diff options
author | Philip Häusler <msquare@notrademark.de> | 2014-01-05 19:34:17 +0100 |
---|---|---|
committer | Philip Häusler <msquare@notrademark.de> | 2014-01-05 19:34:17 +0100 |
commit | 6664433fabc8d2173c74c74bc30f569e68228fa2 (patch) | |
tree | 65c6d2d026a6b2f67539083de6656177cb98d3e7 /includes/pages | |
parent | 9dc5dbe3b6eacae5ea8dc335304edf7007d2ab57 (diff) |
cookie-0006-API-add-cmd-sendMessage.patch
Diffstat (limited to 'includes/pages')
-rw-r--r-- | includes/pages/user_messages.php | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php index f4928333..f7647e78 100644 --- a/includes/pages/user_messages.php +++ b/includes/pages/user_messages.php @@ -98,10 +98,7 @@ function user_messages() { break; case "send": - $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); - $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['to'])); - if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) { - sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'"); + if( mMessage_Send( $_REQUEST['to'], $_REQUEST['text']) === true) { redirect(page_link_to("user_messages")); } else { return error(_("Transmitting was terminated with an Error."), true); |