43
« on: September 16, 2010, 05:58:01 AM »
Just now I tested the bad word filters in my own system and its working fine.. but in server its not working..
This is my show comment code in details.php
//-----------------------------------------------------
//--- Show Comments -----------------------------------
//-----------------------------------------------------
if ($image_allow_comments == 1) {
$site_template->register_vars(array(
"has_rss" => true,
"rss_title" => "RSS Feed: ".$image_name." (".str_replace(':', '', $lang['comments']).")",
"rss_url" => $script_url."/rss.php?action=comments&".URL_IMAGE_ID."=".$image_id
));
$sql = "SELECT c.comment_id, c.image_id, c.user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, c.comment_ip, c.comment_date".get_user_table_field(", u.", "user_level").get_user_table_field(", u.", "user_name").get_user_table_field(", u.", "user_email").get_user_table_field(", u.", "user_showemail").get_user_table_field(", u.", "user_invisible").get_user_table_field(", u.", "user_joindate").get_user_table_field(", u.", "user_lastaction").get_user_table_field(", u.", "user_comments").get_user_table_field(", u.", "user_homepage").get_user_table_field(", u.", "user_icq")."
FROM ".COMMENTS_TABLE." c
LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
WHERE c.image_id = $image_id
ORDER BY c.comment_date ASC";
$result = $site_db->query($sql);
$comment_row = array();
while ($row = $site_db->fetch_array($result)) {
$comment_row[] = $row;
}
$site_db->free_result($result);
$num_comments = sizeof($comment_row);
if (!$num_comments) {
$comments = "<tr><td class=\"commentrow1\" colspan=\"2\">".$lang['no_comments']."</td></tr>";
}
else {
$comments = "";
$bgcounter = 0;
for ($i = 0; $i < $num_comments; $i++) {
$row_bg_number = ($bgcounter++ % 2 == 0) ? 1 : 2;
$comment_user_email = "";
$comment_user_email_save = "";
$comment_user_mailform_link = "";
$comment_user_email_button = "";
$comment_user_homepage_button = "";
$comment_user_icq_button = "";
$comment_user_profile_button = "";
$comment_user_status_img = REPLACE_EMPTY;
$comment_user_name = format_text($comment_row[$i]['comment_user_name'], 2);
$comment_user_info = $lang['userlevel_guest'];
$comment_user_id = $comment_row[$i]['user_id'];
if (isset($comment_row[$i][$user_table_fields['user_name']]) && $comment_user_id != GUEST) {
$comment_user_name = format_text($comment_row[$i][$user_table_fields['user_name']], 2);
$comment_user_profile_link = !empty($url_show_profile) ? $site_sess->url(preg_replace("/{user_id}/", $comment_user_id, $url_show_profile)) : $site_sess->url(ROOT_PATH."member.php?action=showprofile&".URL_USER_ID."=".$comment_user_id);
$comment_user_profile_button = "<a href=\"".$comment_user_profile_link."\"><img src=\"".get_gallery_image("profile.gif")."\" border=\"0\" alt=\"".$comment_user_name."\" /></a>";
$comment_user_status_img = ($comment_row[$i][$user_table_fields['user_lastaction']] >= (time() - 300) && ((isset($comment_row[$i][$user_table_fields['user_invisible']]) && $comment_row[$i][$user_table_fields['user_invisible']] == 0) || $user_info['user_level'] == ADMIN)) ? "<img src=\"".get_gallery_image("user_online.gif")."\" border=\"0\" alt=\"Online\" />" : "<img src=\"".get_gallery_image("user_offline.gif")."\" border=\"0\" alt=\"Offline\" />";
$comment_user_homepage = (isset($comment_row[$i][$user_table_fields['user_homepage']])) ? format_url($comment_row[$i][$user_table_fields['user_homepage']]) : "";
if (!empty($comment_user_homepage)) {
$comment_user_homepage_button = "<a href=\"".$comment_user_homepage."\" target=\"_blank\"><img src=\"".get_gallery_image("homepage.gif")."\" border=\"0\" alt=\"".$comment_user_homepage."\" /></a>";
}
$comment_user_icq = (isset($comment_row[$i][$user_table_fields['user_icq']])) ? format_text($comment_row[$i][$user_table_fields['user_icq']]) : "";
if (!empty($comment_user_icq)) {
$comment_user_icq_button = "<a href=\"http://www.icq.com/people/about_me.php?uin=".$comment_user_icq."\" target=\"_blank\"><img src=\"http://web.icq.com/whitepages/online?icq=".$comment_user_icq."&img=5\" width=\"18\" height=\"18\" border=\"0\" alt=\"".$comment_user_icq."\" /></a>";
