You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
(179) |
Apr
(56) |
May
(53) |
Jun
(65) |
Jul
(70) |
Aug
(89) |
Sep
(50) |
Oct
(38) |
Nov
(12) |
Dec
(12) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2004 |
Jan
(57) |
Feb
(226) |
Mar
(172) |
Apr
(194) |
May
(120) |
Jun
(162) |
Jul
(297) |
Aug
(156) |
Sep
(312) |
Oct
(180) |
Nov
(358) |
Dec
(362) |
| 2005 |
Jan
(275) |
Feb
(224) |
Mar
(202) |
Apr
(157) |
May
(133) |
Jun
(115) |
Jul
(211) |
Aug
(257) |
Sep
(135) |
Oct
(116) |
Nov
(106) |
Dec
(81) |
| 2006 |
Jan
(74) |
Feb
(94) |
Mar
(59) |
Apr
(125) |
May
(50) |
Jun
(71) |
Jul
(45) |
Aug
(80) |
Sep
(3) |
Oct
(44) |
Nov
(50) |
Dec
(38) |
| 2007 |
Jan
(46) |
Feb
(33) |
Mar
(24) |
Apr
(28) |
May
(19) |
Jun
(37) |
Jul
(66) |
Aug
(73) |
Sep
(87) |
Oct
(33) |
Nov
(39) |
Dec
(37) |
| 2008 |
Jan
(20) |
Feb
(54) |
Mar
(47) |
Apr
(68) |
May
(10) |
Jun
(13) |
Jul
(13) |
Aug
(25) |
Sep
(11) |
Oct
(22) |
Nov
(22) |
Dec
(34) |
| 2009 |
Jan
(34) |
Feb
(35) |
Mar
(11) |
Apr
(10) |
May
(15) |
Jun
(18) |
Jul
(28) |
Aug
(22) |
Sep
(9) |
Oct
(12) |
Nov
(6) |
Dec
(32) |
| 2010 |
Jan
(11) |
Feb
(7) |
Mar
(9) |
Apr
(3) |
May
(16) |
Jun
(1) |
Jul
(2) |
Aug
(25) |
Sep
(9) |
Oct
(8) |
Nov
(4) |
Dec
(8) |
| 2011 |
Jan
(17) |
Feb
(1) |
Mar
(6) |
Apr
(7) |
May
(5) |
Jun
(2) |
Jul
(12) |
Aug
(3) |
Sep
(18) |
Oct
(3) |
Nov
(2) |
Dec
|
| 2012 |
Jan
(92) |
Feb
(74) |
Mar
(64) |
Apr
(55) |
May
(44) |
Jun
(91) |
Jul
(35) |
Aug
(42) |
Sep
(32) |
Oct
(56) |
Nov
(42) |
Dec
(81) |
| 2013 |
Jan
(117) |
Feb
(130) |
Mar
(33) |
Apr
(36) |
May
(155) |
Jun
(241) |
Jul
(113) |
Aug
(70) |
Sep
(50) |
Oct
(55) |
Nov
(34) |
Dec
(36) |
| 2014 |
Jan
(94) |
Feb
(67) |
Mar
(177) |
Apr
(67) |
May
(147) |
Jun
(137) |
Jul
(58) |
Aug
(56) |
Sep
(62) |
Oct
(35) |
Nov
(118) |
Dec
(53) |
| 2015 |
Jan
(204) |
Feb
(165) |
Mar
(275) |
Apr
(42) |
May
(58) |
Jun
(91) |
Jul
(81) |
Aug
(62) |
Sep
(23) |
Oct
(63) |
Nov
(29) |
Dec
(110) |
| 2016 |
Jan
(82) |
Feb
(55) |
Mar
(48) |
Apr
(92) |
May
(77) |
Jun
(41) |
Jul
(27) |
Aug
(41) |
Sep
(101) |
Oct
(84) |
Nov
(12) |
Dec
(18) |
| 2017 |
Jan
(44) |
Feb
(40) |
Mar
(23) |
Apr
(79) |
May
(27) |
Jun
(12) |
Jul
(20) |
Aug
(14) |
Sep
(3) |
Oct
(9) |
Nov
(4) |
Dec
(9) |
| 2018 |
Jan
(5) |
Feb
(23) |
Mar
(150) |
Apr
(114) |
May
(63) |
Jun
(25) |
Jul
(23) |
Aug
(54) |
Sep
(43) |
Oct
(10) |
Nov
(9) |
Dec
(1) |
| 2019 |
Jan
(1) |
Feb
(27) |
Mar
(27) |
Apr
(64) |
May
(21) |
Jun
(17) |
Jul
(12) |
Aug
(81) |
Sep
(15) |
Oct
(25) |
Nov
(15) |
Dec
(13) |
| 2020 |
Jan
(5) |
Feb
(4) |
Mar
(95) |
Apr
(59) |
May
(53) |
Jun
(22) |
Jul
(3) |
Aug
(13) |
Sep
(10) |
Oct
(4) |
Nov
(3) |
Dec
(1) |
| 2021 |
Jan
(20) |
Feb
(32) |
Mar
(34) |
Apr
(22) |
May
(58) |
Jun
(43) |
Jul
(35) |
Aug
(2) |
Sep
(14) |
Oct
(1) |
Nov
(2) |
Dec
|
| 2022 |
Jan
(2) |
Feb
(6) |
Mar
(4) |
Apr
|
May
(5) |
Jun
(4) |
Jul
(3) |
Aug
(5) |
Sep
(6) |
Oct
(3) |
Nov
(38) |
Dec
(15) |
| 2023 |
Jan
(26) |
Feb
(12) |
Mar
(3) |
Apr
(9) |
May
(2) |
Jun
(5) |
Jul
(8) |
Aug
|
Sep
(39) |
Oct
(11) |
Nov
(3) |
Dec
(3) |
| 2024 |
Jan
(19) |
Feb
(20) |
Mar
(15) |
Apr
(12) |
May
(2) |
Jun
(12) |
Jul
(4) |
Aug
(9) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2025 |
Jan
(72) |
Feb
(80) |
Mar
(92) |
Apr
(35) |
May
(19) |
Jun
(26) |
Jul
(23) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Garvin H. <gar...@us...> - 2004-09-15 08:31:00
|
Update of /cvsroot/php-blog/serendipity/plugins/serendipity_event_bbcode In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv11946/plugins/serendipity_event_bbcode Modified Files: serendipity_event_bbcode.php Log Message: missing bbcode fix Index: serendipity_event_bbcode.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/plugins/serendipity_event_bbcode/serendipity_event_bbcode.php,v retrieving revision 1.7 retrieving revision 1.8 diff -u -d -r1.7 -r1.8 --- serendipity_event_bbcode.php 2 Sep 2004 12:44:37 -0000 1.7 +++ serendipity_event_bbcode.php 15 Sep 2004 08:30:51 -0000 1.8 @@ -203,7 +203,7 @@ return true; } ?> - .bb-code, .bb-php, .bb-code-title, .bb-php-title { +.bb-code, .bb-php, .bb-code-title, .bb-php-title { margin-left: 20px; margin-right: 20px; color: black; @@ -215,6 +215,12 @@ font-weight: bold; padding-left: 5px; } + +.bb-code, .bb-php { + font-family: courier, "courier new"; + background-color: #DDDDDD; + padding: 10px; +} <?php return true; break; |
|
From: Garvin H. <gar...@us...> - 2004-09-15 08:30:31
|
Update of /cvsroot/php-blog/serendipity/plugins/serendipity_event_bbcode In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv11933/plugins/serendipity_event_bbcode Modified Files: Tag: branch-smarty serendipity_event_bbcode.php Log Message: missing bbcode fix Index: serendipity_event_bbcode.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/plugins/serendipity_event_bbcode/serendipity_event_bbcode.php,v retrieving revision 1.7 retrieving revision 1.7.2.1 diff -u -d -r1.7 -r1.7.2.1 --- serendipity_event_bbcode.php 2 Sep 2004 12:44:37 -0000 1.7 +++ serendipity_event_bbcode.php 15 Sep 2004 08:30:22 -0000 1.7.2.1 @@ -203,7 +203,7 @@ return true; } ?> - .bb-code, .bb-php, .bb-code-title, .bb-php-title { +.bb-code, .bb-php, .bb-code-title, .bb-php-title { margin-left: 20px; margin-right: 20px; color: black; @@ -215,6 +215,12 @@ font-weight: bold; padding-left: 5px; } + +.bb-code, .bb-php { + font-family: courier, "courier new"; + background-color: #DDDDDD; + padding: 10px; +} <?php return true; break; |
|
From: Garvin H. <gar...@us...> - 2004-09-15 08:30:31
|
Update of /cvsroot/php-blog/serendipity In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv11933 Modified Files: Tag: branch-smarty NEWS Log Message: missing bbcode fix Index: NEWS =================================================================== RCS file: /cvsroot/php-blog/serendipity/NEWS,v retrieving revision 1.214.2.3 retrieving revision 1.214.2.4 diff -u -d -r1.214.2.3 -r1.214.2.4 --- NEWS 14 Sep 2004 10:46:10 -0000 1.214.2.3 +++ NEWS 15 Sep 2004 08:30:21 -0000 1.214.2.4 @@ -8,6 +8,13 @@ Version 0.7 () ------------------------------------------------------------------------ + * Fixed missing CSS-class for BBCode Event-Plugin (Jez Hancock) + + * Fixed comment counter for deleting non-approved comments + (tomsommer) + + * Fixed possible SQL injections. Thanks to aCiDBiTS! + * Fixed postgreSQL quicksearch, thanks to Mauri Sahlberg! * Added Norwegian translations, thanks to Jo Christian |
|
From: Tom S. <tom...@us...> - 2004-09-14 16:35:42
|
Update of /cvsroot/php-blog/serendipity/templates/mt3-independence In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv27955 Modified Files: Tag: branch-smarty style.css Log Message: MFH Index: style.css =================================================================== RCS file: /cvsroot/php-blog/serendipity/templates/mt3-independence/style.css,v retrieving revision 1.8 retrieving revision 1.8.2.1 diff -u -d -r1.8 -r1.8.2.1 --- style.css 2 Sep 2004 17:42:00 -0000 1.8 +++ style.css 14 Sep 2004 16:35:34 -0000 1.8.2.1 @@ -257,7 +257,8 @@ text-transform: uppercase; padding: 3px; - letter-spacing: .3em; + letter-spacing: .25em; + text-decoration: none; } div.serendipityPlug { text-align: center; |
|
From: Tom S. <tom...@us...> - 2004-09-14 16:34:59
|
Update of /cvsroot/php-blog/serendipity/templates/mt3-independence In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv27786 Modified Files: style.css Log Message: Tweak Index: style.css =================================================================== RCS file: /cvsroot/php-blog/serendipity/templates/mt3-independence/style.css,v retrieving revision 1.8 retrieving revision 1.9 diff -u -d -r1.8 -r1.9 --- style.css 2 Sep 2004 17:42:00 -0000 1.8 +++ style.css 14 Sep 2004 16:34:50 -0000 1.9 @@ -257,7 +257,8 @@ text-transform: uppercase; padding: 3px; - letter-spacing: .3em; + letter-spacing: .25em; + text-decoration: none; } div.serendipityPlug { text-align: center; |
|
From: Tom S. <tom...@us...> - 2004-09-14 16:30:00
|
Update of /cvsroot/php-blog/serendipity In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv26578 Modified Files: Tag: branch-smarty serendipity_functions.inc.php Log Message: MFH Index: serendipity_functions.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_functions.inc.php,v retrieving revision 1.419.2.14 retrieving revision 1.419.2.15 diff -u -d -r1.419.2.14 -r1.419.2.15 --- serendipity_functions.inc.php 14 Sep 2004 13:11:16 -0000 1.419.2.14 +++ serendipity_functions.inc.php 14 Sep 2004 16:29:46 -0000 1.419.2.15 @@ -1270,8 +1270,7 @@ } // end function serendipity_printEntries -function serendipity_deleteComment($id, $entry_id, $type='comments') -{ +function serendipity_deleteComment($id, $entry_id, $type='comments') { global $serendipity; if ($_SESSION['serendipityAuthedUser'] === true) { @@ -1280,13 +1279,23 @@ $admin = " AND authorid = " . (int)$_SESSION['serendipityAuthorid'] ."'"; } - $query = "DELETE FROM {$serendipity['dbPrefix']}comments WHERE entry_id = '". (int)$entry_id ."' AND id = '". (int)$id ."' $admin"; - serendipity_db_query($query); - $affected = serendipity_db_affected_rows(); + /* We have to figure out if the comment we are about to delete, is awaiting approval, + if so - we should *not* subtract it from the entries table */ + $sql = serendipity_db_query("SELECT status FROM {$serendipity['dbPrefix']}comments + WHERE entry_id = '". (int)$entry_id ."' + AND id = '". (int)$id ."' + $admin"); - $query = "UPDATE {$serendipity['dbPrefix']}entries SET $type = $type-1 WHERE id = '". (int)$entry_id ."' $admin"; - serendipity_db_query($query); - return $affected; + serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}comments + WHERE entry_id = '". (int)$entry_id ."' + AND id = '". (int)$id ."' + $admin"); + + if ( $sql['status'] !== 'pending' ) { + serendipity_db_query("UPDATE {$serendipity['dbPrefix']}entries SET $type = $type-1 WHERE id = '". (int)$entry_id ."' $admin"); + } + + return true; } else { return false; } |
|
From: Tom S. <tom...@us...> - 2004-09-14 16:25:08
|
