Actually I haven't the source in front of my eyes, but I think you can edit the newthread.php and set the value to your parameter in the URL.
At this time the html-code looks like this:
<input class="textbox" type="text" tabindex="1" value="" maxlength="85" size="40" name="subject"></input>
You only have to put in the value-parameter a get. I don't now how the code beyond is assembled, but normally it is enought when you write
value=$_GET['threadtitle']
into the file.
When I'm at home I will check this if no other is faster
So, i will keep my promise. I checked the newthread.php and did the following change:
// Search
$lang->load("newthread");
// Replace with
$lang->load("newthread");
if ($subject == '') {
$subject = $_GET['threadtitle'];
}
It works, but it isn't a good solution. I tried it something deeper in the file, but in failed
If someone has another solution, please post. I'm looking forward it.
Why isn't that a good solution?
works fine for me.
I also took a deeper look into and also failed
anyways thanks alot
That is dangerous if you are not escaping the item before putting it into the DB. Also, there is a variable called $mybb->input[] that is an array that you can use which has all the POST and GET items/
So you populate like:
$subject = $mybb->input['threadtitle'];
and when saving to the DB you first escape it for security
$subject = $db->escape_string($mybb->input['threadtitle']);
(2013-07-11, 06:36 AM)pavemen Wrote: [ -> ]That is dangerous if you are not escaping the item before putting it into the DB. Also, there is a variable called $mybb->input[] that is an array that you can use which has all the POST and GET items/
So you populate like:
$subject = $mybb->input['threadtitle'];
and when saving to the DB you first escape it for security
$subject = $db->escape_string($mybb->input['threadtitle']);
It seems that they're just making it the default title, the existing code for inserting the thread upon post will escape it (in newthread.php). They will most likely have to encode the html characters if it's being directly placed as the value for the text box however.
yes its just a default filling into the subject line..
works out of the box (albeit with a "please enter a message" warning):
newthread.php?fid=127&subject=foobar&previewpost=1
(2013-07-11, 06:59 AM)frostschutz Wrote: [ -> ]works out of the box (albeit with a "please enter a message" warning):
newthread.php?fid=127&subject=foobar&previewpost=1
And if you find this:
$message = htmlspecialchars_uni($mybb->input['message']);
$subject = htmlspecialchars_uni($mybb->input['subject']);
}
// Removing an attachment or adding a new one, or showting thread errors.
else if($mybb->input['attachmentaid'] || $mybb->input['newattachment'] || $mybb->input['updateattachment'] || $thread_errors)
{
$message = htmlspecialchars_uni($mybb->input['message']);
$subject = htmlspecialchars_uni($mybb->input['subject']);
}
And change it to this:
$message = htmlspecialchars_uni($mybb->input['message']);
}
// Removing an attachment or adding a new one, or showting thread errors.
else if($mybb->input['attachmentaid'] || $mybb->input['newattachment'] || $mybb->input['updateattachment'] || $thread_errors)
{
$message = htmlspecialchars_uni($mybb->input['message']);
}
$subject = htmlspecialchars_uni($mybb->input['subject']);
It should do it without having to preview the post. You can also put the message part there if you want to be able to specify that as well.