Ignore:
Timestamp:
Oct 18, 2008, 2:45:45 AM (16 years ago)
Author:
rvelices
Message:
  • merge rev 2765,2769 from branch 2.0
  • 2765 mysql potential injection paranoia + code compaction in common.inc.php
  • 2769 added an image sort order by privacy level (admins only)
  • 2769 fix an IE6 display issue with quick search on index page
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/include/ws_functions.inc.php

    r2757 r2770  
    188188    return new PwgError(401, 'Access denied');
    189189  }
     190  $params['image_id'] = array_map( 'intval',$params['image_id'] );
    190191  if ( empty($params['image_id']) )
    191192  {
     
    292293GROUP BY i.id
    293294'.$order_by.'
    294 LIMIT '.$params['per_page']*$params['page'].','.$params['per_page'];
     295LIMIT '.(int)($params['per_page']*$params['page']).','.(int)$params['per_page'];
    295296
    296297    $result = pwg_query($query);
     
    684685  WHERE '.$where_comments.'
    685686  ORDER BY date
    686   LIMIT '.$params['comments_per_page']*(int)$params['comments_page'].
    687     ','.$params['comments_per_page'];
     687  LIMIT '.(int)($params['comments_per_page']*$params['comments_page']).
     688    ','.(int)$params['comments_per_page'];
    688689
    689690    $result = pwg_query($query);
     
    858859    return new PwgError(401, 'Access denied');
    859860  }
     861  $params['image_id'] = array_map( 'intval',$params['image_id'] );
    860862  if ( empty($params['image_id']) )
    861863  {
     
    13431345    AND ', $where_clauses).'
    13441346'.$order_by.'
    1345 LIMIT '.$params['per_page']*$params['page'].','.$params['per_page'];
     1347LIMIT '.(int)($params['per_page']*$params['page']).','.(int)$params['per_page'];
    13461348
    13471349    $result = pwg_query($query);
Note: See TracChangeset for help on using the changeset viewer.