escape previews

[ndwebbie.git] / ND / Web / Forum.pm

diff --git a/ND/Web/Forum.pm b/ND/Web/Forum.pm
index be9a10f7c5fddf550fd22cd1ae316074633e26b6..a7804744ddf7bab6a02e944e14d2e742c12ba463 100644 (file)
--- a/ND/Web/Forum.pm
+++ b/ND/Web/Forum.pm
@@ -34,11 +34,10 @@ sub viewForumThread {
 
        my $template = HTML::Template->new(filename => "templates/viewthread.tmpl", global_vars => 1, cache => 1);
 
-       $template->param(Subject => $thread->{subject});
        $template->param(Id => $thread->{id});
        $template->param(Post => $thread->{post});
 
-       my $posts = $ND::DBH->prepare(q{SELECT u.username,date_trunc('minute',fp.time::timestamp) AS time,fp.message,COALESCE(fp.time > ftv.time,TRUE) AS unread
+       my $posts = $ND::DBH->prepare(q{SELECT u.username,date_trunc('seconds',fp.time::timestamp) AS time,fp.message,COALESCE(fp.time > ftv.time,TRUE) AS unread
 FROM forum_threads ft JOIN forum_posts fp USING (ftid) JOIN users u USING (uid) LEFT OUTER JOIN (SELECT * FROM forum_thread_visits WHERE uid = $2) ftv ON ftv.ftid = ft.ftid
 WHERE ft.ftid = $1
 ORDER BY fp.time ASC
@@ -56,10 +55,12 @@ ORDER BY fp.time ASC
        }
 
        if (defined param('cmd') && param('cmd') eq 'Preview'){
-               push @posts,{message => parseMarkup(escapeHTML(param('message'))), unread => 1, username => 'PREVIEW', Time => 'Not submitted yet', NewPosts => $old ? 1 : 0};
+               my $text = parseMarkup(escapeHTML(param('message')));
+               $text .= p b $@ if $@;
+               push @posts,{message => $text, unread => 1, username => 'PREVIEW', Time => 'Not submitted yet', NewPosts => $old ? 1 : 0};
+               $template->param(Message => escapeHTML param('message'));
        }
        $template->param(Posts => \@posts);
-       $template->param(Message => param('message'));
 
        markThreadAsRead($thread->{id});