Commit 45d5aad6 authored by Dries's avatar Dries

- Updated Drupal to use "on output" filters.  Derived from Gerhard's patch.
parent 17e5b5c2
......@@ -555,6 +555,10 @@ function rewrite_old_urls($text) {
function check_output($text) {
if (isset($text)) {
// filter content on output:
$text = filter($text);
// get the line breaks right:
if (strip_tags($text, "<a><i><b><u><tt><code><cite><strong><img>") == $text) {
$text = nl2br($text);
}
......
......@@ -254,10 +254,4 @@ function blog_block($op = "list", $delta = 0) {
}
}
function blog_validate(&$node) {
// Make sure all fields are set properly:
$node->body = filter($node->body);
$node->teaser = filter($node->teaser);
}
?>
......@@ -254,10 +254,4 @@ function blog_block($op = "list", $delta = 0) {
}
}
function blog_validate(&$node) {
// Make sure all fields are set properly:
$node->body = filter($node->body);
$node->teaser = filter($node->teaser);
}
?>
......@@ -149,8 +149,6 @@ function book_validate(&$node) {
}
else {
$node->format = 0;
$node->body = filter($node->body);
$node->teaser = filter($node->teaser);
}
// Set default values for non administrators:
......@@ -363,7 +361,7 @@ function book_body($node) {
ob_end_clean();
}
else {
$output = check_output(filter($node->body));
$output = check_output($node->body);
}
return $output;
......
......@@ -149,8 +149,6 @@ function book_validate(&$node) {
}
else {
$node->format = 0;
$node->body = filter($node->body);
$node->teaser = filter($node->teaser);
}
// Set default values for non administrators:
......@@ -363,7 +361,7 @@ function book_body($node) {
ob_end_clean();
}
else {
$output = check_output(filter($node->body));
$output = check_output($node->body);
}
return $output;
......
......@@ -58,7 +58,7 @@ function comment_user($type, $edit, &$user) {
return form_textarea(t("Signature"), "signature", $edit["signature"], 70, 3, t("Your signature will be publicly displayed at the end of your comments.") ."<br />". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>")));
case "edit_validate":
// validate user data editing
return array("signature" => filter($edit["signature"]));
return array("signature" => $edit["signature"]);
}
}
......@@ -160,10 +160,6 @@ function comment_reply($pid, $nid) {
function comment_preview($edit) {
global $user;
foreach ($edit as $key => $value) {
$comment->$key = filter($value);
}
/*
** Attach the user and time information:
*/
......@@ -210,8 +206,6 @@ function comment_post($edit) {
** Validate the comment's body.
*/
$edit["comment"] = filter($edit["comment"]);
if ($edit["comment"] == "") {
return array(t("Empty comment"), t("The comment you submitted is empty."));
}
......@@ -791,7 +785,7 @@ function comment_delete($edit) {
}
function comment_save($id, $edit) {
db_query("UPDATE comments SET subject = '%s', comment = '%s', status = %d WHERE cid = %d", filter($edit["subject"]), filter($edit["comment"]), $edit["status"], $id);
db_query("UPDATE comments SET subject = '%s', comment = '%s', status = %d WHERE cid = %d", $edit["subject"], $edit["comment"], $edit["status"], $id);
watchdog("special", "comment: modified '". $edit["subject"] ."'");
return "updated comment.";
}
......
......@@ -58,7 +58,7 @@ function comment_user($type, $edit, &$user) {
return form_textarea(t("Signature"), "signature", $edit["signature"], 70, 3, t("Your signature will be publicly displayed at the end of your comments.") ."<br />". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>")));
case "edit_validate":
// validate user data editing
return array("signature" => filter($edit["signature"]));
return array("signature" => $edit["signature"]);
}
}
......@@ -160,10 +160,6 @@ function comment_reply($pid, $nid) {
function comment_preview($edit) {
global $user;
foreach ($edit as $key => $value) {
$comment->$key = filter($value);
}
/*
** Attach the user and time information:
*/
......@@ -210,8 +206,6 @@ function comment_post($edit) {
** Validate the comment's body.
*/
$edit["comment"] = filter($edit["comment"]);
if ($edit["comment"] == "") {
return array(t("Empty comment"), t("The comment you submitted is empty."));
}
......@@ -791,7 +785,7 @@ function comment_delete($edit) {
}
function comment_save($id, $edit) {
db_query("UPDATE comments SET subject = '%s', comment = '%s', status = %d WHERE cid = %d", filter($edit["subject"]), filter($edit["comment"]), $edit["status"], $id);
db_query("UPDATE comments SET subject = '%s', comment = '%s', status = %d WHERE cid = %d", $edit["subject"], $edit["comment"], $edit["status"], $id);
watchdog("special", "comment: modified '". $edit["subject"] ."'");
return "updated comment.";
}
......
