From 965a73c9dcc09841cf9b9d0abc3738db207452e5 Mon Sep 17 00:00:00 2001 From: gnuboard Date: Mon, 8 Jul 2013 17:57:58 +0900 Subject: [PATCH] =?UTF-8?q?=EC=9E=84=EC=8B=9C=EC=A0=80=EC=9E=A5=20xml=20?= =?UTF-8?q?=EB=B2=84=EC=A0=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/ajax.autosave.php | 2 - bbs/ajax.autosavedel.php | 15 ++++++++ bbs/ajax.autosavelist.php | 15 +++++--- bbs/ajax.autosaveload.php | 13 ++++--- skin/board/basic/write.skin.php | 65 ++++++++++++++++++++------------- 5 files changed, 73 insertions(+), 37 deletions(-) create mode 100644 bbs/ajax.autosavedel.php diff --git a/bbs/ajax.autosave.php b/bbs/ajax.autosave.php index 8adbd21e2..f497d0bb1 100644 --- a/bbs/ajax.autosave.php +++ b/bbs/ajax.autosave.php @@ -6,8 +6,6 @@ if (!$is_member) die('0'); $uid = escape_trim($_REQUEST['uid']); $subject = escape_trim(stripslashes($_REQUEST['subject'])); $content = escape_trim(stripslashes($_REQUEST['content'])); -//$subject = escape_trim(htmlentities($_REQUEST['subject'], ENT_QUOTES)); -//$content = escape_trim($_REQUEST['content']); if ($subject && $content) { $sql = " select count(*) as cnt from {$g4['autosave_table']} where mb_id = '{$member['mb_id']}' and as_subject = '$subject' and as_content = '$content' "; diff --git a/bbs/ajax.autosavedel.php b/bbs/ajax.autosavedel.php new file mode 100644 index 000000000..30395b04d --- /dev/null +++ b/bbs/ajax.autosavedel.php @@ -0,0 +1,15 @@ + \ No newline at end of file diff --git a/bbs/ajax.autosavelist.php b/bbs/ajax.autosavelist.php index c0b9871c3..68b214e75 100644 --- a/bbs/ajax.autosavelist.php +++ b/bbs/ajax.autosavelist.php @@ -3,14 +3,19 @@ include_once('./_common.php'); if (!$is_member) die(''); -$sql = " select as_id, as_subject, as_datetime from {$g4['autosave_table']} where mb_id = '{$member['mb_id']}' order by as_id desc "; +$sql = " select as_id, as_uid, as_subject, as_datetime from {$g4['autosave_table']} where mb_id = '{$member['mb_id']}' order by as_id desc "; $result = sql_query($sql); -$arr = array(); +echo "\n"; +echo "\n"; for ($i=0; $row=sql_fetch_array($result); $i++) { - //$subject = utf8_strcut(stripslashes($row['as_subject']), 25); $subject = htmlspecialchars(utf8_strcut($row['as_subject'], 25), ENT_QUOTES); $datetime = substr($row['as_datetime'],2,14); - $arr[] = "{\"id\": \"{$row['as_id']}\", \"subject\": \"{$subject}\", \"datetime\": \"{$datetime}\"}"; + echo "\n"; + echo "{$row['as_id']}\n"; + echo "{$row['as_uid']}\n"; + echo "\n"; + echo "{$datetime}\n"; + echo "\n"; } -echo "{\"autosave\":[".implode(", ", $arr)."]}"; +echo ""; ?> \ No newline at end of file diff --git a/bbs/ajax.autosaveload.php b/bbs/ajax.autosaveload.php index 1cf047765..2d90ab45c 100644 --- a/bbs/ajax.autosaveload.php +++ b/bbs/ajax.autosaveload.php @@ -7,9 +7,12 @@ $as_id = (int)$_REQUEST['as_id']; $sql = " select as_subject, as_content from {$g4['autosave_table']} where mb_id = '{$member['mb_id']}' and as_id = {$as_id} "; $row = sql_fetch($sql); -//$subject = stripslashes($row['as_subject']); -//$content = stripslashes($row['as_content']); -$subject = str_replace("\'", "\\\'", addslashes($row['as_subject'])); -$content = stripslashes($row['as_content']); -echo "{\"subject\":\"{$subject}\", \"content\":\"{$content}\"}"; +$subject = $row['as_subject']; +$content = $row['as_content']; + +echo "\n"; +echo "\n"; +echo "\n"; +echo "\n"; +echo "\n"; ?> \ No newline at end of file diff --git a/skin/board/basic/write.skin.php b/skin/board/basic/write.skin.php index 57f4e62b4..5f60e0dcf 100644 --- a/skin/board/basic/write.skin.php +++ b/skin/board/basic/write.skin.php @@ -234,8 +234,8 @@ function fwrite_submit(f)