Menu
▾
▴
[mxbb-commits] mx_linkdb/linkdb/includes functions.php, 1.6, 1.7 functions_linkdb.php, 1.6, 1.7 linkdb_common.php, 1.4, 1.5
|
From: Jon O. <jon...@us...> - 2006-06-17 20:48:36
|
Update of /cvsroot/mxbb/mx_linkdb/linkdb/includes In directory sc8-pr-cvs7.sourceforge.net:/tmp/cvs-serv5687/modules/mx_linkdb/linkdb/includes Modified Files: functions.php functions_linkdb.php linkdb_common.php Log Message: security Index: functions.php =================================================================== RCS file: /cvsroot/mxbb/mx_linkdb/linkdb/includes/functions.php,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** functions.php 2 May 2006 23:27:29 -0000 1.6 --- functions.php 17 Jun 2006 20:48:33 -0000 1.7 *************** *** 9,15 **** */ ! if ( !defined( 'IN_PHPBB' ) ) { ! die( "Hacking attempt" ); } --- 9,15 ---- */ ! if( !defined('IN_PORTAL') ) { ! die("Hacking attempt"); } *************** *** 46,50 **** global $db; ! $sql = "SELECT * FROM " . LINK_CONFIG_TABLE; --- 46,50 ---- global $db; ! $sql = "SELECT * FROM " . LINK_CONFIG_TABLE; *************** *** 62,70 **** return ( $linkdb_config ); ! } ! // since that I can't use the original function with new template system // I just copy it and chagne it ! function sql_query_limit( $query, $total, $offset = 0 ) { --- 62,70 ---- return ( $linkdb_config ); ! } ! // since that I can't use the original function with new template system // I just copy it and chagne it ! function sql_query_limit( $query, $total, $offset = 0 ) { *************** *** 79,84 **** global $db, $lang; ! $sql = "SELECT AVG(rate_point) AS rating ! FROM " . LINK_VOTES_TABLE . " WHERE votes_link = '" . $link_id . "'"; --- 79,84 ---- global $db, $lang; ! $sql = "SELECT AVG(rate_point) AS rating ! FROM " . LINK_VOTES_TABLE . " WHERE votes_link = '" . $link_id . "'"; *************** *** 101,106 **** $where_sql = ( $userdata['user_id'] != ANONYMOUS ) ? "user_id = '" . $userdata['user_id'] . "'" : "votes_ip = '" . $user_ip . "'"; ! $sql = "SELECT user_id, votes_ip ! FROM " . LINK_VOTES_TABLE . " WHERE $where_sql AND votes_link = '" . $link_id . "' --- 101,106 ---- $where_sql = ( $userdata['user_id'] != ANONYMOUS ) ? "user_id = '" . $userdata['user_id'] . "'" : "votes_ip = '" . $user_ip . "'"; ! $sql = "SELECT user_id, votes_ip ! FROM " . LINK_VOTES_TABLE . " WHERE $where_sql AND votes_link = '" . $link_id . "' *************** *** 114,118 **** if ( !$db->sql_numrows( $result ) ) { ! $sql = "INSERT INTO " . LINK_VOTES_TABLE . " (user_id, votes_ip, votes_link, rate_point) VALUES('" . $userdata['user_id'] . "', '" . $user_ip . "', '" . $link_id . "','" . $rating . "')"; if ( !( $db->sql_query( $sql ) ) ) --- 114,118 ---- if ( !$db->sql_numrows( $result ) ) { ! $sql = "INSERT INTO " . LINK_VOTES_TABLE . " (user_id, votes_ip, votes_link, rate_point) VALUES('" . $userdata['user_id'] . "', '" . $user_ip . "', '" . $link_id . "','" . $rating . "')"; if ( !( $db->sql_query( $sql ) ) ) Index: linkdb_common.php =================================================================== RCS file: /cvsroot/mxbb/mx_linkdb/linkdb/includes/linkdb_common.