Changeset 120

Timestamp:

2008-01-07 16:50:34 (1 year ago)

Author:

hannes

Message:

merging changesets [98] to [119] from trunk; creating RC5

Files:

• branches/5.0/admin/classes/pages/Editmember.php (modified) (1 diff)
• branches/5.0/classes/misc/Authcode.php (modified) (2 diffs)
• branches/5.0/classes/misc/Format.php (modified) (3 diffs)
• branches/5.0/classes/misc/Member.php (modified) (1 diff)
• branches/5.0/classes/misc/Post.php (modified) (6 diffs)
• branches/5.0/classes/misc/Postform.php (modified) (1 diff)
• branches/5.0/classes/pages/Category.php (modified) (1 diff)
• branches/5.0/classes/pages/Forum.php (modified) (2 diffs)
• branches/5.0/classes/pages/Page.php (modified) (2 diffs)
• branches/5.0/classes/pages/Reply.php (modified) (1 diff)
• branches/5.0/db/mysql.sql (modified) (1 diff)
• branches/5.0/db/spamboard.sql (deleted)
• branches/5.0/db/sqlite.sql (modified) (1 diff)
• branches/5.0/includes/config/bots.php (modified) (1 diff)
• branches/5.0/includes/config/settings.tmpl (modified) (1 diff)
• branches/5.0/includes/config/version.php (modified) (1 diff)
• branches/5.0/includes/input.php (modified) (1 diff)
• branches/5.0/includes/lang/de.php (modified) (1 diff)
• branches/5.0/includes/lang/en.php (modified) (1 diff)
• branches/5.0/includes/page_out.php (modified) (1 diff)
• branches/5.0/includes/styles/default.css (modified) (7 diffs)
• branches/5.0/index.php (modified) (1 diff)
• branches/5.0/install.php (modified) (4 diffs)
• branches/5.0/redirectors/preview.php (modified) (2 diffs)

branches/5.0/admin/classes/pages/Editmember.php

@@ -405 +405 @@
-                            @closedir($handle);
-                        }
-
+0
-                        $_col2 = '<td>';
-                        /* it shouldn't really occur that the avatar is an empty string,

branches/5.0/classes/misc/Authcode.php

@@ -43 +43 @@
-        // remove auth code from session since it's no longer needed
-        unset($_SESSION['pw']);
+        unset($_SESSION['pw_page']);
-    } /* function destroy */
-
@@ -59 +60 @@
-        // put into session
-        $_SESSION['pw'] = $p->get();
+        // remember number of page this was written
+        $_SESSION['pw_page'] = $_SESSION['pages'];
-    } /* function generate */
-

branches/5.0/classes/misc/Format.php

@@ -79 +79 @@
-    public function post($str, $simple = FALSE) {
-        // language
-
+, $F
-        /* debugging messages;
-         * printed out directly on the screen, so incompatible with general board structure;
@@ -85 +85 @@
-        $DEBUG = FALSE;
-        // board code
-
+quote=', '[
-        // closing tags in the SAME order
-
+quote]', '[/
-        /* HTML code:
-         * In both the opening and closing tag definition, you can use %% as placeholder. Occurences of this string will be replaced with the attribute given in the board tag (e.g. [url=blah] -> attribute is 'blah'; there are some special cases which are handled individually in the switch statement).
-         * The string contained between opening and closing board tag will automatically appear between opening and closing HTML part anyway. Note that I wrote 'HTML part', not 'tag', since in some cases (e.g. images), the latter doesn't apply. If you're planning to add more code tags, just look at the existing ones and you should understand the different ways to use those definitions to the best effect... */
-
-
+quote1">%%:</div><div class="quote">', '<div class="
+div>', '</
-        // initialize string for comparison
-        $str_prev = '';
@@ -183 +183 @@
-                            $_attr_close = $_cont;
-                        break;
+                        case '[quote=':
+                            // get poster and date of post this quote comes from
+                            $p = new Post($_attr);
+                            $_attr = str_replace(Array('%poster%', '%date%'), Array($p->getPoster(), $F->datetime($p->getPosttime())), $LANG['quote_from']);
+                        break;
-                        default:
-                            // nothing to do for the rest of the tags

