Phitherek_
/
minetest-forum
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Did some BBCode formating, and fixed security issue

master
Rubenwardy 2012-08-25 12:26:03 +01:00
parent 7b1e018004
commit 201090592c
3 changed files with 38 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
mm/getmodbyid.php
View File

@ -2,8 +2,12 @@
include "../scripts/setup.php";
$id=$_GET['id'];
$id= mysql_real_escape_string ($id);
$res = mysql_query("SELECT * FROM mods WHERE mod_id='$id'",$handle) or SQLerror("MySQL Query Error","Error on searching database.mods.mod_id for '$id'");
if (is_numeric($id)==false){
SQLerror("error: Non Numeric Value","?id=$id is not allowed");
}
$res = mysql_query("SELECT * FROM mods WHERE mod_id=$id",$handle) or SQLerror("MySQL Query Error","Error on searching database.mods.mod_id for '$id'");
$row = mysql_fetch_row($res) or die("row error");
header("Content-type: text/plain");

29
scripts/formatcode.php Normal file
View File

@ -0,0 +1,29 @@
<?php
function formatbb($input){
$result=$input;
$result=str_replace("[img]","<img src=\"",$result);
$result=str_replace("[/img]","\" />",$result);
$result=str_replace("[/img-enforce]","\" width=\"900\"/>",$result);
$result=str_replace("[url=","<a href=\"",$result);
$result=str_replace("=url]","\">",$result);
$result=str_replace("[/url]","</a>",$result);
$result=str_replace("\n","<br />",$result);
$result=str_replace("[h]","<h1>",$result);
$result=str_replace("[/h]","</h1>",$result);
$result=str_replace("[b]","<b>",$result);
$result=str_replace("[/b]","</b>",$result);
$result=str_replace("[u]","<u>",$result);
$result=str_replace("[/u]","</u>",$result);
$result=str_replace("[i]","<i>",$result);
$result=str_replace("[/i]","</i>",$result);
return $result;
}
?>

5
viewmod.php
View File

@ -12,11 +12,12 @@ $row = mysql_fetch_row($res) or die("row error");
$page_title="View mod - {$row[1]}";
include "scripts/pageheader.php";
include "scripts/formatcode.php";
echo "<table width=\"100%\"><tr><td>";
echo "<table width=\"100%\"><tr><td><a href=\"{$row[9]}\">Download</a></td><td>";
echo "<h1 align=center>{$row[1]} - by <a href=\"user.php?name={$row[3]}\">{$row[3]}</a></h1></td>";
echo "<td width=100>{$row[2]}</td></tr>";
echo "<td colspan=2>{$row[4]}</td>";
echo "<tr><td colspan=3>".formatbb($row[4])."</td><tr>";
include "scripts/loadposts.php";
?>