Changeset 11433
- Timestamp:
- Jun 19, 2011, 7:00:33 PM (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/admin/configuration.php
r11285 r11433 104 104 105 105 $order_options = array( 106 ' ORDER BY date_available DESC, file ASC, id ASC' => 'date_available DESC, file ASC, id ASC', 107 ' ORDER BY file DESC, date_available DESC' => 'file DESC, date_available DESC', 106 ' ORDER BY date_available DESC, file ASC, id ASC' => 'Post date DESC, File name ASC', 107 ' ORDER BY date_available ASC, file ASC, id ASC' => 'Post date ASC, File name ASC', 108 ' ORDER BY file DESC, date_available DESC, id ASC' => 'File name DESC, Post date DESC', 109 ' ORDER BY file ASC, date_available DESC, id ASC' => 'File name ASC, Post date DESC', 108 110 'custom' => l10n('Custom'), 109 111 ); … … 118 120 case 'main' : 119 121 { 120 $order_regex = '#^(( *)(id|file|name|date_available|date_creation|hit|average_rate|comment|author|filesize|width|height|high_filesize|high_width|high_height) (ASC|DESC),{1}){1,}$#';122 $order_regex = '#^(([ \w\']{2,}) (ASC|DESC),{1}){1,}$#'; 121 123 // process 'order_by_perso' string 122 124 if ($_POST['order_by'] == 'custom' AND !empty($_POST['order_by_perso'])) 123 125 { 126 $_POST['order_by_perso'] = stripslashes(trim($_POST['order_by_perso'])); 124 127 $_POST['order_by'] = str_ireplace( 125 array('order by ', 'asc', 'desc' ),126 array(null, 'ASC', 'DESC' ),127 trim($_POST['order_by_perso'])128 array('order by ', 'asc', 'desc', '"'), 129 array(null, 'ASC', 'DESC', '\''), 130 $_POST['order_by_perso'] 128 131 ); 129 132 130 133 if (preg_match($order_regex, $_POST['order_by'].',')) 131 134 { 132 $_POST['order_by'] = ' ORDER BY '. $_POST['order_by'];135 $_POST['order_by'] = ' ORDER BY '.addslashes($_POST['order_by']); 133 136 } 134 137 else … … 148 151 else if ($_POST['order_by_inside_category'] == 'custom' AND !empty($_POST['order_by_inside_category_perso'])) 149 152 { 153 $_POST['order_by_inside_category_perso'] = stripslashes(trim($_POST['order_by_inside_category_perso'])); 150 154 $_POST['order_by_inside_category'] = str_ireplace( 151 array('order by ', 'asc', 'desc' ),152 array(null, 'ASC', 'DESC' ),153 trim($_POST['order_by_inside_category_perso'])155 array('order by ', 'asc', 'desc', '"'), 156 array(null, 'ASC', 'DESC', '\''), 157 $_POST['order_by_inside_category_perso'] 154 158 ); 155 159 156 160 if (preg_match($order_regex, $_POST['order_by_inside_category'].',')) 157 161 { 158 $_POST['order_by_inside_category'] = ' ORDER BY '. $_POST['order_by_inside_category'];162 $_POST['order_by_inside_category'] = ' ORDER BY '.addslashes($_POST['order_by_inside_category']); 159 163 } 160 164 else
Note: See TracChangeset
for help on using the changeset viewer.