Update of /cvsroot/php-blog/serendipity In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25295 Modified Files: serendipity_functions.inc.php Log Message: - Fix: Deleting a comment/trackback that is pending approval, will still lower the count in the entries table, thanks to griffinn Index: serendipity_functions.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_functions.inc.php,v retrieving revision 1.424 retrieving revision 1.425 diff -u -d -r1.424 -r1.425 --- serendipity_functions.inc.php 14 Sep 2004 12:56:08 -0000 1.424 +++ serendipity_functions.inc.php 14 Sep 2004 16:24:57 -0000 1.425 @@ -1425,8 +1425,7 @@ } // end else short mode } // end function serendipity_printEntries -function serendipity_deleteComment($id, $entry_id, $type='comments') -{ +function serendipity_deleteComment($id, $entry_id, $type='comments') { global $serendipity; if ($_SESSION['serendipityAuthedUser'] === true) { @@ -1435,13 +1434,23 @@ $admin = " AND authorid = " . (int)$_SESSION['serendipityAuthorid'] ."'"; } - $query = "DELETE FROM {$serendipity['dbPrefix']}comments WHERE entry_id = '". (int)$entry_id ."' AND id = '". (int)$id ."' $admin"; - serendipity_db_query($query); - $affected = serendipity_db_affected_rows(); + /* We have to figure out if the comment we are about to delete, is awaiting approval, + if so - we should *not* subtract it from the entries table */ + $sql = serendipity_db_query("SELECT status FROM {$serendipity['dbPrefix']}comments + WHERE entry_id = '". (int)$entry_id ."' + AND id = '". (int)$id ."' + $admin"); + + serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}comments + WHERE entry_id = '". (int)$entry_id ."' + AND id = '". (int)$id ."' + $admin"); - $query = "UPDATE {$serendipity['dbPrefix']}entries SET $type = $type-1 WHERE id = '". (int)$entry_id ."' $admin"; - serendipity_db_query($query); - return $affected; + if ( $sql['status'] !== 'pending' ) { + serendipity_db_query("UPDATE {$serendipity['dbPrefix']}entries SET $type = $type-1 WHERE id = '". (int)$entry_id ."' $admin"); + } + + return true; } else { return false; } |
|
From: Garvin H. <gar...@us...> - 2004-09-14 14:58:19
|
Update of /cvsroot/php-blog/serendipity/lang In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv8932 Modified Files: Tag: branch-smarty serendipity_lang_da.inc.php Log Message: MFH Index: serendipity_lang_da.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/lang/serendipity_lang_da.inc.php,v retrieving revision 1.79 retrieving revision 1.79.2.1 diff -u -d -r1.79 -r1.79.2.1 --- serendipity_lang_da.inc.php 9 Sep 2004 11:36:35 -0000 1.79 +++ serendipity_lang_da.inc.php 14 Sep 2004 14:58:10 -0000 1.79.2.1 @@ -495,7 +495,7 @@ @define('INSTALL_SHOW_EXTERNAL_LINKS_DESC', '"nej": Eksterne links (Top udgangsider, Top henvisninger, bruger kommentarer) er ikke vist/vist som ren tekst hvor brugbart, for at forhindre google spam (anbefales). "ja": Eksterne links er vist som hyperlinks. Kan overskrives inde i hver enkel sidebar plugin konfigurationen!'); @define('PAGE_BROWSE_COMMENTS', 'Side %s af %s, i alt %s kommentarer'); @define('FILTERS', 'Filtrer'); -@define('FIND_ENTRIES', 'Find artikler');e +@define('FIND_ENTRIES', 'Find artikler'); @define('FIND_COMMENTS', 'Find kommentarer'); @define('FIND_MEDIA', 'Find media'); @define('FILTER_DIRECTORY', 'Bibliotek'); |
|
From: Garvin H. <gar...@us...> - 2004-09-14 14:57:42
|
Update of /cvsroot/php-blog/serendipity/lang In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv8834 Modified Files: serendipity_lang_da.inc.php Log Message: fixed parse error Index: serendipity_lang_da.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/lang/serendipity_lang_da.inc.php,v retrieving revision 1.79 retrieving revision 1.80 diff -u -d -r1.79 -r1.80 --- serendipity_lang_da.inc.php 9 Sep 2004 11:36:35 -0000 1.79 +++ serendipity_lang_da.inc.php 14 Sep 2004 14:57:33 -0000 1.80 @@ -495,7 +495,7 @@ @define('INSTALL_SHOW_EXTERNAL_LINKS_DESC', '"nej": Eksterne links (Top udgangsider, Top henvisninger, bruger kommentarer) er ikke vist/vist som ren tekst hvor brugbart, for at forhindre google spam (anbefales). "ja": Eksterne links er vist som hyperlinks. Kan overskrives inde i hver enkel sidebar plugin konfigurationen!'); @define('PAGE_BROWSE_COMMENTS', 'Side %s af %s, i alt %s kommentarer'); @define('FILTERS', 'Filtrer'); -@define('FIND_ENTRIES', 'Find artikler');e +@define('FIND_ENTRIES', 'Find artikler'); @define('FIND_COMMENTS', 'Find kommentarer'); @define('FIND_MEDIA', 'Find media'); @define('FILTER_DIRECTORY', 'Bibliotek'); |
|
From: Garvin H. <gar...@us...> - 2004-09-14 13:40:19
|
Update of /cvsroot/php-blog/serendipity/bundled-libs In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv26882 Modified Files: Tag: branch-smarty create_release.sh Log Message: MFH Index: create_release.sh =================================================================== RCS file: /cvsroot/php-blog/serendipity/bundled-libs/create_release.sh,v retrieving revision 1.1 retrieving revision 1.1.2.1 diff -u -d -r1.1 -r1.1.2.1 --- create_release.sh 14 Jun 2004 13:13:19 -0000 1.1 +++ create_release.sh 14 Sep 2004 13:40:10 -0000 1.1.2.1 @@ -16,16 +16,17 @@ echo "" echo "-[serendipity create_release.sh START]---------------------------------" -if [ "x$1" = "x" ] || [ "x$2" = "x" ] || [ "x$3" = "x" ] ; +if [ "x$1" = "x" ] || [ "x$2" = "x" ] || [ "x$3" = "x" ] || [ "x$4" = "x" ]; then echo "usage: ./create_release.sh [tar.gz dump filename] [serendipity installation dirname, without paths] - [username, i.e. nobody.nogroup]" + [username, i.e. nobody] + [group, i.e. nogroup]" echo "" echo "example:" echo " $> cd serendipity/bundled-libs/" - echo " $> ./create_release.sh serendipity-0.7.tar.gz serendipity nobody.nogroup" + echo " $> ./create_release.sh serendipity-0.7.tar.gz serendipity nobody nogroup" echo "" echo "WARNING: Running this script in a productive blog environment will do" echo " serious harm!" @@ -47,27 +48,22 @@ echo " [DONE]" echo "" - echo "2. Adjusting directory/file ownership to $3" - chown -R "$3" "$2" - echo " [DONE]" - echo "" - - echo "3. Adjusting all subdirectory permissions to 755" + echo "2. Adjusting all subdirectory permissions to 755" find "$2" -type d -exec chmod 755 {} \; echo " [DONE]" echo "" - echo "4. Adjusting core directory permissions to 777" + echo "3. Adjusting core directory permissions to 777" chmod 777 "$2" echo " [DONE]" echo "" - echo "5. Adjusting all file permissions to 644" + echo "4. Adjusting all file permissions to 644" find "$2" -type f -exec chmod 644 {} \; echo " [DONE]" echo "" - echo "6. Adjusting special files..." + echo "5. Adjusting special files..." echo " - $2/.htaccess [666]" chmod 666 "$2/.htaccess" @@ -79,7 +75,7 @@ echo " [DONE]" echo "" - echo "7. Altering CVS to be useful for anonymous users..." + echo "6. Altering CVS to be useful for anonymous users..." echo " - Removing CVS branch tag, so that a user can upgrade to latest CVS" find "$2" -type f -name Tag -exec rm {} \; echo " [DONE]" @@ -91,12 +87,12 @@ echo " [DONE]" echo "" - echo "8. Creating .tgz file $1" - tar -czf "$1" "$2" + echo "7. Creating .tgz file $1" + tar --owner=$3 --group=$4 -czf "$1" "$2" echo " [DONE]" echo "" - echo "9. All Done. Bybe-Bye." + echo "8. All Done. Bybe-Bye." else echo "Basedirectory ../../$2 not found. Check parameters" fi |
|
From: Garvin H. <gar...@us...> - 2004-09-14 13:38:16
|
Update of /cvsroot/php-blog/serendipity/bundled-libs In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv26597 Modified Files: create_release.sh Log Message: Index: create_release.sh =================================================================== RCS file: /cvsroot/php-blog/serendipity/bundled-libs/create_release.sh,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- create_release.sh 14 Sep 2004 13:37:29 -0000 1.2 +++ create_release.sh 14 Sep 2004 13:38:05 -0000 1.3 @@ -26,7 +26,7 @@ echo "" echo "example:" echo " $> cd serendipity/bundled-libs/" - echo " $> ./create_release.sh serendipity-0.7.tar.gz serendipity nobody.nogroup" + echo " $> ./create_release.sh serendipity-0.7.tar.gz serendipity nobody nogroup" echo "" echo "WARNING: Running this script in a productive blog environment will do" echo " serious harm!" |
|
From: Garvin H. <gar...@us...> - 2004-09-14 13:37:42
|
Update of /cvsroot/php-blog/serendipity/bundled-libs In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv26469 Modified Files: create_release.sh Log Message: don'T require chmod Index: create_release.sh =================================================================== RCS file: /cvsroot/php-blog/serendipity/bundled-libs/create_release.sh,v retrieving revision 1.1 retrieving revision 1.2 diff -u -d -r1.1 -r1.2 --- create_release.sh 14 Jun 2004 13:13:19 -0000 1.1 +++ create_release.sh 14 Sep 2004 13:37:29 -0000 1.2 @@ -16,12 +16,13 @@ echo "" echo "-[serendipity create_release.sh START]---------------------------------" -if [ "x$1" = "x" ] || [ "x$2" = "x" ] || [ "x$3" = "x" ] ; +if [ "x$1" = "x" ] || [ "x$2" = "x" ] || [ "x$3" = "x" ] || [ "x$4" = "x" ]; then echo "usage: ./create_release.sh [tar.gz dump filename] [serendipity installation dirname, without paths] - [username, i.e. nobody.nogroup]" + [username, i.e. nobody] + [group, i.e. nogroup]" echo "" echo "example:" echo " $> cd serendipity/bundled-libs/" @@ -47,27 +48,22 @@ echo " [DONE]" echo "" - echo "2. Adjusting directory/file ownership to $3" - chown -R "$3" "$2" - echo " [DONE]" - echo "" - - echo "3. Adjusting all subdirectory permissions to 755" + echo "2. Adjusting all subdirectory permissions to 755" find "$2" -type d -exec chmod 755 {} \; echo " [DONE]" echo "" - echo "4. Adjusting core directory permissions to 777" + echo "3. Adjusting core directory permissions to 777" chmod 777 "$2" echo " [DONE]" echo "" - echo "5. Adjusting all file permissions to 644" + echo "4. Adjusting all file permissions to 644" find "$2" -type f -exec chmod 644 {} \; echo " [DONE]" echo "" - echo "6. Adjusting special files..." + echo "5. Adjusting special files..." echo " - $2/.htaccess [666]" chmod 666 "$2/.htaccess" @@ -79,7 +75,7 @@ echo " [DONE]" echo "" - echo "7. Altering CVS to be useful for anonymous users..." + echo "6. Altering CVS to be useful for anonymous users..." echo " - Removing CVS branch tag, so that a user can upgrade to latest CVS" find "$2" -type f -name Tag -exec rm {} \; echo " [DONE]" @@ -91,12 +87,12 @@ echo " [DONE]" echo "" - echo "8. Creating .tgz file $1" - tar -czf "$1" "$2" + echo "7. Creating .tgz file $1" + tar --owner=$3 --group=$4 -czf "$1" "$2" echo " [DONE]" echo "" - echo "9. All Done. Bybe-Bye." + echo "8. All Done. Bybe-Bye." else echo "Basedirectory ../../$2 not found. Check parameters" fi |
