leftypol
/
leftypol
4
5
Fork 2
Code Issues 54 Pull Requests 1 Projects Releases Wiki Activity
Browse Source

incorrectly escaped HTML on a now non-existent mod noticeboard post

pull/40/head
Savetheinternet 13 years ago
parent
23cfaf0cd3
commit
e5a30f7c09
1 changed files with 6 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      mod.php

10
mod.php
View File

@ -523,9 +523,7 @@
$m_query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id"); $m_query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
$m_query->bindValue(':id', $notice['mod'], PDO::PARAM_INT); $m_query->bindValue(':id', $notice['mod'], PDO::PARAM_INT);
$m_query->execute() or error(db_error($m_query)); $m_query->execute() or error(db_error($m_query));
if(!$_mod = $m_query->fetch()) { $_mod = $m_query->fetch();
$_mod = Array('username' => '<em>???</em>');
}
$body .= '<div class="ban">' . $body .= '<div class="ban">' .
(hasPermission($config['mod']['noticeboard_delete']) ? (hasPermission($config['mod']['noticeboard_delete']) ?
@ -538,7 +536,11 @@
'<em>no subject</em>' '<em>no subject</em>'
) . ) .
'<span class="unimportant"> — by ' . '<span class="unimportant"> — by ' .
utf8tohtml($_mod['username']) . ($_mod ?
utf8tohtml($_mod['username'])
:
'<em>???</em>'
) .
' at ' . ' at ' .
date($config['post_date'], $notice['time']) . date($config['post_date'], $notice['time']) .
'</span></h2><p>' . $notice['body'] . '</p></div>'; '</span></h2><p>' . $notice['body'] . '</p></div>';

Write Preview
Loading…
Cancel
Save