Menu
▾
▴
[Phpbb-checkins] CVS: phpBB2/admin admin_board.php,1.37,1.38 admin_disallow.php,1.3,1.4 admin_forums.php,1.31,1.32
|
From: Paul S. O. <ps...@us...> - 2001-12-24 13:05:03
|
Update of /cvsroot/phpbb/phpBB2/admin
In directory usw-pr-cvs1:/tmp/cvs-serv12139/admin
Modified Files:
admin_board.php admin_disallow.php admin_forums.php
Log Message:
Updates for the \' issue but fix for bug #496110 in admin_forums (changed names to utilise constants)
Index: admin_board.php
===================================================================
RCS file: /cvsroot/phpbb/phpBB2/admin/admin_board.php,v
retrieving revision 1.37
retrieving revision 1.38
diff -C2 -r1.37 -r1.38
*** admin_board.php 2001/12/17 00:39:47 1.37
--- admin_board.php 2001/12/24 13:05:00 1.38
***************
*** 47,51 ****
{
$sql = "UPDATE " . CONFIG_TABLE . " SET
! config_value = '" . $new[$config_name] . "'
WHERE config_name = '$config_name'";
if( !$db->sql_query($sql) )
--- 47,51 ----
{
$sql = "UPDATE " . CONFIG_TABLE . " SET
! config_value = '" . str_replace("\'", "''", $new[$config_name]) . "'
WHERE config_name = '$config_name'";
if( !$db->sql_query($sql) )
Index: admin_disallow.php
===================================================================
RCS file: /cvsroot/phpbb/phpBB2/admin/admin_disallow.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -r1.3 -r1.4
*** admin_disallow.php 2001/11/24 01:51:35 1.3
--- admin_disallow.php 2001/12/24 13:05:00 1.4
***************
*** 47,51 ****
{
$sql = "INSERT INTO " . DISALLOW_TABLE . " (disallow_username)
! VALUES('" . $disallowed_user . "')";
$result = $db->sql_query( $sql );
if ( !$result )
--- 47,51 ----
{
$sql = "INSERT INTO " . DISALLOW_TABLE . " (disallow_username)
! VALUES('" . str_replace("\'", "''", $disallowed_user) . "')";
$result = $db->sql_query( $sql );
if ( !$result )
Index: admin_forums.php
===================================================================
RCS file: /cvsroot/phpbb/phpBB2/admin/admin_forums.php,v
retrieving revision 1.31
retrieving revision 1.32
diff -C2 -r1.31 -r1.32
*** admin_forums.php 2001/11/29 22:45:13 1.31
--- admin_forums.php 2001/12/24 13:05:00 1.32
***************
*** 254,258 ****
$buttonvalue = $lang['Update'];
! $forum_id = intval($HTTP_GET_VARS['forum_id']);
$row = get_info('forum', $forum_id);
--- 254,258 ----
$buttonvalue = $lang['Update'];
! $forum_id = intval($HTTP_GET_VARS[POST_FORUM_URL]);
$row = get_info('forum', $forum_id);
***************
*** 306,310 ****
);
! $s_hidden_fields = '<input type="hidden" name="mode" value="' . $newmode .'" /><input type="hidden" name="forum_id" value="' . $forum_id . '" />';
$template->assign_vars(array(
--- 306,310 ----
);
! $s_hidden_fields = '<input type="hidden" name="mode" value="' . $newmode .'" /><input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" />';
$template->assign_vars(array(
***************
*** 348,352 ****
$sql = "SELECT MAX(forum_order) AS max_order
FROM " . FORUMS_TABLE . "
! WHERE cat_id = " . intval($HTTP_POST_VARS['cat_id']);
if( !$result = $db->sql_query($sql) )
{
--- 348,352 ----
$sql = "SELECT MAX(forum_order) AS max_order
FROM " . FORUMS_TABLE . "
! WHERE cat_id = " . intval($HTTP_POST_VARS[POST_CAT_URL]);
if( !$result = $db->sql_query($sql) )
{
***************
*** 383,387 ****
// There is no problem having duplicate forum names so we won't check for it.
