Update of /cvsroot/php-blog/serendipity
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21474
Modified Files:
Tag: branch-smarty
comment.php index.php serendipity_admin_comments.inc.php
serendipity_admin_users.inc.php serendipity_functions.inc.php
serendipity_functions_config.inc.php
serendipity_functions_images.inc.php
Log Message:
MFH
Index: serendipity_admin_users.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/serendipity_admin_users.inc.php,v
retrieving revision 1.10
retrieving revision 1.10.2.1
diff -u -d -r1.10 -r1.10.2.1
--- serendipity_admin_users.inc.php 9 Sep 2004 10:52:03 -0000 1.10
+++ serendipity_admin_users.inc.php 14 Sep 2004 13:11:16 -0000 1.10.2.1
@@ -22,7 +22,7 @@
} elseif ($_POST['userlevel'] > $serendipity['serendipityUserlevel']) {
echo '<strong>' . CREATE_NOT_AUTHORIZED_USERLEVEL . '</strong>';
} else {
- serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}authors WHERE authorid={$serendipity['POST']['user']}");
+ serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}authors WHERE authorid=" . (int)$serendipity['POST']['user']);
printf('<strong>' . DELETED_USER . '</strong>', $serendipity['POST']['user'], $user[0]['username']);
}
}
@@ -37,8 +37,8 @@
password
)
VALUES (
- '{$_POST['username']}',
- '$enc_pass'
+ '" . serendipity_db_escape_string($_POST['username']) . "',
+ '" . serendipity_db_escape_String($enc_pass) . "'
)";
serendipity_db_query($query);
$serendipity['POST']['user'] = serendipity_db_insert_id('authors', 'authorid');
Index: serendipity_admin_comments.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/serendipity_admin_comments.inc.php,v
retrieving revision 1.17.2.1
retrieving revision 1.17.2.2
diff -u -d -r1.17.2.1 -r1.17.2.2
--- serendipity_admin_comments.inc.php 14 Sep 2004 10:46:10 -0000 1.17.2.1
+++ serendipity_admin_comments.inc.php 14 Sep 2004 13:11:16 -0000 1.17.2.2
@@ -24,8 +24,8 @@
url = '" . serendipity_db_escape_string($serendipity['POST']['url']) . "',
parent_id = '" . serendipity_db_escape_string($serendipity['POST']['replyTo']) . "',
body = '" . serendipity_db_escape_string($serendipity['POST']['comment']) . "'
- WHERE id = " . serendipity_db_escape_string($serendipity['GET']['id']) . " AND
- entry_id = " . serendipity_db_escape_string($serendipity['POST']['entry_id']);
+ WHERE id = " . (int)$serendipity['GET']['id'] . " AND
+ entry_id = " . (int)$serendipity['POST']['entry_id'];
serendipity_db_query($sql);
echo COMMENT_EDITED;
return true;
@@ -38,7 +38,7 @@
FROM {$serendipity['dbPrefix']}comments c
LEFT JOIN {$serendipity['dbPrefix']}entries e ON (e.id = c.entry_id)
LEFT JOIN {$serendipity['dbPrefix']}authors a ON (e.authorid = a.authorid)
- WHERE c.id = " . serendipity_db_escape_string($serendipity['GET']['id']) ." AND status = 'pending'";
+ WHERE c.id = " . (int)$serendipity['GET']['id'] ." AND status = 'pending'";
$rs = serendipity_db_query($sql, true);
if ($rs === false) {
@@ -63,7 +63,7 @@
/* If we are not in preview, we need data from our database */
if (!isset($serendipity['POST']['preview']) ) {
- $comment = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}comments WHERE id = ". $serendipity['GET']['id']);
+ $comment = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}comments WHERE id = ". (int)$serendipity['GET']['id']);
$data['name'] = $comment[0]['author'];
$data['email'] = $comment[0]['email'];
$data['url'] = $comment[0]['url'];
Index: serendipity_functions_images.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/serendipity_functions_images.inc.php,v
retrieving revision 1.36