|
From: Garvin H. <gar...@us...> - 2004-09-14 13:27:40
|
Update of /cvsroot/php-blog/serendipity In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv24866 Modified Files: NEWS Log Message: 0.7-beta2 Index: NEWS =================================================================== RCS file: /cvsroot/php-blog/serendipity/NEWS,v retrieving revision 1.216 retrieving revision 1.217 diff -u -d -r1.216 -r1.217 --- NEWS 14 Sep 2004 10:47:26 -0000 1.216 +++ NEWS 14 Sep 2004 13:27:32 -0000 1.217 @@ -3,6 +3,8 @@ Version 0.7 () ------------------------------------------------------------------------ + * Fixed possible SQL injections. Thanks to aCiDBiTS! + * Fixed postgreSQL quicksearch, thanks to Mauri Sahlberg! * Added Norwegian translations, thanks to Jo Christian |
|
From: Garvin H. <gar...@us...> - 2004-09-14 13:11:58
|
Update of /cvsroot/php-blog/serendipity In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21474 Modified Files: Tag: branch-smarty comment.php index.php serendipity_admin_comments.inc.php serendipity_admin_users.inc.php serendipity_functions.inc.php serendipity_functions_config.inc.php serendipity_functions_images.inc.php Log Message: MFH Index: serendipity_admin_users.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_admin_users.inc.php,v retrieving revision 1.10 retrieving revision 1.10.2.1 diff -u -d -r1.10 -r1.10.2.1 --- serendipity_admin_users.inc.php 9 Sep 2004 10:52:03 -0000 1.10 +++ serendipity_admin_users.inc.php 14 Sep 2004 13:11:16 -0000 1.10.2.1 @@ -22,7 +22,7 @@ } elseif ($_POST['userlevel'] > $serendipity['serendipityUserlevel']) { echo '<strong>' . CREATE_NOT_AUTHORIZED_USERLEVEL . '</strong>'; } else { - serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}authors WHERE authorid={$serendipity['POST']['user']}"); + serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}authors WHERE authorid=" . (int)$serendipity['POST']['user']); printf('<strong>' . DELETED_USER . '</strong>', $serendipity['POST']['user'], $user[0]['username']); } } @@ -37,8 +37,8 @@ password ) VALUES ( - '{$_POST['username']}', - '$enc_pass' + '" . serendipity_db_escape_string($_POST['username']) . "', + '" . serendipity_db_escape_String($enc_pass) . "' )"; serendipity_db_query($query); $serendipity['POST']['user'] = serendipity_db_insert_id('authors', 'authorid'); Index: serendipity_admin_comments.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_admin_comments.inc.php,v retrieving revision 1.17.2.1 retrieving revision 1.17.2.2 diff -u -d -r1.17.2.1 -r1.17.2.2 --- serendipity_admin_comments.inc.php 14 Sep 2004 10:46:10 -0000 1.17.2.1 +++ serendipity_admin_comments.inc.php 14 Sep 2004 13:11:16 -0000 1.17.2.2 @@ -24,8 +24,8 @@ url = '" . serendipity_db_escape_string($serendipity['POST']['url']) . "', parent_id = '" . serendipity_db_escape_string($serendipity['POST']['replyTo']) . "', body = '" . serendipity_db_escape_string($serendipity['POST']['comment']) . "' - WHERE id = " . serendipity_db_escape_string($serendipity['GET']['id']) . " AND - entry_id = " . serendipity_db_escape_string($serendipity['POST']['entry_id']); + WHERE id = " . (int)$serendipity['GET']['id'] . " AND + entry_id = " . (int)$serendipity['POST']['entry_id']; serendipity_db_query($sql); echo COMMENT_EDITED; return true; @@ -38,7 +38,7 @@ FROM {$serendipity['dbPrefix']}comments c LEFT JOIN {$serendipity['dbPrefix']}entries e ON (e.id = c.entry_id) LEFT JOIN {$serendipity['dbPrefix']}authors a ON (e.authorid = a.authorid) - WHERE c.id = " . serendipity_db_escape_string($serendipity['GET']['id']) ." AND status = 'pending'"; + WHERE c.id = " . (int)$serendipity['GET']['id'] ." AND status = 'pending'"; $rs = serendipity_db_query($sql, true); if ($rs === false) { @@ -63,7 +63,7 @@ /* If we are not in preview, we need data from our database */ if (!isset($serendipity['POST']['preview']) ) { - $comment = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}comments WHERE id = ". $serendipity['GET']['id']); + $comment = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}comments WHERE id = ". (int)$serendipity['GET']['id']); $data['name'] = $comment[0]['author']; $data['email'] = $comment[0]['email']; $data['url'] = $comment[0]['url']; Index: serendipity_functions_images.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_functions_images.inc.php,v retrieving revision 1.36 retrieving revision 1.36.2.1 diff -u -d -r1.36 -r1.36.2.1 --- serendipity_functions_images.inc.php 2 Sep 2004 13:41:00 -0000 1.36 +++ serendipity_functions_images.inc.php 14 Sep 2004 13:11:17 -0000 1.36.2.1 @@ -6,11 +6,12 @@ function serendipity_fetchImagesFromDatabase($start=0, $limit=0, &$total, $order = false, $ordermode = false, $directory = '') { global $serendipity; - if (empty($order)) { + $orderfields = serendipity_getImageFields(); + if (empty($order) || !isset($orderfields[$order])) { $order = 'date'; } - if (empty($ordermode)) { + if (empty($ordermode) || ($ordermode != 'DESC' && $ordermode != 'ASC')) { $ordermode = 'DESC'; } @@ -39,7 +40,7 @@ function serendipity_fetchImageFromDatabase($id) { global $serendipity; - $rs = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}images WHERE id = ". $id, true, 'assoc'); + $rs = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}images WHERE id = ". (int)$id, true, 'assoc'); return $rs; } @@ -54,9 +55,9 @@ $i=0; if (sizeof($updates) > 0) { foreach ($updates as $k => $v) { - $q[] = $k ." = '" . $v . "'"; + $q[] = $k ." = '" . serendipity_db_escape_string($v) . "'"; } - serendipity_db_query("UPDATE {$serendipity['dbPrefix']}images SET ". implode($q, ',') ." WHERE id = $id $admin"); + serendipity_db_query("UPDATE {$serendipity['dbPrefix']}images SET ". implode($q, ',') ." WHERE id = " . (int)$id . " $admin"); $i++; } return $i; @@ -87,7 +88,7 @@ } else { printf(FILE_NOT_FOUND . '<br />', $dFile); } - serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}images WHERE id = ". $id); + serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}images WHERE id = ". (int)$id); } /** @@ -159,12 +160,12 @@ serendipity_db_escape_string($filename), serendipity_db_escape_string($extension), serendipity_db_escape_string($mimetype), - serendipity_db_escape_string($filesize), - serendipity_db_escape_string($width), - serendipity_db_escape_string($height), + (int)$filesize, + (int)$width, + (int)$height, serendipity_db_escape_string($thumbnail), - serendipity_db_escape_string($date), - serendipity_db_escape_string($authorid), + (int)$date, + (int)$authorid, serendipity_db_escape_string($directory) ); @@ -542,8 +543,8 @@ $rs = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}images WHERE name = '" . serendipity_db_escape_string($fbase) . "' - " . ($fdir != '' ? "AND path = '$fdir'" : '') . " - AND mime = '$fdim[mime]'", true, 'assoc'); + " . ($fdir != '' ? "AND path = '" . serendipity_db_escape_string($fdir) . "'" : '') . " + AND mime = '" . serendipity_db_escape_string($fdim['mime']) . "'", true, 'assoc'); if (is_array($rs)) { $update = array(); $checkfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $rs['path'] . $rs['name'] . '.' . $rs['thumbnail_name'] . '.' . $rs['extension']; @@ -694,15 +695,7 @@ $left = '<input type="button" value="<<<" onclick="location.href=\'?'. $extraParems .'serendipity[page]=' . ($page-1) . '\';" '. (($start <= 0) ? 'disabled' : '') .'>' . "\n"; $right = '<input type="button" value=">>>" onclick="location.href=\'?'. $extraParems .'serendipity[page]=' . ($page+1) . '\';" '. (($totalImages < $start+$perPage) ? 'disabled' : '') .'>' . "\n"; - $sort_order = array( - 'date' => SORT_ORDER_DATE, - 'name' => SORT_ORDER_NAME, - 'authorid' => AUTHOR, - 'extension' => SORT_ORDER_EXTENSION, - 'size' => SORT_ORDER_SIZE, - 'dimensions_width' => SORT_ORDER_WIDTH, - 'dimensions_height' => SORT_ORDER_HEIGHT - ); + $sort_order = serendipity_getImageFields(); serendipity_traversePath( $paths, @@ -1035,4 +1028,16 @@ return $fdim; } -?> + +function serendipity_getImageFields() { + return array( + 'date' => SORT_ORDER_DATE, + 'name' => SORT_ORDER_NAME, + 'authorid' => AUTHOR, + 'extension' => SORT_ORDER_EXTENSION, + 'size' => SORT_ORDER_SIZE, + 'dimensions_width' => SORT_ORDER_WIDTH, + 'dimensions_height' => SORT_ORDER_HEIGHT + ); +} +?> \ No newline at end of file Index: serendipity_functions.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_functions.inc.php,v retrieving revision 1.419.2.13 retrieving revision 1.419.2.14 diff -u -d -r1.419.2.13 -r1.419.2.14 --- serendipity_functions.inc.php 14 Sep 2004 10:46:10 -0000 1.419.2.13 +++ serendipity_functions.inc.php 14 Sep 2004 13:11:16 -0000 1.419.2.14 @@ -608,15 +608,15 @@ } } elseif (is_array($range) && count($range)==2) { - $startts = $range[0]; - $endts = $range[1]; + $startts = (int)$range[0]; + $endts = (int)$range[1]; $and = " WHERE timestamp >= $startts AND timestamp <= $endts"; } else { if ($modified_since) { $unix_modified = strtotime($modified_since); if ($unix_modified != -1) { - $and = ' WHERE last_modified >= ' . $unix_modified; + $and = ' WHERE last_modified >= ' . (int)$unix_modified; if (!empty($limit)) { $limit = ($limit > $serendipity['max_fetch_limit'] ? $limit : $serendipity['max_fetch_limit']); } @@ -792,7 +792,7 @@ {$serendipity['dbPrefix']}authors a WHERE a.authorid = e.authorid - AND e.$key LIKE $val + AND e.$key LIKE '" . serendipity_db_escape_string($val) . "' $admin $drafts LIMIT 1"; @@ -816,7 +816,7 @@ $authorid = 'all'; } - if ($authorid != 'all') { + if ($authorid != 'all' && is_numeric($authorid)) { $where = " WHERE (c.authorid = $authorid OR c.authorid = 0) OR a.userlevel < ".$serendipity['serendipityUserlevel']; } else { $where = ''; @@ -838,7 +838,7 @@ global $serendipity; $right = $left + 1; - $result = serendipity_db_query("SELECT categoryid FROM {$serendipity['dbPrefix']}category WHERE parentid='" . (int)$parent . "'"); + $result = serendipity_db_query("SELECT categoryid FROM {$serendipity['dbPrefix']}category WHERE parentid = '" . (int)$parent . "'"); if ( is_array($result) ) { foreach ( $result as $category ) { $right = serendipity_rebuildCategoryTree($category['categoryid'], $right); @@ -1321,7 +1321,7 @@ } if (!empty($id)) { - $and .