Did some BBCode formating, and fixed security issue
parent
7b1e018004
commit
201090592c
|
@ -2,8 +2,12 @@
|
|||
include "../scripts/setup.php";
|
||||
|
||||
$id=$_GET['id'];
|
||||
$id= mysql_real_escape_string ($id);
|
||||
$res = mysql_query("SELECT * FROM mods WHERE mod_id='$id'",$handle) or SQLerror("MySQL Query Error","Error on searching database.mods.mod_id for '$id'");
|
||||
|
||||
if (is_numeric($id)==false){
|
||||
SQLerror("error: Non Numeric Value","?id=$id is not allowed");
|
||||
}
|
||||
|
||||
$res = mysql_query("SELECT * FROM mods WHERE mod_id=$id",$handle) or SQLerror("MySQL Query Error","Error on searching database.mods.mod_id for '$id'");
|
||||
$row = mysql_fetch_row($res) or die("row error");
|
||||
|
||||
header("Content-type: text/plain");
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
<?php
|
||||
function formatbb($input){
|
||||
$result=$input;
|
||||
|
||||
$result=str_replace("[img]","<img src=\"",$result);
|
||||
$result=str_replace("[/img]","\" />",$result);
|
||||
$result=str_replace("[/img-enforce]","\" width=\"900\"/>",$result);
|
||||
|
||||
$result=str_replace("[url=","<a href=\"",$result);
|
||||
$result=str_replace("=url]","\">",$result);
|
||||
$result=str_replace("[/url]","</a>",$result);
|
||||
|
||||
$result=str_replace("\n","<br />",$result);
|
||||
|
||||
$result=str_replace("[h]","<h1>",$result);
|
||||
$result=str_replace("[/h]","</h1>",$result);
|
||||
|
||||
$result=str_replace("[b]","<b>",$result);
|
||||
$result=str_replace("[/b]","</b>",$result);
|
||||
|
||||
$result=str_replace("[u]","<u>",$result);
|
||||
$result=str_replace("[/u]","</u>",$result);
|
||||
|
||||
$result=str_replace("[i]","<i>",$result);
|
||||
$result=str_replace("[/i]","</i>",$result);
|
||||
|
||||
return $result;
|
||||
}
|
||||
?>
|
|
@ -12,11 +12,12 @@ $row = mysql_fetch_row($res) or die("row error");
|
|||
$page_title="View mod - {$row[1]}";
|
||||
|
||||
include "scripts/pageheader.php";
|
||||
include "scripts/formatcode.php";
|
||||
|
||||
echo "<table width=\"100%\"><tr><td>";
|
||||
echo "<table width=\"100%\"><tr><td><a href=\"{$row[9]}\">Download</a></td><td>";
|
||||
echo "<h1 align=center>{$row[1]} - by <a href=\"user.php?name={$row[3]}\">{$row[3]}</a></h1></td>";
|
||||
echo "<td width=100>{$row[2]}</td></tr>";
|
||||
echo "<td colspan=2>{$row[4]}</td>";
|
||||
echo "<tr><td colspan=3>".formatbb($row[4])."</td><tr>";
|
||||
|
||||
include "scripts/loadposts.php";
|
||||
?>
|
||||
|
|
Loading…
Reference in New Issue