Menu
▾
▴
[mxbb-commits] mx_quotations db_install.php, 1.9, 1.10 db_upgrade.php, 1.10, 1.11 mx_quotations.php, 1.14, 1.15 mx_random_quotation.php, 1.8, 1.9
|
From: Jon O. <jon...@us...> - 2006-06-29 22:45:10
|
Update of /cvsroot/mxbb/mx_quotations In directory sc8-pr-cvs7.sourceforge.net:/tmp/cvs-serv11433/modules/mx_quotations Modified Files: db_install.php db_upgrade.php mx_quotations.php mx_random_quotation.php Log Message: Some security updates Index: mx_random_quotation.php =================================================================== RCS file: /cvsroot/mxbb/mx_quotations/mx_random_quotation.php,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** mx_random_quotation.php 29 Jun 2006 19:06:57 -0000 1.8 --- mx_random_quotation.php 29 Jun 2006 22:45:05 -0000 1.9 *************** *** 20,23 **** --- 20,28 ---- // + // Common Includes and Read Calendar Lite Settings + // + include_once( $module_root_path . 'includes/mx_quotations_constants.' . $phpEx ); + + // // Read Block Settings // *************** *** 55,60 **** if ( ( count( $row ) ) > 0 ) { ! $quote = $row[0]['quote']; ! $author = $row[0]['author']; $post_time = create_date( $board_config['default_dateformat'], $row[0]['post_time'], $board_config['board_timezone'] ); //'D d M Y' $poster = ( $row[0]['poster_id'] != -1 ) ? '<a href="' . append_sid( PHPBB_URL . "profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . '=' . $row[0]['poster_id'] ) . '">' : ''; --- 60,79 ---- if ( ( count( $row ) ) > 0 ) { ! // ! // Instantiate the mx_text class ! // ! include_once($mx_root_path . 'includes/mx_functions_tools.'.$phpEx); ! $mx_text = new mx_text(); ! $mx_text->init(false, false, false); // Note: allowed_html_tags is altered above ! ! // ! // Decode article for display ! // ! $quote = $mx_text->display_simple($row[0]['quote']); ! $author = $mx_text->display_simple($row[0]['author']); ! ! //$quote = $row[0]['quote']; ! //$author = $row[0]['author']; ! $post_time = create_date( $board_config['default_dateformat'], $row[0]['post_time'], $board_config['board_timezone'] ); //'D d M Y' $poster = ( $row[0]['poster_id'] != -1 ) ? '<a href="' . append_sid( PHPBB_URL . "profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . '=' . $row[0]['poster_id'] ) . '">' : ''; Index: mx_quotations.php =================================================================== RCS file: /cvsroot/mxbb/mx_quotations/mx_quotations.php,v retrieving revision 1.14 retrieving revision 1.15 diff -C2 -d -r1.14 -r1.15 *** mx_quotations.php 29 Jun 2006 19:06:57 -0000 1.14 --- mx_quotations.php 29 Jun 2006 22:45:05 -0000 1.15 *************** *** 9,55 **** */ - if ( !defined( 'IN_PORTAL' ) ) - { - define( 'IN_PORTAL', true ); - $mx_root_path = "../../"; ! $phpEx = substr(strrchr(__FILE__, '.'), 1); ! include( $mx_root_path . 'common.' . $phpEx ); ! ! // ! // Start session management ! // ! $mx_user->init($user_ip, PAGE_INDEX); ! // ! // End session management ! // ! ! $is_block = false; ! include( $mx_root_path . 'includes/page_header.' . $phpEx ); ! } ! else { ! if( !defined('IN_PORTAL') || !is_object($mx_block)) ! { ! die("Hacking attempt"); ! } ! // ! // Read Block Settings ! // ! $title = $mx_block->block_info['block_title']; ! $is_block = true; } // ! // Check board language // ! if ( !file_exists( $module_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.' . $phpEx ) ) ! { ! include( $module_root_path . 'language/lang_english/lang_main.' . $phpEx ); ! } ! else ! { ! include( $module_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.' . $phpEx ); ! } if ( !empty( $HTTP_POST_VARS['quote_action'] ) || !empty( $HTTP_GET_VARS['quote_action'] ) ) --- 9,28 ---- */ ! if( !defined('IN_PORTAL') || !is_object($mx_block)) { ! die("Hacking attempt"); } // ! // Common Includes and Read Calendar Lite Settings // ! include_once( $module_root_path . 