Re: HTLM dans mes forums | Titre du sujet : Re: HTLM dans mes forums par patz sur 10/08/2006 12:19:58
j'ai réussi à accéder à la page de sourceforge mais qui donne une solution pour les versions 2.2.x à 2.2.5 , je ne sais pas si cela peut être appliqué aux versions 2.0.14 . Il s'agirait a priori d'un bug sur mytextsanityzer::previextextarea
voici le code du fichier si la page de sourceforge est de nouveau inaccessible
"Bug #1460973: "comment preview produces garbage". The problem was caused by unexpected xcode parsing in MyTextSanitizer::previewTarea. A more complete solution should come with reference correction."
<?php
2 // $Id$
3 // ------------------------------------------------------------------------ //
4 // XOOPS - PHP Content Management System //
5 // Copyright (c) 2000 XOOPS.org //
6 // <http://www.xoops.org/> ... nbsp; //
7 // ------------------------------------------------------------------------ //
8 // This program is free software; you can redistribute it and/or modify //
9 // it under the terms of the GNU General Public License as published by //
10 // the Free Software Foundation; either version 2 of the License, or //
11 // (at your option) any later version. //
12 // //
13 // You may not change or alter any portion of this comment or credits //
14 // of supporting developers from this source code or any supporting //
15 // source code which is considered copyrighted (c) material of the //
16 // original comment or credit authors. //
17 // //
18 // This program is distributed in the hope that it will be useful, //
19 // but WITHOUT ANY WARRANTY; without even the implied warranty of //
20 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
21 // GNU General Public License for more details. //
22 // //
23 // You should have received a copy of the GNU General Public License //
24 // along with this program; if not, write to the Free Software //
25 // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA //
26 // ------------------------------------------------------------------------ //
27 // Author: Kazumi Ono (AKA onokazu) //
28 // URL: http://www.xoops.org/ http://jp. ... yweb.ne.jp/ //
29 // Project: The XOOPS Project (http://www.xoops.org/) //
30 // ------------------------------------------------------------------------- //
31
32 if (!defined('XOOPS_ROOT_PATH') || !is_object($xoopsModule)) {
33 exit();
34 }
35 include_once XOOPS_ROOT_PATH.'/language/'.$xoopsConfig['language'].'/comment.php';
36 include_once XOOPS_ROOT_PATH.'/include/comment_constants.php';
37 if ('system' == $xoopsModule->getVar('dirname')) {
38 $com_id = isset($_POST['com_id']) ? intval($_POST['com_id']) : 0;
39 if (empty($com_id)) {
40 exit();
41 }
42 $comment_handler =& xoops_gethandler('comment');
43 $comment =& $comment_handler->get($com_id);
44 $module_handler =& xoops_gethandler('module');
45 $module =& $module_handler->get($comment->getVar('com_modid'));
46 $comment_config = $module->getInfo('comments');
47 $com_modid = $module->getVar('mid');
48 $redirect_page = XOOPS_URL.'/modules/system/admin.php?fct=comments&com_modid='.$com_modid.'&com_itemid';
49 $moddir = $module->getVar('dirname');
50 unset($comment);
51 } else {
52 if (XOOPS_COMMENT_APPROVENONE == $xoopsModuleConfig['com_rule']) {
53 exit();
54 }
55 $comment_config = $xoopsModule->getInfo('comments');
56 $com_modid = $xoopsModule->getVar('mid');
57 $redirect_page = $comment_config['pageName'].'?';
58 if (isset($comment_config['extraParams']) && is_array($comment_config['extraParams'])) {
59 $extra_params = '';
60 foreach ($comment_config['extraParams'] as $extra_param) {