retrieving revision 1.36.2.1
diff -u -d -r1.36 -r1.36.2.1
--- serendipity_functions_images.inc.php 2 Sep 2004 13:41:00 -0000 1.36
+++ serendipity_functions_images.inc.php 14 Sep 2004 13:11:17 -0000 1.36.2.1
@@ -6,11 +6,12 @@
function serendipity_fetchImagesFromDatabase($start=0, $limit=0, &$total, $order = false, $ordermode = false, $directory = '') {
global $serendipity;
- if (empty($order)) {
+ $orderfields = serendipity_getImageFields();
+ if (empty($order) || !isset($orderfields[$order])) {
$order = 'date';
}
- if (empty($ordermode)) {
+ if (empty($ordermode) || ($ordermode != 'DESC' && $ordermode != 'ASC')) {
$ordermode = 'DESC';
}
@@ -39,7 +40,7 @@
function serendipity_fetchImageFromDatabase($id) {
global $serendipity;
- $rs = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}images WHERE id = ". $id, true, 'assoc');
+ $rs = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}images WHERE id = ". (int)$id, true, 'assoc');
return $rs;
}
@@ -54,9 +55,9 @@
$i=0;
if (sizeof($updates) > 0) {
foreach ($updates as $k => $v) {
- $q[] = $k ." = '" . $v . "'";
+ $q[] = $k ." = '" . serendipity_db_escape_string($v) . "'";
}
- serendipity_db_query("UPDATE {$serendipity['dbPrefix']}images SET ". implode($q, ',') ." WHERE id = $id $admin");
+ serendipity_db_query("UPDATE {$serendipity['dbPrefix']}images SET ". implode($q, ',') ." WHERE id = " . (int)$id . " $admin");
$i++;
}
return $i;
@@ -87,7 +88,7 @@
} else {
printf(FILE_NOT_FOUND . '<br />', $dFile);
}
- serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}images WHERE id = ". $id);
+ serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}images WHERE id = ". (int)$id);
}
/**
@@ -159,12 +160,12 @@
serendipity_db_escape_string($filename),
serendipity_db_escape_string($extension),
serendipity_db_escape_string($mimetype),
- serendipity_db_escape_string($filesize),
- serendipity_db_escape_string($width),
- serendipity_db_escape_string($height),
+ (int)$filesize,
+ (int)$width,
+ (int)$height,
serendipity_db_escape_string($thumbnail),
- serendipity_db_escape_string($date),
- serendipity_db_escape_string($authorid),
+ (int)$date,
+ (int)$authorid,
serendipity_db_escape_string($directory)
);
@@ -542,8 +543,8 @@
$rs = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}images
WHERE name = '" . serendipity_db_escape_string($fbase) . "'
- " . ($fdir != '' ? "AND path = '$fdir'" : '') . "
- AND mime = '$fdim[mime]'", true, 'assoc');
+ " . ($fdir != '' ? "AND path = '" . serendipity_db_escape_string($fdir) . "'" : '') . "
+ AND mime = '" . serendipity_db_escape_string($fdim['mime']) . "'", true, 'assoc');
if (is_array($rs)) {
$update = array();
$checkfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $rs['path'] . $rs['name'] . '.' . $rs['thumbnail_name'] . '.' . $rs['extension'];
@@ -694,15 +695,7 @@
$left = '<input type="button" value="<<<" onclick="location.href=\'?'. $extraParems .'serendipity[page]=' . ($page-1) . '\';" '. (($start <= 0) ? 'disabled' : '') .'>' . "\n";
$right = '<input type="button" value=">>>" onclick="location.href=\'?'. $extraParems .'serendipity[page]=' . ($page+1) . '\';" '. (($totalImages < $start+$perPage) ? 'disabled' : '') .'>' . "\n";
- $sort_order = array(
- 'date' => SORT_ORDER_DATE,
- 'name' => SORT_ORDER_NAME,
- 'authorid' => AUTHOR,
- 'extension' => SORT_ORDER_EXTENSION,
- 'size' => SORT_ORDER_SIZE,
- 'dimensions_width' => SORT_ORDER_WIDTH,
- 'dimensions_height' => SORT_ORDER_HEIGHT
- );
+ $sort_order = serendipity_getImageFields();
serendipity_traversePath(
$paths,
@@ -1035,4 +1028,16 @@
