Changeset 2770


Ignore:
Timestamp:
Oct 18, 2008, 2:45:45 AM (16 years ago)
Author:
rvelices
Message:
  • merge rev 2765,2769 from branch 2.0
  • 2765 mysql potential injection paranoia + code compaction in common.inc.php
  • 2769 added an image sort order by privacy level (admins only)
  • 2769 fix an IE6 display issue with quick search on index page
Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • trunk/include/common.inc.php

    r2700 r2770  
    3737if( !get_magic_quotes_gpc() )
    3838{
     39  function sanitize_mysql_kv(&$v, $k)
     40  {
     41    $v = addslashes($v);
     42  }
    3943  if( is_array( $_GET ) )
    4044  {
    41     while( list($k, $v) = each($_GET) )
    42     {
    43       if( is_array($_GET[$k]) )
    44       {
    45         while( list($k2, $v2) = each($_GET[$k]) )
    46         {
    47           $_GET[$k][$k2] = addslashes($v2);
    48         }
    49         @reset($_GET[$k]);
    50       }
    51       else
    52       {
    53         $_GET[$k] = addslashes($v);
    54       }
    55     }
    56     @reset($_GET);
    57   }
    58 
    59   if( is_array($_POST) )
    60   {
    61     while( list($k, $v) = each($_POST) )
    62     {
    63       if( is_array($_POST[$k]) )
    64       {
    65         while( list($k2, $v2) = each($_POST[$k]) )
    66         {
    67           $_POST[$k][$k2] = addslashes($v2);
    68         }
    69         @reset($_POST[$k]);
    70       }
    71       else
    72       {
    73         $_POST[$k] = addslashes($v);
    74       }
    75     }
    76     @reset($_POST);
    77   }
    78 
    79   if( is_array($_COOKIE) )
    80   {
    81     while( list($k, $v) = each($_COOKIE) )
    82     {
    83       if( is_array($_COOKIE[$k]) )
    84       {
    85         while( list($k2, $v2) = each($_COOKIE[$k]) )
    86         {
    87           $_COOKIE[$k][$k2] = addslashes($v2);
    88         }
    89         @reset($_COOKIE[$k]);
    90       }
    91       else
    92       {
    93         $_COOKIE[$k] = addslashes($v);
    94       }
    95     }
    96     @reset($_COOKIE);
     45    array_walk_recursive( $_GET, 'sanitize_mysql_kv' );
     46  }
     47  if( is_array( $_POST ) )
     48  {
     49    array_walk_recursive( $_POST, 'sanitize_mysql_kv' );
     50  }
     51  if( is_array( $_COOKIE ) )
     52  {
     53    array_walk_recursive( $_COOKIE, 'sanitize_mysql_kv' );
    9754  }
    9855}

  • trunk/include/functions_category.inc.php

    r2586 r2770  
    274274      'rank ASC',
    275275      ('categories' == @$page['section'] and !isset($page['flat']) and !isset($page['chronology_field']) )
    276       )
     276      ),
     277    array( l10n('permissions'), 'level DESC', is_admin() )
    277278    ));
    278279}

  • trunk/include/ws_functions.inc.php

    r2757 r2770  
    188188    return new PwgError(401, 'Access denied');
    189189  }
     190  $params['image_id'] = array_map( 'intval',$params['image_id'] );
    190191  if ( empty($params['image_id']) )
    191192  {
     
    292293GROUP BY i.id
    293294'.$order_by.'
    294 LIMIT '.$params['per_page']*$params['page'].','.$params['per_page'];
     295LIMIT '.(int)($params['per_page']*$params['page']).','.(int)$params['per_page'];
    295296
    296297    $result = pwg_query($query);
     
    684685  WHERE '.$where_comments.'
    685686  ORDER BY date
    686   LIMIT '.$params['comments_per_page']*(int)$params['comments_page'].
    687     ','.$params['comments_per_page'];
     687  LIMIT '.(int)($params['comments_per_page']*$params['comments_page']).
     688    ','.(int)$params['comments_per_page'];
    688689
    689690    $result = pwg_query($query);
     
    858859    return new PwgError(401, 'Access denied');
    859860  }
     861  $params['image_id'] = array_map( 'intval',$params['image_id'] );
    860862  if ( empty($params['image_id']) )
    861863  {
     
