Skip to content

Commit

Permalink
MDL-8832 : Undid the stripslashes and changed calls to s($string) to …
Browse files Browse the repository at this point in the history 
…s($string, true) instead.
  • Loading branch information
nicolasconnault committed Mar 20, 2007
1 parent 529ccfa commit e9ff8e1
Showing 1 changed file with 20 additions and 12 deletions.
32 changes: 20 additions & 12 deletions mod/forum/search.php
View file
Expand Up @@ -119,7 +119,7 @@

print_header_simple("$strsearchresults", "",
"<a href=\"index.php?id=$course->id\">$strforums</a> ->
<a href=\"search.php?id=$course->id\">$strsearch</a> -> ".s($search), 'search.words',
<a href=\"search.php?id=$course->id\">$strsearch</a> -> ".s($search, true), 'search.words',
"", "", "&nbsp;", navmenu($course));
print_heading(get_string("nopostscontaining", "forum", $search));

Expand All @@ -135,7 +135,7 @@

print_header_simple("$strsearchresults", "",
"<a href=\"index.php?id=$course->id\">$strforums</a> ->
<a href=\"search.php?id=$course->id\">$strsearch</a> -> ".s($search), '',
<a href=\"search.php?id=$course->id\">$strsearch</a> -> ".s($search, true), '',
"", "", $searchform, navmenu($course));

echo '<div class="reportlink">';
Expand Down Expand Up @@ -203,7 +203,7 @@
// Hack for posts of format FORMAT_PLAIN. Otherwise html tags added by
// the highlight() call bellow get stripped out by forum_print_post().
if ($post->format == FORMAT_PLAIN) {
$post->message = s($post->message);
$post->message = stripslashes_safe($post->message);
$post->message = rebuildnolinktag($post->message);
$post->message = str_replace(' ', '&nbsp; ', $post->message);
$post->message = nl2br($post->message);
Expand Down Expand Up @@ -263,6 +263,9 @@



/**
* @todo Document this function
*/
function forum_print_big_search_form($course) {
global $CFG, $words, $subject, $phrase, $user, $userid, $fullwords, $notwords, $datefrom, $dateto;

Expand All @@ -276,28 +279,28 @@ function forum_print_big_search_form($course) {
echo "</script>\n";

echo '<form id="searchform" action="search.php" method="get">';
echo '<input type="hidden" value="'.$course->id.'" name="id" alt="" />';
echo '<table cellpadding="10" class="searchbox" id="form">';

echo '<tr>';
echo '<td class="c0">'.get_string('searchwords', 'forum').':</td>';
echo '<td class="c1"><input type="text" size="35" name="words" value="'.s($words).'" alt="" /></td>';
echo '<td class="c0">'.get_string('searchwords', 'forum').':';
echo '<input type="hidden" value="'.$course->id.'" name="id" alt="" /></td>';
echo '<td class="c1"><input type="text" size="35" name="words" value="'.s($words, true).'" alt="" /></td>';
echo '</tr>';

echo '<tr>';
echo '<td class="c0">'.get_string('searchphrase', 'forum').':</td>';
echo '<td class="c1"><input type="text" size="35" name="phrase" value="'.s($phrase).'" alt="" /></td>';
echo '<td class="c1"><input type="text" size="35" name="phrase" value="'.s($phrase, true).'" alt="" /></td>';
echo '</tr>';

echo '<tr>';
echo '<td class="c0">'.get_string('searchnotwords', 'forum').':</td>';
echo '<td class="c1"><input type="text" size="35" name="notwords" value="'.s($notwords).'" alt="" /></td>';
echo '<td class="c1"><input type="text" size="35" name="notwords" value="'.s($notwords, true).'" alt="" /></td>';
echo '</tr>';

if ($CFG->dbfamily == 'mysql' || $CFG->dbfamily == 'postgres') {
echo '<tr>';
echo '<td class="c0">'.get_string('searchfullwords', 'forum').':</td>';
echo '<td class="c1"><input type="text" size="35" name="fullwords" value="'.s($fullwords).'" alt="" /></td>';
echo '<td class="c1"><input type="text" size="35" name="fullwords" value="'.s($fullwords, true).'" alt="" /></td>';
echo '</tr>';
}

Expand Down Expand Up @@ -356,12 +359,12 @@ function forum_print_big_search_form($course) {

echo '<tr>';
echo '<td class="c0">'.get_string('searchsubject', 'forum').':</td>';
echo '<td class="c1"><input type="text" size="35" name="subject" value="'.s($subject).'" alt="" /></td>';
echo '<td class="c1"><input type="text" size="35" name="subject" value="'.s($subject, true).'" alt="" /></td>';
echo '</tr>';

echo '<tr>';
echo '<td class="c0">'.get_string('searchuser', 'forum').':</td>';
echo '<td class="c1"><input type="text" size="35" name="user" value="'.s($user).'" alt="" /></td>';
echo '<td class="c1"><input type="text" size="35" name="user" value="'.s($user, true).'" alt="" /></td>';
echo '</tr>';

echo '<tr>';
Expand All @@ -380,7 +383,9 @@ function forum_print_big_search_form($course) {
print_simple_box_end();
}


/**
* @todo Document this function
*/
function forum_clean_search_terms($words, $prefix='') {
$searchterms = explode(' ', $words);
foreach ($searchterms as $key => $searchterm) {
Expand All @@ -393,6 +398,9 @@ function forum_clean_search_terms($words, $prefix='') {
return trim(implode(' ', $searchterms));
}

/**
* @todo Document this function
*/
function forum_menu_list($course) {

$menu = array();
Expand Down

0 comments on commit e9ff8e1

Please sign in to comment.