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** linkdb_common.php 5 Apr 2006 22:35:24 -0000 1.4 --- linkdb_common.php 17 Jun 2006 20:48:33 -0000 1.5 *************** *** 9,15 **** */ ! if ( !defined( 'IN_PHPBB' ) ) { ! die( "Hacking attempt" ); } --- 9,15 ---- */ ! if( !defined('IN_PORTAL') ) { ! die("Hacking attempt"); } Index: functions_linkdb.php =================================================================== RCS file: /cvsroot/mxbb/mx_linkdb/linkdb/includes/functions_linkdb.php,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** functions_linkdb.php 2 May 2006 23:27:29 -0000 1.6 --- functions_linkdb.php 17 Jun 2006 20:48:33 -0000 1.7 *************** *** 9,27 **** */ ! if ( !defined( 'IN_PHPBB' ) ) { ! die( "Hacking attempt" ); } // public linkdb class ! // class linkdb_public extends linkdb { var $modules = array(); ! var $module_name = ''; ! // load module // $module name : send module name to load it ! function adminmodule( $module_name ) { --- 9,27 ---- */ ! if( !defined('IN_PORTAL') ) { ! die("Hacking attempt"); } // public linkdb class ! // class linkdb_public extends linkdb { var $modules = array(); ! var $module_name = ''; ! // load module // $module name : send module name to load it ! function adminmodule( $module_name ) { *************** *** 58,74 **** } } ! } ! // this will be replaced by the loaded module ! // function main( $module_id = false ) { return false; ! } ! // go ahead and output the page // $page title : send page title // $tpl_name : template file name ! function display( $page_title1, $tpl_name ) { --- 58,74 ---- } } ! } ! // this will be replaced by the loaded module ! // function main( $module_id = false ) { return false; ! } ! // go ahead and output the page // $page title : send page title // $tpl_name : template file name ! function display( $page_title1, $tpl_name ) { *************** *** 103,107 **** unset( $this->subcat_rowset ); ! $sql = 'SELECT * FROM ' . LINK_CATEGORIES_TABLE . ' ORDER BY cat_order ASC'; --- 103,107 ---- unset( $this->subcat_rowset ); ! $sql = 'SELECT * FROM ' . LINK_CATEGORIES_TABLE . ' ORDER BY cat_order ASC'; *************** *** 121,126 **** $this->total_cat++; } ! } ! // Jump menu function // $cat_id : to handle parent cat_id --- 121,126 ---- $this->total_cat++; } ! } ! // Jump menu function // $cat_id : to handle parent cat_id *************** *** 129,133 **** // $for_file: TRUE high category ids will be -1 // $check_upload: if true permission for upload will be checked ! function jumpmenu_option( $cat_id = 0, $depth = 0, $default = '', $for_file = false, $check_upload = false ) { --- 129,133 ---- // $for_file: TRUE high category ids will be -1 // $check_upload: if true permission for upload will be checked ! function jumpmenu_option( $cat_id = 0, $depth = 0, $default = '', $for_file = false, $check_upload = false ) { *************** *** 190,197 **** return; } ! } ! // if there is no cat ! function cat_empty() { --- 190,197 ---- return; } ! } ! // if there is no cat ! function cat_empty() { *************** *** 202,210 **** { $this->modified = $true_false; ! } ! // get all sub category in side certain category // $cat_id : category id ! function get_sub_cat( $cat_id ) { --- 202,210 ---- { $this->modified = $true_false; ! } ! // get all sub category in side certain category // $cat_id : category id ! function get_sub_cat( $cat_id ) { *************** *** 245,250 **** $sql = 'SELECT file_time, file_id, file_name, file_catid ! FROM ' . LINKS_TABLE . " ! WHERE file_approved = '1' AND file_catid IN (" . $this->gen_cat_ids($cat_id) . ") ORDER BY file_time DESC"; --- 245,250 ---- $sql = 'SELECT file_time, file_id, file_name, file_catid ! FROM ' . LINKS_TABLE . " ! WHERE file_approved = '1' AND file_catid IN (" . $this->gen_cat_ids($cat_id) . ") ORDER BY file_time