= ' AND co.entry_id=' . (int)$id; + $and .= " AND co.entry_id = '" . (int)$id ."'"; } if (!$showAll) { @@ -1531,8 +1531,8 @@ FROM {$serendipity['dbPrefix']}comments c LEFT JOIN {$serendipity['dbPrefix']}entries e ON (e.id = c.entry_id) LEFT JOIN {$serendipity['dbPrefix']}authors a ON (e.authorid = a.authorid) - WHERE c.id = ". (int)$cid ." - ". (($serendipity['serendipityUserlevel'] != USERLEVEL_ADMIN && $force !== true) ? 'AND e.authorid = '. $serendipity['authorId'] : '') ." + WHERE c.id = '". (int)$cid ."' + ". (($serendipity['serendipityUserlevel'] != USERLEVEL_ADMIN && $force !== true) ? "AND e.authorid = '". (int)$serendipity['authorId'] ."'" : '') ." ". (($force === true) ? "" : "AND status = 'pending'"); $rs = serendipity_db_query($sql, true); @@ -1634,8 +1634,8 @@ $sql = "SELECT $pgsql_insert author, email, type FROM {$serendipity['dbPrefix']}comments - WHERE entry_id = ". (int)$entry_id ." - AND email <> '$posterMail' + WHERE entry_id = '". (int)$entry_id ."' + AND email <> '" . serendipity_db_escape_string($posterMail) . "' AND subscribed = 'true' $mysql_insert"; $subscribers = serendipity_db_query($sql); @@ -1677,7 +1677,7 @@ $sql = "UPDATE {$serendipity['dbPrefix']}comments SET subscribed = 'false' WHERE entry_id = '". (int)$entry_id ."' - AND email = '$email'"; + AND email = '" . serendipity_db_escape_string($email) . "'"; serendipity_db_query($sql); return serendipity_db_affected_rows(); @@ -1747,7 +1747,7 @@ { global $serendipity; - $query = "SELECT name,link FROM {$serendipity['dbPrefix']}references WHERE entry_id='" . (int)$id . "'"; + $query = "SELECT name,link FROM {$serendipity['dbPrefix']}references WHERE entry_id = '" . (int)$id . "'"; return serendipity_db_query($query); } @@ -1826,7 +1826,7 @@ // extract author information if (empty($entry['email'])) { - $query = "select email from {$serendipity['dbPrefix']}authors where username='". serendipity_db_escape_string($entry['username']) ."'"; + $query = "select email FROM {$serendipity['dbPrefix']}authors WHERE username = '". serendipity_db_escape_string($entry['username']) ."'"; $results = serendipity_db_query($query); $entry['email'] = $results[0]['email']; } @@ -2323,8 +2323,9 @@ $locations[$i] = 'http' . (!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) != 'off' ? 's' : '') . '://' . $_SERVER['HTTP_HOST'] . $locations[$i]; } - $query = "SELECT COUNT(id) FROM {$serendipity['dbPrefix']}references WHERE "; - $query .= "entry_id=". (int)$tmpid ." AND link='" . serendipity_db_escape_string($locations[$i]) . "'"; + $query = "SELECT COUNT(id) FROM {$serendipity['dbPrefix']}references + WHERE entry_id = '". (int)$tmpid ."' + AND link = '" . serendipity_db_escape_string($locations[$i]) . "'"; $row = serendipity_db_query($query, true, 'num'); if ($row[0] > 0) { @@ -2481,7 +2482,7 @@ } // Purge the daily/monthly entries so they can be rebuilt - $result = serendipity_db_query("SELECT timestamp, authorid FROM {$serendipity['dbPrefix']}entries WHERE id=". (int)$id, true); + $result = serendipity_db_query("SELECT timestamp, authorid FROM {$serendipity['dbPrefix']}entries WHERE id = '". (int)$id ."'", true); if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF && $result[1] != $serendipity['authorid']) { // Only admins and chief users can delete entries which do not belong to the author @@ -2491,9 +2492,7 @@ serendipity_purgeEntry($id, $result[0]); serendipity_db_query("DELETE FROM {$serendipity["dbPrefix"]}entries WHERE id=$id"); - serendipity_db_query("DELETE FROM {$serendipity["dbPrefix"]}comments WHERE entry_id=$id"); - serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}references WHERE entry_id='$id'"); } @@ -2943,8 +2942,8 @@ FROM $serendipity[dbPrefix]authors WHERE - username = '$username' - AND password = '$password'"; + username = '" . serendipity_db_escape_string($username) . "' + AND password = '" . serendipity_db_escape_string($password) . "'"; $row = serendipity_db_query($query, true, 'assoc'); if (is_array($row)) { @@ -2996,31 +2995,41 @@ if (rand(0, 100) < 1) { serendipity_track_referrer_gc(); } - if(preg_match('/^mysqli?/', $serendipity['dbType'])) + + if(preg_match('/^mysqli?/', $serendipity['dbType'])) { $interval = 900; - else + } else { $interval = "interval '900'"; + } $suppressq = "SELECT count(1) FROM $serendipity[dbPrefix]suppress - WHERE ip = '$_SERVER[REMOTE_ADDR]' - AND scheme = '$url_parts[scheme]' - AND port = '$url_parts[port]' - AND host = '$url_parts[host]' - AND path = '$url_parts[path]' - AND query = '$url_parts[query]' + WHERE ip = '" . serendipity_db_escape_string($_SERVER['REMOTE_ADDR']) . "' + AND scheme = '" . serendipity_db_escape_string($url_parts['scheme']) . "' + AND port = '" . serendipity_db_escape_string($url_parts['port']) . "' + AND host = '" . serendipity_db_escape_string($url_parts['host']) . "' + AND path = '" . serendipity_db_escape_string($url_parts['path']) . "' + AND query = '" . serendipity_db_escape_string($url_parts['query']) . "' AND last > now() - $interval"; $suppressp = "DELETE FROM $serendipity[dbPrefix]suppress - WHERE ip = '$_SERVER[REMOTE_ADDR]' - AND scheme = '$url_parts[scheme]' - AND host = '$url_parts[host]' - AND port = '$url_parts[port]' - AND query = '$url_parts[query]' - AND path = '$url_parts[path]'"; + WHERE ip = '" . serendipity_db_escape_string($_SERVER['REMOTE_ADDR']) . "' + AND scheme = '" . serendipity_db_escape_string($url_parts['scheme']) . "' + AND host = '" . serendipity_db_escape_string($url_parts['host']) . "' + AND port = '" . serendipity_db_escape_string($url_parts['port']) . "' + AND query = '" . serendipity_db_escape_string($url_parts['query']) . "' + AND path = '" . serendipity_db_escape_string($url_parts['path']) . "'"; $suppressu = "INSERT INTO $serendipity[dbPrefix]suppress (ip, last, scheme, host, port, path, query) - VALUES ('$_SERVER[REMOTE_ADDR]', now(), '$url_parts[scheme]', '$url_parts[host]', '$url_parts[port]', '$url_parts[path]', '$url_parts[query]')"; + VALUES ( + '" . serendipity_db_escape_string($_SERVER['REMOTE_ADDR']) . "', + now(), + '" . serendipity_db_escape_string($url_parts['scheme']) . "', + '" . serendipity_db_escape_string($url_parts['host']) . "', + '" . serendipity_db_escape_string($url_parts['port']) . "', + '" . serendipity_db_escape_string($url_parts['path']) . "', + '" . serendipity_db_escape_string($url_parts['query']) . "' + )"; $count = serendipity_db_query($suppressq, true); @@ -3068,11 +3077,11 @@ $serendipity['dbPrefix'], $list, - $url_parts['scheme'], - $url_parts['host'], - $url_parts['port'], - $url_parts['path'], - $url_parts['query'], + serendipity_db_escape_string($url_parts['scheme']), + serendipity_db_escape_string($url_parts['host']), + serendipity_db_escape_string($url_parts['port']), + serendipity_db_escape_string($url_parts['path']), + serendipity_db_escape_string($url_parts['query']), ($entry_id != 0) ? "AND entry_id = '". (int)$entry_id ."'" : '' ) ); @@ -3086,12 +3095,12 @@ $serendipity['dbPrefix'], $list, - $entry_id, - $url_parts['scheme'], - $url_parts['host'], - $url_parts['port'], - $url_parts['path'], - $url_parts['query'] + (int)$entry_id, + serendipity_db_escape_string($url_parts['scheme']), + serendipity_db_escape_string($url_parts['host']), + serendipity_db_escape_string($url_parts['port']), + serendipity_db_escape_string($url_parts['path']), + serendipity_db_escape_string($url_parts['query']) ) ); } @@ -3244,10 +3253,10 @@ return; } - $query = "DELETE FROM $serendipity[dbPrefix]entrycat WHERE entryid = $postid"; + $query = "DELETE FROM $serendipity[dbPrefix]entrycat WHERE entryid = " . (int)$postid; serendipity_db_query($query); - $query = "INSERT INTO $serendipity[dbPrefix]entrycat (entryid, categoryid) VALUES ($categories[0], $postid)"; + $query = "INSERT INTO $serendipity[dbPrefix]entrycat (entryid, categoryid) VALUES (" . (int)$categories[0] . ", " . (int)$postid . ")"; serendipity_db_query($query); } Index: index.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/index.php,v retrieving revision 1.49.2.1 retrieving revision 1.49.2.2 diff -u -d -r1.49.2.1 -r1.49.2.2 --- index.php 9 Sep 2004 15:02:15 -0000 1.49.2.1 +++ index.php 14 Sep 2004 13:11:16 -0000 1.49.2.2 @@ -115,7 +115,7 @@ } } - $id = $matches[1]; + $id = (int)$matches[1]; serendipity_track_referrer($id); $track_referer = false; @@ -123,8 +123,7 @@ $_GET['serendipity']['action'] = 'read'; $_GET['serendipity']['id'] = $id; - $title = serendipity_db_query("SELECT title FROM {$serendipity['dbPrefix']}entries " . - 'WHERE id=' . serendipity_db_escape_string($id), true); + $title = serendipity_db_query("SELECT title FROM {$serendipity['dbPrefix']}entries WHERE id=$id", true); $title = $title[0]; $serendipity['blogSubTitle'] = $serendipity['blogTitle']; Index: serendipity_functions_config.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_functions_config.inc.php,v retrieving revision 1.10 retrieving revision 1.10.2.1 diff -u -d -r1.10 -r1.10.2.1 --- serendipity_functions_config.inc.php 30 Aug 2004 09:13:59 -0000 1.10 +++ serendipity_functions_config.inc.php 14 Sep 2004 13:11:17 -0000 1.10.2.1 @@ -3,7 +3,7 @@ function serendipity_set_config_var($name, $val, $authorid = 0) { global $serendipity; - serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}config where name='" . serendipity_db_escape_string($name) . "' AND authorid = " . serendipity_db_escape_string($authorid)); + serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}config where name='" . serendipity_db_escape_string($name) . "' AND authorid = " . (int)$authorid); $r = serendipity_db_insert('config', array('name' => $name, 'value' => $val, 'authorid' => $authorid)); $serendipity[$name] = $val; if (is_string($r)) { @@ -27,7 +27,7 @@ function serendipity_get_user_var($name, $authorid, $default) { global $serendipity; - $r = serendipity_db_query("SELECT $name FROM {$serendipity['dbPrefix']}authors WHERE authorid = " . serendipity_db_escape_string($authorid), true); + $r = serendipity_db_query("SELECT $name FROM {$serendipity['dbPrefix']}authors WHERE authorid = " . (int)$authorid, true); if (is_array($r)) { return $r[0]; @@ -64,7 +64,7 @@ break; } - serendipity_db_query("UPDATE {$serendipity['dbPrefix']}authors SET $name = '" . serendipity_db_escape_string($val) . "' WHERE authorid = " . serendipity_db_escape_string($authorid)); + serendipity_db_query("UPDATE {$serendipity['dbPrefix']}authors SET $name = '" . serendipity_db_escape_string($val) . "' WHERE authorid = " . (int)$authorid); if ($copy_to_s9y) { if (isset($user_map_array[$name])) { Index: comment.