diff --git a/inc/functions.php b/inc/functions.php index 5c6b7c72..9ddbb495 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -919,6 +919,16 @@ } } + function quote($body) { + $body = str_replace('
', "\n", $body); + + $body = strip_tags($body); + + $body = preg_replace("/(^|\n)/", '$1>', $body); + + return $body . "\n"; + } + function markup(&$body) { global $board, $config; diff --git a/mod.php b/mod.php index 6414ce9a..b7107fdb 100644 --- a/mod.php +++ b/mod.php @@ -402,7 +402,7 @@ modLog('Read a PM'); - $body = '
' . + $body = '
' . '
From' . '' . htmlentities($pm['username']) . '' . @@ -422,7 +422,9 @@ '

' . - ''; + '' . + + '

Reply with quote

'; echo Element('page.html', Array( 'config'=>$config, @@ -432,7 +434,7 @@ ) ); } - } elseif(preg_match('/^\/new_PM\/(\d+)$/', $query, $match)) { + } elseif(preg_match('/^\/new_PM\/(\d+)(\/(\d+))?$/', $query, $match)) { if($mod['type'] < $config['mod']['create_pm']) error($config['error']['noaccess']); $to = $match[1]; @@ -472,6 +474,21 @@ ) ); } else { + $value = ''; + if(isset($match[3])) { + $reply = $match[3]; + + $query = prepare("SELECT `message` FROM `pms` WHERE `sender` = :sender AND `to` = :mod AND `id` = :id"); + $query->bindValue(':sender', $to['id'], PDO::PARAM_INT); + $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); + $query->bindValue(':id', $reply, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + if($pm = $query->fetch()) { + $value = quote($pm['message']); + } + } + + $body = '
' . '' . @@ -483,7 +500,7 @@ ) . '' . - '' . + '' . '
Message
Message
' .