61 $extra_params .= isset($_POST[$extra_param]) ? $extra_param.'='.htmlspecialchars($_POST[$extra_param]).'&' : $extra_param.'=&';
62 }
63 $redirect_page .= $extra_params;
64 }
65 $redirect_page .= $comment_config['itemName'];
66 $comment_url = $redirect_page;
67 $moddir = $xoopsModule->getVar('dirname');
68 }
69 $op = '';
70 if (!empty($_POST)) {
71 foreach ($_POST as $k => $v) {
72 ${$k} = $v;
73 }
74
75 if (isset($com_dopost)) {
76 $op = 'post';
77 } elseif (isset($com_dopreview)) {
78 $op = 'preview';
79 }
80 if (isset($com_dodelete)) {
81 $op = 'delete';
82 }
83
84 if ($op == 'preview' || $op == 'post') {
85 if (!$GLOBALS['xoopsSecurity']->check()) {
86 $op = '';
87 }
88 }
89
90 $com_mode = isset($com_mode) ? htmlspecialchars(trim($com_mode), ENT_QUOTES) : 'flat';
91 $com_order = isset($com_order) ? intval($com_order) : XOOPS_COMMENT_OLD1ST;
92 $com_id = isset($com_id) ? intval($com_id) : 0;
93 $com_itemid = isset($com_itemid) ? intval($com_itemid) : 0;
94 $com_status = isset($com_status) ? intval($com_status) : 0;
95 $dosmiley = (isset($dosmiley) && intval($dosmiley) > 0) ? 1 : 0;
96 $doxcode = (isset($doxcode) && intval($doxcode) > 0) ? 1 : 0;
97 $dobr = (isset($dobr) && intval($dobr) > 0) ? 1 : 0;
98 } else {
99 exit();
100 }
101
102 switch ( $op ) {
103
104 case "delete":
105 include XOOPS_ROOT_PATH.'/include/comment_delete.php';
106 break;
107 case "preview":
108 $myts =& MyTextSanitizer::getInstance();
109 $doimage = 1;
110 $com_title = $myts->htmlSpecialChars($myts->stripSlashesGPC($com_title));
111 $dohtml = isset($dohtml) ? intval($dohtml) : 0;
112 if ($dohtml != 0) {
113 if (is_object($xoopsUser)) {
114 if (!$xoopsUser->isAdmin($com_modid)) {
115 $sysperm_handler =& xoops_gethandler('groupperm');
116 if (!$sysperm_handler->checkRight('system_admin', XOOPS_SYSTEM_COMMENT, $xoopsUser->getGroups())) {
117 $dohtml = 0;
118 }
119 }
120 } else {
121 $dohtml = 0;
122 }
123 }
124 $p_comment =& $myts->previewTarea($_POST['com_text'], $dohtml, $dosmiley, $doxcode, $doimage, $dobr);
125 $com_icon = (!empty($com_icon) && is_file(XOOPS_ROOT_PATH . "/images/subject/" . $com_icon) ) ? $com_icon : '';
126 $noname = isset($noname) ? intval($noname) : 0;
127 $com_text = $myts->htmlSpecialChars($myts->stripSlashesGPC($com_text));
128 if ($xoopsModule->getVar('dirname') != 'system') {
129 include XOOPS_ROOT_PATH.'/header.php';
130 themecenterposts($com_title, $p_comment);
131 include XOOPS_ROOT_PATH.'/include/comment_form.php';
132 include XOOPS_ROOT_PATH.'/footer.php';
133 } else {
134 xoops_cp_header();
135 themecenterposts($com_title, $p_comment);
136 include XOOPS_ROOT_PATH.'/include/comment_form.php';
137 xoops_cp_footer();
138 }
139 break;
140 case "post":
141 $doimage = 1;
142 $comment_handler =& xoops_gethandler('comment');
143 $add_userpost = false;
144 $call_approvefunc = false;
145 $call_updatefunc = false;
146 // RMV-NOTIFY - this can be set to 'comment' or 'comment_submit'
147 $notify_event = false;
148 if (!empty($com_id)) {
149 $comment =& $comment_handler->get($com_id);
150 $accesserror = false;
151
152 if (is_object($xoopsUser)) {
153 $sysperm_handler =& xoops_gethandler('groupperm');
154 if ($xoopsUser->isAdmin($com_modid) || $sysperm_handler->checkRight('system_admin', XOOPS_SYSTEM_COMMENT, $xoopsUser->getGroups())) {
155 $dohtml = (!empty($dohtml)) ? 1 : 0;
156 if (!empty($com_status) && $com_status != XOOPS_COMMENT_PENDING) {
157 $old_com_status = $comment->getVar('com_status');
158 $comment->setVar('com_status', $com_status);
159 // if changing status from pending state, increment user post
160 if (XOOPS_COMMENT_PENDING == $old_com_status) {
