CNB YA Problem...

Worker Joined: Aug 06, 2004 Posts: 192

First does anyone know what the difference between NSN YA and CNB YA is? I can't figure it out since that are almost identical in coding.

Now onto the problem, this is from modules/Your_Account/admin/modify_user.php:

Code:

echo "<tr><td bgcolor='$bgcolor2'>"._INTERESTS.":</td><td><input type='text' name='chng_user_interest' value='".$chnginfo['user_interests']."' size='25' maxlength='255'></td></tr>\n";

Say this is a users interest:

Code:

Computer's and stuff

If you click on edit user as the admin you will see in the interests field is:

Code:

Computer

Why does it cut everything after the ' ? When I change it from "input" to "textarea" it show the full data.

Posted: Fri Oct 22, 2004 1:32 pm

JRSweets wrote:

First does anyone know what the difference between NSN YA and CNB YA is? I can't figure it out since that are almost identical in coding.

Now onto the problem, this is from modules/Your_Account/admin/modify_user.php:

Code:

echo "<tr><td bgcolor='$bgcolor2'>"._INTERESTS.":</td><td><input type='text' name='chng_user_interest' value='".$chnginfo['user_interests']."' size='25' maxlength='255'></td></tr>\n";

Say this is a users interest:

Code:

Computer's and stuff

If you click on edit user as the admin you will see in the interests field is:

Code:

Computer

Why does it cut everything after the ' ? When I change it from "input" to "textarea" it show the full data.

Not completely sure whether this could do the job, but why don't you go ahead and try escaping it - i.e.;

Try using...

Code:

Computer\'s and stuff

...instead of;

Code:

Computer's and stuff

Just a wild guess - should have tried it myself before posting this, but let's give it a try.

Let me know if it doesn't work as suspected to - in that case, I'd like to get some more information from you related to code instantiation (it's already above as a reference, I suppose Smile

) - providing that it suits you.

BR,

-beetraham

Posted: Fri Oct 22, 2004 2:22 pm

I tried and then when looking at the users interest's you get:

Code:

Computer\'s and stuff

and then when you go to edit it you get:

[code]Computer\ [\code]

Its very strange, like I said the only way I found around this was to change the <input ... > to <textarea></textarea> like the signatures are. Infact it does this to all the fields that use <input ... >. It stops after a ' .

Posted: Fri Oct 22, 2004 2:41 pm

JRSweets wrote:

I tried and then when looking at the users interest's you get:

Code:

Computer\'s and stuff

and then when you go to edit it you get:

[code]Computer\[code]

Its very strange, like I said the only way I found around this was to change the <input ... > to <textarea></textarea> like the signatures are. Infact it does this to all the fields that use <input ... >. It stops after a ' .

JRSweets wrote:

I tried and then when looking at the users interest's you get:
[code]Computer\'s and stuff[/code]

and then when you go to edit it you get:

[code]Computer\[code]

Its very strange, like I said the only way I found around this was to change the <input ... > to <textarea></textarea> like the signatures are. Infact it does this to all the fields that use <input ... >. It stops after a ' .

Might be an issue related to stripslashes()'ing the data - the flow may not be consistently OK from that perspective - by far any chance got the possibility to receive all the code?

Posted: Fri Oct 22, 2004 2:54 pm

Probably developed with magic quotes on I've made that mistake a few times.

Posted: Fri Oct 22, 2004 4:48 pm

This is that whole file. The full download is [ Only registered users can see links on this board! Get registered or login! ]

Code:

<?php





if (!eregi("modules.php", $_SERVER['SCRIPT_NAME'])) {


    header("Location: ../../../index.php");


    die ();


}


if (($radminsuper==1) OR ($radminuser==1)) {





$pagetitle = ": "._USERADMIN." - "._USERUPDATE;


include("header.php");


title(_USERADMIN." - "._USERUPDATE);


amain();


echo "<br>\n";


$result = $db->sql_query("select * from ".$user_prefix."_users where user_id='$chng_uid' or username='$chng_uid'");


if($db->sql_numrows($result) > 0) {


    $chnginfo = $db->sql_fetchrow($result);


   


       $result = $db->sql_query("SELECT * FROM ".$user_prefix."_cnbya_field");


        while ($sqlvalue = $db->sql_fetchrow($result)) {


         list($value) = $db->sql_fetchrow( $db->sql_query("SELECT value FROM ".$user_prefix."_cnbya_value WHERE fid ='$sqlvalue[fid]' AND uid = '$chnginfo[user_id]'"));