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/comment.php,v retrieving revision 1.44.2.1 retrieving revision 1.44.2.2 diff -u -d -r1.44.2.1 -r1.44.2.2 --- comment.php 14 Sep 2004 10:31:56 -0000 1.44.2.1 +++ comment.php 14 Sep 2004 13:11:15 -0000 1.44.2.2 @@ -38,12 +38,12 @@ $uri = $_SERVER['REQUEST_URI']; if (isset($_REQUEST['entry_id'])) { - $id = $_REQUEST['entry_id']; + $id = (int)$_REQUEST['entry_id']; } else if ($_REQUEST['amp;entry_id']) { // For possible buggy variable transmission caused by an intermediate CVS-release of s9y - $id = $_REQUEST['amp;entry_id']; + $id = (int)$_REQUEST['amp;entry_id']; } else if (preg_match('@/(\d+)_[^/]*$@', $uri, $matches)) { - $id = $matches[1]; + $id = (int)$matches[1]; } if ($tb_logging) { @@ -76,7 +76,7 @@ report_pingback_failure(); } } else { - $id = (!empty($serendipity['POST']['entry_id']) ? $serendipity['POST']['entry_id'] : $serendipity['GET']['entry_id']); + $id = (int)(!empty($serendipity['POST']['entry_id']) ? $serendipity['POST']['entry_id'] : $serendipity['GET']['entry_id']); $html_header = ''; @@ -125,7 +125,7 @@ ?> <div class="serendipity_commentsTitle"><?php echo COMMENTS; ?></div> <?php - $query = "SELECT allow_comments, moderate_comments FROM {$serendipity['dbPrefix']}entries WHERE id = '$id'"; + $query = "SELECT allow_comments, moderate_comments FROM {$serendipity['dbPrefix']}entries WHERE id = '" . $id . "'"; $ca = serendipity_db_query($query, true); serendipity_printComments(serendipity_fetchComments($id), (isset($ca['allow_comments']) ? $ca['allow_comments'] : true)); |
|
From: Garvin H. <gar...@us...> - 2004-09-14 13:11:56
|
Update of /cvsroot/php-blog/serendipity/plugins/serendipity_event_karma In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21474/plugins/serendipity_event_karma Modified Files: Tag: branch-smarty serendipity_event_karma.php Log Message: MFH Index: serendipity_event_karma.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/plugins/serendipity_event_karma/serendipity_event_karma.php,v retrieving revision 1.14 retrieving revision 1.14.2.1 diff -u -d -r1.14 -r1.14.2.1 --- serendipity_event_karma.php 31 Aug 2004 12:52:56 -0000 1.14 +++ serendipity_event_karma.php 14 Sep 2004 13:11:17 -0000 1.14.2.1 @@ -518,7 +518,7 @@ . PLUGIN_KARMA_CURRENT . ($track_clicks == 'true' ? PLUGIN_KARMA_VISITSCOUNT : '') . '</div>'; if ($addData['extended']) { - $entryid = serendipity_db_escape_string($eventData[0]['id']); + $entryid = (int)serendipity_db_escape_string($eventData[0]['id']); if ($track_clicks) { $sql = serendipity_db_query('UPDATE ' . $serendipity['dbPrefix'] . 'karma SET visits = visits + 1 WHERE entryid = ' . $entryid, true); @@ -561,7 +561,7 @@ // Get all existing entry IDs $entries = array(); for ($i = 0; $i < $elements; $i++) { - $entries[] = $eventData[$i]['id']; + $entries[] = (int)$eventData[$i]['id']; } // Fetch votes for all entry IDs. Store them in an array for later usage. |
|
From: Garvin H. <gar...@us...> - 2004-09-14 13:11:52
|
Update of /cvsroot/php-blog/serendipity In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21634 Modified Files: serendipity_config.inc.php Log Message: 0.7-beta2 Index: serendipity_config.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_config.inc.php,v retrieving revision 1.93 retrieving revision 1.94 diff -u -d -r1.93 -r1.94 --- serendipity_config.inc.php 6 Sep 2004 10:08:55 -0000 1.93 +++ serendipity_config.inc.php 14 Sep 2004 13:11:29 -0000 1.94 @@ -15,7 +15,7 @@ include_once(S9Y_INCLUDE_PATH . 'compat.php'); -$serendipity['version'] = '0.7-beta1'; +$serendipity['version'] = '0.7-beta2'; $serendipity['defaultTemplate'] = 'default'; // Name of folder for the default theme $serendipity['production'] = 1; $serendipity['rewrite'] = 'none'; |
|
From: Garvin H. <gar...@us...> - 2004-09-14 13:11:29
|
Update of /cvsroot/php-blog/serendipity/plugins/serendipity_plugin_shoutbox In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21474/plugins/serendipity_plugin_shoutbox Modified Files: Tag: branch-smarty serendipity_plugin_shoutbox.php Log Message: MFH Index: serendipity_plugin_shoutbox.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/plugins/serendipity_plugin_shoutbox/serendipity_plugin_shoutbox.php,v retrieving revision 1.10 retrieving revision 1.10.2.1 diff -u -d -r1.10 -r1.10.2.1 --- serendipity_plugin_shoutbox.php 22 Jun 2004 13:45:49 -0000 1.10 +++ serendipity_plugin_shoutbox.php 14 Sep 2004 13:11:20 -0000 1.10.2.1 @@ -123,7 +123,7 @@ $serendipity['dbPrefix'], time(), - $_SERVER['REMOTE_ADDR'], + serendipity_db_escape_string($_SERVER['REMOTE_ADDR']), serendipity_db_escape_string($_REQUEST['serendipity']['shouttext'])); serendipity_db_query($sql); } @@ -133,7 +133,7 @@ WHERE id = %d LIMIT 1", $serendipity['dbPrefix'], - $serendipity['GET']['comment_id']); + (int)$serendipity['GET']['comment_id']); serendipity_db_query($sql); } |
|
From: Garvin H. <gar...@us...> - 2004-09-14 13:11:29
|
Update of /cvsroot/php-blog/serendipity/plugins/serendipity_event_trackexits In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21474/plugins/serendipity_event_trackexits Modified Files: Tag: branch-smarty serendipity_event_trackexits.php Log Message: MFH Index: serendipity_event_trackexits.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/plugins/serendipity_event_trackexits/serendipity_event_trackexits.php,v retrieving revision 1.11 retrieving revision 1.11.2.1 diff -u -d -r1.11 -r1.11.2.1 --- serendipity_event_trackexits.php 9 Jul 2004 19:11:26 -0000 1.11 +++ serendipity_event_trackexits.php 14 Sep 2004 13:11:17 -0000 1.11.2.1 @@ -106,7 +106,7 @@ if (serendipity_db_bool($this->get_config($temp['name'], true)) && isset($eventData[$temp['element']])) { $element = $temp['element']; - $serendipity['encodeExitsCallback_entry_id'] = (isset($eventData['entry_id']) ? $eventData['entry_id'] : $eventData['id']); + $serendipity['encodeExitsCallback_entry_id'] = (int)(isset($eventData['entry_id']) ? $eventData['entry_id'] : $eventData['id']); // Fetch all existing links from the database. They have been inserted there by our trackback-discovery. if (empty($serendipity['encodeExitsCallback_entry_id'])) { |
|
From: Garvin H. <gar...@us...> - 2004-09-14 12:56:19
|
Update of /cvsroot/php-blog/serendipity/plugins/serendipity_event_trackexits In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18512/plugins/serendipity_event_trackexits Modified Files: serendipity_event_trackexits.php Log Message: fixed some more potential sql issues, beautify. Index: serendipity_event_trackexits.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/plugins/serendipity_event_trackexits/serendipity_event_trackexits.php,v retrieving revision 1.11 retrieving revision 1.12 diff -u -d -r1.11 -r1.12 --- serendipity_event_trackexits.php 9 Jul 2004 19:11:26 -0000 1.11 +++ serendipity_event_trackexits.php 14 Sep 2004 12:56:09 -0000 1.12 @@ -106,7 +106,7 @@ if (serendipity_db_bool($this->get_config($temp['name'], true)) && isset($eventData[$temp['element']])) { $element = $temp['element']; - $serendipity['encodeExitsCallback_entry_id'] = (isset($eventData['entry_id']) ? $eventData['entry_id'] : $eventData['id']); + $serendipity['encodeExitsCallback_entry_id'] = (int)(isset($eventData['entry_id']) ? $eventData['entry_id'] : $eventData['id']); // Fetch all existing links from the database. They have been inserted there by our trackback-discovery. if (empty($serendipity['encodeExitsCallback_entry_id'])) { |
|
From: Garvin H. <gar...@us...> - 2004-09-14 12:56:19
|
Update of /cvsroot/php-blog/serendipity In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18512 Modified Files: comment.php index.php serendipity_admin_comments.inc.php serendipity_admin_users.inc.php serendipity_functions.inc.php serendipity_functions_config.inc.php serendipity_functions_images.inc.php Log Message: fixed some more potential sql issues, beautify. Index: serendipity_admin_users.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_admin_users.inc.php,v retrieving revision 1.10 retrieving revision 1.11 diff -u -d -r1.10 -r1.11 --- serendipity_admin_users.inc.php 9 Sep 2004 10:52:03 -0000 1.10 +++ serendipity_admin_users.inc.php 14 Sep 2004 12:56:08 -0000 1.11 @@ -22,7 +22,7 @@ } elseif ($_POST['userlevel'] > $serendipity['serendipityUserlevel']) { echo '<strong>' . CREATE_NOT_AUTHORIZED_USERLEVEL . '</strong>'; } else { - serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}authors WHERE authorid={$serendipity['POST']['user']}"); + serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}authors WHERE authorid=" . (int)$serendipity['POST']['user']); printf('<strong>' . DELETED_USER . '</strong>', $serendipity['POST']['user'], $user[0]['username']); } } @@ -37,8 +37,8 @@ password ) VALUES ( - '{$_POST['username']}', - '$enc_pass' + '" . serendipity_db_escape_string($_POST['username']) . "', + '" . serendipity_db_escape_String($enc_pass) . "' )"; serendipity_db_query($query); $serendipity['POST']['user'] = serendipity_db_insert_id('authors', 'authorid'); Index: serendipity_admin_comments.