}
if (!empty($comment_row[$i][$user_table_fields['user_email']]) && (!isset($comment_row[$i][$user_table_fields['user_showemail']]) || (isset($comment_row[$i][$user_table_fields['user_showemail']]) && $comment_row[$i][$user_table_fields['user_showemail']] == 1))) {
$comment_user_email = format_text($comment_row[$i][$user_table_fields['user_email']]);
$comment_user_email_save = format_text(str_replace("@", " at ", $comment_row[$i][$user_table_fields['user_email']]));
if (!empty($url_mailform)) {
$comment_user_mailform_link = $site_sess->url(preg_replace("/{user_id}/", $comment_user_id, $url_mailform));
}
else {
$comment_user_mailform_link = $site_sess->url(ROOT_PATH."member.php?action=mailform&".URL_USER_ID."=".$comment_user_id);
}
$comment_user_email_button = "<a href=\"".$comment_user_mailform_link."\"><img src=\"".get_gallery_image("email.gif")."\" border=\"0\" alt=\"".$comment_user_email_save."\" /></a>";
}
if (!isset($comment_row[$i][$user_table_fields['user_level']]) || (isset($comment_row[$i][$user_table_fields['user_level']]) && $comment_row[$i][$user_table_fields['user_level']] == USER)) {
$comment_user_info = $lang['userlevel_user'];
}
elseif ($comment_row[$i][$user_table_fields['user_level']] == ADMIN) {
$comment_user_info = $lang['userlevel_admin'];
}
$comment_user_info .= "<br />";
$comment_user_info .= (isset($comment_row[$i][$user_table_fields['user_joindate']])) ? "<br />".$lang['join_date']." ".format_date($config['date_format'], $comment_row[$i][$user_table_fields['user_joindate']]) : "";
$comment_user_info .= (isset($comment_row[$i][$user_table_fields['user_comments']])) ? "<br />".$lang['comments']." ".$comment_row[$i][$user_table_fields['user_comments']] : "";
}
$comment_user_ip = ($user_info['user_level'] == ADMIN) ? $comment_row[$i]['comment_ip'] : "";
$admin_links = "";
if ($user_info['user_level'] == ADMIN) {
$admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("comments.php?action=editcomment&comment_id=".$comment_row[$i]['comment_id']))."\" target=\"_blank\">".$lang['edit']."</a> ";
$admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("comments.php?action=removecomment&comment_id=".$comment_row[$i]['comment_id']))."\" target=\"_blank\">".$lang['delete']."</a>";
}
elseif ($is_image_owner) {
$admin_links .= ($config['user_edit_comments'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=editcomment&".URL_COMMENT_ID."=".$comment_row[$i]['comment_id'])."\">".$lang['edit']."</a> ";
$admin_links .= ($config['user_delete_comments'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=removecomment&".URL_COMMENT_ID."=".$comment_row[$i]['comment_id'])."\">".$lang['delete']."</a>";
}
$site_template->register_vars(array(
"comment_id" => $comment_row[$i]['comment_id'],
"comment_user_id" => $comment_user_id,
"comment_user_status_img" => $comment_user_status_img,
"comment_user_name" => $comment_user_name,
"comment_user_info" => $comment_user_info,
"comment_user_profile_button" => $comment_user_profile_button,
"comment_user_email" => $comment_user_email,
"comment_user_email_save" => $comment_user_email_save,
"comment_user_mailform_link" => $comment_user_mailform_link,
"comment_user_email_button" => $comment_user_email_button,
"comment_user_homepage_button" => $comment_user_homepage_button,
"comment_user_icq_button" => $comment_user_icq_button,
"comment_user_ip" => $comment_user_ip,
"comment_headline" => format_text($comment_row[$i]['comment_headline'], 0, $config['wordwrap_comments'], 0, 0),
"comment_text" => format_text($comment_row[$i]['comment_text'], $config['html_comments'], $config['wordwrap_comments'], $config['bb_comments'], $config['bb_img_comments']),
"comment_date" => format_date($config['date_format']." ".$config['time_format'], $comment_row[$i]['comment_date']),
"row_bg_number" => $row_bg_number,
"admin_links" => $admin_links
));
$comments .= $site_template->parse_template("comment_bit");
} // end while
} //end else
$site_template->register_vars("comments", $comments);
unset($comments);
and this is the format_text function..