$sql = "INSERT INTO " . FORUMS_TABLE . " (forum_id, forum_name, cat_id, forum_desc, forum_order, forum_status, prune_enable" . $field_sql . ")
! VALUES ('" . $next_id . "', '" . $HTTP_POST_VARS['forumname'] . "', " . intval($HTTP_POST_VARS['cat_id']) . ", '" . $HTTP_POST_VARS['forumdesc'] . "', $next_order, " . intval($HTTP_POST_VARS['forumstatus']) . ", " . intval($HTTP_POST_VARS['prune_enable']) . $value_sql . ")";
if( !$result = $db->sql_query($sql) )
{
--- 383,387 ----
// There is no problem having duplicate forum names so we won't check for it.
$sql = "INSERT INTO " . FORUMS_TABLE . " (forum_id, forum_name, cat_id, forum_desc, forum_order, forum_status, prune_enable" . $field_sql . ")
! VALUES ('" . $next_id . "', '" . str_replace("\'", "''", $HTTP_POST_VARS['forumname']) . "', " . intval($HTTP_POST_VARS[POST_CAT_URL]) . ", '" . str_replace("\'", "''", $HTTP_POST_VARS['forumdesc']) . "', $next_order, " . intval($HTTP_POST_VARS['forumstatus']) . ", " . intval($HTTP_POST_VARS['prune_enable']) . $value_sql . ")";
if( !$result = $db->sql_query($sql) )
{
***************
*** 393,397 ****
$new_forum_id = $db->sql_nextid();
! if($HTTP_POST_VARS['prune_days'] == "" || $HTTP_POST_VARS['prune_freq'] == "")
{
message_die(GENERAL_MESSAGE, $lang['Set_prune_data']);
--- 393,397 ----
$new_forum_id = $db->sql_nextid();
! if( $HTTP_POST_VARS['prune_days'] == "" || $HTTP_POST_VARS['prune_freq'] == "")
{
message_die(GENERAL_MESSAGE, $lang['Set_prune_data']);
***************
*** 423,428 ****
$sql = "UPDATE " . FORUMS_TABLE . "
! SET forum_name = '" . $HTTP_POST_VARS['forumname'] . "', cat_id = " . intval($HTTP_POST_VARS['cat_id']) . ", forum_desc = '" . $HTTP_POST_VARS['forumdesc'] . "', forum_status = " . intval($HTTP_POST_VARS['forumstatus']) . ", prune_enable = " . intval($HTTP_POST_VARS['prune_enable']) . "
! WHERE forum_id = " . intval($HTTP_POST_VARS['forum_id']);
if( !$result = $db->sql_query($sql) )
{
--- 423,428 ----
$sql = "UPDATE " . FORUMS_TABLE . "
! SET forum_name = '" . str_replace("\'", "''", $HTTP_POST_VARS['forumname']) . "', cat_id = " . intval($HTTP_POST_VARS[POST_CAT_URL]) . ", forum_desc = '" . str_replace("\'", "''", $HTTP_POST_VARS['forumdesc']) . "', forum_status = " . intval($HTTP_POST_VARS['forumstatus']) . ", prune_enable = " . intval($HTTP_POST_VARS['prune_enable']) . "
! WHERE forum_id = " . intval($HTTP_POST_VARS[POST_FORUM_URL]);
if( !$result = $db->sql_query($sql) )
{
***************
*** 430,436 ****
}
! if($HTTP_POST_VARS['prune_enable'] == 1)
{
! if($HTTP_POST_VARS['prune_days'] == "" || $HTTP_POST_VARS['prune_freq'] == "")
{
message_die(GENERAL_MESSAGE, $lang['Set_prune_data']);
--- 430,436 ----
}
! if( $HTTP_POST_VARS['prune_enable'] == 1 )
{
! if( $HTTP_POST_VARS['prune_days'] == "" || $HTTP_POST_VARS['prune_freq'] == "" )
{
message_die(GENERAL_MESSAGE, $lang['Set_prune_data']);
***************
*** 439,443 ****
$sql = "SELECT *
FROM " . PRUNE_TABLE . "
! WHERE forum_id = " . intval($HTTP_POST_VARS['forum_id']);
if( !$result = $db->sql_query($sql) )
{
--- 439,443 ----
$sql = "SELECT *
FROM " . PRUNE_TABLE . "
! WHERE forum_id = " . intval($HTTP_POST_VARS[POST_FORUM_URL]);
if( !$result = $db->sql_query($sql) )
{
***************
*** 449,458 ****
$sql = "UPDATE " . PRUNE_TABLE . "
SET prune_days = " . intval($HTTP_POST_VARS['prune_days']) . ", prune_freq = " . intval($HTTP_POST_VARS['prune_freq']) . "
! WHERE forum_id = " . intval($HTTP_POST_VARS['forum_id']);
}
else
{
$sql = "INSERT INTO " . PRUNE_TABLE . " (forum_id, prune_days, prune_freq)
! VALUES(" . intval($HTTP_POST_VARS['forum_id']) . ", " . intval($HTTP_POST_VARS['prune_days']) . ", " . intval($HTTP_POST_VARS['prune_freq']) . ")";
}
--- 449,458 ----
$sql = "UPDATE " . PRUNE_TABLE . "
SET prune_days = " . intval($HTTP_POST_VARS['prune_days']) . ", prune_freq = " . intval($HTTP_POST_VARS['prune_freq']) . "
! WHERE forum_id = " . intval($HTTP_POST_VARS[POST_FORUM_URL]);
}
else
{
$sql = "INSERT INTO " . PRUNE_TABLE . " (forum_id, prune_days, prune_freq)
! VALUES(" . intval($HTTP_POST_VARS[POST_FORUM_URL]) . ", " . intval($HTTP_POST_VARS['prune_days']) . ", " . intval($HTTP_POST_VARS['prune_freq']) . ")";
}
***************
*** 510,514 ****
$buttonvalue = $lang['Update'];
! $cat_id = intval($HTTP_GET_VARS['cat_id']);
$row = get_info('category', $cat_id);
--- 510,514 ----
$buttonvalue = $lang['Update'];
! $cat_id = intval($HTTP_GET_VARS[POST_CAT_URL]);
$row = get_info('category', $cat_id);
***************
*** 519,523 ****
);
! $s_hidden_fields = '<input type="hidden" name="mode" value="' . $newmode . '" /><input type="hidden" name="cat_id" value="' . $cat_id . '" />';
$template->assign_vars(array(
--- 519,523 ----
);
! $s_hidden_fields = '<input type="hidden" name="mode" value="' . $newmode . '" /><input type="hidden" name="' . POST_CAT_URL . '" value="' . $cat_id . '" />';
$template->assign_vars(array(
***************
*** 539,544 ****
// Modify a category in the DB
$sql = "UPDATE " . CATEGORIES_TABLE . "
! SET cat_title = '" . $HTTP_POST_VARS['cat_title'] . "'
! WHERE cat_id = " . intval($HTTP_POST_VARS['cat_id']);
if( !$result = $db->sql_query($sql) )
{
--- 539,544 ----
// Modify a category in the DB
$sql = "UPDATE " . CATEGORIES_TABLE . "
! SET cat_title = '" . str_replace("\'", "''", $HTTP_POST_VARS['cat_title']) . "'
! WHERE cat_id = " . intval($HTTP_POST_VARS[POST_CAT_URL]);
if( !$result = $db->sql_query($sql) )
{
***************
*** 554,558 ****
case 'deleteforum':
// Show form to delete a forum
! $forum_id = intval($HTTP_GET_VARS['forum_id']);
$select_to = '<select name="to_id">';
--- 554,558 ----
case 'deleteforum':
// Show form to delete a forum
! $forum_id = intval($HTTP_GET_VARS[POST_FORUM_URL]);
$select_to = '<select name="to_id">';
***************
*** 652,656 ****
// Show form to delete a category
//
! $cat_id = intval($HTTP_GET_VARS['cat_id']);
$buttonvalue = $lang['Move_and_Delete'];
--- 652,656 ----
// Show form to delete a category
//
! $cat_id = intval($HTTP_GET_VARS[POST_CAT_URL]);
$buttonvalue = $lang['Move_and_Delete'];
***************
*** 758,762 ****
//
$move = intval($HTTP_GET_VARS['move']);
! $forum_id = intval($HTTP_GET_VARS['forum_id']);
$forum_info = get_info('forum', $forum_id);
--- 758,762 ----
//
$move = intval($HTTP_GET_VARS['move']);
! $forum_id = intval($HTTP_GET_VARS[POST_FORUM_URL]);
$forum_info = get_info('forum', $forum_id);
***************
*** 782,786 ****
//