DESC"; *************** *** 264,269 **** { $sql = 'UPDATE ' . LINK_CATEGORIES_TABLE . " ! SET cat_last_file_id = " . intval($file_info['file_id']) . ", ! cat_last_file_name = '" . addslashes($file_info['file_name']) . "', cat_last_file_time = " . intval($file_info['file_time']) . " WHERE cat_id = $cat_id"; --- 264,269 ---- { $sql = 'UPDATE ' . LINK_CATEGORIES_TABLE . " ! SET cat_last_file_id = " . intval($file_info['file_id']) . ", ! cat_last_file_name = '" . addslashes($file_info['file_name']) . "', cat_last_file_time = " . intval($file_info['file_time']) . " WHERE cat_id = $cat_id"; *************** *** 311,315 **** { $template->assign_block_vars( 'navlinks', array( 'CAT_NAME' => $parent_name, ! 'U_VIEW_CAT' => append_sid( linkdb_this_mxurl( 'action=category&cat_id=' . $parent_cat_id ) ) ) ); } --- 311,315 ---- { $template->assign_block_vars( 'navlinks', array( 'CAT_NAME' => $parent_name, ! 'U_VIEW_CAT' => append_sid( linkdb_this_mxurl( 'action=category&cat_id=' . $parent_cat_id ) ) ) ); } *************** *** 317,321 **** $template->assign_block_vars( 'navlinks', array( 'CAT_NAME' => $this->cat_rowset[$cat_id]['cat_name'], ! 'U_VIEW_CAT' => append_sid( linkdb_this_mxurl( 'action=category&cat_id=' . $this->cat_rowset[$cat_id]['cat_id'] ) ) ) ); --- 317,321 ---- $template->assign_block_vars( 'navlinks', array( 'CAT_NAME' => $this->cat_rowset[$cat_id]['cat_name'], ! 'U_VIEW_CAT' => append_sid( linkdb_this_mxurl( 'action=category&cat_id=' . $this->cat_rowset[$cat_id]['cat_id'] ) ) ) ); *************** *** 340,345 **** $sql = 'SELECT COUNT(link_id) as total_files ! FROM ' . LINKS_TABLE . " ! WHERE link_approved = '1' AND link_catid IN (" . $this->gen_cat_ids( $cat_id ) . ') ORDER BY link_time DESC'; --- 340,345 ---- $sql = 'SELECT COUNT(link_id) as total_files ! FROM ' . LINKS_TABLE . " ! WHERE link_approved = '1' AND link_catid IN (" . $this->gen_cat_ids( $cat_id ) . ') ORDER BY link_time DESC'; *************** *** 409,420 **** $template->assign_vars( array( 'L_SUB_CAT' => $lang['Sub_category'], 'L_CATEGORY' => $lang['Category'], ! 'L_FILES' => $lang['Files'] ) ! ); // output the root level category if ( isset( $this->subcat_rowset[$cat_id] ) ) ! { ! // Separate link categories into $catcol columns, script by CRLin ! $catnum = count( $this->subcat_rowset[$cat_id] ); $catcol = $linkdb_config['cat_col']; --- 409,420 ---- $template->assign_vars( array( 'L_SUB_CAT' => $lang['Sub_category'], 'L_CATEGORY' => $lang['Category'], ! 'L_FILES' => $lang['Files'] ) ! ); // output the root level category if ( isset( $this->subcat_rowset[$cat_id] ) ) ! { ! // Separate link categories into $catcol columns, script by CRLin ! $catnum = count( $this->subcat_rowset[$cat_id] ); $catcol = $linkdb_config['cat_col']; *************** *** 433,442 **** $sub_cat = $this->get_sub_cat( $subcat_id ); ! $template->assign_block_vars( 'CAT_PARENT.catcol.no_cat_parent', array( 'U_CAT' => append_sid( linkdb_this_mxurl( 'action=category&cat_id=' . $subcat_id ) ), // 'SUB_CAT' => ( !empty($sub_cat) ) ? $sub_cat : $lang['None'], 'SUB_CAT' => ( !empty( $sub_cat ) ) ? " $sub_cat" : "", 'CAT_IMAGE' => $images['linkdb_folder'], 'CAT_NAME' => $subcat_row['cat_name'], ! 'FILECAT' => $this->file_in_cat( $subcat_id ) ) ); } --- 433,442 ---- $sub_cat = $this->get_sub_cat( $subcat_id ); ! $template->assign_block_vars( 'CAT_PARENT.catcol.no_cat_parent', array( 'U_CAT' => append_sid( linkdb_this_mxurl( 'action=category&cat_id=' . $subcat_id ) ), // 'SUB_CAT' => ( !empty($sub_cat) ) ? $sub_cat : $lang['None'], 'SUB_CAT' => ( !empty( $sub_cat ) ) ? " $sub_cat" : "", 'CAT_IMAGE' => $images['linkdb_folder'], 'CAT_NAME' => $subcat_row['cat_name'], ! 