X-Git-Url: http://www.wagner.pp.ru/gitweb/?p=oss%2Fstilllife.git;a=blobdiff_plain;f=forum%2Fforum;fp=forum%2Fforum;h=bc685450577ae4cfd35d1e81175f1304172b3af6;hp=7cb882b48c9c9234da43ab5d6d0ec89cd5dadeb5;hb=d0acd3927cbe4e0f7e4faccca7ef6dd68911ecd5;hpb=f66c0d31896664d40c4e78e21d14621c463f7ef6 diff --git a/forum/forum b/forum/forum index 7cb882b..bc68545 100755 --- a/forum/forum +++ b/forum/forum @@ -262,7 +262,7 @@ sub show_error { print $cgi->header(-type=>'text/html',-charset=>'utf-8'); print "ÐÑÐ¸Ð±ÐºÐ° ÐºÐ¾Ð½ÑÐ¸Ð³ÑÑÐ°ÑÐ¸Ð¸ ÑÐ¾ÑÑÐ¼Ð°", "

ÐÑÐ¸Ð±ÐºÐ° ÐºÐ¾Ð½ÑÐ¸Ð³ÑÑÐ°ÑÐ¸Ð¸ ÑÐ¾ÑÑÐ¼Ð°

", - $cgi->escapeHTML($msg),"

", + escapeHTML($msg),"

", "

"; } exit; @@ -1479,7 +1479,7 @@ sub delete_comment { my ($cgi,$forum,$topic,$id) = @_; my ($tree,$lockfd) = gettree($topic); my ($msg) = $tree->look_down(id => $id); - show_error("Ð Ð´Ð°Ð½Ð½Ð¾Ð¹ ÑÐµÐ¼Ðµ Ð½ÐµÑ ÑÐµÐ¿Ð»Ð¸ÐºÐ¸ Ñ id=$id") if (!$msg); + show_error($forum,"Ð Ð´Ð°Ð½Ð½Ð¾Ð¹ ÑÐµÐ¼Ðµ Ð½ÐµÑ ÑÐµÐ¿Ð»Ð¸ÐºÐ¸ Ñ id=$id") if (!$msg); if (getrights($cgi,$forum) ne "moderator" && getrights($cgi,$forum) ne "admin") { my $author= $msg->look_down(_tag=>"input",name=>"author"); @@ -1910,7 +1910,7 @@ sub input2tree { } elsif ($format eq "text") { $text=~s/\r?\n\r?\n/<\/p>

/; $text=~s/\r?\n/
/; - $text = "

".$text."

"; + $text = "

".escapeHTML($text)."

"; } my $txtree = str2tree($text); for my $badtag @@ -1920,7 +1920,7 @@ sub input2tree { $element->delete() if defined $element; } } - # ÐÑÐ¾Ð²ÐµÑÑÐµÐ¼ Ð½Ð° Ð½Ð°Ð»Ð¸ÑÐ¸Ðµ URL-Ð¾Ðº Ð½Ðµ Ð¾ÑÐ¾ÑÐ¼Ð»ÐµÐ½Ð½ÑÑ ÑÑÑÐ»ÐºÐ°Ð¼Ð¸. + # FIXME ÐÑÐ¾Ð²ÐµÑÑÐµÐ¼ Ð½Ð° Ð½Ð°Ð»Ð¸ÑÐ¸Ðµ URL-Ð¾Ðº Ð½Ðµ Ð¾ÑÐ¾ÑÐ¼Ð»ÐµÐ½Ð½ÑÑ ÑÑÑÐ»ÐºÐ°Ð¼Ð¸. return $txtree; } @@ -2065,3 +2065,10 @@ sub newlistelement { } } +sub escapeHTML { + local $_ = shift; + s/\&/&/g; + s/\/>/g; + return $_; +}

ÐÑÐ¸Ð±ÐºÐ° ÐºÐ¾Ð½ÑÐ¸Ð³ÑÑÐ°ÑÐ¸Ð¸ ÑÐ¾ÑÑÐ¼Ð°

ÐÑÐ¸Ð±ÐºÐ° ÐºÐ¾Ð½ÑÐ¸Ð³ÑÑÐ°ÑÐ¸Ð¸ ÑÐ¾ÑÑÐ¼Ð°