allow_unreg()){ if(isset($_GET['quote'])){ $quote_id = $this->check_parms($_GET['quote']); $text = $wpdb->get_row($wpdb->prepare("SELECT text, author_id, `date` FROM {$this->t_posts} WHERE id = %d", $quote_id)); $user = get_userdata($text->author_id); $display_name = $this->options['forum_display_name']; $q = "[quote][b]".__("Quote from", "mingleforum")." ".$user->$display_name." ".__("on", "mingleforum")." ".$mingleforum->format_date($text->date)."[/b]\n".$text->text."[/quote]"; } if($_GET['mingleforumaction'] == "postreply"){ $parser = new cartpaujBBCodeParser(); $this->current_view = POSTREPLY; $thread = $this->check_parms($_GET['thread']); $out = $this->header(); $out .= "

"; $out .= ""; $out .= ''; $out .= ""; $out .= apply_filters('wpwf_form_guestinfo',''); //--weaver-- $out .= $this->get_captcha(); if($this->options['forum_allow_image_uploads']) { $out .= " "; } $out .= "

".__("Post Reply", "mingleforum")."
".__("Subject:", "mingleforum")."
".__("Message:", "mingleforum")."	"; $out .= $parser->get_editor(stripslashes($q)); $out .= "
".__("Images:", "mingleforum")."

"; $this->o .= $out; } if($_GET['mingleforumaction'] == "editpost"){ $parser = new cartpaujBBCodeParser(); $this->current_view = EDITPOST; if(is_numeric($_GET['id'])) //is_numeric prevents SQL injections here $id = $_GET['id']; else $id = 0; $thread = $this->check_parms($_GET['t']); $out = $this->header(); $post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $mingleforum->t_posts WHERE id = %d", $id)); if(($user_ID == $post->author_id && $user_ID) || $mingleforum->is_moderator($user_ID, $mingleforum->forum_get_forum_from_post($thread))) //Make sure only admins/mods/post authors can edit posts { $out .= "

"; $out .= ""; $out .= ''; $out .= "

".__("Edit Post", "mingleforum")."
".__("Subject:", "mingleforum")."
".__("Message:", "mingleforum")."	"; $out .= $parser->get_editor(stripslashes($post->text)); $out .= "

"; $this->o .= $out; } else wp_die("Haha, nice try!"); } } else wp_die("Thanks, but no thanks");