From 45d5aad6dfde192ef5b986f3233a41f15d035f24 Mon Sep 17 00:00:00 2001 From: Dries Buytaert <dries@buytaert.net> Date: Sat, 24 May 2003 16:26:13 +0000 Subject: [PATCH] - Updated Drupal to use "on output" filters. Derived from Gerhard's patch. --- includes/common.inc | 4 ++++ modules/blog.module | 6 ------ modules/blog/blog.module | 6 ------ modules/book.module | 4 +--- modules/book/book.module | 4 +--- modules/comment.module | 10 ++-------- modules/comment/comment.module | 10 ++-------- modules/forum.module | 2 -- modules/forum/forum.module | 2 -- modules/node.module | 6 ++++-- modules/node/node.module | 6 ++++-- modules/page.module | 2 -- modules/page/page.module | 2 -- modules/poll.module | 8 ++++---- modules/poll/poll.module | 8 ++++---- modules/story.module | 6 ------ modules/story/story.module | 6 ------ 17 files changed, 26 insertions(+), 66 deletions(-) diff --git a/includes/common.inc b/includes/common.inc index 9ba97260fb01..35af870e2969 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -555,6 +555,10 @@ function rewrite_old_urls($text) { function check_output($text) { if (isset($text)) { + // filter content on output: + $text = filter($text); + + // get the line breaks right: if (strip_tags($text, "<a><i><b><u><tt><code><cite><strong><img>") == $text) { $text = nl2br($text); } diff --git a/modules/blog.module b/modules/blog.module index 4852ee12850d..ae096a19d2b1 100644 --- a/modules/blog.module +++ b/modules/blog.module @@ -254,10 +254,4 @@ function blog_block($op = "list", $delta = 0) { } } -function blog_validate(&$node) { - // Make sure all fields are set properly: - $node->body = filter($node->body); - $node->teaser = filter($node->teaser); -} - ?> diff --git a/modules/blog/blog.module b/modules/blog/blog.module index 4852ee12850d..ae096a19d2b1 100644 --- a/modules/blog/blog.module +++ b/modules/blog/blog.module @@ -254,10 +254,4 @@ function blog_block($op = "list", $delta = 0) { } } -function blog_validate(&$node) { - // Make sure all fields are set properly: - $node->body = filter($node->body); - $node->teaser = filter($node->teaser); -} - ?> diff --git a/modules/book.module b/modules/book.module index dcc40ae25dab..200ea3c116b9 100644 --- a/modules/book.module +++ b/modules/book.module @@ -149,8 +149,6 @@ function book_validate(&$node) { } else { $node->format = 0; - $node->body = filter($node->body); - $node->teaser = filter($node->teaser); } // Set default values for non administrators: @@ -363,7 +361,7 @@ function book_body($node) { ob_end_clean(); } else { - $output = check_output(filter($node->body)); + $output = check_output($node->body); } return $output; diff --git a/modules/book/book.module b/modules/book/book.module index dcc40ae25dab..200ea3c116b9 100644 --- a/modules/book/book.module +++ b/modules/book/book.module @@ -149,8 +149,6 @@ function book_validate(&$node) { } else { $node->format = 0; - $node->body = filter($node->body); - $node->teaser = filter($node->teaser); } // Set default values for non administrators: @@ -363,7 +361,7 @@ function book_body($node) { ob_end_clean(); } else { - $output = check_output(filter($node->body)); + $output = check_output($node->body); } return $output; diff --git a/modules/comment.module b/modules/comment.module index fca716b3151f..b4c333a4b388 100644 --- a/modules/comment.module +++ b/modules/comment.module @@ -58,7 +58,7 @@ function comment_user($type, $edit, &$user) { return form_textarea(t("Signature"), "signature", $edit["signature"], 70, 3, t("Your signature will be publicly displayed at the end of your comments.") ."<br />". