cookie-0006-API-add-cmd-sendMessage.patch

author: Philip Häusler <msquare@notrademark.de> 2014-01-05 19:34:17 +0100
committer: Philip Häusler <msquare@notrademark.de> 2014-01-05 19:34:17 +0100
commit: 6664433fabc8d2173c74c74bc30f569e68228fa2 (patch)
tree: 65c6d2d026a6b2f67539083de6656177cb98d3e7 /includes/pages/user_messages.php
parent: 9dc5dbe3b6eacae5ea8dc335304edf7007d2ab57 (diff)
1 files changed, 1 insertions, 4 deletions
diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php
index f4928333..f7647e78 100644
--- a/includes/pages/user_messages.php
+++ b/includes/pages/user_messages.php
@@ -98,10 +98,7 @@ function user_messages() {
         break;
       
       case "send":
-        $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
-        $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['to']));
-        if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) {
-          sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'");
+        if( mMessage_Send( $_REQUEST['to'], $_REQUEST['text']) === true) {
           redirect(page_link_to("user_messages"));
         } else {
           return error(_("Transmitting was terminated with an Error."), true);
author	Philip Häusler <msquare@notrademark.de>	2014-01-05 19:34:17 +0100
committer	Philip Häusler <msquare@notrademark.de>	2014-01-05 19:34:17 +0100
commit	6664433fabc8d2173c74c74bc30f569e68228fa2 (patch)
tree	65c6d2d026a6b2f67539083de6656177cb98d3e7 /includes/pages/user_messages.php
parent	9dc5dbe3b6eacae5ea8dc335304edf7007d2ab57 (diff)