......@@ -171,8 +171,6 @@ function forum_view($node, $main = 0) {
function forum_validate(&$node) {
// Make sure all fields are set properly:
$node->body = filter($node->body);
$node->teaser = filter($node->teaser);
$node->icon = $node->icon ? $node->icon : "";
$node->shadow = $node->shadow ? $node->shadow : 0;
$node->tid = $node->tid ? $node->tid : 0;
......
......@@ -171,8 +171,6 @@ function forum_view($node, $main = 0) {
function forum_validate(&$node) {
// Make sure all fields are set properly:
$node->body = filter($node->body);
$node->teaser = filter($node->teaser);
$node->icon = $node->icon ? $node->icon : "";
$node->shadow = $node->shadow ? $node->shadow : 0;
$node->tid = $node->tid ? $node->tid : 0;
......
......@@ -125,7 +125,7 @@ function node_teaser($body) {
*/
$delimiter = strpos($body, "<!--break-->");
if ($delimiter > 0 && $delimiter < $size * 2) {
if ($delimiter > 0) {
return substr($body, 0, $delimiter);
}
......@@ -884,6 +884,8 @@ function node_validate($node, &$error) {
** Validate the title field:
*/
$node->title = strip_tags($node->title);
if (isset($node->title) && !$node->title) {
$error["title"] = theme("theme_error", t("You have to specify a valid title."));
}
......@@ -1222,7 +1224,7 @@ function node_preview($node, $error = NULL) {
if ($view->teaser && $view->teaser != $view->body) {
print "<h3>". t("Preview trimmed version") ."</h3>";
node_view($view, 1);
print "<p><i>". t("The trimmed version of your post shows how your post looks like when promoted to the main page or when exported for syndication. You can insert a delimiter '&lt;!--break--&gt' (without the quotes) to fine-tune where your post gets split. However note that delimiter will be ignored when misplaced.") ."</i></p>";
print "<p><i>". t("The trimmed version of your post shows how your post looks like when promoted to the main page or when exported for syndication. You can insert a delimiter '&lt;!--break--&gt' (without the quotes) to fine-tune where your post gets split.") ."</i></p>";
print "<h3>". t("Preview full version") ."</h3>";
node_view($view, 0);
}
......
......@@ -125,7 +125,7 @@ function node_teaser($body) {
*/
$delimiter = strpos($body, "<!--break-->");
if ($delimiter > 0 && $delimiter < $size * 2) {
if ($delimiter > 0) {
return substr($body, 0, $delimiter);
}
......@@ -884,6 +884,8 @@ function node_validate($node, &$error) {
** Validate the title field:
*/
$node->title = strip_tags($node->title);
if (isset($node->title) && !$node->title) {
$error["title"] = theme("theme_error", t("You have to specify a valid title."));
}
......@@ -1222,7 +1224,7 @@ function node_preview($node, $error = NULL) {
if ($view->teaser && $view->teaser != $view->body) {
print "<h3>". t("Preview trimmed version") ."</h3>";
node_view($view, 1);
print "<p><i>". t("The trimmed version of your post shows how your post looks like when promoted to the main page or when exported for syndication. You can insert a delimiter '&lt;!--break--&gt' (without the quotes) to fine-tune where your post gets split. However note that delimiter will be ignored when misplaced.") ."</i></p>";
print "<p><i>". t("The trimmed version of your post shows how your post looks like when promoted to the main page or when exported for syndication. You can insert a delimiter '&lt;!--break--&gt' (without the quotes) to fine-tune where your post gets split.") ."</i></p>";
print "<h3>". t("Preview full version") ."</h3>";
node_view($view, 0);
}
......
......@@ -139,8 +139,6 @@ function page_validate(&$node) {
}
else {
$node->format = 0;
$node->body = filter($node->body);
$node->teaser = filter($node->teaser);
}
}
......
......@@ -139,8 +139,6 @@ function page_validate(&$node) {
}
else {
$node->format = 0;
$node->body = filter($node->body);
$node->teaser = filter($node->teaser);
}
}
......