'FILECAT' => $this->file_in_cat( $subcat_id ) ) ); } *************** *** 471,475 **** AND f1.link_approved = 1 $cat_where ! GROUP BY f1.link_id ORDER BY $sort_method $sort_order"; break; --- 471,475 ---- AND f1.link_approved = 1 $cat_where ! GROUP BY f1.link_id ORDER BY $sort_method $sort_order"; break; *************** *** 482,486 **** WHERE f1.link_approved = 1 $cat_where ! GROUP BY f1.link_id ORDER BY $sort_method $sort_order"; break; --- 482,486 ---- WHERE f1.link_approved = 1 $cat_where ! GROUP BY f1.link_id ORDER BY $sort_method $sort_order"; break; *************** *** 501,505 **** $where_sql = ( !empty( $cat_id ) ) ? "AND link_catid = $cat_id" : ''; $sql = "SELECT COUNT(link_id) as total_file ! FROM " . LINKS_TABLE . " WHERE link_approved='1' $where_sql"; --- 501,505 ---- $where_sql = ( !empty( $cat_id ) ) ? "AND link_catid = $cat_id" : ''; $sql = "SELECT COUNT(link_id) as total_file ! FROM " . LINKS_TABLE . " WHERE link_approved='1' $where_sql"; *************** *** 549,553 **** 'START' => $start, ! 'S_ACTION_SORT' => append_sid( linkdb_this_mxurl( "action=$action" ) ) ) ); --- 549,553 ---- 'START' => $start, ! 'S_ACTION_SORT' => append_sid( linkdb_this_mxurl( "action=$action" ) ) ) ); *************** *** 557,568 **** } for ( $i = 0; $i < count( $file_rowset ); $i++ ) ! { ! // Format the date for the given file ! ! $date = create_date( $board_config['default_dateformat'], $file_rowset[$i]['link_time'], $board_config['board_timezone'] ); ! // If the file is new then put a new image in front of it ! /*$is_new = FALSE; if (time() - ($linkdb_config['settings_newdays'] * 24 * 60 * 60) < $file_rowset[$i]['link_time']) --- 557,568 ---- } for ( $i = 0; $i < count( $file_rowset ); $i++ ) ! { ! // Format the date for the given file ! ! $date = create_date( $board_config['default_dateformat'], $file_rowset[$i]['link_time'], $board_config['board_timezone'] ); ! // If the file is new then put a new image in front of it ! /*$is_new = FALSE; if (time() - ($linkdb_config['settings_newdays'] * 24 * 60 * 60) < $file_rowset[$i]['link_time']) *************** *** 577,584 **** $file_poster .= ( $file_rowset[$i]['user_id'] != ANONYMOUS ) ? $file_rowset[$i]['username'] : $file_rowset[$i]['post_username'] . '(' . $lang['Guest'] . ')'; $file_poster .= ( $file_rowset[$i]['user_id'] != ANONYMOUS ) ? '</a>' : ''; ! $file_rating = ( $file_rowset[$i]['rating'] != 0 ) ? round( $file_rowset[$i]['rating'], 2 ) . '/10' : $lang['Not_rated']; ! // Assign Vars ! $template->assign_block_vars( "FILELIST.file_rows", array( 'COLOR' => ( $linkdb_config['split_links'] ) ? "row1" : ( ( $i % 2 ) ? "row2" : "row1" ), 'L_NEW_FILE' => $lang['New_file'], --- 577,584 ---- $file_poster .= ( $file_rowset[$i]['user_id'] != ANONYMOUS ) ? $file_rowset[$i]['username'] : $file_rowset[$i]['post_username'] . '(' . $lang['Guest'] . ')'; $file_poster .= ( $file_rowset[$i]['user_id'] != ANONYMOUS ) ? '</a>' : ''; ! $file_rating = ( $file_rowset[$i]['rating'] != 0 ) ? round( $file_rowset[$i]['rating'], 2 ) . '/10' : $lang['Not_rated']; ! // Assign Vars ! $template->assign_block_vars( "FILELIST.file_rows", array( 'COLOR' => ( $linkdb_config['split_links'] ) ? "row1" : ( ( $i % 2 ) ? "row2" : "row1" ), 'L_NEW_FILE' => $lang['New_file'], *************** *** 599,603 **** 'U_CAT' => $cat_url, ! 