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>"))); case "edit_validate": // validate user data editing - return array("signature" => filter($edit["signature"])); + return array("signature" => $edit["signature"]); } } @@ -160,10 +160,6 @@ function comment_reply($pid, $nid) { function comment_preview($edit) { global $user; - foreach ($edit as $key => $value) { - $comment->$key = filter($value); - } - /* ** Attach the user and time information: */ @@ -210,8 +206,6 @@ function comment_post($edit) { ** Validate the comment's body. */ - $edit["comment"] = filter($edit["comment"]); - if ($edit["comment"] == "") { return array(t("Empty comment"), t("The comment you submitted is empty.")); } @@ -791,7 +785,7 @@ function comment_delete($edit) { } function comment_save($id, $edit) { - db_query("UPDATE comments SET subject = '%s', comment = '%s', status = %d WHERE cid = %d", filter($edit["subject"]), filter($edit["comment"]), $edit["status"], $id); + db_query("UPDATE comments SET subject = '%s', comment = '%s', status = %d WHERE cid = %d", $edit["subject"], $edit["comment"], $edit["status"], $id); watchdog("special", "comment: modified '". $edit["subject"] ."'"); return "updated comment."; } diff --git a/modules/comment/comment.module b/modules/comment/comment.module index fca716b3151f..b4c333a4b388 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -58,7 +58,7 @@ function comment_user($type, $edit, &$user) { return form_textarea(t("Signature"), "signature", $edit["signature"], 70, 3, t("Your signature will be publicly displayed at the end of your comments.") ."<br />". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>"))); case "edit_validate": // validate user data editing - return array("signature" => filter($edit["signature"])); + return array("signature" => $edit["signature"]); } } @@ -160,10 +160,6 @@ function comment_reply($pid, $nid) { function comment_preview($edit) { global $user; - foreach ($edit as $key => $value) { - $comment->$key = filter($value); - } - /* ** Attach the user and time information: */ @@ -210,8 +206,6 @@ function comment_post($edit) { ** Validate the comment's body. */ - $edit["comment"] = filter($edit["comment"]); - if ($edit["comment"] == "") { return array(t("Empty comment"), t("The comment you submitted is empty.")); } @@ -791,7 +785,7 @@ function comment_delete($edit) { } function comment_save($id, $edit) { - db_query("UPDATE comments SET subject = '%s', comment = '%s', status = %d WHERE cid = %d", filter($edit["subject"]), filter($edit["comment"]), $edit["status"], $id); + db_query("UPDATE comments SET subject = '%s', comment = '%s', status = %d WHERE cid = %d", $edit["subject"], $edit["comment"], $edit["status"], $id); watchdog("special", "comment: modified '". $edit["subject"] ."'"); return "updated comment."; } diff --git a/modules/forum.module b/modules/forum.module index 3c9edcc49342..e5f2db09b80d 100644 --- a/modules/forum.module +++ b/modules/forum.module @@ -171,8 +171,6 @@ function forum_view($node, $main = 0) { function forum_validate(&$node) { // Make sure all fields are set properly: - $node->body = filter($node->body); - $node->teaser = filter($node->teaser); $node->icon = $node->icon ? $node->icon : ""; $node->shadow = $node->shadow ? $node->shadow : 0; $node->tid = $node->tid ? $node->tid : 0; diff --git a/modules/forum/forum.module b/modules/forum/forum.module index 3c9edcc49342..e5f2db09b80d 100644 --- a/modules/forum/forum.module +++ b/modules/forum/forum.module @@ -171,8 +171,6 @@ function forum_view($node, $main = 0) { function forum_validate(&$node) { // Make sure all fields are set properly: - $node->body = filter($node->body); - $node->teaser = filter($node->teaser); $node->icon = $node->icon ? $node->icon : ""; $node->shadow = $node->shadow ? $node->shadow : 0; $node->tid = $node->tid ? $node->tid : 0; diff --git a/modules/node.module b/modules/node.module index 1b9202e68eeb..1b3b7551e644 100644 --- a/modules/node.module +++ b/modules/node.module @@ -125,7 +125,7 @@ function node_teaser($body) { */ $delimiter = strpos($body, "<!--break-->"); - if ($delimiter > 0 && $delimiter < $size * 2) { + if ($delimiter > 0) { return substr($body, 0, $delimiter); } @@ -884,6 +884,8 @@ function node_validate($node, &$error) { ** Validate the title field: */ + $node->title = strip_tags($node->title); + if (isset($node->title) && !