Menu
▾
▴
[Bbps-commits] bbps bookmark.php,1.25,1.26 procesa.php,1.16,1.17
|
From: Christian O. <chr...@us...> - 2006-02-09 03:51:48
|
Update of /cvsroot/bbps/bbps In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv22412 Modified Files: bookmark.php procesa.php Log Message: hopefully the problems with apostrophes and such signs are gone. Index: procesa.php =================================================================== RCS file: /cvsroot/bbps/bbps/procesa.php,v retrieving revision 1.16 retrieving revision 1.17 diff -C2 -d -r1.16 -r1.17 *** procesa.php 9 Sep 2005 14:50:07 -0000 1.16 --- procesa.php 9 Feb 2006 03:51:40 -0000 1.17 *************** *** 96,102 **** if (!empty($oldFavicon)) { // unset($oldFavicon); ! $pathToFavicon = $GLOBALS['CONF_FAVICON_DIR']."/".$oldFavicon; ! @unlink($pathToFavicon); ! } } else $favicon_fname = "'$oldFavicon'"; --- 96,102 ---- if (!empty($oldFavicon)) { // unset($oldFavicon); ! $pathToFavicon = $GLOBALS['CONF_FAVICON_DIR']."/".$oldFavicon; ! @unlink($pathToFavicon); ! } } else $favicon_fname = "'$oldFavicon'"; *************** *** 104,108 **** // updating the bookmark $l_strQuery = "UPDATE bbps_bookmarks set bbps_bookmark_name='%s', bbps_bookmark_comment='%s', bbps_bookmark_url='%s', bbps_bookmark_rating='%s', bbps_bookmark_private=%s, bbps_bookmark_favicon=%s WHERE bbps_bookmark_id=%s"; ! $l_strQuery = sprintf( $l_strQuery, $_POST['f_bookmark_name'], $_POST['f_bookmark_comment'], $_POST['f_bookmark_url'], $_POST['f_bookmark_rating'], $l_isPrivate, $favicon_fname, $_POST['f_bookmark_id'] ); // insert the new bookmark --- 104,108 ---- // updating the bookmark $l_strQuery = "UPDATE bbps_bookmarks set bbps_bookmark_name='%s', bbps_bookmark_comment='%s', bbps_bookmark_url='%s', bbps_bookmark_rating='%s', bbps_bookmark_private=%s, bbps_bookmark_favicon=%s WHERE bbps_bookmark_id=%s"; ! $l_strQuery = sprintf( $l_strQuery, mysql_real_escape_string($_POST['f_bookmark_name']), mysql_real_escape_string($_POST['f_bookmark_comment']), mysql_real_escape_string($_POST['f_bookmark_url']), mysql_real_escape_string($_POST['f_bookmark_rating']), $l_isPrivate, $favicon_fname, mysql_real_escape_string($_POST['f_bookmark_id']) ); // insert the new bookmark *************** *** 132,136 **** // if we made it this far, the bookmark is not link to any keywords // we need to know if the current keyword exists in the catalog ! AssignKeywordIfNecessary($keyword_name, $_POST['f_bookmark_id'] ); } // we just need to unlink the keywords --- 132,136 ---- // if we made it this far, the bookmark is not link to any keywords // we need to know if the current keyword exists in the catalog ! AssignKeywordIfNecessary($keyword_name, mysql_real_escape_string($_POST['f_bookmark_id']) ); } // we just need to unlink the keywords *************** *** 198,202 **** $l_nKeywordID = -1; $l_strQuery = "SELECT bbps_keyword_id FROM bbps_keywords WHERE bbps_keyword_name='%s'"; ! $l_strQuery = sprintf( $l_strQuery, $keyword_name ); // looking for the id $return = mysql_query( $l_strQuery ) or die(mysql_error()); --- 198,202 ---- $l_nKeywordID = -1; $l_strQuery = "SELECT bbps_keyword_id FROM bbps_keywords WHERE bbps_keyword_name='%s'"; ! $l_strQuery = sprintf( $l_strQuery, mysql_real_escape_string($keyword_name) ); // looking for the id $return = mysql_query( $l_strQuery ) or die(mysql_error()); *************** *** 217,221 **** function AddKeyword( $keyword_name ){ $l_strQuery = "INSERT INTO bbps_keywords(bbps_keyword_name) VALUES('%s')"; ! $l_strQuery = sprintf( $l_strQuery, $keyword_name ); // adding the keyword mysql_query($l_strQuery) or die (mysql_errno()); --- 217,221 ---- function AddKeyword( $keyword_name ){ $l_strQuery = "INSERT INTO bbps_keywords(bbps_keyword_name) VALUES('%s')"; ! $l_strQuery = sprintf( $l_strQuery, mysql_real_escape_string($keyword_name) ); // adding the keyword mysql_query($l_strQuery) or die (mysql_errno()); *************** *** 245,250 **** $delete_bookmark_query = "delete from bbps_bookmarks where bbps_bookmark_id = %s"; $delete_relation_query = "delete from bbps_rel_keywords_bookmarks where bbps_rel_bookmark_id = %s"; ! $delete_bookmark_query = sprintf($delete_bookmark_query, $_POST['f_bookmark_id']); ! $delete_relation_query = sprintf($delete_relation_query, $_POST['f_bookmark_id']); mysql_query($delete_bookmark_query) or die(mysql_error()); --- 245,250 ---- $delete_bookmark_query = "delete from bbps_bookmarks where bbps_bookmark_id = %s"; $delete_relation_query = "delete from bbps_rel_keywords_bookmarks where bbps_rel_bookmark_id = %s"; ! $delete_bookmark_query = sprintf($delete_bookmark_query, mysql_real_escape_string($_POST['f_bookmark_id'])); ! $delete_relation_query = sprintf($delete_relation_query, mysql_real_escape_string($_POST['f_bookmark_id'])); mysql_query($delete_bookmark_query) or die(mysql_error()); *************** *** 252,256 **** foreach( $l_currKeywords as $l_keyname ){ ! UnlinkKeyword( $l_keyname, $_POST['f_bookmark_id'] ); } --- 252,256 ---- foreach( $l_currKeywords as $l_keyname ){ ! UnlinkKeyword( $l_keyname, mysql_real_escape_string($_POST['f_bookmark_id']) ); } *************** *** 263,267 **** */ function KillKeyword() { ! $keyid = $_POST['f_keyword_id']; $delete_keyword_query = "delete from bbps_keywords where bbps_keyword_id = '$keyid'"; --- 263,267 ---- */ function KillKeyword() { ! $keyid = mysql_real_escape_string($_POST['f_keyword_id']); $delete_keyword_query = "delete from bbps_keywords where bbps_keyword_id = '$keyid'"; *************** *** 278,283 **** */ function AlterKeyword() { ! $keyid = $_POST['f_keyword_id']; ! $new_keyword_name = $_POST['new_keyword_name']; $alter_keyword_query = "update bbps_keywords set bbps_keyword_name = '$new_keyword_name' where bbps_keyword_id = '$keyid'"; --- 278,283 ---- */ function AlterKeyword() { ! $keyid = mysql_real_escape_string($_POST['f_keyword_id']); ! $new_keyword_name = mysql_real_escape_string($_POST['new_keyword_name']); $alter_keyword_query = "update bbps_keywords set bbps_keyword_name = '$new_keyword_name' where bbps_keyword_id = '$keyid'"; *************** *** 298,303 **** if ((isset($_POST['delete'])) AND ($_POST['delete'] == "Delete Relation(s)")) { ! $bookmark_id = $_POST['relations']; ! $key_id = $_POST['key_id']; if (isset($bookmark_id)) { foreach($bookmark_id as $bm_id) { --- 298,303 ---- if ((isset($_POST['delete'])) AND ($_POST['delete'] == "Delete Relation(s)")) { ! $bookmark_id = mysql_real_escape_string($_POST['relations']); ! $key_id = mysql_real_escape_string($_POST['key_id']); if (isset($bookmark_id)) { foreach($bookmark_id as $bm_id) { *************** *** 334,338 **** // Don't do work twice :) function update_stylesheet() { ! $new_css = $_POST['stylesheet']; $query1 = "update bbps_admin set bbps_admin_keyword = 'css' where bbps_admin_keyword = 'default_css'"; $query2 = "update bbps_admin set bbps_admin_keyword = 'default_css' where bbps_admin_keyword_value = '$new_css'"; --- 334,338 ---- // Don't do work twice :) function update_stylesheet() { ! $new_css = mysql_real_escape_string($_POST['stylesheet']); $query1 = "update bbps_admin set bbps_admin_keyword = 'css' where bbps_admin_keyword = 'default_css'"; $query2 = "update bbps_admin set bbps_admin_keyword = 'default_css' where bbps_admin_keyword_value = '$new_css'"; *************** *** 344,349 **** global $CONF_PASSWORD; if (($_POST['new_password_2'] == $_POST['new_password_1']) and ($CONF_PASSWORD == $_POST['old_password'])) { ! $new_pw = $_POST['new_password_2']; ! $old_pw = $CONF_PASSWORD; $query = "update bbps_admin set bbps_admin_keyword_value = '$new_pw' where (bbps_admin_keyword = 'password' and bbps_admin_keyword_value = '$old_pw')"; $res = @mysql_query($query); --- 344,349 ---- global $CONF_PASSWORD; if (($_POST['new_password_2'] == $_POST['new_password_1']) and ($CONF_PASSWORD == $_POST['old_password'])) { ! $new_pw = mysql_real_escape_string($_POST['new_password_2']); ! $old_pw = mysql_real_escape_string($CONF_PASSWORD); $query = "update bbps_admin set bbps_admin_keyword_value = '$new_pw' where (bbps_admin_keyword = 'password' and bbps_admin_keyword_value = '$old_pw')"; $res = @mysql_query($query); Index: bookmark.php =================================================================== RCS file: /cvsroot/bbps/bbps/bookmark.php,v retrieving revision 1.25 retrieving revision 1.26 diff -C2 -d -r1.25 -r1.26 *** bookmark.php 9 Sep 2005 14:44:14 -0000 1.25 --- bookmark.php 9 Feb 2006 03:51:39 -0000 1.26 *************** *** 24,28 **** } if (isset($_GET['action']) and $_GET['action'] == "list_byid" and $_SESSION['AUTHORIZED'] == TRUE) { ! $key_id = $_GET['key_id']; $query = "select bbps_keyword_name from bbps_keywords where bbps_keyword_id = '$key_id'"; $get_res = mysql_query($query) or die(mysql_error()); --- 24,28 ---- } if (isset($_GET['action']) and $_GET['action'] == "list_byid" and $_SESSION['AUTHORIZED'] == TRUE) { ! $key_id = mysql_real_escape_string($_GET['key_id']); $query = "select bbps_keyword_name from bbps_keywords where bbps_keyword_id = '$key_id'"; $get_res = mysql_query($query) or die(mysql_error()); *************** *** 74,78 **** function RemoveKeyword(){ $l_strNewAction = "del_kw"; ! $key_id = $_GET['key_id']; $query = "select bbps_keyword_name from bbps_keywords where bbps_keyword_id = '$key_id'"; $get_res = mysql_query($query) or die(mysql_error()); --- 74,78 ---- function RemoveKeyword(){ $l_strNewAction = "del_kw"; ! $key_id = mysql_real_escape_string($_GET['key_id']); $query = "select bbps_keyword_name from bbps_keywords where bbps_keyword_id = '$key_id'"; $get_res = mysql_query($query) or die(mysql_error()); *************** *** 88,92 **** function EditKeyword(){ $l_strNewAction = "alter_kw"; ! $key_id = $_GET['key_id']; $query = "select bbps_keyword_name from bbps_keywords where bbps_keyword_id = '$key_id'"; $get_res = mysql_query($query) or die(mysql_error()); --- 88,92 ---- function EditKeyword(){ $l_strNewAction = "alter_kw"; ! $key_id = mysql_real_escape_string($_GET['key_id']); $query = "select bbps_keyword_name from bbps_keywords where bbps_keyword_id = '$key_id'"; $get_res = mysql_query($query) or die(mysql_error()); *************** *** 179,183 **** $letter = $_GET['starting_with_letter']; $l_strWhere = " AND ((LEFT(bbps_bookmark_name, 1) = '$letter') or (LEFT(bbps_bookmark_name, 1) = UPPER('$letter')))"; ! $l_strTitle = "All bookmarks starting with ".$_GET['starting_with_letter']; } elseif('search'==$action){ --- 179,183 ---- $letter = $_GET['starting_with_letter']; $l_strWhere = " AND ((LEFT(bbps_bookmark_name, 1) = '$letter') or (LEFT(bbps_bookmark_name, 1) = UPPER('$letter')))"; ! $l_strTitle = "All bookmarks starting with ".$_GET['starting_with_letter']; } elseif('search'==$action){ *************** *** 185,189 **** $l_strTitle = "Search for '".$_POST['f_search']."' returned: "; if (isset($_POST['f_search']) and strlen($_POST['f_search'])>0) { ! $l_strWhere = sprintf(" (bbps_bookmark_comment like '%%%s%%' or bbps_bookmark_name like '%%%s%%') ORDER BY bbps_bookmark_name ASC", $_POST['f_search'], $_POST['f_search']); }else{ $l_bError = TRUE; --- 185,189 ---- $l_strTitle = "Search for '".