         $chnginfo[$sqlvalue[name]] = $value;


        }


   


    OpenTable();


    echo "<center><table border='0'>\n";


    echo "<form action='modules.php?name=$module_name&file=admin' method='post'>\n";


    echo "<tr><td bgcolor='$bgcolor2'>"._USERID.":</td><td><b>".$chnginfo['user_id']."</b></td></tr>\n";


    echo "<tr><td bgcolor='$bgcolor2'>"._NICKNAME.":</td><td><input type='text' name='chng_uname' value='".$chnginfo['username']."'><br><b>"._YA_CHNGRISK."</b></td></tr>\n";


    echo "<tr><td bgcolor='$bgcolor2'>"._NAME.":</td><td><input type='text' name='chng_name' value='".$chnginfo['name']."'></td></tr>\n";


    echo "<tr><td bgcolor='$bgcolor2'>"._URL.":</td><td><input type='text' name='chng_url' value='".$chnginfo['user_website']."' size='30' maxlength='60'></td></tr>\n";


    echo "<tr><td bgcolor='$bgcolor2'>"._EMAIL.":</td><td><input type='text' name='chng_email' value='".$chnginfo['user_email']."' size='30' maxlength='60'> <font class='tiny'>"._REQUIRED."</font></td></tr>\n";


    echo "<tr><td bgcolor='$bgcolor2'>"._FAKEEMAIL.":</td><td><input type='text' name='chng_femail' value='".$chnginfo['femail']."' size='30' maxlength='60'></td></tr>\n";


    


      $result = $db->sql_query("SELECT * FROM ".$user_prefix."_cnbya_field WHERE need <> '0' ORDER BY pos");


       while ($sqlvalue = $db->sql_fetchrow($result)) {


         $t = $sqlvalue[fid];


        $value2 = explode("::", $sqlvalue[value]);


        if (strpos($sqlvalue[name],"_")==0) eval( "\$name_exit = $sqlvalue[name];"); else $name_exit = $sqlvalue[name];


        if (count($value2) == 1) { 


          echo "<tr><td bgcolor='$bgcolor2'>$name_exit</td><td bgcolor='$bgcolor3'><input type='text' name='nfield[$t]' value='".$chnginfo[$sqlvalue[name]]."' size='20' maxlength='$sqlvalue[size]'></td></tr>\n";


         } else {


          echo "<tr><td bgcolor='$bgcolor2'>$name_exit</td><td bgcolor='$bgcolor3'>";


         echo "<select name='nfield[$t]'>\n";


            for ($i = 0; $i<count($value2); $i++) {


           if (trim($chnginfo[$sqlvalue[name]]) == trim($value2[$i])) $sel = "selected"; else $sel = "";


              echo "<option value=\"".trim($value2[$i])."\" $sel>$value2[$i]</option>\n";


          }


         echo "</select>";


         echo "</td></tr>\n";


        }


      }


      


   echo "<tr><td bgcolor='$bgcolor2'>"._ICQ.":</td><td><input type='text' name='chng_user_icq' value='".$chnginfo['user_icq']."' size='20' maxlength='20'></td></tr>\n";


    echo "<tr><td bgcolor='$bgcolor2'>"._AIM.":</td><td><input type='text' name='chng_user_aim' value='".$chnginfo['user_aim']."' size='20' maxlength='20'></td></tr>\n";


    echo "<tr><td bgcolor='$bgcolor2'>"._YIM.":</td><td><input type='text' name='chng_user_yim' value='".$chnginfo['user_yim']."' size='20' maxlength='20'></td></tr>\n";


    echo "<tr><td bgcolor='$bgcolor2'>"._MSNM.":</td><td><input type='text' name='chng_user_msnm' value='".$chnginfo['user_msnm']."' size='20' maxlength='20'></td></tr>\n";


    echo "<tr><td bgcolor='$bgcolor2'>"._LOCATION.":</td><td><input type='text' name='chng_user_from' value='".$chnginfo['user_from']."' size='25' maxlength='60'></td></tr>\n";


    echo "<tr><td bgcolor='$bgcolor2'>"._OCCUPATION.":</td><td><input type='text' name='chng_user_occ' value='".$chnginfo['user_occ']."' size='25' maxlength='60'></td></tr>\n";


