Avoid Security::remove_XSS partial CT#586

main/forum/forumfunction.inc.php

@@ -2232,8 +2232,8 @@ function store_reply($values) {
 	if ($upload_ok) {
 		// We first store an entry in the forum_post table
 		$sql="INSERT INTO $table_posts (post_title, post_text, thread_id, forum_id, poster_id, post_date, post_notification, post_parent_id, visible)
-				VALUES ('".Database::escape_string(Security::remove_XSS($values['post_title']))."',
-						'".Database::escape_string(isset($values['post_text']) ? Security::remove_XSS(stripslashes(api_html_entity_decode($values['post_text'])),COURSEMANAGERLOWSECURITY) : null)."',
+				VALUES ('".Database::escape_string($values['post_title'])."',
+						'".Database::escape_string(isset($values['post_text']) ? (api_html_entity_decode($values['post_text'])) : null)."',
 						'".Database::escape_string($values['thread_id'])."',
 						'".Database::escape_string($values['forum_id'])."',
 						'".Database::escape_string($_user['user_id'])."',
@@ -2269,7 +2269,7 @@ function store_reply($values) {
 				// Storing the attachments if any
 				if ($result) {
 					$sql='INSERT INTO '.$forum_table_attachment.'(filename,comment, path, post_id,size) '.
-						 "VALUES ( '".Database::escape_string($file_name)."', '".Database::escape_string($comment)."', '".Database::escape_string($new_file_name)."' , '".$new_post_id."', '".$_FILES['user_upload']['size']."' )";
+						 "VALUES ( '".Database::escape_string($file_name)."', '".Database::escape_string($comment)."', '".Database::escape_string($new_file_name)."' , '".$new_post_id."', '".intval($_FILES['user_upload']['size'])."' )";
 					$result=Database::query($sql);
 					$message.=' / '.get_lang('FileUploadSucces');
 					$last_id=Database::insert_id();

main/forum/reply.php

@@ -215,7 +215,7 @@ $my_elements = isset($_SESSION['formelements']) ? $_SESSION['formelements'] : ''
 $values=show_add_post_form(Security::remove_XSS($my_action,$my_post, $my_elements)); // note: this has to be cleaned first
 
 if (!empty($values) AND isset($_POST['SubmitPost'])) {
-	store_reply(Security::remove_XSS($values));
+	store_reply($values);
 }
 
 /*

main/forum/viewthread_threaded.inc.php

@@ -33,8 +33,9 @@
  **************************************************************************
  */
 
-$rows=get_posts($_GET['thread']); // note: this has to be cleaned first
-$rows=calculate_children($rows);
+$rows	= get_posts($_GET['thread']); // note: this has to be cleaned first
+$rows	= calculate_children($rows);
+
 
 if ($_GET['post']) {
 	$display_post_id	= intval($_GET['post']); // note: this has to be cleaned first
@@ -62,8 +63,7 @@ $thread_structure="<div class=\"structure\">".get_lang('Structure')."</div>";
 $counter=0;
 $count=0;
 $prev_next_array=array();
-foreach ($rows as $post)
-{
+foreach ($rows as $post) {
 	$counter++;
 	$indent=$post['indent_cnt']*'20';
 	$thread_structure.= "<div style=\"margin-left: ".$indent."px;\">";
@@ -159,8 +159,7 @@ echo '</center>';
 //--------------------------------------------------------------------------------------------
 
 // the style depends on the status of the message: approved or not
-if ($rows[$display_post_id]['visible']=='0')
-{
+if ($rows[$display_post_id]['visible']=='0') {
 	$titleclass='forum_message_post_title_2_be_approved';
 	$messageclass='forum_message_post_text_2_be_approved';
 	$leftclass='forum_message_left_2_be_approved';
@@ -281,9 +280,8 @@ echo "\t\t<td class=\"$titleclass\">".prepare4display(Security::remove_XSS($rows
 echo "\t</tr>\n";
 
 // The post message
-
 echo "\t<tr>\n";
-echo "\t\t<td class=\"$messageclass\">".prepare4display(Security::remove_XSS($rows[$display_post_id]['post_text']), STUDENT)."</td>\n";
+echo "\t\t<td class=\"$messageclass\">".prepare4display(Security::remove_XSS($rows[$display_post_id]['post_text'], STUDENT))."</td>\n";
 echo "\t</tr>\n";
 
 // The check if there is an attachment