kashire/lainchan
4
0
Fork 0
Code Issues 3 Pull Requests Releases Wiki Activity

incorrectly escaped HTML on a now non-existent mod noticeboard post

Browse Source
This commit is contained in:
Savetheinternet 2011-10-03 18:52:16 +11:00
parent 23cfaf0cd3
commit e5a30f7c09
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
mod.php
View File

@ -523,9 +523,7 @@
$m_query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id"); $m_query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
$m_query->bindValue(':id', $notice['mod'], PDO::PARAM_INT); $m_query->bindValue(':id', $notice['mod'], PDO::PARAM_INT);
$m_query->execute() or error(db_error($m_query)); $m_query->execute() or error(db_error($m_query));
if(!$_mod = $m_query->fetch()) { $_mod = $m_query->fetch();
$_mod = Array('username' => '<em>???</em>');
}
$body .= '<div class="ban">' . $body .= '<div class="ban">' .
(hasPermission($config['mod']['noticeboard_delete']) ? (hasPermission($config['mod']['noticeboard_delete']) ?
@ -538,7 +536,11 @@
'<em>no subject</em>' '<em>no subject</em>'
) . ) .
'<span class="unimportant"> — by ' . '<span class="unimportant"> — by ' .
utf8tohtml($_mod['username']) . ($_mod ?
utf8tohtml($_mod['username'])
:
'<em>???</em>'
) .
' at ' . ' at ' .
date($config['post_date'], $notice['time']) . date($config['post_date'], $notice['time']) .
'</span></h2><p>' . $notice['body'] . '</p></div>'; '</span></h2><p>' . $notice['body'] . '</p></div>';