    echo "<tr><td bgcolor='$bgcolor2'>"._INTERESTS.":</td><td><input type='text' name='chng_user_interest' value='".$chnginfo['user_interests']."' size='25' maxlength='255'></td></tr>\n";


    if ($chnginfo['user_viewemail'] ==1) { $cuv = "checked"; } else { $cuv = ""; }


    echo "<tr><td bgcolor='$bgcolor2'>"._OPTION.":</td><td><input type='checkbox' name='chng_user_viewemail' value='1' $cuv> "._ALLOWUSERS."</td></tr>\n";


    if ($chnginfo['newsletter'] == 1) { $cnl = "checked"; } else { $cnl = ""; }


    echo "<tr><td bgcolor='$bgcolor2'>"._NEWSLETTER.":</td><td><input type='checkbox' name='chng_newsletter' value='1' $cnl> "._YES."</td></tr>\n";


    if ($Version_Num > 7.0) {


        $yacontent = "";


        $subnum = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_subscriptions WHERE userid='$chng_uid'"));


        if ($subnum == 0) {


            $yacontent .= "<tr><td bgcolor='$bgcolor2'>"._SUBUSERASK.":</td><td><input type='radio' name='subscription' value='1'> "._YES."&nbsp;&nbsp;&nbsp;<input type='radio' name='subscription' value='0' checked> "._NO."</td></tr>";


            $yacontent .= "<tr><td bgcolor='$bgcolor2'>"._SUBPERIOD.":</td><td><select name='subscription_expire'>";


            $yacontent .= "<option value='0' selected>"._NONE."</option>";


            $yacontent .= "<option value='1'>1 "._YEAR."</option>";


            $yacontent .= "<option value='2'>2 "._YEARS."</option>";


            $yacontent .= "<option value='3'>3 "._YEARS."</option>";


            $yacontent .= "<option value='4'>4 "._YEARS."</option>";


            $yacontent .= "<option value='5'>5 "._YEARS."</option>";


            $yacontent .= "<option value='6'>6 "._YEARS."</option>";


            $yacontent .= "<option value='7'>7 "._YEARS."</option>";


            $yacontent .= "<option value='8'>8 "._YEARS."</option>";


            $yacontent .= "<option value='9'>9 "._YEARS."</option>";


            $yacontent .= "<option value='10'>10 "._YEARS."</option>";


            $yacontent .= "</select><input type='hidden' name='reason' value='0'></td></tr>";


        } elseif ($subnum == 1) {


            $yacontent .= "<tr><td bgcolor='$bgcolor2'>"._UNSUBUSER.":</td><td><input type='radio' name='subscription' value='0'> "._YES."&nbsp;&nbsp;&nbsp;<input type='radio' name='subscription' value='1' checked> "._NO."</td></tr>";


            $yacontent .= "<tr><td bgcolor='$bgcolor2'>"._ADDSUBPERIOD.":</td><td><select name='subscription_expire'>";


            $yacontent .= "<option value='0' selected>"._NONE."</option>";


            $yacontent .= "<option value='1'>1 "._YEAR."</option>";


            $yacontent .= "<option value='2'>2 "._YEARS."</option>";


            $yacontent .= "<option value='3'>3 "._YEARS."</option>";


            $yacontent .= "<option value='4'>4 "._YEARS."</option>";


            $yacontent .= "<option value='5'>5 "._YEARS."</option>";


            $yacontent .= "<option value='6'>6 "._YEARS."</option>";


            $yacontent .= "<option value='7'>7 "._YEARS."</option>";


            $yacontent .= "<option value='8'>8 "._YEARS."</option>";


            $yacontent .= "<option value='9'>9 "._YEARS."</option>";


            $yacontent .= "<option value='10'>10 "._YEARS."</option>";


            $yacontent .= "</select></td></tr>";


            $yacontent .= "<tr><td bgcolor='$bgcolor2'>"._ADMSUBEXPIREIN."</td><td>";


            $row = $db->sql_fetchrow($db->sql_query("SELECT * FROM ".$prefix."_subscriptions WHERE userid='$chng_uid'"));


            $diff = $row['subscription_expire']-time();


            $yearDiff = floor($diff/60/60/24/365);


            $diff -= $yearDiff*60*60*24*365;


            if ($yearDiff < 1) {


                $diff = $row['subscription_expire']-time();


            }


            $daysDiff = floor($diff/60/60/24);


            $diff -= $daysDiff*60*60*24;


            $hrsDiff = floor($diff/60/60);