$_POST['f_search']."' returned: "; if (isset($_POST['f_search']) and strlen($_POST['f_search'])>0) { ! $l_strWhere = sprintf(" (bbps_bookmark_comment like '%%%s%%' or bbps_bookmark_name like '%%%s%%') ORDER BY bbps_bookmark_name ASC", mysql_real_escape_string($_POST['f_search']), mysql_real_escape_string($_POST['f_search'])); }else{ $l_bError = TRUE; *************** *** 197,201 **** $l_nKeywordCount = count($l_arKeywords); // usamos la sesion ! $l_strWhere = sprintf(" AND %s ", $l_strKeywordsSQL); $l_strExtraSQL = ', COUNT(bbps_rel_bookmark_id) as cuenta'; }else{ --- 197,201 ---- $l_nKeywordCount = count($l_arKeywords); // usamos la sesion ! $l_strWhere = sprintf(" AND %s ", mysql_real_escape_string($l_strKeywordsSQL)); $l_strExtraSQL = ', COUNT(bbps_rel_bookmark_id) as cuenta'; }else{ *************** *** 215,219 **** // usamos la sesion // we used the session (BBF) ! $l_strWhere = sprintf(" AND %s ", $l_strKeywordsSQL); $l_strExtraSQL = ', COUNT(bbps_rel_bookmark_id) as cuenta'; //echo GetBookmarksByKeywordID($l_keyID); --- 215,219 ---- // usamos la sesion // we used the session (BBF) ! $l_strWhere = sprintf(" AND %s ", mysql_real_escape_string($l_strKeywordsSQL)); $l_strExtraSQL = ', COUNT(bbps_rel_bookmark_id) as cuenta'; //echo GetBookmarksByKeywordID($l_keyID); *************** *** 465,469 **** // check if the bookmark exists if (!$override_check) { ! $l_arSimilar = SimilarBookmarkExist($_POST['f_bookmark_url']); if($l_arSimilar!==FALSE){ // converting the POST info into hidden form data in case we want to override the existence of a similar bookmark --- 465,469 ---- // check if the bookmark exists if (!$override_check) { ! $l_arSimilar = SimilarBookmarkExist(mysql_real_escape_string($_POST['f_bookmark_url'])); if($l_arSimilar!==FALSE){ // converting the POST info into hidden form data in case we want to override the existence of a similar bookmark *************** *** 487,492 **** $l_strQuery .= " VALUES('%s', '%s', '%s', '%s', NULL, %s, %s)"; // ! $l_strQuery = sprintf( $l_strQuery, $_POST['f_bookmark_name'], $_POST['f_bookmark_comment'], $_POST['f_bookmark_url'], ! $_POST['f_bookmark_rating'], $l_isPrivate, $favicon_fname); // inserting the new bookmark in the DB --- 487,492 ---- $l_strQuery .= " VALUES('%s', '%s', '%s', '%s', NULL, %s, %s)"; // ! $l_strQuery = sprintf( $l_strQuery, mysql_real_escape_string($_POST['f_bookmark_name']), mysql_real_escape_string($_POST['f_bookmark_comment']), mysql_real_escape_string($_POST['f_bookmark_url']), ! mysql_real_escape_string($_POST['f_bookmark_rating']), $l_isPrivate, $favicon_fname); // inserting the new bookmark in the DB *************** *** 497,501 **** $l_arKeywords = split("\n", $_POST['f_bookmark_keyword_list'] ); $keyword = ""; ! foreach( $l_arKeywords as $keyword ){ $keyword = trim($keyword); // if the line is empty, we ignore it --- 497,501 ---- $l_arKeywords = split("\n", $_POST['f_bookmark_keyword_list'] ); $keyword = ""; ! foreach( $l_arKeywords as $keyword ){ $keyword = trim($keyword); // if the line is empty, we ignore it *************** *** 556,560 **** // we are only interested in fields, not in the submit button if(strpos($field,"f_")===FALSE) continue; ! $l_strBuffer .= sprintf( $l_strFieldTPL, $field, $value ); } --- 556,560 ---- // we are only interested in fields, not in the submit button if(strpos($field,"f_")===FALSE) continue; ! $l_strBuffer .= sprintf( $l_strFieldTPL, $field, htmlentities($value, ENT_QUOTES) ); } *************** *** 598,602 **** function AlterKeywordRelations() { $l_strNewAction = "alter_kw_relations"; ! $key_id = $_GET['key_id']; $query = "select bbps_keyword_name from bbps_keywords where bbps_keyword_id = '$key_id'"; $get_res = mysql_query($query) or die(mysql_error()); --- 598,602 ---- function AlterKeywordRelations() { $l_strNewAction = "alter_kw_relations"; ! $key_id = mysql_real_escape_string($_GET['key_id']); $query = "select bbps_keyword_name from bbps_keywords where bbps_keyword_id = '$key_id'"; $get_res = mysql_query($query) or die(mysql_error()); |
