From d6c58ea2f53e47d65928b471e36b81ceead2be6a Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Wed, 17 Feb 2010 16:33:09 -0500
Subject: [PATCH] Avoid Security::remove_XSS partial CT#586

---
 main/forum/forumfunction.inc.php       |  6 +++---
 main/forum/reply.php                   |  2 +-
 main/forum/viewthread_threaded.inc.php | 14 ++++++--------
 3 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/main/forum/forumfunction.inc.php b/main/forum/forumfunction.inc.php
index 357ed1a6f3..191003e1d9 100755
--- a/main/forum/forumfunction.inc.php
+++ b/main/forum/forumfunction.inc.php
@@ -2232,8 +2232,8 @@ function store_reply($values) {
 	if ($upload_ok) {
 		// We first store an entry in the forum_post table
 		$sql="INSERT INTO $table_posts (post_title, post_text, thread_id, forum_id, poster_id, post_date, post_notification, post_parent_id, visible)
-				VALUES ('".Database::escape_string(Security::remove_XSS($values['post_title']))."',
-						'".Database::escape_string(isset($values['post_text']) ? Security::remove_XSS(stripslashes(api_html_entity_decode($values['post_text'])),COURSEMANAGERLOWSECURITY) : null)."',
+				VALUES ('".Database::escape_string($values['post_title'])."',
+						'".Database::escape_string(isset($values['post_text']) ? (api_html_entity_decode($values['post_text'])) : null)."',
 						'".Database::escape_string($values['thread_id'])."',
 						'".Database::escape_string($values['forum_id'])."',
 						'".Database::escape_string($_user['user_id'])."',
@@ -2269,7 +2269,7 @@ function store_reply($values) {
 				// Storing the attachments if any
 				if ($result) {
 					$sql='INSERT INTO '.$forum_table_attachment.'(filename,comment, path, post_id,size) '.
-						 "VALUES ( '".Database::escape_string($file_name)."', '".Database::escape_string($comment)."', '".Database::escape_string($new_file_name)."' , '".$new_post_id."', '".$_FILES['user_upload']['size']."' )";
+						 "VALUES ( '".Database::escape_string($file_name)."', '".Database::escape_string($comment)."', '".Database::escape_string($new_file_name)."' , '".$new_post_id."', '".intval($_FILES['user_upload']['size'])."' )";
 					$result=Database::query($sql);
 					$message.=' / '.get_lang('FileUploadSucces');
 					$last_id=Database::insert_id();
diff --git a/main/forum/reply.php b/main/forum/reply.php
index bc5a8bc9f2..3e94b20416 100755
--- a/main/forum/reply.php
+++ b/main/forum/reply.php
@@ -215,7 +215,7 @@ $my_elements = isset($_SESSION['formelements']) ? $_SESSION['formelements'] : ''
 $values=show_add_post_form(Security::remove_XSS($my_action,$my_post, $my_elements)); // note: this has to be cleaned first
 
 if (!empty($values) AND isset($_POST['SubmitPost'])) {
-	store_reply(Security::remove_XSS($values));
+	store_reply($values);
 }
 
 /*
diff --git a/main/forum/viewthread_threaded.inc.php b/main/forum/viewthread_threaded.inc.php
index 4201bd90f2..9677749892 100755
--- a/main/forum/viewthread_threaded.inc.php
+++ b/main/forum/viewthread_threaded.inc.php
@@ -33,8 +33,9 @@
  **************************************************************************
  */
 
-$rows=get_posts($_GET['thread']); // note: this has to be cleaned first
-$rows=calculate_children($rows);
+$rows	= get_posts($_GET['thread']); // note: this has to be cleaned first
+$rows	= calculate_children($rows);
+
 
 if ($_GET['post']) {
 	$display_post_id	= intval($_GET['post']); // note: this has to be cleaned first
@@ -62,8 +63,7 @@ $thread_structure="<div class=\"structure\">".get_lang('Structure')."</div>";
 $counter=0;
 $count=0;
 $prev_next_array=array();
-foreach ($rows as $post)
-{
+foreach ($rows as $post) {
 	$counter++;
 	$indent=$post['indent_cnt']*'20';
 	$thread_structure.= "<div style=\"margin-left: ".$indent."px;\">";
@@ -159,8 +159,7 @@ echo '</center>';
 //--------------------------------------------------------------------------------------------
 
 // the style depends on the status of the message: approved or not
-if ($rows[$display_post_id]['visible']=='0')
-{
+if ($rows[$display_post_id]['visible']=='0') {
 	$titleclass='forum_message_post_title_2_be_approved';
 	$messageclass='forum_message_post_text_2_be_approved';
 	$leftclass='forum_message_left_2_be_approved';
@@ -281,9 +280,8 @@ echo "\t\t<td class=\"$titleclass\">".prepare4display(Security::remove_XSS($rows
 echo "\t</tr>\n";
 
 // The post message
-
 echo "\t<tr>\n";
-echo "\t\t<td class=\"$messageclass\">".prepare4display(Security::remove_XSS($rows[$display_post_id]['post_text']), STUDENT)."</td>\n";
+echo "\t\t<td class=\"$messageclass\">".prepare4display(Security::remove_XSS($rows[$display_post_id]['post_text'], STUDENT))."</td>\n";
 echo "\t</tr>\n";
 
 // The check if there is an attachment