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_admin_comments.inc.php,v retrieving revision 1.18 retrieving revision 1.19 diff -u -d -r1.18 -r1.19 --- serendipity_admin_comments.inc.php 14 Sep 2004 10:47:26 -0000 1.18 +++ serendipity_admin_comments.inc.php 14 Sep 2004 12:56:08 -0000 1.19 @@ -24,8 +24,8 @@ url = '" . serendipity_db_escape_string($serendipity['POST']['url']) . "', parent_id = '" . serendipity_db_escape_string($serendipity['POST']['replyTo']) . "', body = '" . serendipity_db_escape_string($serendipity['POST']['comment']) . "' - WHERE id = " . serendipity_db_escape_string($serendipity['GET']['id']) . " AND - entry_id = " . serendipity_db_escape_string($serendipity['POST']['entry_id']); + WHERE id = " . (int)$serendipity['GET']['id'] . " AND + entry_id = " . (int)$serendipity['POST']['entry_id']; serendipity_db_query($sql); echo COMMENT_EDITED; return true; @@ -38,7 +38,7 @@ FROM {$serendipity['dbPrefix']}comments c LEFT JOIN {$serendipity['dbPrefix']}entries e ON (e.id = c.entry_id) LEFT JOIN {$serendipity['dbPrefix']}authors a ON (e.authorid = a.authorid) - WHERE c.id = " . serendipity_db_escape_string($serendipity['GET']['id']) ." AND status = 'pending'"; + WHERE c.id = " . (int)$serendipity['GET']['id'] ." AND status = 'pending'"; $rs = serendipity_db_query($sql, true); if ($rs === false) { @@ -63,7 +63,7 @@ /* If we are not in preview, we need data from our database */ if (!isset($serendipity['POST']['preview']) ) { - $comment = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}comments WHERE id = ". $serendipity['GET']['id']); + $comment = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}comments WHERE id = ". (int)$serendipity['GET']['id']); $data['name'] = $comment[0]['author']; $data['email'] = $comment[0]['email']; $data['url'] = $comment[0]['url']; Index: serendipity_functions_images.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_functions_images.inc.php,v retrieving revision 1.36 retrieving revision 1.37 diff -u -d -r1.36 -r1.37 --- serendipity_functions_images.inc.php 2 Sep 2004 13:41:00 -0000 1.36 +++ serendipity_functions_images.inc.php 14 Sep 2004 12:56:08 -0000 1.37 @@ -6,11 +6,12 @@ function serendipity_fetchImagesFromDatabase($start=0, $limit=0, &$total, $order = false, $ordermode = false, $directory = '') { global $serendipity; - if (empty($order)) { + $orderfields = serendipity_getImageFields(); + if (empty($order) || !isset($orderfields[$order])) { $order = 'date'; } - if (empty($ordermode)) { + if (empty($ordermode) || ($ordermode != 'DESC' && $ordermode != 'ASC')) { $ordermode = 'DESC'; } @@ -39,7 +40,7 @@ function serendipity_fetchImageFromDatabase($id) { global $serendipity; - $rs = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}images WHERE id = ". $id, true, 'assoc'); + $rs = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}images WHERE id = ". (int)$id, true, 'assoc'); return $rs; } @@ -54,9 +55,9 @@ $i=0; if (sizeof($updates) > 0) { foreach ($updates as $k => $v) { - $q[] = $k ." = '" . $v . "'"; + $q[] = $k ." = '" . serendipity_db_escape_string($v) . "'"; } - serendipity_db_query("UPDATE {$serendipity['dbPrefix']}images SET ". implode($q, ',') ." WHERE id = $id $admin"); + serendipity_db_query("UPDATE {$serendipity['dbPrefix']}images SET ". implode($q, ',') ." WHERE id = " . (int)$id . " $admin"); $i++; } return $i; @@ -87,7 +88,7 @@ } else { printf(FILE_NOT_FOUND . '<br />', $dFile); } - serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}images WHERE id = ". $id); + serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}images WHERE id = ". (int)$id); } /** @@ -159,12 +160,12 @@ serendipity_db_escape_string($filename), serendipity_db_escape_string($extension), serendipity_db_escape_string($mimetype), - serendipity_db_escape_string($filesize), - serendipity_db_escape_string($width), - serendipity_db_escape_string($height), + (int)$filesize, + (int)$width, + (int)$height, serendipity_db_escape_string($thumbnail), - serendipity_db_escape_string($date), - serendipity_db_escape_string($authorid), + (int)$date, + (int)$authorid, serendipity_db_escape_string($directory) ); @@ -542,8 +543,8 @@ $rs = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}images WHERE name = '" . serendipity_db_escape_string($fbase) . "' - " . ($fdir != '' ? "AND path = '$fdir'" : '') . " - AND mime = '$fdim[mime]'", true, 'assoc'); + " . ($fdir != '' ? "AND path = '" . serendipity_db_escape_string($fdir) . "'" : '') . " + AND mime = '" . serendipity_db_escape_string($fdim['mime']) . "'", true, 'assoc'); if (is_array($rs)) { $update = array(); $checkfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $rs['path'] . $rs['name'] . '.' . $rs['thumbnail_name'] . '.' . $rs['extension']; @@ -694,15 +695,7 @@ $left = '<input type="button" value="<<<" onclick="location.href=\'?'. $extraParems .'serendipity[page]=' . ($page-1) . '\';" '. (($start <= 0) ? 'disabled' : '') .'>' . "\n"; $right = '<input type="button" value=">>>" onclick="location.href=\'?'. $extraParems .'serendipity[page]=' . ($page+1) . '\';" '. (($totalImages < $start+$perPage) ? 'disabled' : '') .'>' . "\n"; - $sort_order = array( - 'date' => SORT_ORDER_DATE, - 'name' => SORT_ORDER_NAME, - 'authorid' => AUTHOR, - 'extension' => SORT_ORDER_EXTENSION, - 'size' => SORT_ORDER_SIZE, - 'dimensions_width' => SORT_ORDER_WIDTH, - 'dimensions_height' => SORT_ORDER_HEIGHT - ); + $sort_order = serendipity_getImageFields(); serendipity_traversePath( $paths, @@ -1035,4 +1028,16 @@ return $fdim; } -?> + +function serendipity_getImageFields() { + return array( + 'date' => SORT_ORDER_DATE, + 'name' => SORT_ORDER_NAME, + 'authorid' => AUTHOR, + 'extension' => SORT_ORDER_EXTENSION, + 'size' => SORT_ORDER_SIZE, + 'dimensions_width' => SORT_ORDER_WIDTH, + 'dimensions_height' => SORT_ORDER_HEIGHT + ); +} +?> \ No newline at end of file Index: serendipity_functions.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_functions.inc.php,v retrieving revision 1.423 retrieving revision 1.424 diff -u -d -r1.423 -r1.424 --- serendipity_functions.inc.php 14 Sep 2004 10:47:26 -0000 1.423 +++ serendipity_functions.inc.php 14 Sep 2004 12:56:08 -0000 1.424 @@ -650,15 +650,15 @@ } } elseif (is_array($range) && count($range)==2) { - $startts = $range[0]; - $endts = $range[1]; + $startts = (int)$range[0]; + $endts = (int)$range[1]; $and = " WHERE timestamp >= $startts AND timestamp <= $endts"; } else { if ($modified_since) { $unix_modified = strtotime($modified_since); if ($unix_modified != -1) { - $and = ' WHERE last_modified >= ' . $unix_modified; + $and = ' WHERE last_modified >= ' . (int)$unix_modified; if (!empty($limit)) { $limit = ($limit > $serendipity['max_fetch_limit'] ? $limit : $serendipity['max_fetch_limit']); } @@ -834,7 +834,7 @@ {$serendipity['dbPrefix']}authors a WHERE a.authorid = e.authorid - AND e.$key LIKE $val + AND e.$key LIKE '" . serendipity_db_escape_string($val) . "' $admin $drafts LIMIT 1"; @@ -858,7 +858,7 @@ $authorid = 'all'; } - if ($authorid != 'all') { + if ($authorid != 'all' && is_numeric($authorid)) { $where = " WHERE (c.authorid = $authorid OR c.authorid = 0) OR a.userlevel < ".$serendipity['serendipityUserlevel']; } else { $where = ''; @@ -1813,7 +1813,7 @@ $sql = "SELECT $pgsql_insert author, email, type FROM {$serendipity['dbPrefix']}comments WHERE entry_id = '". (int)$entry_id ."' - AND email <> '$posterMail' + AND email <> '" . serendipity_db_escape_string($posterMail) . "' AND subscribed = 'true' $mysql_insert"; $subscribers = serendipity_db_query($sql); @@ -1855,7 +1855,7 @@ $sql = "UPDATE {$serendipity['dbPrefix']}comments SET subscribed = 'false' WHERE entry_id = '". (int)$entry_id ."' - AND email = '$email'"; + AND email = '" . serendipity_db_escape_string($email) . "'"; serendipity_db_query($sql); return serendipity_db_affected_rows(); @@ -2671,9 +2671,7 @@ serendipity_purgeEntry($id, $result[0]); serendipity_db_query("DELETE FROM {$serendipity["dbPrefix"]}entries WHERE id=$id"); - serendipity_db_query("DELETE FROM {$serendipity["dbPrefix"]}comments WHERE entry_id=$id"); - serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}references WHERE entry_id='$id'"); } @@ -3123,8 +3121,8 @@ FROM $serendipity[dbPrefix]authors WHERE - username = '$username' - AND password = '$password'"; + username = '" . serendipity_db_escape_string($username) . "' + AND password = '" . serendipity_db_escape_string($password) . "'"; $row = serendipity_db_query($query, true, 'assoc'); if (is_array($row)) { @@ -3176,31 +3174,41 @@ if (rand(0, 100) < 1) { serendipity_track_referrer_gc(); } - if(preg_match('/^mysqli?/', $serendipity['dbType'])) + + if(preg_match('/^mysqli?/', $serendipity['dbType'])) { $interval = 900; - else + } else { $interval = "interval '900'"; + } $suppressq = "SELECT count(1) FROM $serendipity[dbPrefix]suppress - WHERE ip = '$_SERVER[REMOTE_ADDR]' - AND scheme = '$url_parts[scheme]' - AND port = '$url_parts[port]' - AND host = '$url_parts[host]' - AND path = '$url_parts[path]' - AND query = '$url_parts[query]' + WHERE ip = '" . serendipity_db_escape_string($_SERVER['REMOTE_ADDR']) . "' + AND scheme = '" . serendipity_db_escape_string($url_parts['scheme']) . "' + AND port = '" . serendipity_db_escape_string($url_parts['port']) . "' + AND host = '" . serendipity_db_escape_string($url_parts['host']) . "' + AND path = '" . serendipity_db_escape_string($url_parts['path']) . "' + AND query = '" . serendipity_db_escape_string($url_parts['query']) . "' AND last > now() - $interval"; $suppressp = "DELETE FROM $serendipity[dbPrefix]suppress - WHERE ip = '$_SERVER[REMOTE_ADDR]' - AND scheme = '$url_parts[scheme]' - AND host = '$url_parts[host]' - AND port = '$url_parts[port]' - AND query = '$url_parts[query]' - AND path = '$url_parts[path]'"; + WHERE ip = '" . serendipity_db_escape_string($_SERVER['REMOTE_ADDR']) . "' + AND scheme = '" . serendipity_db_escape_string($url_parts['scheme']) . "' + AND host = '" . serendipity_db_escape_string($url_parts['host']) . "' + AND port = '" . serendipity_db_escape_string($url_parts['port']) . "' + AND query = '" . serendipity_db_escape_string($url_parts['query']) . "' + AND path = '" . serendipity_db_escape_string($url_parts['path']) . "'"; $suppressu = "INSERT INTO $serendipity[dbPrefix]suppress (ip, last, scheme, host, port, path, query) - VALUES ('$_SERVER[REMOTE_ADDR]', now(), '$url_parts[scheme]', '$url_parts[host]', '$url_parts[port]', '$url_parts[path]', '$url_parts[query]')"; + VALUES ( + '" . serendipity_db_escape_string($_SERVER['REMOTE_ADDR']) . "', + now(), + '" . serendipity_db_escape_string($url_parts['scheme']) . "', + '" . serendipity_db_escape_string($url_parts['host']) . "', + '" . serendipity_db_escape_string($url_parts['port']) . "', + '" . serendipity_db_escape_string($url_parts['path']) . "', + '" . serendipity_db_escape_string($url_parts['query']) . "' + )"; $count = serendipity_db_query($suppressq, true); @@ -3248,11 +3256,11 @@ $serendipity['dbPrefix'], $list, - $url_parts['scheme'], - $url_parts['host'], - $url_parts['port'], - $url_parts['path'], - $url_parts['query'], + serendipity_db_escape_string($url_parts['scheme']), + serendipity_db_escape_string($url_parts['host']), + serendipity_db_escape_string($url_parts['port']), + serendipity_db_escape_string($url_parts['path']), + serendipity_db_escape_string($url_parts['query']), ($entry_id != 0) ? "AND entry_id = '". (int)$entry_id ."'" : '' ) ); @@ -3266,12 +3274,12 @@ $serendipity['dbPrefix'], $list, - $entry_id, - $url_parts['scheme'], - $url_parts['host'], - $url_parts['port'], - $url_parts['path'], - $url_parts['query'] + (int)$entry_id, + serendipity_db_escape_string($url_parts['scheme']), + serendipity_db_escape_string($url_parts['host']), + serendipity_db_escape_string($url_parts['port']), + serendipity_db_escape_string($url_parts['path']), + serendipity_db_escape_string($url_parts['query']) ) ); } @@ -3424,10 +3432,10 @@ return; } - $query = "DELETE FROM $serendipity[dbPrefix]entrycat WHERE entryid = $postid"; + $query = "DELETE FROM $serendipity[dbPrefix]entrycat WHERE entryid = " . (int)$postid; serendipity_db_query($query); - $query = "INSERT INTO $serendipity[dbPrefix]entrycat (entryid, categoryid) VALUES ($categories[0], $postid)"; + $query = "INSERT INTO $serendipity[dbPrefix]entrycat (entryid, categoryid) VALUES (" . (int)$categories[0] . ", " . (int)$postid . ")"; serendipity_db_query($query); } Index: index.