diff --git a/phpBB/common.php b/phpBB/common.php index 0e65c330ce..2e24daf45c 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -157,6 +157,7 @@ define('CACHE_TABLE', $table_prefix.'cache'); define('CONFIG_TABLE', $table_prefix.'config'); define('CONFIRM_TABLE', $table_prefix.'confirm'); define('DISALLOW_TABLE', $table_prefix.'disallow'); // +define('DRAFTS_TABLE', $table_prefix.'drafts'); define('EXTENSIONS_TABLE', $table_prefix.'extensions'); define('EXTENSION_GROUPS_TABLE', $table_prefix.'extension_groups'); define('FORUMS_TABLE', $table_prefix.'forums'); @@ -169,7 +170,6 @@ define('LANG_TABLE', $table_prefix.'lang'); define('LOG_TABLE', $table_prefix.'log'); define('MODERATOR_TABLE', $table_prefix.'moderator_cache'); define('POSTS_TABLE', $table_prefix.'posts'); -define('POSTS_TEXT_TABLE', $table_prefix.'posts_text'); define('PRIVMSGS_TABLE', $table_prefix.'privmsgs'); define('PRIVMSGS_TEXT_TABLE', $table_prefix.'privmsgs_text'); define('RANKS_TABLE', $table_prefix.'ranks'); diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index cc3010f03d..9c6d0fd844 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -323,8 +323,7 @@ function display_attachments($attachment_data, &$update_count, $force_physical = $filesize = ($filesize >= 1048576) ? round((round($filesize / 1048576 * 100) / 100), 2) : (($filesize >= 1024) ? round((round($filesize / 1024 * 100) / 100), 2) : $filesize); $display_name = $attachment['real_filename']; - $comment = stripslashes(trim(str_replace("\n", '
', $attachment['comment']))); - $comment = htmlspecialchars(str_replace("\\'", "'", $comment)); + $comment = str_replace("\n", '
', $attachment['comment']); $denied = FALSE; diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index bedb0d5371..98c61da6ba 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -673,7 +673,7 @@ class parse_message $error = array(); $num_attachments = count($this->attachment_data); - $this->filename_data['filecomment'] = (isset($_POST['filecomment'])) ? trim(strip_tags($_POST['filecomment'])) : ''; + $this->filename_data['filecomment'] = (isset($_POST['filecomment'])) ? trim(str_replace(array('\\\'', '\\"', '\\0', '\\\\'), array('\'', '"', '\0', '\\'), htmlspecialchars($_POST['filecomment']))) : ''; $this->filename_data['filename'] = ($_FILES['fileupload']['name'] != 'none') ? trim($_FILES['fileupload']['name']) : ''; $add_file = (isset($_POST['add_file'])) ? TRUE : FALSE; @@ -757,7 +757,7 @@ class parse_message foreach ($actual_comment_list as $index => $entry) { - $this->attachment_data[$index]['comment'] = $entry; + $this->attachment_data[$index]['comment'] = trim(str_replace(array('\\\'', '\\"', '\\0', '\\\\'), array('\'', '"', '\0', '\\'), htmlspecialchars($entry))); } } diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php index 13921c776d..30dd590f9f 100644 --- a/phpBB/includes/ucp/ucp_main.php +++ b/phpBB/includes/ucp/ucp_main.php @@ -1,23 +1,15 @@ menu($id, $submodules, $submode); unset($submodules); @@ -525,6 +518,159 @@ class ucp_main extends ucp } $db->sql_freeresult($result); + break; + + case 'drafts': + + $edit = (isset($_REQUEST['edit'])) ? true : false; + $submit = (isset($_POST['submit'])) ? true : false; + $draft_id = ($edit) ? intval($_REQUEST['edit']) : 0; + + $s_hidden_fields = ($edit) ? '' : ''; + $draft_title = $post_subject = $post_message = ''; + + if ($_POST['delete']) + { + $drafts = (isset($_POST['d'])) ? implode(', ', array_map('intval', array_keys($_POST['d']))) : false; + + if ($drafts) + { + $sql = 'DELETE FROM ' . DRAFTS_TABLE . " + WHERE draft_id IN ($drafts) + AND user_id = " .$user->data['user_id']; + $db->sql_query($sql); + + $message = $user->lang['DRAFTS_DELETED'] . '