branches/5.0/classes/misc/Member.php

@@ -64 +64 @@
-        // language
-        global $LANG;
-        // database connection identifier
-        if ($member === NULL) {
-            // called with member id instead of username

branches/5.0/classes/misc/Post.php

@@ -48 +48 @@
-    } /* constructor */
-
+    /* get poster */
+    public function getPoster() {
+        return $this->post->poster;
+    }
+
+    /* get post time */
+    public function getPosttime() {
+        return $this->post->posttime;
+    }
+
-    /* function setPost - only used if constructor called without id (used in post preview) */
-    public function setPost($post) {
@@ -71 +81 @@
-        $_showip = '';
-        if ($SETTINGS['ip_logging'] == 1) {
-
+this->
-        }
-        // post header (time of post etc.)
-        $table->addRow(Array('<td colspan="2" class="postheader">' . $LANG['Posted'] . ' ' . $F->datetime($this->post->posttime) . ' | <a href="' . $F->link('reply') . 'id=' . $id . '&amp;quote=' . $this->id . '">' . $LANG['Quote'] . '</a> | ' . $_showip . '<a href="' . $F->link('edit') . 'id=' . $this->id . '">' . $LANG['Edit'] . '</a> | <a href="' . $F->link('delete') . 'id=' . $this->id . '">' . $LANG['Delete'] . '</a> ' . $_split . '</td>'));
-        // get member info
-
+
+
+
+
+
-        // assemble parts of post
-        $_post = '<div>' . $F->post($this->post->post) . '</div>';
@@ -92 +106 @@
-        }
-        // add this post
-$_post
+str_replace('&', '&amp;', $_post)
-        // post footer
-        $table->addRow(Array(''), Array('colspan'=>'2', 'class'=>'postfooter'));
@@ -106 +120 @@
-     **/
-    public function save($show_orig) {
-
+F, $
-        // post data
-        global $reply, $subject, $forum, $pollchoices, $user, $post, $password, $email, $subscribe;
@@ -257 +271 @@
-                                    $email = $row->memberemail;
-                                    // set flag for 'registered member'
-1
+$row->memberid
-                                    // always use the membername exactly as it appears in the database
-                                    $user = $row->membername;
@@ -380 +394 @@
-                            $q = $C->prepare('INSERT INTO ' . $SETTINGS['dbtableprefix'] . 'posts (topic, post, poster, posteremail, posttime, ip, attachment, postedbymember) VALUES (:reply, :post, :user, :email, :ts, :ip, :attachment, :member)');
-                            $q->bindParam(':reply', $reply, PDO::PARAM_INT, 12);
-post
-user
+F->htmlentities($post, TRUE)
+F->htmlentities($user, TRUE)
-                            $q->bindParam(':email', $email, PDO::PARAM_STR);
-                            // current time in UTC

branches/5.0/classes/misc/Postform.php

@@ -42 +42 @@
-    public function __construct($show_orig, $page = FALSE, $id = FALSE, $subject = FALSE, $quote = '', $subscribed = FALSE) {
-        global $SETTINGS, $F, $C, $LANG;
+        // define replacements
+        $_rep = Array(
+            '&'=>'&',
+            '&lt;'=>'<',
+            '&gt;'=>'>',
+            "&apos;"=>"'",
+            '&quot;'=>'"'
+        );
+        // remove special characters from quote
+        $quote = strtr($quote, $_rep);
-        // form object
-        $this->form = new Form($F->link($show_orig).'commit=y', 'postform', 'multipart/form-data');
-        // max. upload size
-        if ($show_orig !== 'messenger' && $show_orig !== 'edit' && $show_orig !== 'mail' && $SETTINGS['maxuploadsize'] > 0) {
-            $this->form->addInput('hidden', 'MAX_FILE_SIZE', $SETTINGS['maxuploadsize']);
-        }
-        // reply to which topic?
-        if ($show_orig === 'reply') {

