Mercurial Mercurial > repos > enano-1.0 / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
includes/template.php
changeset 343 7e6537fd4730
parent 318 eec2dfd2f0a3 
--- a/includes/template.php	Tue Nov 16 12:44:22 2010 -0500
+++ b/includes/template.php	Tue Jul 12 22:13:37 2011 -0400
@@ -609,7 +609,7 @@
     $parser = $this->makeParserText($tplvars['sidebar_button']);
     
     $parser->assign_vars(Array(
-        'HREF'=>makeUrlNS('Special', 'Logout'),
+        'HREF'=>makeUrlNS('Special', 'Logout/' . $session->csrf_token),
         'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { mb_logout(); return false; }"',
         'TEXT'=>'Log out',
       ));
@@ -681,7 +681,8 @@
             }
           }
       $js_dynamic .= '\';
-      var ENANO_CURRENT_THEME = \''. $session->theme .'\';';
+      var ENANO_CURRENT_THEME = \''. $session->theme .'\';
+      var csrf_token = \'' . $session->csrf_token . '\';';
       foreach($paths->nslist as $k => $c)
       {
         $js_dynamic .= "namespace_list['{$k}'] = '$c';";
@@ -1680,13 +1681,13 @@
     $ob = '<div class="usermessage">'."\n";
     $s = ( $session->unread_pms == 1 ) ? '' : 's';
     $ob .= "  <b>You have $session->unread_pms <a href=" . '"' . makeUrlNS('Special', 'PrivateMessages' ) . '"' . ">unread private message$s</a>.</b><br />\n  Messages: ";
-    $q = $db->sql_query('SELECT message_id,message_from,subject,date FROM '.table_prefix.'privmsgs WHERE message_to=\'' . $session->username . '\' AND message_read=0 ORDER BY date DESC;');
+    $q = $db->sql_query('SELECT message_id,message_from,subject,date FROM '.table_prefix.'privmsgs WHERE message_to=\'' . $session->username . '\' AND message_read=0 AND folder_name != \'drafts\' ORDER BY date DESC;');
     if ( !$q )
       $db->_die();
     $messages = array();
     while ( $row = $db->fetchrow() )
     {
-      $messages[] = '<a href="' . makeUrlNS('Special', 'PrivateMessages/View/' . $row['message_id']) . '" title="Sent ' . date('F d, Y h:i a', $row['date']) . ' by ' . $row['message_from'] . '">' . $row['subject'] . '</a>';
+      $messages[] = '<a href="' . makeUrlNS('Special', 'PrivateMessages/View/' . $row['message_id']) . '" title="Sent ' . date('F d, Y h:i a', $row['date']) . ' by ' . htmlspecialchars($row['message_from']) . '">' . htmlspecialchars($row['subject']) . '</a>';
     }
     $ob .= implode(",\n    " , $messages)."\n";
     $ob .= '</div>'."\n";
Enano CMS (1.0.x)