' . sprintf($user->lang['RETURN_UCP'], "", ''); + + meta_refresh(3, "ucp.$phpEx$SID&i=$id&mode=$submode"); + trigger_error($message); + } + } + + if ($submit && $edit) + { + $draft_title = (isset($_POST['draft_title'])) ? trim(htmlspecialchars($_POST['draft_title'])) : ''; + $post_subject = (isset($_POST['subject'])) ? trim(htmlspecialchars($_POST['subject'])) : ''; + $post_message = (isset($_POST['message'])) ? trim(str_replace(array('\\\'', '\\"', '\\0', '\\\\'), array('\'', '"', '\0', '\\'), htmlspecialchars($_POST['message']))) : ''; + + if ($post_message != '' && $draft_title != '') + { + $draft_row = array( + 'title' => $draft_title, + 'post_subject' => $post_subject, + 'post_message' => $post_message + ); + + $sql = 'UPDATE ' . DRAFTS_TABLE . ' + SET ' . $db->sql_build_array('UPDATE', $draft_row) . " + WHERE draft_id = $draft_id + AND user_id = " . $user->data['user_id']; + $db->sql_query($sql); + + $message = $user->lang['DRAFT_UPDATED'] . '

' . sprintf($user->lang['RETURN_UCP'], "", ''); + + meta_refresh(3, "ucp.$phpEx$SID&i=$id&mode=$submode"); + trigger_error($message); + } + else + { + $template->assign_var('ERROR', ($post_message == '') ? $user->lang['EMPTY_DRAFT'] : (($draft_title == '') ? $user->lang['EMPTY_DRAFT_TITLE'] : '')); + } + } + + $sql = 'SELECT * + FROM ' . DRAFTS_TABLE . ' + WHERE user_id = ' . $user->data['user_id'] . ' ' . + (($edit) ? "AND draft_id = $draft_id" : '') . ' + ORDER BY save_time DESC'; + $result = $db->sql_query($sql); + + $draftrows = $topic_ids = $topic_rows = array(); + + while ($row = $db->sql_fetchrow($result)) + { + if ($row['topic_id']) + { + $topic_ids[] = (int) $row['topic_id']; + } + $draftrows[] = $row; + } + $db->sql_freeresult($result); + + if (sizeof($topic_ids)) + { + $sql = 'SELECT topic_id, forum_id, topic_title + FROM ' . TOPICS_TABLE . ' + WHERE topic_id IN (' . implode(',', array_unique($topic_ids)) . ')'; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + $topic_rows[$row['topic_id']] = $row; + } + $db->sql_freeresult($result); + } + unset($topic_ids); + + if (sizeof($draftrows)) + { + $template->assign_vars(array( + 'S_DRAFT_ROWS' => true, + 'S_EDIT_DRAFT' => $edit) + ); + + $row_count = 0; + foreach ($draftrows as $draft) + { + $title = $draft['title']; + if (strlen($title) > 30) + { + $title = substr($title, 0, 27) . '...'; + } + + if (isset($topic_rows[$draft['topic_id']])) + { + $view_topic_url = ($auth->acl_get('f_read', $topic_rows[$draft['topic_id']]['forum_id'])) ? "viewtopic.$phpEx$SID&f=" . $topic_rows[$draft['topic_id']]['forum_id'] . "&t=" . $draft['topic_id'] : ''; + } + else + { + $view_topic_url = ''; + } + $topic_title = ($view_topic_url != '') ? $topic_rows[$draft['topic_id']]['topic_title'] : ''; + + if (strlen($topic_title) > 30) + { + $topic_title = substr($topic_title, 0, 27) . '...'; + } + + $template_row = array( + 'DRAFT_ID' => $draft['draft_id'], + 'DATE' => $user->format_date($draft['save_time']), + 'TITLE' => $title, + 'TOPIC_TITLE' => ($view_topic_url != '') ? $topic_title : '', + + 'DRAFT_TITLE' => ($submit) ? $draft_title : $draft['title'], + 'POST_MESSAGE' => ($submit) ? $post_message : $draft['post_message'], + 'POST_SUBJECT' => ($submit) ? $post_subject : $draft['post_subject'], + + 'U_VIEW_TOPIC' => $view_topic_url, + 'U_VIEW_EDIT' => "ucp.