branches/5.0/classes/pages/Category.php

@@ -100 +100 @@
-                        if (isset($row5->topicid) && $row5->topicid != '' && $row5->topicid > 0) {
-                        // get poster information
-
+
+
+
+
+
-                        $_col4 = '<div>' . $LANG['by'] . ' ' . $_poster->getProfileLink() . '</div><div>' . $LANG['in'] . ' <a href="' . $F->link('topic') . 'id=' . $row5->topicid . '">' . $row5->topictitle . '</a></div><div>' . $F->datetime($row5->posttime) . '</div>';
-                    }

branches/5.0/classes/pages/Forum.php

@@ -108 +108 @@
-                $q4 = NULL;
-                // get first and last poster information
-
-
+
+
+
+
+
+
+
+
+
+
-                // multiple pages for this topic?
-                $topicpages = new Pagination($SETTINGS['postsperpage'], 1, $row2['posts']);
@@ -135 +143 @@
-                }
-                // add all the previously compiled topic information to table
-) . '</a></h3>' . str_replace('&amp;', '&amp;
+, ENT_QUOTES, 'UTF-8') . '</a></h3>' . str_replace('&', '&
-            }
-            // add finished table to parent HTML element

branches/5.0/classes/pages/Page.php

@@ -51 +51 @@
-        // get current timestamp (microseconds) for execution time
-        $this->exec_time_start = microtime(TRUE);
+        // check if auth code in session is set
+        if (isset($_SESSION['pw']) && $_SESSION['pw'] != '') {
+            // check if it's still valid
+            if ($_SESSION['pages'] > $_SESSION['pw_page'] + 1) {
+                // has been set longer ago than the previous page -> remove
+                $auth = new Authcode();
+                $auth->destroy();
+                unset($auth);
+            }
+        }
-        /* Have some kind of manual per-page login credentials been posted?
-         * This shouldn't be checked on 'Userpanel' page, because there is a special handling of that there. */
@@ -281 +291 @@
-            $_today->modify($_offset);
-            // get members with this month-day combination
-0
+1
-            $q->bindParam(':today', $_today->format('m-d'), PDO::PARAM_STR, 5);
-            $s = $q->execute();

branches/5.0/classes/pages/Reply.php

@@ -73 +73 @@
-                    $row4 = $q->fetchObject();
-                    $q = NULL;
-
+=' . $quote . '
-                }
-                // default: not previously subscribed

branches/5.0/db/mysql.sql

@@ -1 @@
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-CREATE INDEX idx_forums ON %prefix%forums (forum_category ASC);

