sNews Forum

Previous sNews versions => sNews 1.5 Final => Patches/fixes => Topic started by: Mika on February 04, 2007, 11:34:50 am

Title: [FIX] Missing
in comments in admin mode (sNews 1.5.31)

Post by: Mika on February 04, 2007, 11:34:50 am
When admin is logged in, new line feed (enter) doesn't work as expected. Here's the fix
Quote
function cleanXSS($string) {
if ($_SESSION[db('website').'Logged_In'] !== token()) {
...
} else {return $string;}
}
Add the blue part
Quote
function cleanXSS($string) {
if ($_SESSION[db('website').'Logged_In'] !== token()) {
...
} else {$string = nl2br($string); return $string;}
}
Title: [FIX] Missing
in comments in admin mode (sNews 1.5.31)

Post by: Patric Ahlqvist on February 04, 2007, 11:41:50 am
Nope... not for me :(
Title: [FIX] Missing
in comments in admin mode (sNews 1.5.31)

Post by: Keyrocks on February 24, 2007, 04:21:01 pm
Mika - Please explain?
The virgin snews.php file in the installation package I downloaded on February 21, 2007, does not have this function as shown. The file has no revision date it it either to tell us which file is the "latest" release. Instead, the function is completely different and much longer, starting with:
Quote
// XSS CLEAN
function cleanXSS($val)
I also notice that:
Quote
// HTML ENTITY DECODE
function decode($text, $html = 'yes')
which was above it in the snews.php file released on February 02, 2007 is now removed.

Each time you change an snews.php file so significantly... I suggest that bug-fix references like the one you posted here... should be deleted from this forum. I also suggest that each time changes are made... as the ones I just pointed out here... that the release date in the snews.php file be changed up to the date that the changes and new release were made. As it is now... the function changes are significant but both files have the same release date. This makes it impossible to know what was changed when.  :/

Can you explain why this change was made and how it affects the operation of sNews?