$phpEx$SID&i=$id&mode=$submode&edit=" . $draft['draft_id'], + + 'S_ROW_COUNT' => $row_count++, + 'S_HIDDEN_FIELDS' => $s_hidden_fields + ); + + if ($edit) + { + $template->assign_vars($template_row); + } + else + { + $template->assign_block_vars('draftrow', $template_row); + } + } + } + break; } @@ -532,7 +678,7 @@ class ucp_main extends ucp $template->assign_vars(array( 'L_TITLE' => $user->lang['UCP_' . strtoupper($submode)], - 'S_DISPLAY_MARK_ALL' => ($submode == 'watched') ? true : false, + 'S_DISPLAY_MARK_ALL' => ($submode == 'watched' || ($submode == 'drafts' && !isset($_GET['edit']))) ? true : false, 'S_DISPLAY_' . strtoupper($submode) => true, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_UCP_ACTION' => "ucp.$phpEx$SID&i=$id&mode=$submode") diff --git a/phpBB/install/schemas/mysql_schema.sql b/phpBB/install/schemas/mysql_schema.sql index fd5d08eef1..b7fabcaf5b 100644 --- a/phpBB/install/schemas/mysql_schema.sql +++ b/phpBB/install/schemas/mysql_schema.sql @@ -133,6 +133,19 @@ CREATE TABLE phpbb_disallow ( PRIMARY KEY (disallow_id) ); +# Table: 'phpbb_drafts' +CREATE TABLE phpbb_drafts ( + draft_id mediumint(8) UNSIGNED NOT NULL auto_increment, + user_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL, + topic_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL, + save_time int(11) UNSIGNED DEFAULT '0' NOT NULL, + title varchar(60) DEFAULT '' NOT NULL, + post_subject varchar(60), + post_message text DEFAULT '' NOT NULL, + PRIMARY KEY (draft_id), + KEY user_id (user_id,save_time) +); + # Table: 'phpbb_extensions' CREATE TABLE phpbb_extensions ( extension_id mediumint(8) UNSIGNED NOT NULL auto_increment, diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index a122c844f9..f2debab77c 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -235,6 +235,7 @@ INSERT INTO phpbb_auth_options (auth_option, is_global) VALUES ('u_chgname', 1); INSERT INTO phpbb_auth_options (auth_option, is_global) VALUES ('u_chgpasswd', 1); INSERT INTO phpbb_auth_options (auth_option, is_global) VALUES ('u_chgcensors', 1); INSERT INTO phpbb_auth_options (auth_option, is_global) VALUES ('u_search', 1); +INSERT INTO phpbb_auth_options (auth_option, is_global) VALUES ('u_savedrafts', 1); # MSSQL IDENTITY phpbb_styles ON # diff --git a/phpBB/language/en/lang_admin.php b/phpBB/language/en/lang_admin.php index c5dc852f0a..032b15498b 100644 --- a/phpBB/language/en/lang_admin.php +++ b/phpBB/language/en/lang_admin.php @@ -445,6 +445,7 @@ $lang += array( 'acl_u_chgpasswd' => 'Can change password', 'acl_u_chgcensors' => 'Can disable word censors', 'acl_u_search' => 'Can search board', + 'acl_u_savedrafts' => 'Can save drafts' ); // User pruning diff --git a/phpBB/language/en/lang_main.php b/phpBB/language/en/lang_main.php index c6a3037865..84a448b3da 100644 --- a/phpBB/language/en/lang_main.php +++ b/phpBB/language/en/lang_main.php @@ -628,7 +628,14 @@ $lang += array( 'FLASH_IS_OFF' => '[flash] is ON', 'ATTACH_SIG' => 'Attach a signature (signatures can be altered via the UCP)', 'NOTIFY_REPLY' => 'Send me an email when a reply is posted', + 'SAVE' => 'Save', + 'LOAD' => 'Load', + 'DRAFT_SAVED' => 'Post contents successfully saved as draft.