'includes/mx_quotations_constants.' . $phpEx ); ! ! // ! // Read Block Settings ! // ! $title = $mx_block->block_info['block_title']; ! $is_block = true; if ( !empty( $HTTP_POST_VARS['quote_action'] ) || !empty( $HTTP_GET_VARS['quote_action'] ) ) *************** *** 123,127 **** { $search_where = ( $HTTP_POST_VARS['search_where_select'] == 0 ? 'q.author' : 'q.quote' ); ! $search_string = ( $HTTP_POST_VARS['search_string'] != "" ) ? $HTTP_POST_VARS['search_string'] : "NULL"; $search_strings = explode ( " ", $search_string ); $like_string = ""; --- 96,100 ---- { $search_where = ( $HTTP_POST_VARS['search_where_select'] == 0 ? 'q.author' : 'q.quote' ); ! $search_string = ( $HTTP_POST_VARS['search_string'] != "" ) ? $mx_request_vars->request('search_string', MX_TYPE_NO_TAGS, '') : "NULL"; $search_strings = explode ( " ", $search_string ); $like_string = ""; *************** *** 135,143 **** $sql = "SELECT q.*, u.username ! FROM " . MX_QUOTATIONS_TABLE . " AS q ! LEFT JOIN " . USERS_TABLE . " as u ! ON q.poster_id = u.user_id ! WHERE " . $like_string . " ! ORDER BY q.author"; } else --- 108,116 ---- $sql = "SELECT q.*, u.username ! FROM " . MX_QUOTATIONS_TABLE . " AS q ! LEFT JOIN " . USERS_TABLE . " as u ! ON q.poster_id = u.user_id ! WHERE " . $like_string . " ! ORDER BY q.author"; } else *************** *** 152,156 **** if ( !empty( $HTTP_GET_VARS['initial'] ) || !empty( $HTTP_POST_VARS['initial'] ) ) { ! $initial = ( !empty( $HTTP_POST_VARS['initial'] ) ) ? $HTTP_POST_VARS['initial'] : $HTTP_GET_VARS['initial']; if ( $initial == 'other' ) --- 125,130 ---- if ( !empty( $HTTP_GET_VARS['initial'] ) || !empty( $HTTP_POST_VARS['initial'] ) ) { ! $initial = $mx_request_vars->request('initial', MX_TYPE_NO_TAGS, ''); ! //$initial = ( !empty( $HTTP_POST_VARS['initial'] ) ) ? $HTTP_POST_VARS['initial'] : $HTTP_GET_VARS['initial']; if ( $initial == 'other' ) *************** *** 165,173 **** $sql = "SELECT q.*, u.username ! FROM " . MX_QUOTATIONS_TABLE . " AS q ! LEFT JOIN " . USERS_TABLE . " as u ! ON q.poster_id = u.user_id ! WHERE " . $not_like . " ! ORDER BY q.author"; } elseif ( $initial == 'all' ) --- 139,147 ---- $sql = "SELECT q.*, u.username ! FROM " . MX_QUOTATIONS_TABLE . " AS q ! LEFT JOIN " . USERS_TABLE . " as u ! ON q.poster_id = u.user_id ! WHERE " . $not_like . " ! ORDER BY q.author"; } elseif ( $initial == 'all' ) *************** *** 175,182 **** $all = 1; $sql = "SELECT q.*, u.username ! FROM " . MX_QUOTATIONS_TABLE . " AS q ! LEFT JOIN " . USERS_TABLE . " as u ! ON q.poster_id = u.user_id ! ORDER BY q.author"; } else // if $initial is set and it is not all and is not other -> it is a letter --- 149,156 ---- $all = 1; $sql = "SELECT q.*, u.username ! FROM " . MX_QUOTATIONS_TABLE . " AS q ! LEFT JOIN " . USERS_TABLE . " as u ! ON q.poster_id = u.user_id ! ORDER BY q.author"; } else // if $initial is set and it is not all and is not other -> it is a letter *************** *** 185,193 **** $sql = "SELECT q.*, u.username ! FROM " . MX_QUOTATIONS_TABLE . " AS q ! LEFT JOIN " . USERS_TABLE . " as u ! ON q.poster_id = u.user_id ! WHERE q.author LIKE " . $initial . " ! ORDER BY q.author"; } } --- 159,167 ---- $sql = "SELECT q.*, u.username ! FROM " . MX_QUOTATIONS_TABLE . " AS q ! LEFT JOIN " . USERS_TABLE . " as u ! ON q.poster_id = u.user_id ! WHERE q.author LIKE " . $initial . " ! ORDER BY q.author"; } } *************** *** 234,251 **** $sql = "SELECT q.