Changeset 987 for branches/branch-1_5/comments.php
- Timestamp:
- Dec 24, 2005, 4:31:25 PM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/branch-1_5/comments.php
r946 r987 62 62 ); 63 63 64 $page['since'] = isset($_GET['since']) ? $_GET['since'] : 1; 64 // since 65 // 66 $page['since'] = 1; 67 if (isset($_GET['since'])) 68 { 69 if (!isset($since_options{ $_GET['since'] })) 70 { 71 die('Hacking attempt on "since" GET parameter'); 72 } 73 else 74 { 75 $page['since'] = $_GET['since']; 76 } 77 } 65 78 66 79 // on which field sorting … … 70 83 if (isset($_GET['sort_by'])) 71 84 { 72 $page['sort_by'] = $_GET['sort_by']; 85 if (!isset($sort_by{ $_GET['sort_by'] })) 86 { 87 die('Hacking attempt on "sort_by" GET parameter'); 88 } 89 else 90 { 91 $page['sort_by'] = $_GET['sort_by']; 92 } 73 93 } 74 94 … … 79 99 if (isset($_GET['sort_order'])) 80 100 { 81 $page['sort_order'] = $sort_order[$_GET['sort_order']]; 101 if (!isset($sort_order{ $_GET['sort_order'] })) 102 { 103 die('Hacking attempt on "sort_order" GET parameter'); 104 } 105 else 106 { 107 $page['sort_order'] = $sort_order[$_GET['sort_order']]; 108 } 82 109 } 83 110 … … 87 114 if (isset($_GET['items_number'])) 88 115 { 89 $page['items_number'] = $_GET['items_number']; 116 if (!in_array($_GET['items_number'], $items_number)) 117 { 118 die('Hacking attempt on "items_number" GET parameter'); 119 } 120 else 121 { 122 $page['items_number'] = $_GET['items_number']; 123 } 90 124 } 91 125 92 126 // which category to filter on ? 93 127 $page['cat_clause'] = '1=1'; 94 if (isset($_GET['cat']) and 0 != $_GET['cat']) 95 { 96 $page['cat_clause'] = 97 'category_id IN ('.implode(',', get_subcat_ids(array($_GET['cat']))).')'; 128 if (isset($_GET['cat'])) 129 { 130 if (''.intval($_GET['cat']) != ''.$_GET['cat']) 131 { 132 die('Hacking attempt on "cat" GET parameter'); 133 } 134 else if (0 != $_GET['cat']) 135 { 136 $page['cat_clause'] = 137 'category_id IN ('. 138 implode( 139 ',', 140 get_subcat_ids(array($_GET['cat'])) 141 ). 142 ')' 143 ; 144 } 98 145 } 99 146 … … 128 175 $page['keyword_clause'] = 129 176 '('. 130 implode(' AND ', 131 array_map( 132 create_function( 133 '$s', 134 'return "content LIKE \'%$s%\'";' 135 ), 136 preg_split('/[\s,;]+/', $keyword) 137 ) 177 implode( 178 ' AND ', 179 array_map( 180 create_function( 181 '$s', 182 'return "content LIKE \'%$s%\'";' 183 ), 184 preg_split('/[\s,;]+/', $keyword) 185 ) 138 186 ). 139 ')'; 187 ')' 188 ; 140 189 } 141 190
Note: See TracChangeset
for help on using the changeset viewer.