You are able to load this draft to posts you make, or view and edit them within your User Control Panel.', + 'ENTER_DRAFT_TITLE' => 'Enter draft title', + 'DRAFT_TITLE_EXPLAIN' => 'Now you are able to change the draft title directly. At the moment the draft title is similar to the post subject.', + + 'UPDATE' => 'Update', 'POST_STORED' => 'Your message has been posted successfully', 'POST_STORED_MOD' => 'Your message has been saved but requires approval', @@ -698,6 +705,19 @@ $lang += array( 'UNWATCHED_TOPICS' => 'You are no longer watching the selected topics.', 'UNWATCHED_FORUMS_TOPICS'=> 'You are no longer watching the selected forums or topics.', + 'UCP_DRAFTS' => 'Saved drafts', + 'DRAFTS_EXPLAIN' => 'Here you can view, edit and delete your saved drafts.', + 'VIEW_EDIT' => 'View/Edit', + 'DRAFT_TITLE' => 'Draft Title', + 'SAVE_DATE' => 'Saved at', + 'NEW_OR_DELETED_TOPIC' => 'New topic or deleted', + 'EDIT_DRAFT_EXPLAIN' => 'Here you are able to edit your draft.', + 'DRAFTS_DELETED' => 'All selected drafts were successfully deleted.', + 'DRAFT_UPDATED' => 'Draft successfully updated.', + 'EMPTY_DRAFT_TITLE' => 'You must enter a draft title', + 'EMPTY_DRAFT' => 'You must enter a message to submit your changes', + 'BACK_TO_DRAFTS' => 'Back to saved drafts', + 'UCP_PROFILE' => 'Profile', diff --git a/phpBB/posting.php b/phpBB/posting.php index e89fcb9389..8fda76640b 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -32,14 +32,14 @@ $topic_id = (!empty($_REQUEST['t'])) ? intval($_REQUEST['t']) : false; $forum_id = (!empty($_REQUEST['f'])) ? intval($_REQUEST['f']) : false; $lastclick = (isset($_POST['lastclick'])) ? intval($_POST['lastclick']) : 0; -$submit = (isset($_POST['post'])) ? true : false; -$preview = (isset($_POST['preview'])) ? true : false; -$save = (isset($_POST['save'])) ? true : false; -$cancel = (isset($_POST['cancel'])) ? true : false; -$confirm = (isset($_POST['confirm'])) ? true : false; -$delete = (isset($_POST['delete'])) ? true : false; +$submit = (isset($_POST['post'])) ? TRUE : FALSE; +$preview = (isset($_POST['preview'])) ? TRUE : FALSE; +$save = (isset($_POST['save'])) ? TRUE : FALSE; +$cancel = (isset($_POST['cancel'])) ? TRUE : FALSE; +$confirm = (isset($_POST['confirm'])) ? TRUE : FALSE; +$delete = (isset($_POST['delete'])) ? TRUE : FALSE; -$refresh = isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($_POST['edit_comment']) || isset($_POST['cancel_unglobalise']); +$refresh = isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($_POST['edit_comment']) || isset($_POST['cancel_unglobalise']) || isset($_POST['draft_save']) || $save; if ($delete && !$preview && !$refresh && $submit) { @@ -167,16 +167,16 @@ if ($sql != '') $message_parser = new parse_message(0); // <- TODO: add constant (MSG_POST/MSG_PM) - $message_parser->filename_data['filecomment'] = (isset($_POST['filecomment'])) ? trim(strip_tags($_POST['filecomment'])) : ''; + $message_parser->filename_data['filecomment'] = (isset($_POST['filecomment'])) ? trim(str_replace(array('\\\'', '\\"', '\\0', '\\\\'), array('\'', '"', '\0', '\\'), htmlspecialchars($_POST['filecomment']))) : ''; $message_parser->filename_data['filename'] = ($_FILES['fileupload']['name'] != 