[geeklog-cvs] geeklog-1.3/public_html pollbooth.php,1.20,1.21
dhaun at geeklog.net
dhaun at geeklog.net
Sat Oct 11 09:57:59 EDT 2003
Update of /usr/cvs/geeklog/geeklog-1.3/public_html
In directory geeklog_prod:/tmp/cvs-serv4296
Modified Files:
pollbooth.php
Log Message:
Changed to use COM_applyFilter (also applied some additional checks).
Index: pollbooth.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/pollbooth.php,v
retrieving revision 1.20
retrieving revision 1.21
diff -C2 -d -r1.20 -r1.21
*** pollbooth.php 25 Jun 2003 08:39:02 -0000 1.20
--- pollbooth.php 11 Oct 2003 13:57:57 -0000 1.21
***************
*** 39,51 ****
* Saves a user's vote
*
! * Saves the users vote, if allowed for the poll $qid. NOTE
! * all data comes from form post
*
! * @return string HTML for poll results
*
*/
! function pollsave()
{
! global $_TABLES, $qid, $aid, $db, $REMOTE_ADDR, $LANG07;
DB_change($_TABLES['pollquestions'],'voters',"voters + 1",'qid',$qid,'',true);
--- 39,53 ----
* Saves a user's vote
*
! * Saves the users vote, if allowed for the poll $qid.
! * NOTE: all data comes from form post
*
! * @param string $qid poll id
! * @param int $aid selected answer
! * @return string HTML for poll results
*
*/
! function pollsave($qid = '', $aid = 0)
{
! global $_TABLES, $REMOTE_ADDR, $LANG07;
DB_change($_TABLES['pollquestions'],'voters',"voters + 1",'qid',$qid,'',true);
***************
*** 135,163 ****
if ($reply == $LANG01[25]) {
! $display .= COM_refresh($_CONF['site_url'] . "/comment.php?sid=$qid&pid=$pid&type=$type");
! echo $display;
! exit;
}
if (empty($qid)) {
! $display .= COM_siteHeader() . polllist();
! } else if (empty($aid)) {
! $display .= COM_siteHeader();
! if (empty($HTTP_COOKIE_VARS[$qid])) {
! $display .= COM_pollVote($qid);
! } else {
! $display .= COM_pollResults($qid,400,$order,$mode);
! }
! } else if (isset ($HTTP_POST_VARS['aid']) && ($HTTP_POST_VARS['aid'] > 0) &&
empty($HTTP_COOKIE_VARS[$qid])) {
- $aid = $HTTP_POST_VARS['aid'];
setcookie ($qid, $aid, time() + $_CONF['pollcookietime'],
$_CONF['cookie_path'], $_CONF['cookiedomain'],
$_CONF['cookiesecure']);
! $display .= COM_siteHeader() . pollsave();
} else {
! $display .= COM_siteHeader()
! .COM_pollResults($qid,400,$order,$mode);
}
$display .= COM_siteFooter();
echo $display;
--- 137,181 ----
if ($reply == $LANG01[25]) {
! $display .= COM_refresh($_CONF['site_url'] . "/comment.php?sid=$qid&pid=$pid&type=$type");
! echo $display;
! exit;
! }
!
! if (isset ($HTTP_POST_VARS['qid'])) { // assume we came here through a POST
! $qid = COM_applyFilter ($HTTP_POST_VARS['qid']);
! $aid = COM_applyFilter ($HTTP_POST_VARS['aid'], true);
! $order = COM_applyFilter ($HTTP_POST_VARS['order']);
! $mode = COM_applyFilter ($HTTP_POST_VARS['mode']);
! } else {
! $qid = COM_applyFilter ($HTTP_GET_VARS['qid']);
! $aid = COM_applyFilter ($HTTP_GET_VARS['aid']);
! if ($aid > 0) { // you can't vote with a GET request
! $aid = -1;
! }
! $order = COM_applyFilter ($HTTP_GET_VARS['order']);
! $mode = COM_applyFilter ($HTTP_GET_VARS['mode']);
}
+
if (empty($qid)) {
! $display .= COM_siteHeader() . polllist();
! } else if ($aid == 0) {
! $display .= COM_siteHeader();
! if (empty($HTTP_COOKIE_VARS[$qid])) {
! $display .= COM_pollVote($qid);
! } else {
! $display .= COM_pollResults($qid,400,$order,$mode);
! }
! } else if (($aid > 0) && ($aid <= $_CONF['maxanswers']) &&
empty($HTTP_COOKIE_VARS[$qid])) {
setcookie ($qid, $aid, time() + $_CONF['pollcookietime'],
$_CONF['cookie_path'], $_CONF['cookiedomain'],
$_CONF['cookiesecure']);
! $display .= COM_siteHeader() . pollsave($qid, $aid);
} else {
! $display .= COM_siteHeader()
! . COM_pollResults($qid,400,$order,$mode);
}
$display .= COM_siteFooter();
+
echo $display;
More information about the geeklog-cvs
mailing list