            $diff -= $hrsDiff*60*60;


            $minsDiff = floor($diff/60);


            $diff -= $minsDiff*60;


            $secsDiff = $diff;


            if ($yearDiff < 1) {


                $rest = "$daysDiff "._SBDAYS.", $hrsDiff "._SBHOURS.", $minsDiff "._SBMINUTES.", $secsDiff "._SBSECONDS."";


            } elseif ($yearDiff == 1) {


                $rest = "$yearDiff "._SBYEAR.", $daysDiff "._SBDAYS.", $hrsDiff "._SBHOURS.", $minsDiff "._SBMINUTES.", $secsDiff "._SBSECONDS."";


            } elseif ($yearDiff > 1) {


                $rest = "$yearDiff "._SBYEARS.", $daysDiff "._SBDAYS.", $hrsDiff "._SBHOURS.", $minsDiff "._SBMINUTES.", $secsDiff "._SBSECONDS."";


            }


            $yacontent .= "<font color='#FF0000'>$rest</font></td></tr>";


            $yacontent .= "<tr><td bgcolor='$bgcolor2' valign='top'>"._SUBREASON."</td><td><textarea name='reason' cols='60' rows='10'></textarea></td></tr>";


        }


        echo "$yacontent";


    }


    if ($Version_Num > 6.9) {


        echo "<tr><td bgcolor='$bgcolor2'>"._YA_POINTS.":</td><td bgcolor='$bgcolor1'><input type='test' name='chng_points' value='".$chnginfo['points']."'></td></tr>\n";


    }


    echo "<tr><td bgcolor='$bgcolor2' valign='top'>"._SIGNATURE.":</td><td><textarea name='chng_user_sig' rows='6' cols='45'>".$chnginfo['user_sig']."</textarea></td></tr>\n";


    echo "<tr><td bgcolor='$bgcolor2'>"._PASSWORD.":</td><td><input type='password' name='chng_pass' size='12' maxlength='12'></td></tr>\n";


    echo "<tr><td bgcolor='$bgcolor2'>"._RETYPEPASSWD.":</td><td><input type='password' name='chng_pass2' size='12' maxlength='12'> <font class='tiny'>"._FORCHANGES."</font></td></tr>\n";


    //echo "<input type='hidden' name='chng_avatar' value='".$chnginfo['chng_avatar']."'>\n";


    echo "<input type='hidden' name='chng_uid' value='$chng_uid'>\n";


    echo "<input type='hidden' name='old_uname' value='".$chnginfo['username']."'>\n";


    echo "<input type='hidden' name='old_email' value='".$chnginfo['user_email']."'>\n";


    echo "<input type='hidden' name='op' value='modifyUserConf'>\n";


    if (isset($query)) { echo "<input type='hidden' name='query' value='$query'>\n"; }


    if (isset($min)) { echo "<input type='hidden' name='min' value='$min'>\n"; }


    if (isset($xop)) { echo "<input type='hidden' name='xop' value='$xop'>\n"; }


    echo "<tr><td align='center' colspan='2'><input type='submit' value='"._SAVECHANGES."'></td></tr>\n";


    echo "</form>\n";


    echo "<form action='modules.php?name=$module_name&file=admin' method='post'>\n";


    if (isset($query)) { echo "<input type='hidden' name='query' value='$query'>\n"; }


    if (isset($min)) { echo "<input type='hidden' name='min' value='$min'>\n"; }


    if (isset($xop)) { echo "<input type='hidden' name='op' value='$xop'>\n"; }


    echo "<tr><td align='center' colspan='2'><input type='submit' value='"._CANCEL."'></td></tr>\n";


    echo "</form>\n";


    echo "</table></center>\n";


    CloseTable();


} else {


    OpenTable();


    echo "<center><b>"._USERNOEXIST."</b></center>\n";


    CloseTable();


}


include("footer.php");





}





?>

Posted: Fri Oct 22, 2004 6:09 pm

I haven't even got that far lol I keep getting a parse error everywhere that
eval() is used! Grrr!

Edit: Doh! it was the 0 in the order of the fields in the first field!

Posted: Sat Oct 23, 2004 7:11 am

As a temp fix try adding this to your htaccess file in your webroot
php_flag magic_quotes_gpc on

There is a ton of places were this needs to be fixed it should be submitted to André V Escudero as a legit bug report.