$move = intval($HTTP_GET_VARS['move']);
! $cat_id = intval($HTTP_GET_VARS['cat_id']);
$sql = "UPDATE " . CATEGORIES_TABLE . "
--- 782,786 ----
//
$move = intval($HTTP_GET_VARS['move']);
! $cat_id = intval($HTTP_GET_VARS[POST_CAT_URL]);
$sql = "UPDATE " . CATEGORIES_TABLE . "
***************
*** 798,802 ****
case 'forum_sync':
! sync('forum', intval($HTTP_GET_VARS['forum_id']));
$show_index = TRUE;
--- 798,802 ----
case 'forum_sync':
! sync('forum', intval($HTTP_GET_VARS[POST_FORUM_URL]));
$show_index = TRUE;
***************
*** 876,884 ****
'CAT_DESC' => $category_rows[$i]['cat_title'],
! 'U_CAT_EDIT' => append_sid("admin_forums.$phpEx?mode=editcat&cat_id=$cat_id"),
! 'U_CAT_DELETE' => append_sid("admin_forums.$phpEx?mode=deletecat&cat_id=$cat_id"),
! 'U_CAT_MOVE_UP' => append_sid("admin_forums.$phpEx?mode=cat_order&move=-15&cat_id=$cat_id"),
! 'U_CAT_MOVE_DOWN' => append_sid("admin_forums.$phpEx?mode=cat_order&move=15&cat_id=$cat_id"),
! 'U_VIEWCAT' => append_sid($phpbb_root_path."index.$phpEx?viewcat=$cat_id"))
);
--- 876,884 ----
'CAT_DESC' => $category_rows[$i]['cat_title'],
! 'U_CAT_EDIT' => append_sid("admin_forums.$phpEx?mode=editcat&" . POST_CAT_URL . "=$cat_id"),
! 'U_CAT_DELETE' => append_sid("admin_forums.$phpEx?mode=deletecat&" . POST_CAT_URL . "=$cat_id"),
! 'U_CAT_MOVE_UP' => append_sid("admin_forums.$phpEx?mode=cat_order&move=-15&" . POST_CAT_URL . "=$cat_id"),
! 'U_CAT_MOVE_DOWN' => append_sid("admin_forums.$phpEx?mode=cat_order&move=15&" . POST_CAT_URL . "=$cat_id"),
! 'U_VIEWCAT' => append_sid($phpbb_root_path."index.$phpEx?" . POST_CAT_URL . "=$cat_id"))
);
***************
*** 897,906 ****
'NUM_POSTS' => $forum_rows[$j]['forum_posts'],
! 'U_VIEWFORUM' => append_sid($phpbb_root_path."viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id&" . $forum_rows[$j]['forum_posts']),
! 'U_FORUM_EDIT' => append_sid("admin_forums.$phpEx?mode=editforum&forum_id=$forum_id"),
! 'U_FORUM_DELETE' => append_sid("admin_forums.$phpEx?mode=deleteforum&forum_id=$forum_id"),
! 'U_FORUM_MOVE_UP' => append_sid("admin_forums.$phpEx?mode=forum_order&move=-15&forum_id=$forum_id"),
! 'U_FORUM_MOVE_DOWN' => append_sid("admin_forums.$phpEx?mode=forum_order&move=15&forum_id=$forum_id"),
! 'U_FORUM_RESYNC' => append_sid("admin_forums.$phpEx?mode=forum_sync&forum_id=$forum_id"))
);
--- 897,906 ----
'NUM_POSTS' => $forum_rows[$j]['forum_posts'],
! 'U_VIEWFORUM' => append_sid($phpbb_root_path."viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id"),
! 'U_FORUM_EDIT' => append_sid("admin_forums.$phpEx?mode=editforum&" . POST_FORUM_URL . "=$forum_id"),
! 'U_FORUM_DELETE' => append_sid("admin_forums.$phpEx?mode=deleteforum&" . POST_FORUM_URL . "=$forum_id"),
! 'U_FORUM_MOVE_UP' => append_sid("admin_forums.$phpEx?mode=forum_order&move=-15&" . POST_FORUM_URL . "=$forum_id"),
! 'U_FORUM_MOVE_DOWN' => append_sid("admin_forums.$phpEx?mode=forum_order&move=15&" . POST_FORUM_URL . "=$forum_id"),
! 'U_FORUM_RESYNC' => append_sid("admin_forums.$phpEx?mode=forum_sync&" . POST_FORUM_URL . "=$forum_id"))
);
***************
*** 917,919 ****
include('page_footer_admin.'.$phpEx);
! ?>
--- 917,919 ----
include('page_footer_admin.'.$phpEx);
! ?>
\ No newline at end of file
|