......@@ -146,7 +146,7 @@ function poll_insert($node) {
for ($i = 0; $i < $node->choices; $i++) {
if ($node->choice[$i] != "") {
db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES (%d, '%s', %d, %d)", $node->nid, filter($node->choice[$i]), $node->chvotes[$i], $i);
db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES (%d, '%s', %d, %d)", $node->nid, $node->choice[$i], $node->chvotes[$i], $i);
}
}
}
......@@ -263,7 +263,7 @@ function poll_view_voting(&$node, $main, $block, $links) {
if ($node->choice) {
foreach ($node->choice as $key => $value) {
if ($value != "") {
$output .= "<input type=\"radio\" name=\"pollvote[$node->nid]\" value=\"$key\" /> $value<br />";
$output .= "<input type=\"radio\" name=\"pollvote[$node->nid]\" value=\"$key\" />". filter($value) ."<br />";
}
}
}
......@@ -306,7 +306,7 @@ function poll_view_results(&$node, $main, $block, $links) {
$width = round($node->chvotes[$key] * 100 / $votesmax);
$percentage = round($node->chvotes[$key] * 100 / max($votestotal, 1));
$output .= "<div class=\"poll-text\">$value</div>";
$output .= "<div class=\"poll-text\">". filter($value) ."</div>";
$output .= "<div style=\"float:left; width:". $width ."%; height: 1em;\" class=\"poll-foreground\"></div>";
$output .= "<div style=\"float:left; width:". (100 - $width) ."%; height: 1em;\" class=\"poll-background\"></div>";
$output .= "<div align=\"right\"> $percentage%". (!$block ? " (". format_plural($node->chvotes[$key], "1 vote", "%count votes") .")" : "") ."</div>";
......@@ -379,7 +379,7 @@ function poll_update($node) {
db_query("DELETE FROM poll_choices WHERE nid = %d", $node->nid);
for ($i = 0; $i < $node->choices; $i++) {
$choice->chtext = filter($node->choice[$i]);
$choice->chtext = $node->choice[$i];
$choice->chvotes = (int)$node->chvotes[$i];
$choice->chorder = $i;
......
......@@ -146,7 +146,7 @@ function poll_insert($node) {
for ($i = 0; $i < $node->choices; $i++) {
if ($node->choice[$i] != "") {
db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES (%d, '%s', %d, %d)", $node->nid, filter($node->choice[$i]), $node->chvotes[$i], $i);
db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES (%d, '%s', %d, %d)", $node->nid, $node->choice[$i], $node->chvotes[$i], $i);
}
}
}
......@@ -263,7 +263,7 @@ function poll_view_voting(&$node, $main, $block, $links) {
if ($node->choice) {
foreach ($node->choice as $key => $value) {
if ($value != "") {
$output .= "<input type=\"radio\" name=\"pollvote[$node->nid]\" value=\"$key\" /> $value<br />";
$output .= "<input type=\"radio\" name=\"pollvote[$node->nid]\" value=\"$key\" />". filter($value) ."<br />";
}
}
}
......@@ -306,7 +306,7 @@ function poll_view_results(&$node, $main, $block, $links) {
$width = round($node->chvotes[$key] * 100 / $votesmax);
$percentage = round($node->chvotes[$key] * 100 / max($votestotal, 1));
$output .= "<div class=\"poll-text\">$value</div>";
$output .= "<div class=\"poll-text\">". filter($value) ."</div>";
$output .= "<div style=\"float:left; width:". $width ."%; height: 1em;\" class=\"poll-foreground\"></div>";
$output .= "<div style=\"float:left; width:". (100 - $width) ."%; height: 1em;\" class=\"poll-background\"></div>";
$output .= "<div align=\"right\"> $percentage%". (!$block ? " (". format_plural($node->chvotes[$key], "1 vote", "%count votes") .")" : "") ."</div>";
......@@ -379,7 +379,7 @@ function poll_update($node) {
db_query("DELETE FROM poll_choices WHERE nid = %d", $node->nid);
for ($i = 0; $i < $node->choices; $i++) {
$choice->chtext = filter($node->choice[$i]);
$choice->chtext = $node->choice[$i];
$choice->chvotes = (int)$node->chvotes[$i];
$choice->chorder = $i;
......
......@@ -81,10 +81,4 @@ function story_form(&$node, &$help, &$error) {
return $output;
}
function story_validate(&$node) {
// Make sure all fields are set properly:
$node->body = filter($node->body);
$node->teaser = filter($node->teaser);
}
?>
......@@ -81,10 +81,4 @@ function story_form(&$node, &$help, &$error) {
return $output;
}
function story_validate(&$node) {
// Make sure all fields are set properly:
$node->body = filter($node->body);
$node->teaser = filter($node->teaser);
}
?>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment