kontakt
/
engelsystem
3
0
Fork 0
Code Issues 12 Pull Requests Projects Releases Wiki Activity

questions: Don't strip content from messages

Browse Source 
closes #545 ("=" removed in Questions & Answers)
main
Igor Scheller 6 years ago committed by msquare
parent 012d5a4722
commit 6df3dc8489
3 changed files with 18 additions and 16 deletions
Show Stats Download Patch File Download Diff File

23
includes/pages/admin_questions.php
Unescape Escape View File

@ -51,7 +51,7 @@ function admin_questions()
$unanswered_questions_table[] = [ $unanswered_questions_table[] = [
'from' => User_Nick_render($user_source), 'from' => User_Nick_render($user_source),
'question' => str_replace("\n", '<br />', $question['Question']), 'question' => nl2br(htmlspecialchars($question['Question'])),
'answer' => form([ 'answer' => form([
form_textarea('answer', '', ''), form_textarea('answer', '', ''),
form_submit('submit', __('Save')) form_submit('submit', __('Save'))
@ -69,9 +69,9 @@ function admin_questions()
$answer_user_source = User::find($question['AID']); $answer_user_source = User::find($question['AID']);
$answered_questions_table[] = [ $answered_questions_table[] = [
'from' => User_Nick_render($user_source), 'from' => User_Nick_render($user_source),
'question' => str_replace("\n", '<br />', $question['Question']), 'question' => nl2br(htmlspecialchars($question['Question'])),
'answered_by' => User_Nick_render($answer_user_source), 'answered_by' => User_Nick_render($answer_user_source),
'answer' => str_replace("\n", '<br />', $question['Answer']), 'answer' => nl2br(htmlspecialchars($question['Answer'])),
'actions' => form([ 'actions' => form([
form_submit('submit', __('delete'), 'btn-xs') form_submit('submit', __('delete'), 'btn-xs')
], page_link_to('admin_questions', ['action' => 'delete', 'id' => $question['QID']])) ], page_link_to('admin_questions', ['action' => 'delete', 'id' => $question['QID']]))
@ -113,13 +113,9 @@ function admin_questions()
[$question_id] [$question_id]
); );
if (!empty($question) && empty($question['AID'])) { if (!empty($question) && empty($question['AID'])) {
$answer = trim( $answer = trim($request->input('answer'));
preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui",
'',
strip_tags($request->input('answer'))
));
if ($answer != '') { if (!empty($answer)) {
DB::update(' DB::update('
UPDATE `Questions` UPDATE `Questions`
SET `AID`=?, `Answer`=? SET `AID`=?, `Answer`=?
@ -132,7 +128,12 @@ function admin_questions()
$question_id, $question_id,
] ]
); );
engelsystem_log('Question ' . $question['Question'] . ' answered: ' . $answer); engelsystem_log(
'Question '
. htmlspecialchars($question['Question'])
. ' answered: '
. htmlspecialchars($answer)
);
redirect(page_link_to('admin_questions')); redirect(page_link_to('admin_questions'));
} else { } else {
return error('Enter an answer!', true); return error('Enter an answer!', true);
@ -158,7 +159,7 @@ function admin_questions()
); );
if (!empty($question)) { if (!empty($question)) {
DB::delete('DELETE FROM `Questions` WHERE `QID`=? LIMIT 1', [$question_id]); DB::delete('DELETE FROM `Questions` WHERE `QID`=? LIMIT 1', [$question_id]);
engelsystem_log('Question deleted: ' . $question['Question']); engelsystem_log('Question deleted: ' . htmlspecialchars($question['Question']));
redirect(page_link_to('admin_questions')); redirect(page_link_to('admin_questions'));
} else { } else {
return error('No question found.', true); return error('No question found.', true);

5
includes/pages/user_questions.php
Unescape Escape View File

@ -29,6 +29,7 @@ function user_questions()
'SELECT * FROM `Questions` WHERE NOT `AID` IS NULL AND `UID`=?', 'SELECT * FROM `Questions` WHERE NOT `AID` IS NULL AND `UID`=?',
[$user->id] [$user->id]
); );
foreach ($answered_questions as &$question) { foreach ($answered_questions as &$question) {
$answer_user_source = User::find($question['AID']); $answer_user_source = User::find($question['AID']);
$question['answer_user'] = User_Nick_render($answer_user_source); $question['answer_user'] = User_Nick_render($answer_user_source);
@ -42,8 +43,8 @@ function user_questions()
} else { } else {
switch ($request->input('action')) { switch ($request->input('action')) {
case 'ask': case 'ask':
$question = strip_request_item_nl('question'); $question = request()->get('question');
if ($question != '' && $request->hasPostData('submit')) { if (!empty($question) && $request->hasPostData('submit')) {
DB::insert(' DB::insert('
INSERT INTO `Questions` (`UID`, `Question`) INSERT INTO `Questions` (`UID`, `Question`)
VALUES (?, ?) VALUES (?, ?)

6
includes/view/Questions_view.php
Unescape Escape View File

@ -12,12 +12,12 @@ function Questions_view($open_questions, $answered_questions, $ask_action)
$question['actions'] = form([ $question['actions'] = form([
form_submit('submit', __('delete'), 'btn-default btn-xs') form_submit('submit', __('delete'), 'btn-default btn-xs')
], page_link_to('user_questions', ['action' => 'delete', 'id' => $question['QID']])); ], page_link_to('user_questions', ['action' => 'delete', 'id' => $question['QID']]));
$question['Question'] = str_replace("\n", '<br />', $question['Question']); $question['Question'] = nl2br(htmlspecialchars($question['Question']));
} }
foreach ($answered_questions as &$question) { foreach ($answered_questions as &$question) {
$question['Question'] = str_replace("\n", '<br />', $question['Question']); $question['Question'] = nl2br(htmlspecialchars($question['Question']));
$question['Answer'] = str_replace("\n", '<br />', $question['Answer']); $question['Answer'] = nl2br(htmlspecialchars($question['Answer']));
$question['actions'] = form([ $question['actions'] = form([
form_submit('submit', __('delete'), 'btn-default btn-xs') form_submit('submit', __('delete'), 'btn-default btn-xs')
], page_link_to('user_questions', ['action' => 'delete', 'id' => $question['QID']])); ], page_link_to('user_questions', ['action' => 'delete', 'id' => $question['QID']]));

Write Preview
Loading…
Cancel
Save