$node->title) { $error["title"] = theme("theme_error", t("You have to specify a valid title.")); } @@ -1222,7 +1224,7 @@ function node_preview($node, $error = NULL) { if ($view->teaser && $view->teaser != $view->body) { print "<h3>". t("Preview trimmed version") ."</h3>"; node_view($view, 1); - print "<p><i>". t("The trimmed version of your post shows how your post looks like when promoted to the main page or when exported for syndication. You can insert a delimiter '<!--break-->' (without the quotes) to fine-tune where your post gets split. However note that delimiter will be ignored when misplaced.") ."</i></p>"; + print "<p><i>". t("The trimmed version of your post shows how your post looks like when promoted to the main page or when exported for syndication. You can insert a delimiter '<!--break-->' (without the quotes) to fine-tune where your post gets split.") ."</i></p>"; print "<h3>". t("Preview full version") ."</h3>"; node_view($view, 0); } diff --git a/modules/node/node.module b/modules/node/node.module index 1b9202e68eeb..1b3b7551e644 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -125,7 +125,7 @@ function node_teaser($body) { */ $delimiter = strpos($body, "<!--break-->"); - if ($delimiter > 0 && $delimiter < $size * 2) { + if ($delimiter > 0) { return substr($body, 0, $delimiter); } @@ -884,6 +884,8 @@ function node_validate($node, &$error) { ** Validate the title field: */ + $node->title = strip_tags($node->title); + if (isset($node->title) && !$node->title) { $error["title"] = theme("theme_error", t("You have to specify a valid title.")); } @@ -1222,7 +1224,7 @@ function node_preview($node, $error = NULL) { if ($view->teaser && $view->teaser != $view->body) { print "<h3>". t("Preview trimmed version") ."</h3>"; node_view($view, 1); - print "<p><i>". t("The trimmed version of your post shows how your post looks like when promoted to the main page or when exported for syndication. You can insert a delimiter '<!--break-->' (without the quotes) to fine-tune where your post gets split. However note that delimiter will be ignored when misplaced.") ."</i></p>"; + print "<p><i>". t("The trimmed version of your post shows how your post looks like when promoted to the main page or when exported for syndication. You can insert a delimiter '<!--break-->' (without the quotes) to fine-tune where your post gets split.") ."</i></p>"; print "<h3>". t("Preview full version") ."</h3>"; node_view($view, 0); } diff --git a/modules/page.module b/modules/page.module index 3ea8403b9772..96c932c9e838 100644 --- a/modules/page.module +++ b/modules/page.module @@ -139,8 +139,6 @@ function page_validate(&$node) { } else { $node->format = 0; - $node->body = filter($node->body); - $node->teaser = filter($node->teaser); } } diff --git a/modules/page/page.module b/modules/page/page.module index 3ea8403b9772..96c932c9e838 100644 --- a/modules/page/page.module +++ b/modules/page/page.module @@ -139,8 +139,6 @@ function page_validate(&$node) { } else { $node->format = 0; - $node->body = filter($node->body); - $node->teaser = filter($node->teaser); } } diff --git a/modules/poll.module b/modules/poll.module index 81979e3d5ce2..c4bdaa904b7d 100644 --- a/modules/poll.module +++ b/modules/poll.module @@ -146,7 +146,7 @@ function poll_insert($node) { for ($i = 0; $i < $node->choices; $i++) { if ($node->choice[$i] != "") { - db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES (%d, '%s', %d, %d)", $node->nid, filter($node->choice[$i]), $node->chvotes[$i], $i); + db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES (%d, '%s', %d, %d)", $node->nid, $node->choice[$i], $node->chvotes[$i], $i); } } } @@ -263,7 +263,7 @@ function poll_view_voting(&$node, $main, $block, $links) { if ($node->choice) { foreach ($node->choice as $key => $value) { if ($value != "") { - $output .= "<input type=\"radio\" name=\"pollvote[$node->nid]\" value=\"$key\" /> $value<br />"; + $output .