projects / citadel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
* lets start knit-picking on buffersizes.
[citadel.git] / webcit / notes.c
diff --git a/webcit/notes.c b/webcit/notes.c
index b1f49f5580e64cf0b8834165349600d2cd1207e3..d41ed4d2f6e53d2562d651aed8e1f34ea7176be6 100644 (file)
--- a/webcit/notes.c
+++ b/webcit/notes.c
@@ -21,7 +21,7 @@ void display_note(long msgnum)
        char display_notetext[SIZ];
        char eid[128];
        int in_text = 0;
-       int i;
+       int i, len;
 
        wprintf("<IMG ALIGN=MIDDLE src=\"static/storenotes_48x.gif\">\n");
 
@@ -51,13 +51,14 @@ void display_note(long msgnum)
        }
 
        /** Now sanitize the buffer */
-       for (i=0; i<strlen(notetext); ++i) {
+       len = strlen(notetext);
+       for (i=0; i<len; ++i) {
                if (isspace(notetext[i])) notetext[i] = ' ';
        }
 
        /** Make it HTML-happy and print it. */
-       stresc(display_notetext, notetext, 0, 0);
-       if (strlen(eid) > 0) {
+       stresc(display_notetext, SIZ, notetext, 0, 0);
+       if (!IsEmptyStr(eid)) {
                wprintf("<span id=\"note%s\">%s</span><br />\n", eid, display_notetext);
        }
        else {
@@ -65,11 +66,12 @@ void display_note(long msgnum)
        }
 
        /** Offer in-place editing. */
-       if (strlen(eid) > 0) {
+       if (!IsEmptyStr(eid)) {
                wprintf("<script type=\"text/javascript\">"
-                       " new Ajax.InPlaceEditor('note%s', 'updatenote?eid=%s', {rows:5,cols:72}); "
+                       "new Ajax.InPlaceEditor('note%s', 'updatenote?nonce=%ld?eid=%s', {rows:5,cols:72});"
                        "</script>\n",
                        eid,
+                       WC->nonce,
                        eid
                );
        }
@@ -86,12 +88,12 @@ void updatenote(void)
        char display_notetext[SIZ];
        long msgnum;
        int in_text = 0;
-       int i;
+       int i, len;
 
        serv_printf("ENT0 1||0|0||||||%s", bstr("eid"));
        serv_getln(buf, sizeof buf);
        if (buf[0] == '4') {
-               text_to_server(bstr("value"), 0);
+               text_to_server(bstr("value"));
                serv_puts("000");
        }
 
@@ -113,12 +115,13 @@ void updatenote(void)
                                }
                        }
                        /** Now sanitize the buffer */
-                       for (i=0; i<strlen(notetext); ++i) {
+                       len = strlen(notetext);
+                       for (i=0; i<len; ++i) {
                                if (isspace(notetext[i])) notetext[i] = ' ';
                        }
                
                        /** Make it HTML-happy and print it. */
-                       stresc(display_notetext, notetext, 0, 0);
+                       stresc(display_notetext, SIZ, notetext, 0, 0);
                        wprintf("%s\n", display_notetext);
                }
        }
Citadel server, clients, utilities