equal
deleted
inserted
replaced
88 } |
88 } |
89 |
89 |
90 if ( sizeof($errors) < 1 ) |
90 if ( sizeof($errors) < 1 ) |
91 { |
91 { |
92 // Collect other options |
92 // Collect other options |
|
93 $post_text = trim(htmlspecialchars($_POST['post_text'])); |
|
94 $post_subject = trim(htmlspecialchars($_POST['subject'])); |
93 |
95 |
94 // Submit post |
96 // Submit post |
95 if ( $parms['mode'] == 'reply' || $parms['mode'] == 'quote' ) |
97 if ( $parms['mode'] == 'reply' || $parms['mode'] == 'quote' ) |
96 { |
98 { |
97 $result = decir_submit_post($parms['topic_in'], $_POST['subject'], $_POST['post_text'], $post_id); |
99 $result = decir_submit_post($parms['topic_in'], $post_subject, $post_text, $post_id); |
98 if ( $result ) |
100 if ( $result ) |
99 { |
101 { |
100 // update forum stats |
102 // update forum stats |
101 $user = $db->escape($session->username); |
103 $user = $db->escape($session->username); |
102 $q = $db->sql_query('UPDATE '.table_prefix."decir_forums SET num_posts = num_posts+1, last_post_id = $post_id, last_post_topic = {$parms['topic_in']}, last_post_user = $session->user_id WHERE forum_id={$parms['forum_in']};"); |
104 $q = $db->sql_query('UPDATE '.table_prefix."decir_forums SET num_posts = num_posts+1, last_post_id = $post_id, last_post_topic = {$parms['topic_in']}, last_post_user = $session->user_id WHERE forum_id={$parms['forum_in']};"); |
108 redirect($url, 'Post submitted', 'Your post has been submitted successfully.', 4); |
110 redirect($url, 'Post submitted', 'Your post has been submitted successfully.', 4); |
109 } |
111 } |
110 } |
112 } |
111 else if ( $parms['mode'] == 'topic' ) |
113 else if ( $parms['mode'] == 'topic' ) |
112 { |
114 { |
113 $result = decir_submit_topic($parms['forum_id'], $_POST['subject'], $_POST['post_text'], $topic_id, $post_id); |
115 $result = decir_submit_topic($parms['forum_id'], $post_subject, $post_text, $topic_id, $post_id); |
114 if ( $result ) |
116 if ( $result ) |
115 { |
117 { |
116 // update forum stats |
118 // update forum stats |
117 $q = $db->sql_query('UPDATE '.table_prefix."decir_forums SET num_posts = num_posts+1, num_topics = num_topics+1, last_post_id = $post_id, last_post_topic = $topic_id, last_post_user = $session->user_id WHERE forum_id={$parms['forum_id']};"); |
119 $q = $db->sql_query('UPDATE '.table_prefix."decir_forums SET num_posts = num_posts+1, num_topics = num_topics+1, last_post_id = $post_id, last_post_topic = $topic_id, last_post_user = $session->user_id WHERE forum_id={$parms['forum_id']};"); |
118 if ( !$q ) |
120 if ( !$q ) |