branches/5.0/db/sqlite.sql

@@ +1 @@
+CREATE TABLE %prefix%categories (
+  category_id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  category_name VARCHAR(255) NOT NULL COLLATE NOCASE,
+  category_order INTEGER NOT NULL
+);
+
+CREATE TABLE %prefix%forums (
+  forumid INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  forumtitle VARCHAR(255) NOT NULL COLLATE NOCASE,
+  forumdescription VARCHAR(255) NOT NULL COLLATE NOCASE,
+  forum_category INTEGER  NOT NULL,
+  forum_order INTEGER  NOT NULL
+);
+
+CREATE TABLE %prefix%messages (
+  messageid INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  messagesender INTEGER NOT NULL,
+  messagereceipient INTEGER NOT NULL,
+  messagetitle VARCHAR(255) NOT NULL COLLATE NOCASE,
+  message TEXT NOT NULL COLLATE NOCASE,
+  messagesenderflag INTEGER NOT NULL,
+  messagereceipientflag INTEGER NOT NULL,
+  messagetime DATETIME NOT NULL
+);
+
+CREATE TABLE %prefix%online (
+  onlinememberid INTEGER NOT NULL,
+  onlinetime INTEGER NOT NULL,
+  onlinesession VARCHAR(255) NOT NULL COLLATE BINARY,
+  onlineposted INTEGER NOT NULL DEFAULT 0
+);
+
+CREATE TABLE %prefix%polls (
+  pollid INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  pollchoices TEXT NOT NULL COLLATE NOCASE,
+  pollvotes TEXT NOT NULL COLLATE NOCASE,
+  pollvoters TEXT NOT NULL COLLATE NOCASE
+);
+
+CREATE TABLE %prefix%posts (
+  postid INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  topic INTEGER NOT NULL,
+  posteremail VARCHAR(255) NOT NULL COLLATE NOCASE,
+  poster VARCHAR(255) NOT NULL COLLATE NOCASE,
+  post TEXT NOT NULL COLLATE NOCASE,
+  ip VARCHAR(16) NOT NULL COLLATE BINARY,
+  attachment VARCHAR(255) NOT NULL COLLATE BINARY,
+  postedbymember INTEGER NOT NULL,
+  edited DATETIME DEFAULT NULL,
+  editedby VARCHAR(255) DEFAULT NULL COLLATE NOCASE,
+  posttime DATETIME NOT NULL
+);
+
+CREATE TABLE %prefix%topics (
+  topicid INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  forum INTEGER NOT NULL,
+  topictitle VARCHAR(255) NOT NULL COLLATE NOCASE,
+  closed INTEGER NOT NULL DEFAULT 0,
+  pinned INTEGER NOT NULL DEFAULT 0,
+  poll INTEGER NOT NULL DEFAULT 0,
+  topic_views INTEGER NOT NULL DEFAULT 0
+);
+
+CREATE TABLE %prefix%groupmemberships (
+    member INTEGER NOT NULL,
+    usergroup INTEGER NOT NULL
+);
+
+CREATE TABLE %prefix%usergroups (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  name VARCHAR(255) NOT NULL COLLATE NOCASE,
+  public INTEGER NOT NULL DEFAULT 0
+);
+
+CREATE TABLE %prefix%members (
+  memberid INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  membername VARCHAR(255) NOT NULL COLLATE NOCASE,
+  memberemail VARCHAR(255) NOT NULL COLLATE NOCASE,
+  memberemailhidden INTEGER NOT NULL DEFAULT 0,
+  memberhomepage VARCHAR(255) NULL COLLATE NOCASE,
+  memberavatar VARCHAR(255) NOT NULL DEFAULT 'images/spacer.gif',
+  memberpassword VARCHAR(255) NOT NULL COLLATE BINARY,
+  memberstatus VARCHAR(255) NOT NULL COLLATE NOCASE,
+  memberposts INTEGER NOT NULL DEFAULT 0,
+  location VARCHAR(255) NULL COLLATE NOCASE,
+  icq VARCHAR(255) NULL COLLATE NOCASE,
+  aim VARCHAR(255) NULL COLLATE NOCASE,
+  yahoo VARCHAR(255) NULL COLLATE NOCASE,
+  msn VARCHAR(255) NULL COLLATE NOCASE,
+  signature VARCHAR(255) NULL COLLATE NOCASE,
+  lastvisit DATETIME NULL,
+  boardstyle VARCHAR(32) NULL COLLATE BINARY,
+  addressbook TEXT NULL COLLATE NOCASE,
+  birthday DATE DEFAULT NULL,
+  messagenotification_email INTEGER NOT NULL DEFAULT 0,
+  messagenotification_popup INTEGER NOT NULL DEFAULT 1,
+  registered DATETIME NOT NULL,
+  salt VARCHAR(16) NULL COLLATE BINARY,
+  lang VARCHAR(16) NULL COLLATE BINARY,
+  offset INTEGER NULL
+);
+
+CREATE TABLE %prefix%mails (
+  id INTEGER NOT NULL PRIMARY KEY,
+  receipient VARCHAR(255) NOT NULL COLLATE NOCASE,
+  subject VARCHAR(255) NOT NULL COLLATE NOCASE,
+  body TEXT NOT NULL COLLATE NOCASE
+);
+
+CREATE TABLE %prefix%moderators (
+    forum INTEGER NOT NULL,
+    member INTEGER NOT NULL
+);
+
+CREATE TABLE %prefix%subscriptions (
+    topic INTEGER NOT NULL,
+    member INTEGER NOT NULL
+);
+
+CREATE TABLE %prefix%rights (
+    page VARCHAR(255) COLLATE BINARY NOT NULL,
+    usergroup INTEGER NOT NULL,
+    r INTEGER NOT NULL,
+    w INTEGER NOT NULL,
+    PRIMARY KEY (page,usergroup)
+);
+
+CREATE TABLE %prefix%rights_default (
+    page VARCHAR(255) COLLATE BINARY NOT NULL,
+    usergroup INTEGER NOT NULL,
+    r INTEGER NOT NULL,
+    w INTEGER NOT NULL,
+    PRIMARY KEY (page,usergroup)
+);
+
-CREATE INDEX idx_forums ON %prefix%forums (forum_category ASC);
-CREATE INDEX idx_topics ON %prefix%topics (forum ASC);

