From 6664433fabc8d2173c74c74bc30f569e68228fa2 Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Sun, 5 Jan 2014 19:34:17 +0100
Subject: cookie-0006-API-add-cmd-sendMessage.patch

---
 includes/pages/user_messages.php | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

(limited to 'includes/pages/user_messages.php')

diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php
index f4928333..f7647e78 100644
--- a/includes/pages/user_messages.php
+++ b/includes/pages/user_messages.php
@@ -98,10 +98,7 @@ function user_messages() {
         break;
       
       case "send":
-        $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
-        $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['to']));
-        if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) {
-          sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'");
+        if( mMessage_Send( $_REQUEST['to'], $_REQUEST['text']) === true) {
           redirect(page_link_to("user_messages"));
         } else {
           return error(_("Transmitting was terminated with an Error."), true);
-- 
cgit v1.2.3-70-g09d2