had CRLF for some reason. more error cleaning

2025-05-19 08:40:21 -07:00 · 2015-08-13 23:20:53 -07:00 · 2015-08-13 23:20:53 -07:00 · 6ec2907a62
commit 6ec2907a62
parent b4e9133f5f
1 changed files with 354 additions and 354 deletions
--- a/newreply.php
+++ b/newreply.php
@ -17,7 +17,7 @@
 		die();
 	}

- 	$forumid=intval($thread[forum]);
+	$forumid=intval($thread['forum']);
 	$forum=$sql->fetchq("SELECT title,minpower,minpowerreply,id,specialscheme FROM forums WHERE id=$forumid");
 	if ($forum['minpower'] && $power < $forum['minpower']) {
 		$forum['title'] = '';
@ -30,15 +30,18 @@

 	require_once 'lib/layout.php';

+
 	$smilies=readsmilies();
-	if(!$ppp) $ppp=(!$log?20:$loguser[postsperpage]);
+	if(!filter_int($ppp)) $ppp=(!$log?20:$loguser['postsperpage']);
 	$fonline=fonlineusers($forumid);
 	$header=makeheader($header1,$headlinks,$header2 ."	$tblstart$tccell1s>$fonline$tblend");

-	if(@mysql_num_rows($sql->query("SELECT user FROM forummods WHERE forum=$forumid and user=$loguserid"))) $ismod=1;
+	if(mysql_num_rows($sql->query("SELECT user FROM forummods WHERE forum='$forumid' and user='$loguserid'"))) $ismod=1;
+
+	$modoptions	= "";

 	if ($ismod) {
-		if ($thread[sticky] == 1) $sticky = "checked";
+		if ($thread['sticky'] == 1) $sticky = "checked";
 		$modoptions = "	<tr>$tccell1><b>Moderator Options:</b></td>$tccell2l colspan=2>
 		$inpc=\"close\" id=\"close\" value=\"1\"><label for=\"close\">Close</label> -
 		$inpc=\"stick\" id=\"stick\" value=\"1\" $sticky><label for=\"stick\">Sticky</label>";
@ -49,10 +52,8 @@

 	$header	= "$header
 		$fonttag<a href=index.php>$boardname</a> - <a href=forum.php?id=$forumid>$forum[title]</a> - $thread[title]<form action=newreply.php name=replier method=post autocomplete=\"off\"> $tblstart";
-	replytoolbar(1);

 	if($log) activitycheck($loguserid);
-
  // Post preview
 	if (($power>=$forum['minpowerreply'] || $forum['minpowerreply']<1) && $id>0) {
 		$postlist="<tr>$tccellh colspan=2 style=\"font-weight:bold;\">Thread history</tr><tr>$tccellh width=150>User</td>$tccellh width=*>Post</tr>";
@ -63,13 +64,13 @@
 		while($post=$sql->fetch($posts)){
 			$bg = ((($i++) & 1) ? 'tdbg2' : 'tdbg1');
 			if ($ppp-- > 0){
-				$postnum=($post[num]?"$post[num]/":'');
+				$postnum=($post['num']?"$post[num]/":'');
 				$tcellbg="<td class='tbl $bg font' valign=top>";
-				$namecolor=getnamecolor($post[sex],$post[powerlevel]);
+				$namecolor=getnamecolor($post['sex'],$post['powerlevel']);
 				$postlist.="<tr>
 					$tcellbg<a href=profile.php?id=$post[user]><font $namecolor>$post[name]</font></a>$smallfont<br>
 					Posts: $postnum$post[posts]</td>
-					$tcellbg".doreplace2(dofilters($post[text]), $post[options])."</tr>
+					$tcellbg".doreplace2(dofilters($post['text']), $post['options'])."</tr>
 				";
 			}
 			else{
@ -79,8 +80,8 @@
 		}
 	}

-	if(!$_POST['action'] && !$thread['closed'] && !($banned && $log)
-	 && ($power>=$forum[minpowerreply] || $forum[minpowerreply]<1) && $id>0) {
+	if(!filter_string($_POST['action']) && !$thread['closed'] && !($banned && $log)
+		&& ($power>=$forum['minpowerreply'] || $forum['minpowerreply']<1) && $id>0) {
 		print $header;
 		print "";

