Profile
MAJ is an Open Source, PHP-based content management system (CMS) that can be deployed as a blog, bulletin or message board, Internet forum, and wiki. It is extensible via PHP panels and is HTML5 and CSS3 ready.
Git
This commit has been accessed 1265 times via Git panel.

commit 14aca06d1c23cdc4f3c166549c55d051d57d9267
tree 6390d34c48183b772e79e742dd2f87933b6dbf24
parent ab11a97af1959c7cb686e3ee3ebf28615fabe00a
author Engels Antonio <engels@majcms.org> 1347813306 +0800
committer Engels Antonio <engels@majcms.org> 1347813306 +0800

    Add HTML5 <!DOCTYPE> declaration

diff --git a/index.php b/index.php
index 50d1c81..03e3461 100644
--- a/index.php
+++ b/index.php
@@ -183,11 +183,8 @@ if (isset($maj_req_entry) and !empty($maj_req_entry) and isset($_REQUEST['commen
                                        $maj_ml_body = str_replace('<img src="images/smileys/surprised.png" border="0">','=)',$maj_ml_body);
                                        $maj_ml_body = str_replace('<img src="images/smileys/undecided.png" border="0">',':\\',$maj_ml_body);
                                        $maj_ml_body = str_replace('<img src="images/smileys/wink.png" border="0">',';)',$maj_ml_body);
-                                       $maj_ml_body = str_replace('&amp;','&',$maj_ml_body);
-                                       $maj_ml_body = str_replace('&lt;','<',$maj_ml_body);
-                                       $maj_ml_body = str_replace('&gt;','>',$maj_ml_body);
-                                       $maj_ml_body = str_replace('&reg;','(R)',$maj_ml_body);
-
+                                       $maj_ml_body = html_entity_decode($maj_ml_body,ENT_QUOTES,'UTF-8');
+                                      
                                        if (file_exists("$maj_data_directory/pf.txt") and file_exists("$maj_data_directory/pf-badwords.txt")) {
 
                                                $maj_badwords = file_get_contents("$maj_data_directory/pf-badwords.txt");
@@ -284,6 +281,8 @@ if (isset($maj_req_entry) and !empty($maj_req_entry) and isset($_REQUEST['commen
                }
 }
 
+echo "<!DOCTYPE html>\n\n";
+
 if (isset($maj_req_entry) and !empty($maj_req_entry)) {
 
        if (file_exists("$maj_data_directory/items/$maj_req_entry")) {
@@ -329,7 +328,7 @@ if (isset($maj_req_entry) and !empty($maj_req_entry)) {
                        mkdir("$maj_data_directory/items/$maj_req_entry/comments/pending/$maj_comment_entry_dir");
       
                        $maj_body_content = ucfirst($_POST['new_comment']);
-                       $maj_body_content = htmlentities($maj_body_content,ENT_QUOTES, 'UTF-8');
+                       $maj_body_content = htmlentities($maj_body_content,ENT_QUOTES,'UTF-8');
                        $maj_body_content = str_replace("\n",'<br />',$maj_body_content);
                        $maj_body_content = trim($maj_body_content);
                        $maj_body_content = str_replace(':((','<img src="images/smileys/crying.png" border="0">',$maj_body_content);
@@ -352,7 +351,7 @@ if (isset($maj_req_entry) and !empty($maj_req_entry)) {
                        fclose($maj_fp_timestamp_txt);
 
                        $maj_fp_firstname_txt = fopen("$maj_data_directory/items/$maj_req_entry/comments/pending/$maj_comment_entry_dir/firstname.txt","w");
-                       $maj_firstname = htmlentities($_POST['firstname'],ENT_QUOTES, 'UTF-8');
+                       $maj_firstname = htmlentities($_POST['firstname'],ENT_QUOTES,'UTF-8');
                        $maj_firstname = trim($maj_firstname);
                       
                        if (!isset($maj_logged_in_username) or ($maj_logged_in_username != $maj_admin_username)) {
@@ -364,7 +363,7 @@ if (isset($maj_req_entry) and !empty($maj_req_entry)) {
                        fclose($maj_fp_firstname_txt);
 
                        $maj_fp_lastname_txt = fopen("$maj_data_directory/items/$maj_req_entry/comments/pending/$maj_comment_entry_dir/lastname.txt","w");
-                       $maj_lastname = htmlentities($_POST['lastname'],ENT_QUOTES, 'UTF-8');
+                       $maj_lastname = htmlentities($_POST['lastname'],ENT_QUOTES,'UTF-8');
                        $maj_lastname = trim($maj_lastname);
 
                        if (!isset($maj_logged_in_username) or ($maj_logged_in_username != $maj_admin_username)) {
@@ -378,7 +377,7 @@ if (isset($maj_req_entry) and !empty($maj_req_entry)) {
                        $maj_fp_email_txt = fopen("$maj_data_directory/items/$maj_req_entry/comments/pending/$maj_comment_entry_dir/email.txt","w");
                        $maj_email = mb_strtolower($_POST['email']);
                        $maj_email = trim($maj_email);
-                       $maj_email = htmlentities($maj_email,ENT_QUOTES, 'UTF-8');
+                       $maj_email = htmlentities($maj_email,ENT_QUOTES,'UTF-8');
                        fwrite($maj_fp_email_txt,$maj_email);
                        fclose($maj_fp_email_txt);
 