branches/5.0/includes/config/bots.php

@@ -27 +27 @@
-$BOTS[] = 'urllib';
-$BOTS[] = 'robozilla';
+$BOTS[] = 'yandex';
+$BOTS[] = 'charlotte';
-
-?>

branches/5.0/includes/config/settings.tmpl

@@ -42 +42 @@
-$SETTINGS['expire'] = 30; // cookie expiration in days
-$SETTINGS['debug'] = 2; // debug mode (0: off, 1: on, 2: admins only
-ripemd160
+sha512
-?>

branches/5.0/includes/config/version.php

@@ -28 +28 @@
- * Also good: Spam Board Viking Edition 1.0 (then, you can do your own version numbering from there) */
-
-4
+5
-
-?>

branches/5.0/includes/input.php

@@ -23 +23 @@
- **/
-
+/* register_globals atrocity can't just be disabled by using ini_set,
+ * because the damage is already done once that takes effect, so... */
+if (ini_get('register_globals') !== 0 && strtolower(ini_get('register_globals')) !== 'off') {
+    // don't touch the following:
+    $not = Array();
+    $not[] = 'SETTINGS';
+    $not[] = 'VERSION';
+    $not[] = 'BOTS';
+    $not[] = 'MEMBERSTAGES';
+    $not[] = 'CIPHER';
+    $not[] = 'HASH';
+    $not[] = 'LANG';
+    $not[] = 'RULES';
+    $not[] = 'STATUS';
+    // 'de-register' all local names of global variables
+    foreach ($_SERVER as $key=>$val) {
+        if (in_array($key, $not) === FALSE) {
+            unset($$key);
+        }
+    }
+    foreach ($_GET as $key=>$val) {
+        if (in_array($key, $not) === FALSE) {
+            unset($$key);
+        }
+    }
+    foreach ($_POST as $key=>$val) {
+        if (in_array($key, $not) === FALSE) {
+            unset($$key);
+        }
+    }
+    foreach ($_COOKIE as $key=>$val) {
+        if (in_array($key, $not) === FALSE) {
+            unset($$key);
+        }
+    }
+    foreach ($_FILES as $key=>$val) {
+        if (in_array($key, $not) === FALSE) {
+            unset($$key);
+        }
+    }
+    foreach ($_ENV as $key=>$val) {
+        if (in_array($key, $not) === FALSE) {
+            unset($$key);
+        }
+    }
+    foreach ($_REQUEST as $key=>$val) {
+        if (in_array($key, $not) === FALSE) {
+            unset($$key);
+        }
+    }
+    if (isset($_SESSION) && is_array($_SESSION)) {
+        foreach ($_SESSION as $key=>$val) {
+            if (in_array($key, $not) === FALSE) {
+                unset($$key);
+            }
+        }
+    }
+}
+
-// handle PHP's 'magic quotes' feature (bug) in case disabling it through .htaccess failed
-function stripslashes_array($data) {

branches/5.0/includes/lang/de.php

@@ -310 +310 @@
-$LANG['View_All'] = 'Alle ansehen';
-$LANG['per_day'] = 'pro Tag';
+$LANG['quote_from'] = 'Geschrieben von %poster% %date%';
-
-/* actual sentences */

branches/5.0/includes/lang/en.php

@@ -311 +311 @@
-$LANG['View_All'] = 'View All';
-$LANG['per_day'] = 'per day';
+$LANG['quote_from'] = 'Originally posted by %poster% %date%';
-
-/* actual sentences */