@ -96,9 +97,10 @@
 			$altloginjs = "<span>";
 		}

-		if($postid){
+		$quotemsg	= "";
+		if(filter_int($postid)){
 			$post=$sql->fetchq("SELECT user,text,thread FROM posts,posts_text WHERE id=$postid AND id=pid");
-			$post['text']=str_replace('<br>',$br,$post[text]);
+			$post['text']=str_replace('<br>',$br,$post['text']);
 			$u=$post['user'];
 			$users[$u]=loaduser($u,1);
 			if($post['thread']==$id) $quotemsg="[quote={$users[$u]['name']}]{$post['text']}[/quote]\r\n";
@ -114,8 +116,8 @@
 		</span><tr>
 		$tccell1><b>Reply:</td>
 		$tccell2l width=800px valign=top>".replytoolbar(2)."
-	  $txta=message ROWS=21 COLS=$numcols style=\"width: 100%; max-width: 800px; resize:vertical;\" ".replytoolbar(3).">". htmlspecialchars($quotemsg, ENT_QUOTES, "ISO-8859-1") ."</TEXTAREA></td>
-    $tccell2l width=*>".moodlist($moodid)."</td><tr>
+		$txta=message ROWS=21 COLS=$numcols style=\"width: 100%; max-width: 800px; resize:vertical;\" ".replytoolbar(3).">". htmlspecialchars($quotemsg, ENT_QUOTES) ."</TEXTAREA></td>
+	$tccell2l width=*>".moodlist(filter_int($moodid))."</td><tr>
 	<tr>
 		$tccell1>&nbsp</td>$tccell2l colspan=2>
 		$inph=action VALUE=postreply>
@ -135,14 +137,14 @@
 		</form>
 	$fonttag<a href=index.php>$boardname</a> - <a href=forum.php?id=$forumid>$forum[title]</a> - $thread[title]
 	".replytoolbar(4);
-  } elseif(!$_POST[action]) {
+	} elseif(!$_POST['action']) {
 			print $header;
 			print "$tccell1>You are not allowed to post in this thread.
 			<br>".redirect("index.php", 'return to the index page', 0)."</table>";
 	}


-  if($_POST[action]=='postreply' && !($banned && $log) && $id>0) {
+	if($_POST['action']=='postreply' && !($banned && $log) && $id>0) {
 		if ($log && !$password)
 			$userid = $loguserid;
 		else
@ -162,31 +164,33 @@
 		$error="Either you didn't enter an existing username, or you haven't entered the right password for the username.";
 	else{
 	$user=@$sql->fetchq("SELECT * FROM users WHERE id=$userid");
-//      if($thread[lastposter]==$userid && $user[powerlevel]<=2)
+//      if($thread['lastposter']==$userid && $user['powerlevel']<=2)
 //        $error='You already have the last reply in this thread.';
-      if($thread[closed])
+		if($thread['closed'])
 		$error='The thread is closed and no more replies can be posted.';
-      if($user[powerlevel]<$forum[minpowerreply])
+		if($user['powerlevel']<$forum['minpowerreply'])
 		$error='Replying in this forum is restricted, and you are not allowed to post in this forum.';
 		if(!$message)
 		$error="You didn't enter anything in the post.";
 	}
+
 	if (!$error) {
 	activitycheck($userid);
-	$sign=$user[signature];
-	$head=$user[postheader];
-	if($user[postbg]) $head="<div style=background:url($user[postbg]);height=100%>$head";

-	$numposts=$user[posts]+ 1;
+	$sign	=$user['signature'];
+	$head	=$user['postheader'];
+	if($user['postbg']) $head="<div style=background:url($user[postbg]);height=100%>$head";

-	$numdays=(ctime()-$user[regdate])/86400;
+	$numposts		= $user['posts']+ 1;
+
+	$numdays		= (ctime()-$user['regdate'])/86400;
 	$tags			= array();
 	$message		= doreplace($message,$numposts,$numdays,$username, $tags);
 	$tagval			= $sql->escape(json_encode($tags));
 	$rsign			= doreplace($sign,$numposts,$numdays,$username);
 	$rhead			= doreplace($head,$numposts,$numdays,$username);
 	$currenttime	= ctime();
-	if($submit){
+	if (filter_string($_POST['submit'])) {

 		if (!(!$x_hacks['host'] && $userid == 715) || true) {

@ -243,11 +247,6 @@
 		$sql->query("REPLACE INTO threadsread SET `uid` = '$userid', `tid` = '$id', `time` = ". ctime() .", `read` = '1'");