'U_FILE' => append_sid( linkdb_this_mxurl( 'action=link&link_id=' . $file_rowset[$i]['link_id'] ) ) ) ); if ( $linkdb_config['allow_vote'] ) --- 599,603 ---- 'U_CAT' => $cat_url, ! 'U_FILE' => append_sid( linkdb_this_mxurl( 'action=link&link_id=' . $file_rowset[$i]['link_id'] ) ) ) ); if ( $linkdb_config['allow_vote'] ) *************** *** 616,620 **** $template->assign_vars( array( 'NO_FILE' => $show_file_message, 'L_NO_FILES' => $lang['No_links'], ! 'L_NO_FILES_CAT' => $lang['No_links_cat'] ) ); } --- 616,620 ---- $template->assign_vars( array( 'NO_FILE' => $show_file_message, 'L_NO_FILES' => $lang['No_links'], ! 'L_NO_FILES_CAT' => $lang['No_links_cat'] ) ); } *************** *** 645,652 **** return $banner; ! } ! // Admin and mod functions ! function update_add_cat( $cat_id = false ) { --- 645,652 ---- return $banner; ! } ! // Admin and mod functions ! function update_add_cat( $cat_id = false ) { *************** *** 692,696 **** $cat_order += 10; ! $sql = 'INSERT INTO ' . LINK_CATEGORIES_TABLE . " (cat_name, cat_parent, cat_order) VALUES('$cat_name', $cat_parent, $cat_order)"; --- 692,696 ---- $cat_order += 10; ! $sql = 'INSERT INTO ' . LINK_CATEGORIES_TABLE . " (cat_name, cat_parent, cat_order) VALUES('$cat_name', $cat_parent, $cat_order)"; *************** *** 702,706 **** else { ! $sql = 'UPDATE ' . LINK_CATEGORIES_TABLE . " SET cat_name = '$cat_name', cat_parent = $cat_parent WHERE cat_id = $cat_id"; --- 702,706 ---- else { ! $sql = 'UPDATE ' . LINK_CATEGORIES_TABLE . " SET cat_name = '$cat_name', cat_parent = $cat_parent WHERE cat_id = $cat_id"; *************** *** 759,763 **** } ! $sql = 'DELETE FROM ' . LINK_CATEGORIES_TABLE . " WHERE cat_id = $cat_id"; --- 759,763 ---- } ! $sql = 'DELETE FROM ' . LINK_CATEGORIES_TABLE . " WHERE cat_id = $cat_id"; *************** *** 798,802 **** $file_ids = array(); $files_data = array(); ! $sql = 'SELECT link_id FROM ' . LINKS_TABLE . " WHERE link_catid = $id"; --- 798,802 ---- $file_ids = array(); $files_data = array(); ! $sql = 'SELECT link_id FROM ' . LINKS_TABLE . " WHERE link_catid = $id"; *************** *** 817,821 **** else { ! $sql = 'SELECT link_id FROM ' . LINKS_TABLE . " WHERE link_id = $id"; --- 817,821 ---- else { ! $sql = 'SELECT link_id FROM ' . LINKS_TABLE . " WHERE link_id = $id"; *************** *** 884,888 **** $this->delete_subcat( $sub_cat_id, $file_mode, $to_cat ); ! $sql = 'DELETE FROM ' . LINK_CATEGORIES_TABLE . " WHERE cat_id = $sub_cat_id"; --- 884,888 ---- $this->delete_subcat( $sub_cat_id, $file_mode, $to_cat ); ! $sql = 'DELETE FROM ' . LINK_CATEGORIES_TABLE . " WHERE cat_id = $sub_cat_id"; *************** *** 1064,1075 **** else { ! $sql = "UPDATE " . LINKS_TABLE . " ! SET link_name = '" . str_replace( "\'", "''", $file_name ) . "', ! link_longdesc = '" . str_replace( "\'", "''", $file_long_desc ) . "', link_url = '$file_remote_url', link_logo_src = '$link_logo_src', ! link_catid = '$cat_id', ! link_hits = '$file_dls', ! link_approved = '$file_approved' WHERE link_id = '$file_id'"; } --- 1064,1075 ---- else { ! $sql = "UPDATE " . LINKS_TABLE . " ! SET link_name = '" . str_replace( "\'", "''", $file_name ) . "', ! link_longdesc = '" . str_replace( "\'", "''", $file_long_desc ) . "', link_url = '$file_remote_url', link_logo_src = '$link_logo_src', ! link_catid = '$cat_id', ! link_hits = '$file_dls', ! link_approved = '$file_approved' WHERE link_id = '$file_id'"; } |
