print_header_simple("$strsearchresults", "",
"<a href=\"index.php?id=$course->id\">$strforums</a> ->
- <a href=\"search.php?id=$course->id\">$strsearch</a> -> ".s($search), 'search.words',
+ <a href=\"search.php?id=$course->id\">$strsearch</a> -> ".s($search, true), 'search.words',
"", "", " ", navmenu($course));
print_heading(get_string("nopostscontaining", "forum", $search));
print_header_simple("$strsearchresults", "",
"<a href=\"index.php?id=$course->id\">$strforums</a> ->
- <a href=\"search.php?id=$course->id\">$strsearch</a> -> ".s($search), '',
+ <a href=\"search.php?id=$course->id\">$strsearch</a> -> ".s($search, true), '',
"", "", $searchform, navmenu($course));
echo '<div class="reportlink">';
// Hack for posts of format FORMAT_PLAIN. Otherwise html tags added by
// the highlight() call bellow get stripped out by forum_print_post().
if ($post->format == FORMAT_PLAIN) {
- $post->message = s($post->message);
+ $post->message = stripslashes_safe($post->message);
$post->message = rebuildnolinktag($post->message);
$post->message = str_replace(' ', ' ', $post->message);
$post->message = nl2br($post->message);
+/**
+ * @todo Document this function
+ */
function forum_print_big_search_form($course) {
global $CFG, $words, $subject, $phrase, $user, $userid, $fullwords, $notwords, $datefrom, $dateto;
echo "</script>\n";
echo '<form id="searchform" action="search.php" method="get">';
- echo '<input type="hidden" value="'.$course->id.'" name="id" alt="" />';
echo '<table cellpadding="10" class="searchbox" id="form">';
echo '<tr>';
- echo '<td class="c0">'.get_string('searchwords', 'forum').':</td>';
- echo '<td class="c1"><input type="text" size="35" name="words" value="'.s($words).'" alt="" /></td>';
+ echo '<td class="c0">'.get_string('searchwords', 'forum').':';
+ echo '<input type="hidden" value="'.$course->id.'" name="id" alt="" /></td>';
+ echo '<td class="c1"><input type="text" size="35" name="words" value="'.s($words, true).'" alt="" /></td>';
echo '</tr>';
echo '<tr>';
echo '<td class="c0">'.get_string('searchphrase', 'forum').':</td>';
- echo '<td class="c1"><input type="text" size="35" name="phrase" value="'.s($phrase).'" alt="" /></td>';
+ echo '<td class="c1"><input type="text" size="35" name="phrase" value="'.s($phrase, true).'" alt="" /></td>';
echo '</tr>';
echo '<tr>';
echo '<td class="c0">'.get_string('searchnotwords', 'forum').':</td>';
- echo '<td class="c1"><input type="text" size="35" name="notwords" value="'.s($notwords).'" alt="" /></td>';
+ echo '<td class="c1"><input type="text" size="35" name="notwords" value="'.s($notwords, true).'" alt="" /></td>';
echo '</tr>';
if ($CFG->dbfamily == 'mysql' || $CFG->dbfamily == 'postgres') {
echo '<tr>';
echo '<td class="c0">'.get_string('searchfullwords', 'forum').':</td>';
- echo '<td class="c1"><input type="text" size="35" name="fullwords" value="'.s($fullwords).'" alt="" /></td>';
+ echo '<td class="c1"><input type="text" size="35" name="fullwords" value="'.s($fullwords, true).'" alt="" /></td>';
echo '</tr>';
}
echo '<tr>';
echo '<td class="c0">'.get_string('searchsubject', 'forum').':</td>';
- echo '<td class="c1"><input type="text" size="35" name="subject" value="'.s($subject).'" alt="" /></td>';
+ echo '<td class="c1"><input type="text" size="35" name="subject" value="'.s($subject, true).'" alt="" /></td>';
echo '</tr>';
echo '<tr>';
echo '<td class="c0">'.get_string('searchuser', 'forum').':</td>';
- echo '<td class="c1"><input type="text" size="35" name="user" value="'.s($user).'" alt="" /></td>';
+ echo '<td class="c1"><input type="text" size="35" name="user" value="'.s($user, true).'" alt="" /></td>';
echo '</tr>';
echo '<tr>';
print_simple_box_end();
}
-
+/**
+ * @todo Document this function
+ */
function forum_clean_search_terms($words, $prefix='') {
$searchterms = explode(' ', $words);
foreach ($searchterms as $key => $searchterm) {
return trim(implode(' ', $searchterms));
}
+/**
+ * @todo Document this function
+ */
function forum_menu_list($course) {
$menu = array();
projects / moodle.git / commitdiff