= "<input type=\"radio\" name=\"pollvote[$node->nid]\" value=\"$key\" />". filter($value) ."<br />"; } } } @@ -306,7 +306,7 @@ function poll_view_results(&$node, $main, $block, $links) { $width = round($node->chvotes[$key] * 100 / $votesmax); $percentage = round($node->chvotes[$key] * 100 / max($votestotal, 1)); - $output .= "<div class=\"poll-text\">$value</div>"; + $output .= "<div class=\"poll-text\">". filter($value) ."</div>"; $output .= "<div style=\"float:left; width:". $width ."%; height: 1em;\" class=\"poll-foreground\"></div>"; $output .= "<div style=\"float:left; width:". (100 - $width) ."%; height: 1em;\" class=\"poll-background\"></div>"; $output .= "<div align=\"right\"> $percentage%". (!$block ? " (". format_plural($node->chvotes[$key], "1 vote", "%count votes") .")" : "") ."</div>"; @@ -379,7 +379,7 @@ function poll_update($node) { db_query("DELETE FROM poll_choices WHERE nid = %d", $node->nid); for ($i = 0; $i < $node->choices; $i++) { - $choice->chtext = filter($node->choice[$i]); + $choice->chtext = $node->choice[$i]; $choice->chvotes = (int)$node->chvotes[$i]; $choice->chorder = $i; diff --git a/modules/poll/poll.module b/modules/poll/poll.module index 81979e3d5ce2..c4bdaa904b7d 100644 --- a/modules/poll/poll.module +++ b/modules/poll/poll.module @@ -146,7 +146,7 @@ function poll_insert($node) { for ($i = 0; $i < $node->choices; $i++) { if ($node->choice[$i] != "") { - db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES (%d, '%s', %d, %d)", $node->nid, filter($node->choice[$i]), $node->chvotes[$i], $i); + db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES (%d, '%s', %d, %d)", $node->nid, $node->choice[$i], $node->chvotes[$i], $i); } } } @@ -263,7 +263,7 @@ function poll_view_voting(&$node, $main, $block, $links) { if ($node->choice) { foreach ($node->choice as $key => $value) { if ($value != "") { - $output .= "<input type=\"radio\" name=\"pollvote[$node->nid]\" value=\"$key\" /> $value<br />"; + $output .= "<input type=\"radio\" name=\"pollvote[$node->nid]\" value=\"$key\" />". filter($value) ."<br />"; } } } @@ -306,7 +306,7 @@ function poll_view_results(&$node, $main, $block, $links) { $width = round($node->chvotes[$key] * 100 / $votesmax); $percentage = round($node->chvotes[$key] * 100 / max($votestotal, 1)); - $output .= "<div class=\"poll-text\">$value</div>"; + $output .= "<div class=\"poll-text\">". filter($value) ."</div>"; $output .= "<div style=\"float:left; width:". $width ."%; height: 1em;\" class=\"poll-foreground\"></div>"; $output .= "<div style=\"float:left; width:". (100 - $width) ."%; height: 1em;\" class=\"poll-background\"></div>"; $output .= "<div align=\"right\"> $percentage%". (!$block ? " (". format_plural($node->chvotes[$key], "1 vote", "%count votes") .")" : "") ."</div>"; @@ -379,7 +379,7 @@ function poll_update($node) { db_query("DELETE FROM poll_choices WHERE nid = %d", $node->nid); for ($i = 0; $i < $node->choices; $i++) { - $choice->chtext = filter($node->choice[$i]); + $choice->chtext = $node->choice[$i]; $choice->chvotes = (int)$node->chvotes[$i]; $choice->chorder = $i; diff --git a/modules/story.module b/modules/story.module index 2ac869fa3c01..85934285f8f9 100644 --- a/modules/story.module +++ b/modules/story.module @@ -81,10 +81,4 @@ function story_form(&$node, &$help, &$error) { return $output; } - -function story_validate(&$node) { - // Make sure all fields are set properly: - $node->body = filter($node->body); - $node->teaser = filter($node->teaser); -} ?> diff --git a/modules/story/story.module b/modules/story/story.module index 2ac869fa3c01..85934285f8f9 100644 --- a/modules/story/story.module +++ b/modules/story/story.module @@ -81,10 +81,4 @@ function story_form(&$node, &$help, &$error) { return $output; } - -function story_validate(&$node) { - // Make sure all fields are set properly: - $node->body = filter($node->body); - $node->teaser = filter($node->teaser); -} ?> -- GitLab