branches/5.0/includes/page_out.php

@@ -54 +54 @@
-header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
-// send document to client
-str_replace(Array('ο', '»', 'α', '©', ' '), Array('ο', '»', 'α', '©', ' '), $html->asXML(
+iconv('UTF-8', $SETTINGS['encoding'], str_replace(Array('ο', '»', 'α', '©', ' '), Array('ο', '»', 'α', '©', ' '), $html->asXML()
-
-?>

branches/5.0/includes/styles/default.css

@@ -29 +29 @@
-body {
-    font-family:sans-serif;
-
+5
-    background:#f2f2f2;
-    margin:0px;
@@ -39 +39 @@
-
-h1 {
- 
+
-    position:relative;
-    top:0.5em;
@@ -61 +61 @@
-    color:#000000;
-    font-weight:bold;
-
+2
-}
-
@@ -72 +72 @@
-    margin:0px;
-    padding:0px;
-2
+1
-}
-
@@ -360 +360 @@
-
-#memberbar div a {
-
+0.
-}
-
@@ -390 +390 @@
-    border:1px solid #000;
-    background:#c0c0c0;
-2
+1
-}
-
@@ -565 +565 @@
-
-.suggestion {
-8px
+0.8em
-    color:#0a0;
-}
-
-.suggestion-highlight {
-8px
+0.8em
-    color:#a00;
-}

branches/5.0/index.php

@@ -24 +24 @@
-
-// disable output of error messages and warnings
-
+ 
-
-// if install script is present, redirect there

branches/5.0/install.php

@@ -59 +59 @@
-// define next page number
-$nextpage = $page + 1;
+
+// since this is important define the order in which the password hashes should be suggested
+$hashes_default = Array();
+$hashes_default[0] = 'sha512';
+$hashes_default[1] = 'ripemd320';
+$hashes_default[2] = 'sha384';
+$hashes_default[3] = 'ripemd256';
+$hashes_default[4] = 'sha256';
+$hashes_default[5] = 'ripemd160';
+$hashes_default[6] = 'ripemd128';
+$hashes_default[7] = 'sha1';
+// available
+$hashes = hash_algos();
+for ($i = 7; $i <= 0; $i--) {
+    if (in_array($hashes_default[$i], $hashes)) {
+        // use this hash as default
+        $SETTINGS['hash'] = $hashes_default[$i];
+    }
+}
-
-// unlike all the other pages, this installer is a little simpler and prints output directly
@@ -221 +240 @@
-                    if ($C = new Connection()) {
-                        // get table structure
-spamboard
+' . $SETTINGS['sqltype'] . '
-                            // one SQL query at a time
-                            $db = explode(';', $db);
-                            foreach ($db as $query) {
-                                $C->query(str_replace('%prefix%', $SETTINGS['dbtableprefix'], $query));
-                            }
-                            // specialities dependent on database type
-                            if (is_file('db/' . $SETTINGS['sqltype'] . '.sql')) {
-                                if ($db = @file_get_contents('db/' . $SETTINGS['sqltype'] . '.sql')) {
-                                    // one SQL query at a time
-                                    $db = explode(';', $db);
-                                    foreach ($db as $query) {
-                                        $C->query(str_replace('%prefix%', $SETTINGS['dbtableprefix'], $query));
-                                    }
-                                } else { $ok = 0; }
-                            }
-                            // finally, fill in default data
@@ -302 +311 @@
-                                }
-                            }
-
+
+
+
+
+
+
-                                // write settings
-deny
+allow
-                                    @fclose($file);
-                                    // set permissions
-db
+includes/styles
-                                }
-                            }
+                            @copy('includes/styles/.htaccess', 'includes/js/.htaccess');
-                        } else {
-                            // other webservers...
@@ -475 +490 @@
-                    <select name="hash">
-        ');
-
-
+
-            print('<option value="' . $_hash . '"');
-            if ($SETTINGS['hash'] == $_hash) {

branches/5.0/redirectors/preview.php

@@ -68 +68 @@
-        if ($s && $row = $q->fetchObject()) {
-            // valid member
-1
+$row->memberid
-        } else {
-            // guest
@@ -82 +82 @@
-    }
-    // decode post
-base64_decode(strtr($post, '-_', '+/')
+$F->htmlentities(base64_decode(strtr($post, '-_', '+/')), TRUE