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/index.php,v retrieving revision 1.49 retrieving revision 1.50 diff -u -d -r1.49 -r1.50 --- index.php 24 Aug 2004 17:32:45 -0000 1.49 +++ index.php 14 Sep 2004 12:56:08 -0000 1.50 @@ -114,7 +114,7 @@ } } - $id = $matches[1]; + $id = (int)$matches[1]; serendipity_track_referrer($id); $track_referer = false; @@ -122,8 +122,7 @@ $_GET['serendipity']['action'] = 'read'; $_GET['serendipity']['id'] = $id; - $title = serendipity_db_query("SELECT title FROM {$serendipity['dbPrefix']}entries " . - 'WHERE id=' . serendipity_db_escape_string($id), true); + $title = serendipity_db_query("SELECT title FROM {$serendipity['dbPrefix']}entries WHERE id=$id", true); $title = $title[0]; $serendipity['blogSubTitle'] = $serendipity['blogTitle']; @@ -176,7 +175,7 @@ } else if (preg_match(PAT_CATEGORIES, $uri, $matches) || preg_match('@/(index\.(php|html))?@', $uri) || preg_match('@/(' . preg_quote($serendipity['indexFile']) . ')?@', $uri)) { - + if (count($serendipity['GET']) == 2) { if (isset($matches) && is_array($matches) && isset($matches[1])) { $serendipity['GET']['category'] = $matches[1]; Index: serendipity_functions_config.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_functions_config.inc.php,v retrieving revision 1.10 retrieving revision 1.11 diff -u -d -r1.10 -r1.11 --- serendipity_functions_config.inc.php 30 Aug 2004 09:13:59 -0000 1.10 +++ serendipity_functions_config.inc.php 14 Sep 2004 12:56:08 -0000 1.11 @@ -3,7 +3,7 @@ function serendipity_set_config_var($name, $val, $authorid = 0) { global $serendipity; - serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}config where name='" . serendipity_db_escape_string($name) . "' AND authorid = " . serendipity_db_escape_string($authorid)); + serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}config where name='" . serendipity_db_escape_string($name) . "' AND authorid = " . (int)$authorid); $r = serendipity_db_insert('config', array('name' => $name, 'value' => $val, 'authorid' => $authorid)); $serendipity[$name] = $val; if (is_string($r)) { @@ -27,7 +27,7 @@ function serendipity_get_user_var($name, $authorid, $default) { global $serendipity; - $r = serendipity_db_query("SELECT $name FROM {$serendipity['dbPrefix']}authors WHERE authorid = " . serendipity_db_escape_string($authorid), true); + $r = serendipity_db_query("SELECT $name FROM {$serendipity['dbPrefix']}authors WHERE authorid = " . (int)$authorid, true); if (is_array($r)) { return $r[0]; @@ -64,7 +64,7 @@ break; } - serendipity_db_query("UPDATE {$serendipity['dbPrefix']}authors SET $name = '" . serendipity_db_escape_string($val) . "' WHERE authorid = " . serendipity_db_escape_string($authorid)); + serendipity_db_query("UPDATE {$serendipity['dbPrefix']}authors SET $name = '" . serendipity_db_escape_string($val) . "' WHERE authorid = " . (int)$authorid); if ($copy_to_s9y) { if (isset($user_map_array[$name])) { Index: comment.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/comment.php,v retrieving revision 1.46 retrieving revision 1.47 diff -u -d -r1.46 -r1.47 --- comment.php 13 Sep 2004 20:06:26 -0000 1.46 +++ comment.php 14 Sep 2004 12:56:08 -0000 1.47 @@ -38,12 +38,12 @@ $uri = $_SERVER['REQUEST_URI']; if (isset($_REQUEST['entry_id'])) { - $id = $_REQUEST['entry_id']; + $id = (int)$_REQUEST['entry_id']; } else if ($_REQUEST['amp;entry_id']) { // For possible buggy variable transmission caused by an intermediate CVS-release of s9y - $id = $_REQUEST['amp;entry_id']; + $id = (int)$_REQUEST['amp;entry_id']; } else if (preg_match('@/(\d+)_[^/]*$@', $uri, $matches)) { - $id = $matches[1]; + $id = (int)$matches[1]; } if ($tb_logging) { @@ -76,7 +76,7 @@ report_pingback_failure(); } } else { - $id = (!empty($serendipity['POST']['entry_id']) ? $serendipity['POST']['entry_id'] : $serendipity['GET']['entry_id']); + $id = (int)(!empty($serendipity['POST']['entry_id']) ? $serendipity['POST']['entry_id'] : $serendipity['GET']['entry_id']); $html_header = ''; @@ -125,7 +125,7 @@ ?> <div class="serendipity_commentsTitle"><?php echo COMMENTS; ?></div> <?php - $query = "SELECT allow_comments, moderate_comments FROM {$serendipity['dbPrefix']}entries WHERE id = '$id'"; + $query = "SELECT allow_comments, moderate_comments FROM {$serendipity['dbPrefix']}entries WHERE id = '" . $id . "'"; $ca = serendipity_db_query($query, true); serendipity_printComments(serendipity_fetchComments($id), (isset($ca['allow_comments']) ? $ca['allow_comments'] : true)); |
|
From: Garvin H. <gar...@us...> - 2004-09-14 12:56:19
|
Update of /cvsroot/php-blog/serendipity/plugins/serendipity_event_karma In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18512/plugins/serendipity_event_karma Modified Files: serendipity_event_karma.php Log Message: fixed some more potential sql issues, beautify. Index: serendipity_event_karma.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/plugins/serendipity_event_karma/serendipity_event_karma.php,v retrieving revision 1.14 retrieving revision 1.15 diff -u -d -r1.14 -r1.15 --- serendipity_event_karma.php 31 Aug 2004 12:52:56 -0000 1.14 +++ serendipity_event_karma.php 14 Sep 2004 12:56:10 -0000 1.15 @@ -518,7 +518,7 @@ . PLUGIN_KARMA_CURRENT . ($track_clicks == 'true' ? PLUGIN_KARMA_VISITSCOUNT : '') . '</div>'; if ($addData['extended']) { - $entryid = serendipity_db_escape_string($eventData[0]['id']); + $entryid = (int)serendipity_db_escape_string($eventData[0]['id']); if ($track_clicks) { $sql = serendipity_db_query('UPDATE ' . $serendipity['dbPrefix'] . 'karma SET visits = visits + 1 WHERE entryid = ' . $entryid, true); @@ -561,7 +561,7 @@ // Get all existing entry IDs $entries = array(); for ($i = 0; $i < $elements; $i++) { - $entries[] = $eventData[$i]['id']; + $entries[] = (int)$eventData[$i]['id']; } // Fetch votes for all entry IDs. Store them in an array for later usage. |
|
From: Garvin H. <gar...@us...> - 2004-09-14 12:56:18
|
Update of /cvsroot/php-blog/serendipity/plugins/serendipity_plugin_shoutbox In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18512/plugins/serendipity_plugin_shoutbox Modified Files: serendipity_plugin_shoutbox.php Log Message: fixed some more potential sql issues, beautify. Index: serendipity_plugin_shoutbox.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/plugins/serendipity_plugin_shoutbox/serendipity_plugin_shoutbox.php,v retrieving revision 1.10 retrieving revision 1.11 diff -u -d -r1.10 -r1.11 --- serendipity_plugin_shoutbox.php 22 Jun 2004 13:45:49 -0000 1.10 +++ serendipity_plugin_shoutbox.php 14 Sep 2004 12:56:09 -0000 1.11 @@ -123,7 +123,7 @@ $serendipity['dbPrefix'], time(), - $_SERVER['REMOTE_ADDR'], + serendipity_db_escape_string($_SERVER['REMOTE_ADDR']), serendipity_db_escape_string($_REQUEST['serendipity']['shouttext'])); serendipity_db_query($sql); } @@ -133,7 +133,7 @@ WHERE id = %d LIMIT 1", $serendipity['dbPrefix'], - $serendipity['GET']['comment_id']); + (int)$serendipity['GET']['comment_id']); serendipity_db_query($sql); } |
|
From: Garvin H. <gar...@us...> - 2004-09-14 10:47:37
|
Update of /cvsroot/php-blog/serendipity In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv27659 Modified Files: NEWS serendipity_admin_comments.inc.php serendipity_functions.inc.php Log Message: * Updated english language file with propositions by Jason Levitt * fixed pgsql issues with comments and quicksearch by Mauri Sahlberg Index: NEWS =================================================================== RCS file: /cvsroot/php-blog/serendipity/NEWS,v retrieving revision 1.215 retrieving revision 1.216 diff -u -d -r1.215 -r1.216 --- NEWS 10 Sep 2004 15:13:10 -0000 1.215 +++ NEWS 14 Sep 2004 10:47:26 -0000 1.216 @@ -3,9 +3,11 @@ Version 0.7 () ------------------------------------------------------------------------ + * Fixed postgreSQL quicksearch, thanks to Mauri Sahlberg! + * Added Norwegian translations, thanks to Jo Christian - * Fixed postgresql bug for viewing comment moderation panel + * Fixed postgreSQL bugs for viewing comment moderation panel (garvinhicking) * Fixed postgresql bug for fetching the last entry id. Will fix bug Index: serendipity_functions.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_functions.inc.php,v retrieving revision 1.422 retrieving revision 1.423 diff -u -d -r1.422 -r1.423 --- serendipity_functions.inc.php 13 Sep 2004 20:40:39 -0000 1.422 +++ serendipity_functions.inc.php 14 Sep 2004 10:47:26 -0000 1.423 @@ -912,12 +912,15 @@ function serendipity_searchEntries($term) { global $serendipity; + $term = serendipity_db_escape_string($term); if (strtolower($serendipity['dbType']) == 'postgres') { - $group = ''; - $distinct = 'DISTINCT'; + $group = ''; + $distinct = 'DISTINCT'; + $find_part = "(title~'$term' OR body~'$term' OR extended~'$term')"; } else { - $group = 'GROUP BY e.id'; - $distinct = ''; + $group = 'GROUP BY e.id'; + $distinct = ''; + $find_part = "MATCH(title,body,extended) AGAINST('$term')"; } $querystring = "SELECT $distinct @@ -940,7 +943,7 @@ WHERE a.authorid = e.authorid AND e.id = ec.entryid - AND MATCH (title,body,extended) AGAINST ('" . serendipity_db_escape_string($term) . "') + AND $find_part AND isdraft = 'false' AND timestamp <= " . time() . " $group @@ -2498,8 +2501,8 @@ $locations[$i] = 'http' . (!