*, u.username ! FROM " . MX_QUOTATIONS_TABLE . " AS q ! LEFT JOIN " . USERS_TABLE . " as u ! ON q.poster_id = u.user_id ! WHERE " . $not_like . " ! ORDER BY q.author"; } else { $sql = "SELECT q.*, u.username ! FROM " . MX_QUOTATIONS_TABLE . " AS q ! LEFT JOIN " . USERS_TABLE . " as u ! ON q.poster_id = u.user_id ! WHERE q.author LIKE " . $initial . " ! ORDER BY q.author"; } } --- 208,225 ---- $sql = "SELECT q.*, u.username ! FROM " . MX_QUOTATIONS_TABLE . " AS q ! LEFT JOIN " . USERS_TABLE . " as u ! ON q.poster_id = u.user_id ! WHERE " . $not_like . " ! ORDER BY q.author"; } else { $sql = "SELECT q.*, u.username ! FROM " . MX_QUOTATIONS_TABLE . " AS q ! LEFT JOIN " . USERS_TABLE . " as u ! ON q.poster_id = u.user_id ! WHERE q.author LIKE " . $initial . " ! ORDER BY q.author"; } } *************** *** 263,266 **** --- 237,247 ---- if ( count( $postrow ) != 0 ) { + // + // Instantiate the mx_text class + // + include_once($mx_root_path . 'includes/mx_functions_tools.'.$phpEx); + $mx_text = new mx_text(); + $mx_text->init(false, false, false); // Note: allowed_html_tags is altered above + for( $row_count = 0; $row_count < count( $postrow ); $row_count++ ) { *************** *** 268,273 **** $row_class = ( !( $row_count % 2 ) ) ? 'row1' : 'row2'; //$theme['td_class1'] : $theme['td_class2']; ! $quote = $postrow[$row_count]['quote']; ! $author = $postrow[$row_count]['author']; $post_time = create_date( $board_config['default_dateformat'], $postrow[$row_count]['post_time'], $board_config['board_timezone'] ); //'D d M Y' --- 249,260 ---- $row_class = ( !( $row_count % 2 ) ) ? 'row1' : 'row2'; //$theme['td_class1'] : $theme['td_class2']; ! // ! // Decode article for display ! // ! $quote = $mx_text->display_simple($postrow[$row_count]['quote']); ! $author = $mx_text->display_simple($postrow[$row_count]['author']); ! ! //$quote = $postrow[$row_count]['quote']; ! //$author = $postrow[$row_count]['author']; $post_time = create_date( $board_config['default_dateformat'], $postrow[$row_count]['post_time'], $board_config['board_timezone'] ); //'D d M Y' *************** *** 372,379 **** $template->pparse( "mx_quotations" ); } - - if (is_object($mx_page)) - { - $mx_page->add_copyright( 'mxBB quotations Module' ); - } ?> \ No newline at end of file --- 359,361 ---- Index: db_install.php =================================================================== RCS file: /cvsroot/mxbb/mx_quotations/db_install.php,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** db_install.php 2 May 2006 23:28:43 -0000 1.9 --- db_install.php 29 Jun 2006 22:45:05 -0000 1.10 *************** *** 30,34 **** } ! $mx_module_version = '2.0.0'; $mx_module_copy = 'Original mxBB <i>Quotations</i> module by <a href="http://www.mxbb-portal.com" target="_blank">Jaime</a>'; --- 30,34 ---- } ! $mx_module_version = '2.8.0'; $mx_module_copy = 'Original mxBB <i>Quotations</i> module by <a href="http://www.mxbb-portal.com" target="_blank">Jaime</a>'; Index: db_upgrade.php =================================================================== RCS file: /cvsroot/mxbb/mx_quotations/db_upgrade.php,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** db_upgrade.php 2 May 2006 23:28:43 -0000 1.10 --- db_upgrade.php 29 Jun 2006 22:45:05 -0000 1.11 *************** *** 30,34 **** } ! $mx_module_version = '2.0.0'; $mx_module_copy = 'Original mxBB <i>Quotations</i> module by <a href="http://www.mxbb-portal.com" target="_blank">Jaime</a>'; --- 30,34 ---- } ! $mx_module_version = '2.8.0'; $mx_module_copy = 'Original mxBB <i>Quotations</i> module by <a href="http://www.mxbb-portal.com" target="_blank">Jaime</a>'; |
