL_Array["post_desc"]);
$post_data = $SQL_Array["post_data"];
$post_ip = htmlspecialchars($SQL_Array["post_ip"]);
and change it to this
Code:
// Display Results using a for loop
for ($a=0; $a < $SQL_Rows; $a++)
    {
    $SQL_Array=mysql_fetch_array($SQL_Result);
    $post_id = htmlspecialchars($SQL_Array["post_id"]);
    $post_poster = htmlspecialchars($SQL_Array["post_poster"]);
    $date = htmlspecialchars($SQL_Array["post_date_time"]);
    $post_title = htmlspecialchars($SQL_Array["post_title"]);
    $post_desc = htmlspecialchars($SQL_Array["post_desc"]);
    $post_data = htmlspecialchars($SQL_Array["post_data"]);
  $post_data = no_magic_quotes($post_data);
    $post_ip = htmlspecialchars($SQL_Array["post_ip"]);
Save it then open /pcw/forum_view_post.php and look for line 205
Quote:
<td class="forumpost" valign="middle"><?php $post_data = $row_forum_data_grab['post_data']; $post_data = BBCodeNoHTML($post_data); $post_data = nono_filter($post_data); echo $post_data; ?>
and change it to this
Code:
   <td class="forumpost" valign="middle"><?php $post_data = htmlspecialchars($row_forum_data_grab['post_data']); $post_data = no_magic_quotes($post_data); $post_data = BBCodeNoHTML($post_data); $post_data = nono_filter($post_data); echo $post_data; ?>
Then save it and that should fix it.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
CALMING THE DISTURBED, AND DISTURBING THE CALM
Midnight Clan Wars


Apr 1, 2011, 12:17pm View x REDRUM 781 x's Profile Private Message x REDRUM 781 x


     
 
Poster Message
#6419
(v)orpheus
Owners/Senior Leaders



Major
I have updated my site as best I could.

Code:
·


I think it doesnt work for me, cause I am actually allowed to post HTML code

» Last Edited By (v)orpheus @ Apr 1, 2011, 5:10pm

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


Apr 1, 2011, 5:06pm View (v)orpheus's Profile Private Message (v)orpheus


     
 
Poster Message
#6420
x REDRUM 781 x
Forum



Private
The fix I did for the Forum Mod should fix that even when you have HTML enabled unless you have other mods on your forums.

If you do, just apply the other mods to the files before you save it.

Goto http://midnightclanwars.com/test/index.php?page=downloads&func=dl_file&par=3&dl=a233f3f2f838260cdddeea0c89948b7 to download it.

This link is temporary and will be moved when I get the new PCW up and going.

» Last Edited By x REDRUM 781 x @ Apr 4, 2011, 11:34am

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
CALMING THE DISTURBED, AND DISTURBING THE CALM
Midnight Clan Wars


Apr 4, 2011, 11:32am View x REDRUM 781 x's Profile Private Message x REDRUM 781 x
Current Page:
Viewing Posts:
1 to 3 of 3 posts

Login to reply!
FORUM INDEX >> Public >> Website Enhancements/Updates

Show Permissions



     
  Forum Info
Forum Avatar Our users have posted a total of 2886 articles
We have 148 registered users
In total there is 3 users online :: 0 Members and 3 Guests
[ Owners/Senior Leaders ] [ Leaders ] [ Fear-some - #fith ] [ Inactive ] [ Forum ] [ Fear the Chileans ] [ The Ashamed ]
Registered Users:
:: This data is based on user activity over the past five minutes ::



     
     

Valid CSS!


Page loaded in
0.822571 seconds