function replace_badwords($text) {
global $config, $split_badwords;
if ($config['badword_list'] != "") {
if (!isset($split_badwords)) {
$badwords = trim($config['badword_list']);
$badwords = preg_replace("/[\n\r]/is", " ", $badwords);
$badwords = str_replace(","," ",$badwords);
$badwords = preg_quote($badwords);
$badwords = str_replace('/', '\\/', $badwords);
$split_badwords = preg_split("/\s+/", $badwords);
}
foreach ($split_badwords as $key => $val) {
if ($val != "") {
if (substr($val, 0, 2) == "\\{") {
$val = substr($val, 2, -2);
$text = trim(preg_replace("/([^A-Za-z])".$val."(?=[^A-Za-z])/si", "\\1".str_repeat($config['badword_replace_char'], strlen($val)), " $text "));
}
else {
$text = trim(preg_replace("/$val/si", str_repeat($config['badword_replace_char'], strlen($val)), " $text "));
}
}
}
}
return $text;
}
function format_text($text, $html = 0, $word_wrap = 0, $bbcode = 0, $bbcode_img = 0) {
if ($word_wrap && $text != "") {
$text = preg_replace("/([^\n\r ?&\.\/<>\"\\-]{".$word_wrap."})/i", " \\1\n", $text);
}
if ($html == 0 || $html == 2) {
$text = safe_htmlspecialchars($text);
}
if ($html !== 2) {
$text = nl2br(trim($text));
$text = replace_url($text);
}
if ($bbcode == 1) {
$search_array = array(
"/(\[)(list)(=)(['\"]?)([^\"']*)(\\4])(.*)(\[\/list)(((=)(\\4)([^\"']*)(\\4]))|(\]))/siU",
"/(\[)(list)(])(.*)(\[\/list\])/siU",
"/(\[\*\])/siU",
"/(\[\/\*\])/siU",
"/(\[)(url)(=)(['\"]?)(www\.)([^\"']*)(\\4])(.*)(\[\/url\])/siU",
"/(\[)(url)(=)(['\"]?)([^\"']*)(\\4])(.*)(\[\/url\])/siU",
"/(\[)(url)(])(www\.)([^\"]*)(\[\/url\])/siU",
"/(\[)(url)(])([^\"]*)(\[\/url\])/siU",
"/(\[)(code)(])(\r\n)*(.*)(\[\/code\])/siU",
"/javascript:/si",
"/about:/si"
);
$replace_array = array(
"<ol type=\"\\5\">\\7</ol>",
"<ul>\\4</ul>",
"<li>",
"</li>",
"<a href=\"http://www.\\6\" target=\"_blank\" rel=\"nofollow\">\\8</a>",
"<a href=\"\\5\" target=\"_blank\" rel=\"nofollow\">\\7</a>",
"<a href=\"http://www.\\5\" target=\"_blank\" rel=\"nofollow\">www.\\5</a>",
"<a href=\"\\4\" target=\"_blank\" rel=\"nofollow\">\\4</a>",
"<pre>Code:<hr size=1>\\5<hr size=1></pre>",
"java script:",
"about :"
);
$text = preg_replace($search_array, $replace_array, $text);
if (!$bbcode_img) {
$text = preg_replace("/(\[)(img)(])(\r\n)*([^\"]*)(\[\/img\])/siU", "<a href=\"\\5\" target=\"_blank\">\\5</a>", $text);
}
else {
$text = preg_replace("/(\[)(img)(])(\r\n)*([^\"]*)(\[\/img\])/siU", "<img src=\"\\5\">", $text);
}
$text = preg_replace("/(\[)(b)(])(\r\n)*([^\"]*)(\[\/b\])/siU", "<b>\\5</b>", $text);
$text = preg_replace("/(\[)(i)(])(\r\n)*([^\"]*)(\[\/i\])/siU", "<i>\\5</i>", $text);
$text = preg_replace("/(\[)(u)(])(\r\n)*([^\"]*)(\[\/u\])/siU", "<u>\\5</u>", $text);
$text = replace_badwords($text);
}
$text = str_replace("\\'", "'", $text);
return $text;
}
Do you see any issues here ??
Thank you.