    13431345    AND ', $where_clauses).'
    13441346'.$order_by.'
    1345 LIMIT '.$params['per_page']*$params['page'].','.$params['per_page'];
     1347LIMIT '.(int)($params['per_page']*$params['page']).','.(int)$params['per_page'];
    13461348
    13471349    $result = pwg_query($query);

  • trunk/index.php

    r2699 r2770  
    198198    foreach ( $cats as $cat )
    199199    {
    200       $hints[] = get_cat_display_name( array($cat) );
     200      $hints[] = get_cat_display_name( array($cat), '', false );
    201201    }
    202202    $template->assign( 'category_search_results', $hints);

  • trunk/template/yoga/index.tpl

    r2545 r2770  
    3333
    3434      {if isset($U_MODE_FLAT) }
    35       <li><a href="{$U_MODE_FLAT}" title="{'mode_flat_hint'|@translate}" rel="nofollow"><img src="{$ROOT_URL}{$themeconf.icon_dir}/flat.png" class="button" alt="{'mode_flat_hint'|@translate}"></a></li>
     35      <li><a href="{$U_MODE_FLAT}" title="{'mode_flat_hint'|@translate}" rel="nofollow"><img src="{$ROOT_URL}{$themeconf.icon_dir}/flat.png" class="button" alt="{'mode_flat_hint'|@translate}" /></a></li>
    3636      {/if}
    3737
    3838      {if isset($U_MODE_NORMAL) }
    39       <li><a href="{$U_MODE_NORMAL}" title="{'mode_normal_hint'|@translate}"><img src="{$ROOT_URL}{$themeconf.icon_dir}/normal_mode.png" class="button" alt="{'mode_normal_hint'|@translate}"></a></li>
     39      <li><a href="{$U_MODE_NORMAL}" title="{'mode_normal_hint'|@translate}"><img src="{$ROOT_URL}{$themeconf.icon_dir}/normal_mode.png" class="button" alt="{'mode_normal_hint'|@translate}" /></a></li>
    4040      {/if}
    4141
    4242      {if isset($U_MODE_POSTED) }
    43       <li><a href="{$U_MODE_POSTED}" title="{'mode_posted_hint'|@translate}" rel="nofollow"><img src="{$ROOT_URL}{$themeconf.icon_dir}/calendar.png" class="button" alt="{'mode_posted_hint'|@translate}"></a></li>
     43      <li><a href="{$U_MODE_POSTED}" title="{'mode_posted_hint'|@translate}" rel="nofollow"><img src="{$ROOT_URL}{$themeconf.icon_dir}/calendar.png" class="button" alt="{'mode_posted_hint'|@translate}" /></a></li>
    4444      {/if}
    4545     
    4646      {if isset($U_MODE_CREATED) }
    47       <li><a href="{$U_MODE_CREATED}" title="{'mode_created_hint'|@translate}" rel="nofollow"><img src="{$ROOT_URL}{$themeconf.icon_dir}/calendar_created.png" class="button" alt="{'mode_created_hint'|@translate}"></a></li>
     47      <li><a href="{$U_MODE_CREATED}" title="{'mode_created_hint'|@translate}" rel="nofollow"><img src="{$ROOT_URL}{$themeconf.icon_dir}/calendar_created.png" class="button" alt="{'mode_created_hint'|@translate}" /></a></li>
    4848      {/if}
    4949     
     
    7272
    7373{if !empty($category_search_results) }
    74 <div style="font-size:16px;text-align:left;margin:10px">{'Category results for'|@translate} <strong>{$QUERY_SEARCH}</strong> :
     74<div style="font-size:16px;margin:10px 16px">{'Category results for'|@translate} <strong>{$QUERY_SEARCH}</strong> :
    7575  <em><strong>
    7676  {foreach from=$category_search_results item=res name=res_loop}
     
    8383
    8484{if !empty($tag_search_results) }
    85 <div style="font-size:16px;text-align:left;margin:10px">{'Tag results for'|@translate} <strong>{$QUERY_SEARCH}</strong> :
     85<div style="font-size:16px;margin:10px 16px">{'Tag results for'|@translate} <strong>{$QUERY_SEARCH}</strong> :
    8686  <em><strong>
    8787  {foreach from=$tag_search_results item=res name=res_loop}
Note: See TracChangeset for help on using the changeset viewer.