@@ -386,7 +385,7 @@ if (isset($maj_req_entry) and !empty($maj_req_entry)) {
                                $maj_fp_email_root = fopen("$maj_data_directory/email.txt","w");
                                $maj_email_root = mb_strtolower($_POST['email']);
                                $maj_email_root = trim($maj_email_root);
-                               $maj_email_root = htmlentities($maj_email_root,ENT_QUOTES, 'UTF-8');
+                               $maj_email_root = htmlentities($maj_email_root,ENT_QUOTES,'UTF-8');
                                fwrite($maj_fp_email_root,$maj_email_root);
                                fclose($maj_fp_email_root);
                        }
@@ -397,7 +396,7 @@ if (isset($maj_req_entry) and !empty($maj_req_entry)) {
                                $maj_url = mb_strtolower($maj_url);
                                $maj_url = trim($maj_url);
                                $maj_url = "http://" . $maj_url;
-                               $maj_url = htmlentities($maj_url,ENT_QUOTES, 'UTF-8');
+                               $maj_url = htmlentities($maj_url,ENT_QUOTES,'UTF-8');
                                fwrite($maj_fp_url_txt,$maj_url);
                                fclose($maj_fp_url_txt);
                        }
@@ -435,7 +434,6 @@ if (isset($maj_req_entry) and !empty($maj_req_entry)) {
                        if (!file_exists("$maj_data_directory/nak.txt") and file_exists("$maj_data_directory/email.txt")) {
 
                                $maj_comment_thanks = "Hi $maj_firstname,\n\nThanks for submitting the following comment last $maj_timestamp:\n\n\"$maj_comment_quote\"\n\nIt will be e-mailed to me first for approval. Please visit the following URL to see if it has been posted:\n\n{$maj_sig_url}index.php?entry=$maj_req_entry&show=comments\n\nThanks again! =)\n\n--\n$maj_sig_author\n$maj_sig_url\n";
-                               //$maj_comment_thanks = wordwrap($maj_comment_thanks);
 
                                mb_send_mail($maj_email_to,"Thanks for sharing your thoughts!",$maj_comment_thanks,
                                        "From: $maj_from_email\n" .
@@ -446,7 +444,6 @@ if (isset($maj_req_entry) and !empty($maj_req_entry)) {
                        if (file_exists("$maj_data_directory/email.txt") and !file_exists("$maj_data_directory/xscreen.txt")) {
 
                                $maj_comment_notice = "The following comment was submitted by $maj_email_to last $maj_timestamp for the entry \"$maj_commented_entry_title\":\n\n\"$maj_comment_quote\"\n\nVisit the link below to approve and post this pending comment:\n\n{$maj_sig_url}index.php?entry=$maj_req_entry&comment={$maj_comment_entry_dir}&key={$maj_key_rand}&action=approve\n\nVisit the link below to disapprove and delete this pending comment:\n\n{$maj_sig_url}index.php?entry=$maj_req_entry&comment={$maj_comment_entry_dir}&key={$maj_key_rand}&action=delete\n\nYou can also approve or disapprove pending comments at a later time by logging on to your blog.";
-                               //$maj_comment_notice = wordwrap($maj_comment_notice);
       
                                mb_send_mail($maj_from_email,"Pending Comment",$maj_comment_notice,
                                        "From: $maj_from_email\n" .
@@ -580,7 +577,7 @@ if (isset($maj_req_entry) and !empty($maj_req_entry) and file_exists("$maj_data_
                                $maj_description = str_replace(chr(13)," ",$maj_description);
                                $maj_description = trim($maj_description);
                                $maj_description = mb_substr($maj_description,0,210);
-                               $maj_description = htmlentities($maj_description,ENT_QUOTES, 'UTF-8');
+                               $maj_description = htmlentities($maj_description,ENT_QUOTES,'UTF-8');
 
                                if (file_exists("$maj_data_directory/pf.txt") and file_exists("$maj_data_directory/pf-badwords.txt") and (!isset($maj_logged_in_username) or empty($maj_logged_in_username) or (isset($maj_logged_in_username) and ($maj_logged_in_username != $maj_admin_username)))) {
 
 
Credits
Sunday, Sep 18, 2005, 12:00 AM (Revision 11 - Thursday, Jul 14, 2011, 7:30 PM)
Open Source enables software developers to stand on the shoulders of giants instead of reinventing the wheel, so to speak. Kudos and many thanks to the folks who made their work freely available for reuse in MAJ.

read more
Bugs and Exploits
Friday, Aug 26, 2005, 12:00 AM (Revision 23 - Wednesday, May 29, 2013, 5:25 AM)
Although MAJ started as a family project, care has been taken to make it as "safe" as possible. With more people now working on MAJ, bugs and exploitable code may sometimes slip in. We invite you to poke around and see if you can find any. Generally, there are two things you can do when you find a MAJ or PHP-related bug or exploit:

1. Take advantage of it. But hey, what's so exciting about messing up someone's blog? Ho-hum, right?
2. Report it here so that we can work on a fix and make MAJ better.

read more
Search
Download
MAJ 2.0
75 files
33087 downloads
MAJ 1.0
26 files
13170 downloads
MAJ 0.14
45 files
35071 downloads