'none') ? trim($_FILES['fileupload']['name']) : ''; // Get Attachment Data $message_parser->attachment_data = (isset($_POST['attachment_data'])) ? $_POST['attachment_data'] : array(); - // Make sure we do not add slashes twice... + // foreach ($message_parser->attachment_data as $pos => $var) { - $message_parser->attachment_data[$pos]['comment'] = stripslashes($message_parser->attachment_data[$pos]['comment']); + $message_parser->attachment_data[$pos]['comment'] = trim(str_replace(array('\\\'', '\\"', '\\0', '\\\\'), array('\'', '"', '\0', '\\'), htmlspecialchars($message_parser->attachment_data[$pos]['comment']))); } if ($post_attachment && !$submit && !$refresh && !$preview && $mode == 'edit') @@ -211,12 +211,24 @@ if ($sql != '') $enable_sig = ($config['allow_sig'] && $user->data['user_attachsig']) ? true : false; $enable_smilies = ($config['allow_smilies'] && $user->data['user_allowsmile']) ? true : false; $enable_bbcode = ($config['allow_bbcode'] && $user->data['user_allowbbcode']) ? true : false; - $enable_urls = true; + $enable_urls = TRUE; } - $enable_magic_url = false; -} + $enable_magic_url = $drafts = FALSE; + // User owns some drafts? + if ($user->data['user_id'] != ANONYMOUS && $auth->acl_get('u_savedrafts')) + { + $sql = 'SELECT draft_id + FROM ' . DRAFTS_TABLE . ' + WHERE user_id = ' . $user->data['user_id']; + $result = $db->sql_query_limit($sql, 1); + if ($row = $db->sql_fetchrow($result)) + { + $drafts = TRUE; + } + } +} // Notify user checkbox if ($mode != 'post' && $user->data['user_id'] != ANONYMOUS) @@ -439,17 +451,59 @@ $img_status = ($config['allow_img'] && $auth->acl_get('f_img', $forum_id)) ? tr $flash_status = ($config['allow_flash'] && $auth->acl_get('f_flash', $forum_id)) ? true : false; +// Save Draft +if (($save || isset($_POST['draft_save']))&& $user->data['user_id'] != ANONYMOUS && $auth->acl_get('u_savedrafts')) +{ + if (isset($_POST['draft_title_update']) && intval($_POST['draft_id']) && trim($_POST['draft_title']) != '') + { + $sql = 'UPDATE ' . DRAFTS_TABLE . " + SET title = '" . $db->sql_escape(trim(htmlspecialchars($_POST['draft_title']))) . "' + WHERE draft_id = " . intval($_POST['draft_id']) . " + AND user_id = " . $user->data['user_id']; + $db->sql_query($sql); + } + else + { + $subject = (!empty($_POST['subject'])) ? trim(htmlspecialchars($_POST['subject'])) : ''; + $message = (!empty($_POST['message'])) ? trim(str_replace(array('\\\'', '\\"', '\\0', '\\\\'), array('\'', '"', '\0', '\\'), htmlspecialchars($_POST['message']))) : ''; + + if ($message != '') + { + $sql = 'INSERT INTO ' . DRAFTS_TABLE . ' ' . $db->sql_build_array('INSERT', array( + 'user_id' => $user->data['user_id'], + 'topic_id' => $topic_id, + 'save_time' => time(), + 'title' => $subject, + 'post_subject' => $subject, + 'post_message' => $message)); + $db->sql_query($sql); + + $drafts = TRUE; + + $template->assign_var('DRAFT_ID', $db->sql_nextid()); + } + else + { + $save = FALSE; + } + + unset($subject); + unset($message); + } +} + + if ($submit || $preview || $refresh) { $topic_cur_post_id = (isset($_POST['topic_cur_post_id'])) ? intval($_POST['topic_cur_post_id']) : false; - $subject = (!empty($_POST['subject'])) ? trim(htmlspecialchars(strip_tags($_POST['subject']))) : ''; + $subject = (!empty($_POST['subject'])) ? trim(htmlspecialchars($_POST['subject'])) : ''; if (strcmp($subject, strtoupper($subject)) == 0 && $subject != '') { $subject = phpbb_strtolower($subject); } - $message_parser->message = (!empty($_POST['message'])) ? trim(str_replace(array('\\\'', '\\"', '\\0', '\\\\'), array('\'', '"', '\0', '\\'), $_POST['message'])) : ''; + $message_parser->message = (!empty($_POST['message'])) ? trim(str_replace(array('\\\'', '\\"', '\\0', '\\\\'), array('\'', '"', '\0', '\\'), htmlspecialchars($_POST['message']))) : ''; $username = (!empty($_POST['username'])) ? trim($_POST['username']) : ((!empty($username)) ? $username : ''); $topic_type = (!empty($_POST['topic_type'])) ? (int) $_POST['topic_type'] : (($mode != 'post') ? $topic_type : POST_NORMAL); @@ -933,9 +987,9 @@ if ($mode == 'post' || ($mode == 'edit' && $post_id == $topic_first_post_id)) } } -$html_checked = (isset($enable_html)) ? !$enable_html : ((intval($config['allow_html'])) ? !$user->data['user_allowhtml'] : 1); -$bbcode_checked = (isset($enable_bbcode)) ? !$enable_bbcode : ((intval($config['allow_bbcode'])) ? !$user->data['user_allowbbcode'] : 1); -$smilies_checked = (isset($enable_smilies)) ? !$enable_smilies : ((intval($config['allow_smilies'])) ? !$user->data['user_allowsmile'] : 1); +$html_checked = (isset($enable_html)) ? !$enable_html : (($config['allow_html']) ? !$user->data['user_allowhtml'] : 1); +$bbcode_checked = (isset($enable_bbcode)) ? !$enable_bbcode : (($config['allow_bbcode']) ? !$user->data['user_allowbbcode'] : 1); +$smilies_checked = (isset($enable_smilies)) ? !$enable_smilies : (($config['allow_smilies']) ? !$user->data['user_allowsmile'] : 1); $urls_checked = (isset($enable_urls)) ? !$enable_urls : 0; $sig_checked = $enable_sig; $notify_checked = (isset($notify)) ? $notify : (($notify_set == -1) ? (($user->data['user_id'] != ANONYMOUS) ? $user->data['user_notify'] : 0) : $notify_set); @@ -1029,7 +1083,9 @@ $template->assign_vars(array( 'S_LOCK_POST_CHECKED' => ($lock_post_checked) ? 'checked="checked"' : '', 'S_MAGIC_URL_CHECKED' => ($urls_checked) ? 'checked="checked"' : '', 'S_TYPE_TOGGLE' => $topic_type_toggle, - 'S_SAVE_ALLOWED' => ($auth->acl_get('f_save', $forum_id)) ? true : false, + 'S_SAVE_ALLOWED' => ($auth->acl_get('u_savedrafts') && $user->data['user_id'] != ANONYMOUS) ? true : false, + 'S_HAS_DRAFTS' => ($auth->acl_get('u_savedrafts') && $user->data['user_id'] != ANONYMOUS && $drafts) ? true : false, + 'S_DRAFT_SAVED' => $save, 'S_FORM_ENCTYPE' => $form_enctype, 'S_POST_ACTION' => $s_action, @@ -1059,13 +1115,13 @@ else if ($mode == 'edit' && !empty($poll_last_vote) && ($auth->acl_get('f_poll', } // Attachment entry -if ($auth->acl_get('f_attach', $forum_id) || $auth->acl_get('m_edit', $forum_id)) +if ($auth->acl_get('f_attach', $forum_id) && $config['allow_attachments'] && $form_enctype != '') { $template->assign_vars(array( 'S_SHOW_ATTACH_BOX' => true) ); - if (count($message_parser->attachment_data)) + if (sizeof($message_parser->attachment_data)) { $template->assign_vars(array( 'S_HAS_ATTACHMENTS' => true) @@ -1087,7 +1143,7 @@ if ($auth->acl_get('f_attach', $forum_id) || $auth->acl_get('m_edit', $forum_id) $template->assign_block_vars('attach_row', array( 'FILENAME' => $attach_row['real_filename'], 'ATTACH_FILENAME' => $attach_row['physical_filename'], - 'FILE_COMMENT' => stripslashes(htmlspecialchars($attach_row['comment'])), + 'FILE_COMMENT' => $attach_row['comment'], 'ATTACH_ID' => $attach_row['attach_id'], 'ASSOC_INDEX' => $count, @@ -1100,7 +1156,7 @@ if ($auth->acl_get('f_attach', $forum_id) || $auth->acl_get('m_edit', $forum_id) } $template->assign_vars(array( - 'FILE_COMMENT' => stripslashes(htmlspecialchars($message_parser->filename_data['filecomment'])), + 'FILE_COMMENT' => $message_parser->filename_data['filecomment'], 'FILESIZE' => $config['max_filesize'], 'FILENAME' => $message_parser->filename_data['filename']) ); @@ -1283,13 +1339,9 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_ if ($attach_row['attach_id'] != '-1') { // update entry in db if attachment already stored in db and filespace - $attach_sql = array( - 'comment' => trim($attach_row['comment']) - ); - - $sql = 'UPDATE ' . ATTACHMENTS_DESC_TABLE . ' - SET ' . $db->sql_build_array('UPDATE', $attach_sql) . ' - WHERE attach_id = ' . (int) $attach_row['attach_id']; + $sql = 'UPDATE ' . ATTACHMENTS_DESC_TABLE . " + SET comment = '" . $db->sql_escape($attach_row['comment']) . "' + WHERE attach_id = " . (int) $attach_row['attach_id']; $db->sql_query($sql); } else @@ -1298,7 +1350,7 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_ $attach_sql = array( 'physical_filename' => $attach_row['physical_filename'], 'real_filename' => $attach_row['real_filename'], - 'comment' => trim($attach_row['comment']), + 'comment' => $attach_row['comment'], 'extension' => $attach_row['extension'], 'mimetype' => $attach_row['mimetype'], 'filesize' => $attach_row['filesize'], diff --git a/phpBB/styles/subSilver/template/posting_body.html b/phpBB/styles/subSilver/template/posting_body.html index b68cead19f..a34d95a4a5 100644 --- a/phpBB/styles/subSilver/template/posting_body.html +++ b/phpBB/styles/subSilver/template/posting_body.html @@ -51,6 +51,28 @@ function checkForm() + + + + + + + + + + + + + + +
{L_INFORMATION}
{L_DRAFT_SAVED}
{L_DRAFT_TITLE_EXPLAIN}

{L_ENTER_DRAFT_TITLE}  

+ + + +
+
+ + @@ -305,7 +327,7 @@ function checkForm() - + @@ -320,7 +342,7 @@ function checkForm() - +
             
{S_HIDDEN_FIELDS}      {S_HIDDEN_FIELDS}       
diff --git a/phpBB/styles/subSilver/template/ucp_main.html b/phpBB/styles/subSilver/template/ucp_main.html index 5e6d9cb636..a21103e292 100644 --- a/phpBB/styles/subSilver/template/ucp_main.html +++ b/phpBB/styles/subSilver/template/ucp_main.html @@ -1,5 +1,6 @@ + @@ -99,7 +100,107 @@ -
- \ No newline at end of file + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
{L_UCP}
{L_DRAFTS_EXPLAIN}
{L_SAVE_DATE}{L_DRAFT_TITLE}{L_TOPIC}{L_OPTIONS}{L_DELETE}
{draftrow.DATE}{draftrow.TITLE}{L_CURRENT_TOPIC}{draftrow.TOPIC_TITLE}{L_NEW_OR_DELETED_TOPIC}{L_INSERT}
{L_VIEW_EDIT}
{L_NO_SAVED_DRAFTS}
 
{ERROR}
{L_DRAFT_TITLE}:
{L_SUBJECT}:
{L_MESSAGE}:
{L_EDIT_DRAFT_EXPLAIN}		 + + + + + + + + + + + + + + + + + + + + +
+ + + + +
 {L_FONT_SIZE}: {L_CLOSE_TAGS}
{L_BACK_TO_DRAFTS}
{S_HIDDEN_FIELDS} 
+ + +