Posted: Sat Oct 23, 2004 8:53 am

Update: I submitted a bug report here if you wish to add comments to it. [ Only registered users can see links on this board! Get registered or login! ]

Posted: Sat Oct 23, 2004 11:32 pm

Thank you for submitting the report for me. I tried to go to their site but I cannot speak spanish. There seems to be lots of bugs with CNB YA. Alot of little spelling errors.

$row['femial'] should be $row['femail']
$row['intrests'] should be $row['interests']

These errors are thru out the module.

I tried you suggestion in the htaccess file. It still did not work. The only way I can get it to work, is change the <input> box to a <textarea> then it will display the whole item.

Posted: Sun Oct 24, 2004 8:33 am

Ok I found these
Search String: femial
Replace String: femail
Path: \pnuke75\modules\Your_Account\admin
Processing file : \pnuke75\modules\Your_Account\admin\modifyuser.php
Line 32 -

Search String: intrests
Replace String: interests
Path: \pnuke75\modules\Your_Account\admin

Processing file : \pnuke75\modules\Your_Account\admin\detailsuser.php
Line 46 -
Processing file : \pnuke75\modules\Your_Account\admin\finduser.php
Line 37 -
Found 1 occurrences.
Processing file : \pnuke75\modules\Your_Account\admin\modifyuser.php
Line 59 -

Posted: Mon Oct 25, 2004 6:35 am

What program did you use for that search?

Posted: Mon Oct 25, 2004 7:30 am

[ Only registered users can see links on this board! Get registered or login! ]

New Member Joined: Oct 25, 2004 Posts: 9

sixonetonoffun wrote:

Update: I submitted a bug report here if you wish to add comments to it. [ Only registered users can see links on this board! Get registered or login! ]

Hello sixonetonoffun,
thanks for your repost.
Can you test the new file for me?
I think that we can do a great module working together.
[ Only registered users can see links on this board! Get registered or login! ]

Bests regards,
André

Posted: Mon Oct 25, 2004 9:59 pm

André
Seems the quotes are handled ok with the custom form fields but the Interests and the other predefined fields still aren't being escaped. At least not from the admin edit page.

Posted: Mon Oct 25, 2004 11:08 pm

Hello sixonetonoffun,
I puted the correct files here [ Only registered users can see links on this board! Get registered or login! ]
to test.
I think that it can not have more error. I think Wink

Very thanks.

May I put your name (name, email and site) in the module credits?

Posted: Tue Oct 26, 2004 6:00 am

André
No no no! You just go on working on this much needed module and we'll continue breaking it until its as solid as it can be!

Posted: Tue Oct 26, 2004 7:16 am

escudero wrote:

Hello sixonetonoffun,
I puted the correct files here [ Only registered users can see links on this board! Get registered or login! ]
to test.
I think that it can not have more error. I think Wink

Very thanks.

May I put your name (name, email and site) in the module credits?

Problem still exists in the admin edit page.

Posted: Tue Oct 26, 2004 8:46 am

deinstall fails using the CNB_Your_Account_750_430 cnbya.php.
Fix:
Open cnbya.php
Find around line 41
echo "<option value='destall'>Destall $pagetitle</option>\n";
Change to:
echo "<option value='deinstall'>Destall $pagetitle</option>\n";

Then Find:
case "deinstall":

Replace the entire block of code with this:

Code:




case "deinstall":


        $pagetitle = "CNB Your Account: Destall";


        include("header.php");


        title("$pagetitle");


        OpenTable();


        echo "Operation Status!<br>\n";


        echo "<hr>\n";


        global $db, $prefix, $user_prefix;


        $result = $db->sql_query("DROP TABLE ".$prefix."_cnbya_config");


        if (!$result) { $result = $db->sql_query("DROP TABLE IF EXISTS ".$user_prefix."_cnbya_config");}


        if (!$result) { echo "- Destall ".$prefix."_cnbya_config failed<br>\n"; } else { echo "- Destall ".$prefix."_cnbya_config succeded<br>\n"; }


        $result = $db->sql_query("DROP TABLE ".$prefix."_cnbya_field");


        if (!$result) { $result = $db->sql_query("DROP TABLE IF EXISTS ".$user_prefix."_cnbya_field");}


        if (!$result) { echo "- Destall ".$prefix."_cnbya_field failed<br>\n"; } else { echo "- Destall ".$prefix."_cnbya_field succeded<br>\n"; }