return $fdim;
}
-?>
+
+function serendipity_getImageFields() {
+ return array(
+ 'date' => SORT_ORDER_DATE,
+ 'name' => SORT_ORDER_NAME,
+ 'authorid' => AUTHOR,
+ 'extension' => SORT_ORDER_EXTENSION,
+ 'size' => SORT_ORDER_SIZE,
+ 'dimensions_width' => SORT_ORDER_WIDTH,
+ 'dimensions_height' => SORT_ORDER_HEIGHT
+ );
+}
+?>
\ No newline at end of file
Index: serendipity_functions.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/serendipity_functions.inc.php,v
retrieving revision 1.419.2.13
retrieving revision 1.419.2.14
diff -u -d -r1.419.2.13 -r1.419.2.14
--- serendipity_functions.inc.php 14 Sep 2004 10:46:10 -0000 1.419.2.13
+++ serendipity_functions.inc.php 14 Sep 2004 13:11:16 -0000 1.419.2.14
@@ -608,15 +608,15 @@
}
}
elseif (is_array($range) && count($range)==2) {
- $startts = $range[0];
- $endts = $range[1];
+ $startts = (int)$range[0];
+ $endts = (int)$range[1];
$and = " WHERE timestamp >= $startts AND timestamp <= $endts";
}
else {
if ($modified_since) {
$unix_modified = strtotime($modified_since);
if ($unix_modified != -1) {
- $and = ' WHERE last_modified >= ' . $unix_modified;
+ $and = ' WHERE last_modified >= ' . (int)$unix_modified;
if (!empty($limit)) {
$limit = ($limit > $serendipity['max_fetch_limit'] ? $limit : $serendipity['max_fetch_limit']);
}
@@ -792,7 +792,7 @@
{$serendipity['dbPrefix']}authors a
WHERE
a.authorid = e.authorid
- AND e.$key LIKE $val
+ AND e.$key LIKE '" . serendipity_db_escape_string($val) . "'
$admin
$drafts
LIMIT 1";
@@ -816,7 +816,7 @@
$authorid = 'all';
}
- if ($authorid != 'all') {
+ if ($authorid != 'all' && is_numeric($authorid)) {
$where = " WHERE (c.authorid = $authorid OR c.authorid = 0) OR a.userlevel < ".$serendipity['serendipityUserlevel'];
} else {
$where = '';
@@ -838,7 +838,7 @@
global $serendipity;
$right = $left + 1;
- $result = serendipity_db_query("SELECT categoryid FROM {$serendipity['dbPrefix']}category WHERE parentid='" . (int)$parent . "'");
+ $result = serendipity_db_query("SELECT categoryid FROM {$serendipity['dbPrefix']}category WHERE parentid = '" . (int)$parent . "'");
if ( is_array($result) ) {
foreach ( $result as $category ) {
$right = serendipity_rebuildCategoryTree($category['categoryid'], $right);
@@ -1321,7 +1321,7 @@
}
if (!empty($id)) {
- $and .= ' AND co.entry_id=' . (int)$id;
+ $and .= " AND co.entry_id = '" . (int)$id ."'";
}
if (!$showAll) {
@@ -1531,8 +1531,8 @@
FROM {$serendipity['dbPrefix']}comments c
LEFT JOIN {$serendipity['dbPrefix']}entries e ON (e.id = c.entry_id)
LEFT JOIN {$serendipity['dbPrefix']}authors a ON (e.authorid = a.authorid)
- WHERE c.id = ". (int)$cid ."
- ". (($serendipity['serendipityUserlevel'] != USERLEVEL_ADMIN && $force !== true) ? 'AND e.authorid = '. $serendipity['authorId'] : '') ."
+ WHERE c.id = '". (int)$cid ."'
+ ". (($serendipity['serendipityUserlevel'] != USERLEVEL_ADMIN && $force !== true) ? "AND e.authorid = '". (int)$serendipity['authorId'] ."'" : '') ."
". (($force === true) ? "" : "AND status = 'pending'");
$rs = serendipity_db_query($sql, true);
@@ -1634,8 +1634,8 @@
$sql = "SELECT $pgsql_insert author, email, type
FROM {$serendipity['dbPrefix']}comments
- WHERE entry_id = ". (int)$entry_id ."
- AND email <> '$posterMail'
+ WHERE entry_id = '". (int)$entry_id ."'
+ AND email <> '" . serendipity_db_escape_string($posterMail) . "'
AND subscribed = 'true' $mysql_insert";
$subscribers = serendipity_db_query($sql);
@@ -1677,7 +1677,7 @@
$sql = "UPDATE {$serendipity['dbPrefix']}comments
SET subscribed = 'false'
WHERE entry_id = '". (int)$entry_id ."'
