Update of /cvsroot/php-blog/serendipity/include/admin
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv567
Modified Files:
category.inc.php
Log Message:
- Also return error when you edit the name of a category to something that already exist
- Add a lot of htmlspecialchars()
Index: category.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/include/admin/category.inc.php,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- category.inc.php 3 Jan 2005 19:25:25 -0000 1.7
+++ category.inc.php 3 Jan 2005 19:36:44 -0000 1.8
@@ -24,10 +24,11 @@
*/
}
- /* Check to see if category already exist */
- $sql = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}category WHERE category_name = '". serendipity_db_escape_string($name) ."'", true);
+ /* Check to see if a category with the same name, already exist */
+ $sql = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}category
+ WHERE category_name = '". serendipity_db_escape_string($name) ."'", true);
if ( $sql ) {
- echo '<div class="serendipityAdminMsgError">'. sprintf(CATEGORY_ALREADY_EXIST, $name) .'</div>';
+ echo '<div class="serendipityAdminMsgError">'. sprintf(CATEGORY_ALREADY_EXIST, htmlspecialchars($name)) .'</div>';
} else {
$query = "INSERT INTO {$serendipity['dbPrefix']}category
(category_name, category_description, authorid, category_icon, parentid, category_left, category_right)
@@ -38,16 +39,33 @@
} elseif ($serendipity['GET']['adminAction'] == 'edit') {
-
- /* Check to make sure parent is not a child of self */
- $r = serendipity_db_query("SELECT categoryid FROM {$serendipity['dbPrefix']}category c WHERE c.categoryid={$parentid} AND c.category_left BETWEEN " . implode(' AND ', serendipity_fetchCategoryRange((int)$serendipity['GET']['cid'])));
- if ( !is_array($r) ) {
- $query = "UPDATE {$serendipity['dbPrefix']}category SET category_name='$name', category_description='$desc', authorid=$authorid, category_icon='$icon', parentid=$parentid WHERE categoryid=". (int)$serendipity['GET']['cid'] ." $admin_category";
- serendipity_db_query($query);
- echo '<div class="serendipityAdminMsgSuccess">'. CATEGORY_SAVED .'</div>';
+ /* Check to see if a category with the same name, already exist */
+ $sql = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}category
+ WHERE category_name = '". serendipity_db_escape_string($name) ."'
+ AND categoryid <> ". (int)$serendipity['GET']['cid'], true);
+ if ( $sql ) {
+ echo '<div class="serendipityAdminMsgError">'. sprintf(CATEGORY_ALREADY_EXIST, htmlspecialchars($name)) .'</div>';
} else {
- $r = serendipity_db_query("SELECT category_name FROM {$serendipity['dbPrefix']}category WHERE categoryid={$parentid}");
- $msg = sprintf(ALREADY_SUBCATEGORY, $r[0]['category_name'], $name);
+ /* Check to make sure parent is not a child of self */
+ $r = serendipity_db_query("SELECT categoryid FROM {$serendipity['dbPrefix']}category c
+ WHERE c.categoryid = ". (int)$parentid ."
+ AND c.category_left BETWEEN " . implode(' AND ', serendipity_fetchCategoryRange((int)$serendipity['GET']['cid'])));
+ if ( is_array($r) ) {
+ $r = serendipity_db_query("SELECT category_name FROM {$serendipity['dbPrefix']}category
+ WHERE categoryid = ". (int)$parentid);
+ echo sprintf(ALREADY_SUBCATEGORY, htmlspecialchars($r[0]['category_name']), htmlspecialchars($name));
+ } else {
+ $query = "UPDATE {$serendipity['dbPrefix']}category
+ SET category_name = '". serendipity_db_escape_string($name) ."',
+ category_description = '". serendipity_db_escape_string($desc) ."',
+ authorid = ". (int)$authorid .",
+ category_icon = '". serendipity_db_escape_string($icon) ."',
+ parentid = ". (int)$parentid ."
+ WHERE categoryid = ". (int)$serendipity['GET']['cid'] ."
+ $admin_category";
+ serendipity_db_query($query);
+ echo '<div class="serendipityAdminMsgSuccess">'. CATEGORY_SAVED .'</div>';
+ }
}
}
@@ -204,8 +222,8 @@
<td width="16"><a href="?serendipity[adminModule]=category&serendipity[adminAction]=edit&serendipity[cid]=<?php echo $category['categoryid'] ?>"><img src="<?php echo serendipity_getTemplateFile('admin/img/edit.png') ?>" border="0" alt="<?php echo EDIT ?>" /></a></td>
<td width="16"><a href="?serendipity[adminModule]=category&serendipity[adminAction]=delete&serendipity[cid]=<?php echo $category['categoryid'] ?>"><img src="<?php echo serendipity_getTemplateFile('admin/img/delete.png') ?>" border="0" alt="<?php echo DELETE ?>" /></a></td>
<td width="16"><?php if ( !empty($category['category_icon']) ) {?><img src="<?php echo serendipity_getTemplateFile('admin/img/thumbnail.png') ?>" alt="" /><?php } else echo ' ' ?></td>
- <td width="300" style="padding-left: <?php echo ($category['depth']*15)+20 ?>px"><img src="<?php echo serendipity_getTemplateFile('admin/img/folder.png') ?>" style="vertical-align: bottom;"> <?php echo $category['category_name'] ?></td>
- <td><?php echo $category['category_description'] ?></td>
+ <td width="300" style="padding-left: <?php echo ($category['depth']*15)+20 ?>px"><img src="<?php echo serendipity_getTemplateFile('admin/img/folder.png') ?>" style="vertical-align: bottom;"> <?php echo htmlspecialchars($category['category_name']) ?></td>
+ <td><?php echo htmlspecialchars($category['category_description']) ?></td>
<td align="right"><?php echo ($category['authorid'] == '0' ? ALL_AUTHORS : $category['username']); ?></td>
</tr>
<?php }
|