        $result = $db->sql_query("DROP TABLE ".$prefix."_cnbya_value");


        if (!$result) { $result = $db->sql_query("DROP TABLE IF EXISTS ".$user_prefix."_cnbya_value");}


        if (!$result) { echo "- Destall ".$prefix."_cnbya_value failed<br>\n"; } else { echo "- Destall ".$prefix."_cnbya_value succeded<br>\n"; }


        $result = $db->sql_query("DROP TABLE ".$prefix."_cnbya_value_temp");


        if (!$result) { $result = $db->sql_query("DROP TABLE IF EXISTS ".$user_prefix."_cnbya_value_temp");}


        if (!$result) { echo "- Destall ".$prefix."_cnbya_value_temp failed<br>\n"; } else { echo "- Destall ".$prefix."_cnbya_value_temp succeded<br>\n"; }





        echo "<hr>\n";


        echo "Operation Complete!<br>\n";


        echo _GOBACK."\n";


        CloseTable();


        include("footer.php");


    break;

This removes most any config possible but not old NSN-YAT table names but they shouldn't exist so I don't think that should be ab issue.

Posted: Tue Oct 26, 2004 11:45 am

Hello Community,

thanks for all. Tell me if you found some more error.
Some spelling error are from original NSN YA.
Is difficult found all error alone.

We are found together.

Thanks!!

ps. sorry by my bad english

Posted: Tue Oct 26, 2004 12:28 pm

Another problem is that you cannot log in as admin using the included blocks. This code in the top of modules/Your_Account/includes/functions.php

Code:

if (!eregi("modules.php", $_SERVER['SCRIPT_NAME'])) { 


header("Location: ../../../index.php"); 


die (); 


}

This code is in the top of the two included login
blocks.

Code:

include_once 


("modules/Your_Account/includes/functions.php"); 


$ya_config = ya_get_configs();

This code conflicts and won't let you login as the
admin if you use either of the blocks included in your
package. To use the block you have to comment out the
code at the top of the modules/Your_Account/includes/functions.php file.

Code:

//if (!eregi("modules.php", $_SERVER['SCRIPT_NAME'])) { 


//header("Location: ../../../index.php"); 


//die (); 


//}

Posted: Tue Oct 26, 2004 4:56 pm

Hello,

the beta 2 version is there: [ Only registered users can see links on this board! Get registered or login! ]
Any more problems with this version?

Do you have idea to solve the problem of this user?: [ Only registered users can see links on this board! Get registered or login! ]

André

Posted: Tue Oct 26, 2004 7:36 pm

cnbya.php line 42 is still a spelling error
deinstall fails using the CNB_Your_Account_750_430 cnbya.php.
Fix:
Open cnbya.php
Find around line 42
echo "<option value='deistall'>Destall $pagetitle</option>\n";
Change to:
echo "<option value='deinstall'>Destall $pagetitle</option>\n";

Still brainstroming the single quote being appended issue no great ideas though Crying or Very sad

Posted: Tue Oct 26, 2004 8:40 pm

[quote="sixonetonoffun"]cnbya.php line 42 is still a spelling error
deinstall fails using the CNB_Your_Account_750_430 cnbya.php.
Fix:
Open cnbya.php
Find around line 42
echo "<option value='deistall'>Destall $pagetitle</option>\n";
Change to:
echo "<option value='deinstall'>Destall $pagetitle</option>\n";
quote]

Bang Head

I think that I am blind person. I dont know if is my son, or my work.
I will liberate the 4.3.2 alpha today.

Thanks worship

Posted: Thu Oct 28, 2004 6:28 pm

Hello sixonetonoffun,

what do you think, to change the original ya_fixtext function:

Code:

function ya_fixtext($ya_fixtext) {


    if ($ya_fixtext == "") { return $ya_fixtext; }


    $ya_fixtext = stripslashes($ya_fixtext);


    $ya_fixtext = ereg_replace("\'","&acute;",$ya_fixtext);


    $ya_fixtext = ereg_replace("\"","&quot;",$ya_fixtext);


    $ya_fixtext = strip_tags($ya_fixtext);


    if (!get_magic_quotes_gpc()) { $ya_fixtext = addslashes($ya_fixtext); }; $ya_fixtext = addslashes($ya_fixtext);


    return $ya_fixtext;


}

to just this:

Code:

function ya_fixtext($ya_fixtext) {


    $ya_fixtext = addslashes($ya_fixtext);


    return $ya_fixtext;


}

?

Bests regards,
André