- AND email = '$email'";
+ AND email = '" . serendipity_db_escape_string($email) . "'";
serendipity_db_query($sql);
return serendipity_db_affected_rows();
@@ -1747,7 +1747,7 @@
{
global $serendipity;
- $query = "SELECT name,link FROM {$serendipity['dbPrefix']}references WHERE entry_id='" . (int)$id . "'";
+ $query = "SELECT name,link FROM {$serendipity['dbPrefix']}references WHERE entry_id = '" . (int)$id . "'";
return serendipity_db_query($query);
}
@@ -1826,7 +1826,7 @@
// extract author information
if (empty($entry['email'])) {
- $query = "select email from {$serendipity['dbPrefix']}authors where username='". serendipity_db_escape_string($entry['username']) ."'";
+ $query = "select email FROM {$serendipity['dbPrefix']}authors WHERE username = '". serendipity_db_escape_string($entry['username']) ."'";
$results = serendipity_db_query($query);
$entry['email'] = $results[0]['email'];
}
@@ -2323,8 +2323,9 @@
$locations[$i] = 'http' . (!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) != 'off' ? 's' : '') . '://' . $_SERVER['HTTP_HOST'] . $locations[$i];
}
- $query = "SELECT COUNT(id) FROM {$serendipity['dbPrefix']}references WHERE ";
- $query .= "entry_id=". (int)$tmpid ." AND link='" . serendipity_db_escape_string($locations[$i]) . "'";
+ $query = "SELECT COUNT(id) FROM {$serendipity['dbPrefix']}references
+ WHERE entry_id = '". (int)$tmpid ."'
+ AND link = '" . serendipity_db_escape_string($locations[$i]) . "'";
$row = serendipity_db_query($query, true, 'num');
if ($row[0] > 0) {
@@ -2481,7 +2482,7 @@
}
// Purge the daily/monthly entries so they can be rebuilt
- $result = serendipity_db_query("SELECT timestamp, authorid FROM {$serendipity['dbPrefix']}entries WHERE id=". (int)$id, true);
+ $result = serendipity_db_query("SELECT timestamp, authorid FROM {$serendipity['dbPrefix']}entries WHERE id = '". (int)$id ."'", true);
if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF && $result[1] != $serendipity['authorid']) {
// Only admins and chief users can delete entries which do not belong to the author
@@ -2491,9 +2492,7 @@
serendipity_purgeEntry($id, $result[0]);
serendipity_db_query("DELETE FROM {$serendipity["dbPrefix"]}entries WHERE id=$id");
-
serendipity_db_query("DELETE FROM {$serendipity["dbPrefix"]}comments WHERE entry_id=$id");
-
serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}references WHERE entry_id='$id'");
}
@@ -2943,8 +2942,8 @@
FROM
$serendipity[dbPrefix]authors
WHERE
- username = '$username'
- AND password = '$password'";
+ username = '" . serendipity_db_escape_string($username) . "'
+ AND password = '" . serendipity_db_escape_string($password) . "'";
$row = serendipity_db_query($query, true, 'assoc');
if (is_array($row)) {
@@ -2996,31 +2995,41 @@
if (rand(0, 100) < 1) {
serendipity_track_referrer_gc();
}
- if(preg_match('/^mysqli?/', $serendipity['dbType']))
+
+ if(preg_match('/^mysqli?/', $serendipity['dbType'])) {
$interval = 900;
- else
+ } else {
$interval = "interval '900'";
+ }
$suppressq = "SELECT count(1)
FROM $serendipity[dbPrefix]suppress
- WHERE ip = '$_SERVER[REMOTE_ADDR]'
- AND scheme = '$url_parts[scheme]'
- AND port = '$url_parts[port]'
- AND host = '$url_parts[host]'
- AND path = '$url_parts[path]'
- AND query = '$url_parts[query]'
+ WHERE ip = '" . serendipity_db_escape_string($_SERVER['REMOTE_ADDR']) . "'
+ AND scheme = '" . serendipity_db_escape_string($url_parts['scheme']) . "'
+ AND port = '" . serendipity_db_escape_string($url_parts['port']) . "'
+ AND host = '" . serendipity_db_escape_string($url_parts['host']) . "'
+ AND path = '" . serendipity_db_escape_string($url_parts['path']) . "'