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) != 'off' ? 's' : '') . '://' . $_SERVER['HTTP_HOST'] . $locations[$i]; } - $query = "SELECT COUNT(id) FROM {$serendipity['dbPrefix']}references - WHERE entry_id = '". (int)$tmpid ."' + $query = "SELECT COUNT(id) FROM {$serendipity['dbPrefix']}references + WHERE entry_id = '". (int)$tmpid ."' AND link = '" . serendipity_db_escape_string($locations[$i]) . "'"; $row = serendipity_db_query($query, true, 'num'); Index: serendipity_admin_comments.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_admin_comments.inc.php,v retrieving revision 1.17 retrieving revision 1.18 diff -u -d -r1.17 -r1.18 --- serendipity_admin_comments.inc.php 9 Sep 2004 11:17:27 -0000 1.17 +++ serendipity_admin_comments.inc.php 14 Sep 2004 10:47:26 -0000 1.18 @@ -115,7 +115,7 @@ /* Paging */ -$sql = serendipity_db_query("SELECT COUNT(*) AS total FROM {$serendipity['dbPrefix']}comments c WHERE c.type = 'normal' ". $and, true); +$sql = serendipity_db_query("SELECT COUNT(*) AS total FROM {$serendipity['dbPrefix']}comments c WHERE c.type = 'NORMAL' ". $and, true); $totalComments = $sql['total']; $pages = ceil($totalComments/$commentsPerPage); |
|
From: Garvin H. <gar...@us...> - 2004-09-14 10:47:36
|
Update of /cvsroot/php-blog/serendipity/lang In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv27659/lang Modified Files: serendipity_lang_en.inc.php Log Message: * Updated english language file with propositions by Jason Levitt * fixed pgsql issues with comments and quicksearch by Mauri Sahlberg Index: serendipity_lang_en.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/lang/serendipity_lang_en.inc.php,v retrieving revision 1.79 retrieving revision 1.80 diff -u -d -r1.79 -r1.80 --- serendipity_lang_en.inc.php 5 Sep 2004 19:31:00 -0000 1.79 +++ serendipity_lang_en.inc.php 14 Sep 2004 10:47:26 -0000 1.80 @@ -20,7 +20,7 @@ @define('SERENDIPITY_ADMIN_SUITE', 'Serendipity Administration Suite'); @define('HAVE_TO_BE_LOGGED_ON', 'You have to be logged in to view this page'); -@define('WRONG_USERNAME_OR_PASSWORD', 'You appear to have entered a wrong username or password'); +@define('WRONG_USERNAME_OR_PASSWORD', 'You appear to have entered an invalid username or password'); @define('APPEARANCE', 'Appearance'); @define('MANAGE_STYLES', 'Manage styles'); @define('CONFIGURE_PLUGINS', 'Configure Plugins'); @@ -107,7 +107,7 @@ @define('NEWSIZE', 'New size: '); @define('RESIZE_BLAHBLAH', '<b>Resize %s</b><p>'); @define('ORIGINAL_SIZE', 'Original size: <i>%sx%s</i> pixel'); -@define('HERE_YOU_CAN_ENTER_BLAHBLAH', '<p>Here you can adjust the images new size. If you want to keep the proportions, just enter one value and press the TAB key, I\'ll automatically calculate the new size so the proportions one value and press the TAB key, I\'ll automatically calculate the new size so the proportions don\'t get messed up:'); +@define('HERE_YOU_CAN_ENTER_BLAHBLAH', '<p>Here, you can adjust the image size. If you want to resize the image proportionally, just enter a value in one of the two boxes and press the TAB key -- I\'ll automatically calculate the new size so the image proportions don\'t get messed up</p>'); @define('QUICKJUMP_CALENDAR', 'QuickJump Calendar'); @define('QUICKSEARCH', 'Quicksearch'); @define('SEARCH_FOR_ENTRY', 'Search for an entry'); @@ -153,11 +153,11 @@ @define('DIRECT_LINK', 'Direct link to this entry'); @define('COMMENT_ADDED', 'Your comment was successfully added. '); @define('COMMENT_ADDED_CLICK', 'Click %shere to return%s to the comments, and %shere to close%s this window.'); -@define('COMMENT_NOT_ADDED', 'Your comment could not be added, because comments for this entry has been disabled. '); +@define('COMMENT_NOT_ADDED', 'Your comment could not be added, because comments for this entry have been disabled. '); @define('COMMENT_NOT_ADDED_CLICK', 'Click %shere to return%s to the comments, and %shere to close%s this window.'); @define('COMMENTS_DISABLE', 'Do not allow comments to this entry'); @define('COMMENTS_ENABLE', 'Allow comments to this entry'); -@define('COMMENTS_CLOSED', 'The author has not allowed comments to this entry'); +@define('COMMENTS_CLOSED', 'The author does not allow comments to this entry'); @define('EMPTY_COMMENT', 'Your comment did not contain anything, please %sgo back%s and try again'); @define('ENTRIES_FOR', 'Entries for %s'); @define('DOCUMENT_NOT_FOUND', 'The document %s was not found.'); @@ -216,8 +216,8 @@ @define('ENTER_NEW_NAME', 'Enter the new name for: '); @define('RESIZING', 'Resizing'); @define('RESIZE_DONE', 'Done (resized %s images).'); -@define('SYNCING', 'Syncronizing the database with the image folder'); -@define('SYNC_DONE', 'Done (Syncronized %s images).'); +@define('SYNCING', 'Synchronizing the database with the image folder'); +@define('SYNC_DONE', 'Done (Synchronized %s images).'); @define('FILE_NOT_FOUND', 'Unable to locate the file entitled <b>%s</b>, maybe it has already been deleted?'); @define('ABORT_NOW', 'Abort now'); @define('REMOTE_FILE_NOT_FOUND', 'File was not located on the remote server, are you sure the URL: <b>%s</b> is correct?'); @@ -226,7 +226,7 @@ @define('WORD_OR', 'Or'); @define('SCALING_IMAGE', 'Scaling %s to %s x %s px'); @define('KEEP_PROPORTIONS', 'Keep proportions'); -@define('REALLY_SCALE_IMAGE', 'Really scale the image? No way back!'); +@define('REALLY_SCALE_IMAGE', 'Really scale the image? This operation cannot be undone!'); @define('TOGGLE_ALL', 'Toggle expand all'); @define('TOGGLE_OPTION', 'Toggle option'); @define('SUBSCRIBE_TO_THIS_ENTRY', 'Subscribe to this entry'); @@ -293,7 +293,7 @@ @define('THUMBNAIL_SHORT', 'Thumb'); @define('ORIGINAL_SHORT', 'Orig.'); @define('SYNDICATION_PLUGIN_PREVENT_CACHE', 'Prevent HTTP caching'); -@define('SYNDICATION_PLUGIN_PREVENT_CACHE_DESC', 'If set to "true" this will suggest the link to your RSS feed to not allow clients the bandwidth saving caching of RSS feed request. It is suggested to set this to "false".'); +@define('SYNDICATION_PLUGIN_PREVENT_CACHE_DESC', 'If set to "true", this will modify the link to your RSS feed to NOT include a setting for bandwidth saving caching of RSS feed requests. It is recommended to set this to "false", so that clients can benefit from caching.'); @define('APPLY_MARKUP_TO', 'Apply markup to %s'); @define('CALENDAR_BEGINNING_OF_WEEK', 'Beginning of the week'); @define('SERENDIPITY_NEEDS_UPGRADE', 'Serendipity has detected that your configuration is currently installed with version %s, however serendipity itself is installed as version %s, you need to upgrade! <a href="%s">Click here</a>'); |
|
From: Garvin H. <gar...@us...> - 2004-09-14 10:46:21
|
Update of /cvsroot/php-blog/serendipity In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv27464 Modified Files: Tag: branch-smarty NEWS serendipity_admin_comments.inc.php serendipity_functions.inc.php Log Message: MFH Index: NEWS =================================================================== RCS file: /cvsroot/php-blog/serendipity/NEWS,v retrieving revision 1.214.2.2 retrieving revision 1.214.2.3 diff -u -d -r1.214.2.2 -r1.214.2.3 --- NEWS 14 Sep 2004 10:30:07 -0000 1.214.2.2 +++ NEWS 14 Sep 2004 10:46:10 -0000 1.214.2.3 @@ -8,9 +8,11 @@ Version 0.7 () ------------------------------------------------------------------------ + * Fixed postgreSQL quicksearch, thanks to Mauri Sahlberg! + * Added Norwegian translations, thanks to Jo Christian - * Fixed postgresql bug for viewing comment moderation panel + * Fixed postgreSQL bugs for viewing comment moderation panel (garvinhicking) * Fixed postgresql bug for fetching the last entry id. Will fix bug Index: serendipity_functions.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_functions.inc.php,v retrieving revision 1.419.2.12 retrieving revision 1.419.2.13 diff -u -d -r1.419.2.12 -r1.419.2.13 --- serendipity_functions.inc.php 14 Sep 2004 10:30:07 -0000 1.419.2.12 +++ serendipity_functions.inc.php 14 Sep 2004 10:46:10 -0000 1.419.2.13 @@ -870,12 +870,15 @@ function serendipity_searchEntries($term) { global $serendipity; + $term = serendipity_db_escape_string($term); if (strtolower($serendipity['dbType']) == 'postgres') { - $group = ''; - $distinct = 'DISTINCT'; + $group = ''; + $distinct = 'DISTINCT'; + $find_part = "(title~'$term' OR body~'$term' OR extended~'$term')"; } else { - $group = 'GROUP BY e.id'; - $distinct = ''; + $group = 'GROUP BY e.id'; + $distinct = ''; + $find_part = "MATCH(title,body,extended) AGAINST('$term')"; } $querystring = "SELECT $distinct @@ -898,7 +901,7 @@ WHERE a.authorid = e.authorid AND e.id = ec.entryid - AND MATCH (title,body,extended) AGAINST ('" . serendipity_db_escape_string($term) . "') + AND $find_part AND isdraft = 'false' AND timestamp <= " . time() . " $group @@ -1126,7 +1129,7 @@ $entry['rdf_ident'] = serendipity_archiveURL($entry['id'], $entry['title'], 'baseURL'); $entry['title'] = htmlspecialchars($entry['title']); $entry['commURL'] = serendipity_archiveURL($entry['id'], $entry['title'], 'baseURL', false); - + if (strlen($entry['extended'])) { $entry['has_extended'] = true; } Index: serendipity_admin_comments.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_admin_comments.inc.php,v retrieving revision 1.17 retrieving revision 1.17.2.1 diff -u -d -r1.17 -r1.17.2.1 --- serendipity_admin_comments.inc.php 9 Sep 2004 11:17:27 -0000 1.17 +++ serendipity_admin_comments.inc.php 14 Sep 2004 10:46:10 -0000 1.17.2.1 @@ -115,7 +115,7 @@ /* Paging */ -$sql = serendipity_db_query("SELECT COUNT(*) AS total FROM {$serendipity['dbPrefix']}comments c WHERE c.type = 'normal' ". $and, true); +$sql = serendipity_db_query("SELECT COUNT(*) AS total FROM {$serendipity['dbPrefix']}comments c WHERE c.type = 'NORMAL' ". $and, true); $totalComments = $sql['total']; $pages = ceil($totalComments/$commentsPerPage); |