161 $add_userpost = true;
162 if (XOOPS_COMMENT_ACTIVE == $com_status) {
163 $call_updatefunc = true;
164 $call_approvefunc = true;
165 // RMV-NOTIFY
166 $notify_event = 'comment';
167 }
168 } elseif (XOOPS_COMMENT_HIDDEN == $old_com_status && XOOPS_COMMENT_ACTIVE == $com_status) {
169 $call_updatefunc = true;
170 // Comments can not be directly posted hidden,
171 // no need to send notification here
172 } elseif (XOOPS_COMMENT_ACTIVE == $old_com_status && XOOPS_COMMENT_HIDDEN == $com_status) {
173 $call_updatefunc = true;
174 }
175 }
176 } else {
177 $dohtml = 0;
178 if ($comment->getVar('com_uid') != $xoopsUser->getVar('uid')) {
179 $accesserror = true;
180 }
181 }
182 } else {
183 $dohtml = 0;
184 $accesserror = true;
185 }
186 if (false != $accesserror) {
187 redirect_header($redirect_page.'='.$com_itemid.'&com_id='.$com_id.'&com_mode='.$com_mode.'&com_order='.$com_order, 1, _NOPERM);
188 exit();
189 }
190 } else {
191 $comment = $comment_handler->create();
192 $comment->setVar('com_created', time());
193 $comment->setVar('com_pid', $com_pid);
194 $comment->setVar('com_itemid', $com_itemid);
195 $comment->setVar('com_rootid', $com_rootid);
196 $comment->setVar('com_ip', xoops_getenv('REMOTE_ADDR'));
197 if (is_object($xoopsUser)) {
198 $sysperm_handler =& xoops_gethandler('groupperm');
199 if ($xoopsUser->isAdmin($com_modid) || $sysperm_handler->checkRight('system_admin', XOOPS_SYSTEM_COMMENT, $xoopsUser->getGroups())) {
200 $dohtml = (!empty($dohtml)) ? 1 : 0;
201 $comment->setVar('com_status', XOOPS_COMMENT_ACTIVE);
202 $add_userpost = true;
203 $call_approvefunc = true;
204 $call_updatefunc = true;
205 // RMV-NOTIFY
206 $notify_event = 'comment';
207 } else {
208 $dohtml = 0;
209 switch ($xoopsModuleConfig['com_rule']) {
210 case XOOPS_COMMENT_APPROVEALL:
211 case XOOPS_COMMENT_APPROVEUSER:
212 $comment->setVar('com_status', XOOPS_COMMENT_ACTIVE);
213 $add_userpost = true;
214 $call_approvefunc = true;
215 $call_updatefunc = true;
216 // RMV-NOTIFY
217 $notify_event = 'comment';
218 break;
219 case XOOPS_COMMENT_APPROVEADMIN:
220 default:
221 $comment->setVar('com_status', XOOPS_COMMENT_PENDING);
222 $notify_event = 'comment_submit';
223 break;
224 }
225 }
226 if (!empty($xoopsModuleConfig['com_anonpost']) && !empty($noname)) {
227 $uid = 0;
228 } else {
229 $uid = $xoopsUser->getVar('uid');
230 }
231 } else {
232 $dohtml = 0;
233 $uid = 0;
234 if ($xoopsModuleConfig['com_anonpost'] != 1) {
235 redirect_header($redirect_page.'='.$com_itemid.'&com_id='.$com_id.'&com_mode='.$com_mode.'&com_order='.$com_order, 1, _NOPERM);
236 exit();
237 }
238 }
239 if ($uid == 0) {
240 switch ($xoopsModuleConfig['com_rule']) {
241 case XOOPS_COMMENT_APPROVEALL:
242 $comment->setVar('com_status', XOOPS_COMMENT_ACTIVE);
243 $add_userpost = true;
244 $call_approvefunc = true;
245 $call_updatefunc = true;
246 // RMV-NOTIFY
247 $notify_event = 'comment';
248 break;
249 case XOOPS_COMMENT_APPROVEADMIN:
250 case XOOPS_COMMENT_APPROVEUSER:
251 default:
252 $comment->setVar('com_status', XOOPS_COMMENT_PENDING);
253 // RMV-NOTIFY
254 $notify_event = 'comment_submit';
255 break;
256 }
257 }
258 $comment->setVar('com_uid', $uid);
259 }
260 $com_title = xoops_trim($com_title);
261 $com_title = ($com_title == '') ? _NOTITLE : $com_title;
262 $comment->setVar('com_title', $com_title);
263 $comment->setVar('com_text', $com_text);
264 $comment->setVar('dohtml', $dohtml);
265 $comment->setVar('dosmiley', $dosmiley);
266 $comment->setVar('doxcode', $doxcode);
267 $comment->setVar('doimage', $doimage);
268 $comment->setVar('dobr', $dobr);