+ AND query = '" . serendipity_db_escape_string($url_parts['query']) . "'
AND last > now() - $interval";
$suppressp = "DELETE FROM $serendipity[dbPrefix]suppress
- WHERE ip = '$_SERVER[REMOTE_ADDR]'
- AND scheme = '$url_parts[scheme]'
- AND host = '$url_parts[host]'
- AND port = '$url_parts[port]'
- AND query = '$url_parts[query]'
- AND path = '$url_parts[path]'";
+ WHERE ip = '" . serendipity_db_escape_string($_SERVER['REMOTE_ADDR']) . "'
+ AND scheme = '" . serendipity_db_escape_string($url_parts['scheme']) . "'
+ AND host = '" . serendipity_db_escape_string($url_parts['host']) . "'
+ AND port = '" . serendipity_db_escape_string($url_parts['port']) . "'
+ AND query = '" . serendipity_db_escape_string($url_parts['query']) . "'
+ AND path = '" . serendipity_db_escape_string($url_parts['path']) . "'";
$suppressu = "INSERT INTO $serendipity[dbPrefix]suppress
(ip, last, scheme, host, port, path, query)
- VALUES ('$_SERVER[REMOTE_ADDR]', now(), '$url_parts[scheme]', '$url_parts[host]', '$url_parts[port]', '$url_parts[path]', '$url_parts[query]')";
+ VALUES (
+ '" . serendipity_db_escape_string($_SERVER['REMOTE_ADDR']) . "',
+ now(),
+ '" . serendipity_db_escape_string($url_parts['scheme']) . "',
+ '" . serendipity_db_escape_string($url_parts['host']) . "',
+ '" . serendipity_db_escape_string($url_parts['port']) . "',
+ '" . serendipity_db_escape_string($url_parts['path']) . "',
+ '" . serendipity_db_escape_string($url_parts['query']) . "'
+ )";
$count = serendipity_db_query($suppressq, true);
@@ -3068,11 +3077,11 @@
$serendipity['dbPrefix'],
$list,
- $url_parts['scheme'],
- $url_parts['host'],
- $url_parts['port'],
- $url_parts['path'],
- $url_parts['query'],
+ serendipity_db_escape_string($url_parts['scheme']),
+ serendipity_db_escape_string($url_parts['host']),
+ serendipity_db_escape_string($url_parts['port']),
+ serendipity_db_escape_string($url_parts['path']),
+ serendipity_db_escape_string($url_parts['query']),
($entry_id != 0) ? "AND entry_id = '". (int)$entry_id ."'" : ''
)
);
@@ -3086,12 +3095,12 @@
$serendipity['dbPrefix'],
$list,
- $entry_id,
- $url_parts['scheme'],
- $url_parts['host'],
- $url_parts['port'],
- $url_parts['path'],
- $url_parts['query']
+ (int)$entry_id,
+ serendipity_db_escape_string($url_parts['scheme']),
+ serendipity_db_escape_string($url_parts['host']),
+ serendipity_db_escape_string($url_parts['port']),
+ serendipity_db_escape_string($url_parts['path']),
+ serendipity_db_escape_string($url_parts['query'])
)
);
}
@@ -3244,10 +3253,10 @@
return;
}
- $query = "DELETE FROM $serendipity[dbPrefix]entrycat WHERE entryid = $postid";
+ $query = "DELETE FROM $serendipity[dbPrefix]entrycat WHERE entryid = " . (int)$postid;
serendipity_db_query($query);
- $query = "INSERT INTO $serendipity[dbPrefix]entrycat (entryid, categoryid) VALUES ($categories[0], $postid)";
+ $query = "INSERT INTO $serendipity[dbPrefix]entrycat (entryid, categoryid) VALUES (" . (int)$categories[0] . ", " . (int)$postid . ")";
serendipity_db_query($query);
}
Index: index.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/index.php,v
retrieving revision 1.49.2.1
retrieving revision 1.49.2.2
diff -u -d -r1.49.2.1 -r1.49.2.2
--- index.php 9 Sep 2004 15:02:15 -0000 1.49.2.1
+++ index.php 14 Sep 2004 13:11:16 -0000 1.49.2.2
@@ -115,7 +115,7 @@
}
}
- $id = $matches[1];
+ $id = (int)$matches[1];
serendipity_track_referrer($id);
$track_referer = false;
@@ -123,8 +123,7 @@
$_GET['serendipity']['action'] = 'read';
$_GET['serendipity']['id'] = $id;
- $title = serendipity_db_query("SELECT title FROM {$serendipity['dbPrefix']}entries " .
