tag in buffer, so they don't kill our cdata tags*/ if (substr_count($_POST["comment"], "]]>") > 0) { $badData = true; $errorMessage .= "Error: Do not use ]]> in your entry, for any reason
"; } if (substr_count($_POST["comment"], "") > 0) { $badData = true; $errorMessage .= "Error: Do not use <comment> in your entry, for any reason
"; } if (substr_count($_POST["comment"], "") > 0) { $badData = true; $errorMessage .= "Error: Do not use <uid> in your entry, for any reason
"; } $tempParser = new XMLReader(); $tempParser->XML("" . $_POST["comment"] . ""); if (!@$tempParser->read()) { //funky PHP syntax for catching exceptions without //letting them yell out in a print statement $badData = true; $errorMessage .= "Invalid XHTML"; } if (!$badData) { /** all data came across correctly, proceed */ echo $successMessage; $buffer = str_replace("\r\n", "\n", $_POST["comment"]); $uid = $_POST["uid"]; $curPath = $_POST["curPath"]; $localPath = $_POST["localPath"]; $fh = fopen($data, 'rb'); $allData; $superCount = 2; $count = 0; $done = false; while ($newData = fscanf($fh, "%[^\n]")) { for ($i = 0; $i < sizeof($newData); $i++) { if (substr_count($newData[$i], "" . $uid . "") > 0) { $foundIt = true; $count = 0; } if ($foundIt) { if ((!$done) && $uid == -1) { $allData .= str_repeat("\t", $superCount - 1) . "\n"; $allData .= str_repeat("\t", $superCount) . "" . --$newID . "\n"; $allData .= str_repeat("\t", $superCount) . "\n"; $allData .= str_repeat("\t", $superCount + 1) . "\n"; $allData .= str_repeat("\t", $superCount + 1) . "" . ++$newID . "\n"; $allData .= str_repeat("\t", $superCount) . "\n"; $allData .= str_repeat("\t", $superCount - 1) . "\n"; $done = true; } else { if (substr_count($newData[$i], "") > 0) { $count++; } else if((!$done) && substr_count($newData[$i], "") > 0 | substr_count($newData[$i], "") > 0) { if ($count == 0) { $allData .= str_repeat("\t", $superCount) . "\n"; $allData .= str_repeat("\t", $superCount + 1) . "\n"; $allData .= str_repeat("\t", $superCount + 1) . "$newID\n"; $allData .= str_repeat("\t", $superCount) . "\n"; $done = true; } $count--; } } } if (substr_count($newData[$i], "") > 0) { $superCount++; } else if(substr_count($newData[$i], "") > 0) { $superCount--; } if (substr_count($newData[$i], " 0) { $newID = str_replace("", "", $newData[$i])); $newID = substr($newID, 0, strlen($newID) - 1); $newID++; if ($uid == -1) { $newID++; } $foundIt = true; $allData .= "\n"; } else { $allData .= $newData[$i]; } } $newData = ""; } fclose($fh); $allData = str_replace("\r", "\n", $allData);//have to replace all newline things with \ns, then //replace those with \r\ns or it won't work on a windows system $fh = fopen($data, 'wb'); $newData = explode("\n", $allData); for ($i = 0; $i < sizeof($newData); $i++) { fwrite($fh, $newData[$i] . "\r\n"); } fclose($fh); echo $commentSuccess; echo ""; $done = true; } } if (!$done) { echo $errorMessage; if (isset($_GET["uid"]) && isset($_GET["curPath"])) { echo $commentText; echo "

"; echo ""; echo ""; if (isset($_GET["localPath"])) { echo ""; } } else if (isset($_POST["uid"]) && isset($_POST["curPath"]) && isset($_POST["submit"]) && isset($_POST["comment"])) { echo $commentText; echo ""; echo ""; echo ""; if (isset($_POST["localPath"])) { echo ""; } } else { echo "Stop trying to access this page with scripts. Use it normally like a big boy"; exit; } ?>