269 $icon = (!empty($com_icon) && is_file(XOOPS_ROOT_PATH . "/images/subject/" . $com_icon) ) ? $com_icon : '';
270 $comment->setVar('com_icon', $icon);
271 $comment->setVar('com_modified', time());
272 $comment->setVar('com_modid', $com_modid);
273 if (!empty($extra_params)) {
274 $comment->setVar('com_exparams', str_replace('&', '&', $extra_params));
275 }
276 if (false != $comment_handler->insert($comment)) {
277 $newcid = $comment->getVar('com_id');
278
279 // set own id as root id if this is a top comment
280 if ($com_rootid == 0) {
281 $com_rootid = $newcid;
282 if (!$comment_handler->updateByField($comment, 'com_rootid', $com_rootid)) {
283 $comment_handler->delete($comment);
284 include XOOPS_ROOT_PATH.'/header.php';
285 xoops_error();
286 include XOOPS_ROOT_PATH.'/footer.php';
287 }
288 }
289
290 // call custom approve function if any
291 if (false != $call_approvefunc && isset($comment_config['callback']['approve']) && trim($comment_config['callback']['approve']) != '') {
292 $skip = false;
293 if (!function_exists($comment_config['callback']['approve'])) {
294 if (isset($comment_config['callbackFile'])) {
295 $callbackfile = trim($comment_config['callbackFile']);
296 if ($callbackfile != '' && file_exists(XOOPS_ROOT_PATH.'/modules/'.$moddir.'/'.$callbackfile)) {
297 include_once XOOPS_ROOT_PATH.'/modules/'.$moddir.'/'.$callbackfile;
298 }
299 if (!function_exists($comment_config['callback']['approve'])) {
300 $skip = true;
301 }
302 } else {
303 $skip = true;
304 }
305 }
306 if (!$skip) {
307 $comment_config['callback']['approve']($comment);
308 }
309 }
310
311 // call custom update function if any
312 if (false != $call_updatefunc && isset($comment_config['callback']['update']) && trim($comment_config['callback']['update']) != '') {
313 $skip = false;
314 if (!function_exists($comment_config['callback']['update'])) {
315 if (isset($comment_config['callbackFile'])) {
316 $callbackfile = trim($comment_config['callbackFile']);
317 if ($callbackfile != '' && file_exists(XOOPS_ROOT_PATH.'/modules/'.$moddir.'/'.$callbackfile)) {
318 include_once XOOPS_ROOT_PATH.'/modules/'.$moddir.'/'.$callbackfile;
319 }
320 if (!function_exists($comment_config['callback']['update'])) {
321 $skip = true;
322 }
323 } else {
324 $skip = true;
325 }
326 }
327 if (!$skip) {
328 $criteria = new CriteriaCompo(new Criteria('com_modid', $com_modid));
329 $criteria->add(new Criteria('com_itemid', $com_itemid));
330 $criteria->add(new Criteria('com_status', XOOPS_COMMENT_ACTIVE));
331 $comment_count = $comment_handler->getCount($criteria);
332 $func = $comment_config['callback']['update'];
333 call_user_func_array($func, array($com_itemid, $comment_count, $comment->getVar('com_id')));
334 }
335 }
336
337 // increment user post if needed
338 $uid = $comment->getVar('com_uid');
339 if ($uid > 0 && false != $add_userpost) {
340 $member_handler =& xoops_gethandler('member');
341 $poster =& $member_handler->getUser($uid);
342 if (is_object($poster)) {
343 $member_handler->updateUserByField($poster, 'posts', $poster->getVar('posts') + 1);
344 }
345 }
346
347 // RMV-NOTIFY
348 // trigger notification event if necessary
349 if ($notify_event) {
350 $not_modid = $com_modid;
351 include_once XOOPS_ROOT_PATH . '/include/notification_functions.php';
352 $not_catinfo =& notificationCommentCategoryInfo($not_modid);
353 $not_category = $not_catinfo['name'];
354 $not_itemid = $com_itemid;
355 $not_event = $notify_event;
356 // Build an ABSOLUTE URL to view the comment. Make sure we
357 // point to a viewable page (i.e. not the system administration
358 // module).