-/*
-	  print "
-	   $tccell1>Reply posted successfully!
-	<br>".redirect("thread.php?pid=$pid#$pid", $thread[title], 0) .$tblend;
-*/
 		xk_ircout("reply", $user['name'], array(
 			'forum'		=> $forum['title'],
 			'fid'		=> $forumid,
@ -268,31 +267,32 @@
 		} else {
 			print "
 			$tccell1>Reply posted successfully!
-		<br>".redirect("thread.php?id=$id", $thread[title], 0) .$tblend;
+		<br>".redirect("thread.php?id=$id", $thread['title'], 0) .$tblend;
 		}
 	}else{
+
 		loadtlayout();
 		$message = stripslashes($message);
 		$ppost=$user;
-		$ppost[uid]=$userid;
-		$ppost[num]=$numposts;
-		$ppost[posts]++;
-		$ppost[lastposttime]=$currenttime;
-		$ppost[date]=$currenttime;
-		$ppost[moodid]=$_POST['moodid'];
-		if ($nolayout) {
-			$ppost[headtext] = "";
-			$ppost[signtext] = "";
+		$ppost['uid']=$userid;
+		$ppost['num']=$numposts;
+		$ppost['posts']++;
+		$ppost['lastposttime']=$currenttime;
+		$ppost['date']=$currenttime;
+		$ppost['moodid']=$_POST['moodid'];
+		if (filter_bool($nolayout)) {
+			$ppost['headtext'] = "";
+			$ppost['signtext'] = "";
 		} else {
-			$ppost[headtext]=$rhead;
-			$ppost[signtext]=$rsign;
+			$ppost['headtext']=$rhead;
+			$ppost['signtext']=$rsign;
 		}
-		$ppost[text]=$message;
-		$ppost[options] = $nosmilies . "|" . $nohtml;
+		$ppost['text']=$message;
+		$ppost['options'] = filter_int($nosmilies) . "|" . filter_int($nohtml);

 		if($isadmin) $ip=$userip;

-		$chks = array();
+		$chks = array("", "", "");
 		if ($nosmilies) $chks[0] = "checked";
 		if ($nolayout)  $chks[1] = "checked";
 		if ($nohtml)    $chks[2] = "checked";
@ -330,14 +330,14 @@
 	}else
 	print "$header$tccell1>Couldn't enter the post. $error<br>".redirect("thread.php?id=$id", $thread['title'], 0);
  }
-  if($thread[closed])
+  if($thread['closed'])
 	print "
 	$tccell1>Sorry, but this thread is closed, and no more replies can be posted in it.
-	<br>".redirect("thread.php?id=$id",$thread[title],0);
+	<br>".redirect("thread.php?id=$id",$thread['title'],0);
  if($banned and $log)
 	print "
 	$tccell1>Sorry, but you are banned from the board, and can not post.
-	<br>".redirect("thread.php?id=$id",$thread[title],0);
+	<br>".redirect("thread.php?id=$id",$thread['title'],0);

  print $footer;
  printtimedif($startingtime);
@ -345,7 +345,7 @@
 function activitycheck($userid){
  global $id,$thread,$header,$tblstart,$tccell1,$tblend,$footer,$loguser,$sql;
  $activity=$sql->resultq("SELECT count(*) FROM posts WHERE user=$userid AND thread=$id AND date>".(ctime()-86400),0,0);
-//  if($activity>=(stristr($thread[title],'ACS ')?5:5000))
+//  if($activity>=(stristr($thread['title'],'ACS ')?5:5000))
 //    die("$tblstart$tccell1>You have posted enough in this thread today. Come back later!$tblend$footer");
  $activity=$sql->resultq("SELECT count(*) FROM posts WHERE user=$userid AND date>".(ctime()-300),0,0);
 		if($activity && $userid == 1079)