- 'WHERE id=' . serendipity_db_escape_string($id), true);
+ $title = serendipity_db_query("SELECT title FROM {$serendipity['dbPrefix']}entries WHERE id=$id", true);
$title = $title[0];
$serendipity['blogSubTitle'] = $serendipity['blogTitle'];
Index: serendipity_functions_config.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/serendipity_functions_config.inc.php,v
retrieving revision 1.10
retrieving revision 1.10.2.1
diff -u -d -r1.10 -r1.10.2.1
--- serendipity_functions_config.inc.php 30 Aug 2004 09:13:59 -0000 1.10
+++ serendipity_functions_config.inc.php 14 Sep 2004 13:11:17 -0000 1.10.2.1
@@ -3,7 +3,7 @@
function serendipity_set_config_var($name, $val, $authorid = 0) {
global $serendipity;
- serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}config where name='" . serendipity_db_escape_string($name) . "' AND authorid = " . serendipity_db_escape_string($authorid));
+ serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}config where name='" . serendipity_db_escape_string($name) . "' AND authorid = " . (int)$authorid);
$r = serendipity_db_insert('config', array('name' => $name, 'value' => $val, 'authorid' => $authorid));
$serendipity[$name] = $val;
if (is_string($r)) {
@@ -27,7 +27,7 @@
function serendipity_get_user_var($name, $authorid, $default) {
global $serendipity;
- $r = serendipity_db_query("SELECT $name FROM {$serendipity['dbPrefix']}authors WHERE authorid = " . serendipity_db_escape_string($authorid), true);
+ $r = serendipity_db_query("SELECT $name FROM {$serendipity['dbPrefix']}authors WHERE authorid = " . (int)$authorid, true);
if (is_array($r)) {
return $r[0];
@@ -64,7 +64,7 @@
break;
}
- serendipity_db_query("UPDATE {$serendipity['dbPrefix']}authors SET $name = '" . serendipity_db_escape_string($val) . "' WHERE authorid = " . serendipity_db_escape_string($authorid));
+ serendipity_db_query("UPDATE {$serendipity['dbPrefix']}authors SET $name = '" . serendipity_db_escape_string($val) . "' WHERE authorid = " . (int)$authorid);
if ($copy_to_s9y) {
if (isset($user_map_array[$name])) {
Index: comment.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/comment.php,v
retrieving revision 1.44.2.1
retrieving revision 1.44.2.2
diff -u -d -r1.44.2.1 -r1.44.2.2
--- comment.php 14 Sep 2004 10:31:56 -0000 1.44.2.1
+++ comment.php 14 Sep 2004 13:11:15 -0000 1.44.2.2
@@ -38,12 +38,12 @@
$uri = $_SERVER['REQUEST_URI'];
if (isset($_REQUEST['entry_id'])) {
- $id = $_REQUEST['entry_id'];
+ $id = (int)$_REQUEST['entry_id'];
} else if ($_REQUEST['amp;entry_id']) {
// For possible buggy variable transmission caused by an intermediate CVS-release of s9y
- $id = $_REQUEST['amp;entry_id'];
+ $id = (int)$_REQUEST['amp;entry_id'];
} else if (preg_match('@/(\d+)_[^/]*$@', $uri, $matches)) {
- $id = $matches[1];
+ $id = (int)$matches[1];
}
if ($tb_logging) {
@@ -76,7 +76,7 @@
report_pingback_failure();
}
} else {
- $id = (!empty($serendipity['POST']['entry_id']) ? $serendipity['POST']['entry_id'] : $serendipity['GET']['entry_id']);
+ $id = (int)(!empty($serendipity['POST']['entry_id']) ? $serendipity['POST']['entry_id'] : $serendipity['GET']['entry_id']);
$html_header = '';
@@ -125,7 +125,7 @@
?>
<div class="serendipity_commentsTitle"><?php echo COMMENTS; ?></div>
<?php
- $query = "SELECT allow_comments, moderate_comments FROM {$serendipity['dbPrefix']}entries WHERE id = '$id'";
+ $query = "SELECT allow_comments, moderate_comments FROM {$serendipity['dbPrefix']}entries WHERE id = '" . $id . "'";
$ca = serendipity_db_query($query, true);
serendipity_printComments(serendipity_fetchComments($id), (isset($ca['allow_comments']) ? $ca['allow_comments'] : true));
|