359 $comment_tags = array();
360 if ('system' == $xoopsModule->getVar('dirname')) {
361 $module_handler =& xoops_gethandler('module');
362 $not_module =& $module_handler->get($not_modid);
363 } else {
364 $not_module =& $xoopsModule;
365 }
366 if (!isset($comment_url)) {
367 $com_config =& $not_module->getInfo('comments');
368 $comment_url = $com_config['pageName'] . '?';
369 if (isset($com_config['extraParams']) && is_array($com_config['extraParams'])) {
370 $extra_params = '';
371 foreach ($com_config['extraParams'] as $extra_param) {
372 $extra_params .= isset($_POST[$extra_param]) ? $extra_param.'='.htmlspecialchars($_POST[$extra_param]).'&' : $extra_param.'=&';
373 //$extra_params .= isset($_GET[$extra_param]) ? $extra_param.'='.$_GET[$extra_param].'&' : $extra_param.'=&';
374 }
375 $comment_url .= $extra_params;
376 }
377 $comment_url .= $com_config['itemName'];
378 }
379 $comment_tags['X_COMMENT_URL'] = XOOPS_URL . '/modules/' . $not_module->getVar('dirname') . '/' .$comment_url . '=' . $com_itemid.'&com_id='.$newcid.'&com_rootid='.$com_rootid.'&com_mode='.$com_mode.'&com_order='.$com_order.'#comment'.$newcid;
380 $notification_handler =& xoops_gethandler('notification');
381 $notification_handler->triggerEvent ($not_category, $not_itemid, $not_event, $comment_tags, false, $not_modid);
382 }
383
384 if (!isset($comment_post_results)) {
385
386 // if the comment is active, redirect to posted comment
387 if ($comment->getVar('com_status') == XOOPS_COMMENT_ACTIVE) {
388 redirect_header($redirect_page.'='.$com_itemid.'&com_id='.$newcid.'&com_rootid='.$com_rootid.'&com_mode='.$com_mode.'&com_order='.$com_order.'#comment'.$newcid, 2, _CM_THANKSPOST);
389 } else {
390 // not active, so redirect to top comment page
391 redirect_header($redirect_page.'='.$com_itemid.'&com_mode='.$com_mode.'&com_order='.$com_order.'#comment'.$newcid, 2, _CM_THANKSPOST);
392 }
393 }
394 } else {
395 if (!isset($purge_comment_post_results)) {
396 include XOOPS_ROOT_PATH.'/header.php';
397 xoops_error($comment->getHtmlErrors());
398 include XOOPS_ROOT_PATH.'/footer.php';
399 } else {
400 $comment_post_results = $comment->getErrors();
401 }
402 }
403 break;
404 default:
405 redirect_header(XOOPS_URL.'/',3, implode('<br />', $GLOBALS['xoopsSecurity']->getErrors()));
406 break;
407 }
408 ?>
|
|