[geeklog-cvs] geeklog-1.3/public_html calendar_event.php,1.37,1.38
dhaun at iowaoutdoors.org
dhaun at iowaoutdoors.org
Wed Dec 15 09:55:12 EST 2004
Update of /var/cvs/geeklog-1.3/public_html
In directory www:/tmp/cvs-serv27651
Modified Files:
calendar_event.php
Log Message:
Apply numeric parameter filtering for year / month / day
Index: calendar_event.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/calendar_event.php,v
retrieving revision 1.37
retrieving revision 1.38
diff -C2 -d -r1.37 -r1.38
*** calendar_event.php 11 Dec 2004 14:54:48 -0000 1.37
--- calendar_event.php 15 Dec 2004 14:55:09 -0000 1.38
***************
*** 382,391 ****
$display = '';
! if (isset ($HTTP_POST_VARS['action'])) {
! $action = COM_applyFilter ($HTTP_POST_VARS['action']);
! } else if (isset ($HTTP_GET_VARS['action'])) {
! $action = COM_applyFilter ($HTTP_GET_VARS['action']);
! } else {
! $action = '';
}
--- 382,388 ----
$display = '';
! $action = '';
! if (isset ($_REQUEST['action'])) {
! $action = COM_applyFilter ($_REQUEST['action']);
}
***************
*** 396,400 ****
$display .= COM_siteHeader ();
! $eid = COM_applyFilter ($HTTP_GET_VARS['eid']);
if (!empty ($eid)) {
$display .= adduserevent ($eid);
--- 393,397 ----
$display .= COM_siteHeader ();
! $eid = COM_applyFilter ($_GET['eid']);
if (!empty ($eid)) {
$display .= adduserevent ($eid);
***************
*** 411,415 ****
case 'saveuserevent':
if ($_CONF['personalcalendars'] == 1) {
! $eid = COM_applyFilter ($HTTP_POST_VARS['eid']);
if (!empty ($eid)) {
$display .= saveuserevent ($eid);
--- 408,412 ----
case 'saveuserevent':
if ($_CONF['personalcalendars'] == 1) {
! $eid = COM_applyFilter ($_POST['eid']);
if (!empty ($eid)) {
$display .= saveuserevent ($eid);
***************
*** 426,430 ****
case 'deleteevent':
if ($_CONF['personalcalendars'] == 1) {
! $eid = COM_applyFilter ($HTTP_GET_VARS['eid']);
if (!empty ($eid) && (isset ($_USER['uid']) && ($_USER['uid'] > 1))) {
DB_query ("DELETE FROM {$_TABLES['personal_events']} WHERE uid={$_USER['uid']} AND eid='$eid'");
--- 423,427 ----
case 'deleteevent':
if ($_CONF['personalcalendars'] == 1) {
! $eid = COM_applyFilter ($_GET['eid']);
if (!empty ($eid) && (isset ($_USER['uid']) && ($_USER['uid'] > 1))) {
DB_query ("DELETE FROM {$_TABLES['personal_events']} WHERE uid={$_USER['uid']} AND eid='$eid'");
***************
*** 441,445 ****
case 'edit':
if ($_CONF['personalcalendars'] == 1) {
! $eid = COM_applyFilter ($HTTP_GET_VARS['eid']);
if (!empty ($eid) && (isset ($_USER['uid']) && ($_USER['uid'] > 1))) {
$result = DB_query ("SELECT * FROM {$_TABLES['personal_events']} WHERE (eid = '$eid') AND (uid = {$_USER['uid']})");
--- 438,442 ----
case 'edit':
if ($_CONF['personalcalendars'] == 1) {
! $eid = COM_applyFilter ($_GET['eid']);
if (!empty ($eid) && (isset ($_USER['uid']) && ($_USER['uid'] > 1))) {
$result = DB_query ("SELECT * FROM {$_TABLES['personal_events']} WHERE (eid = '$eid') AND (uid = {$_USER['uid']})");
***************
*** 463,468 ****
default:
! $mode = COM_applyFilter ($HTTP_GET_VARS['mode']);
! $eid = COM_applyFilter ($HTTP_GET_VARS['eid']);
if (!empty ($eid)) {
if (($mode == 'personal') && ($_CONF['personalcalendars'] == 1) &&
--- 460,465 ----
default:
! $mode = COM_applyFilter ($_GET['mode']);
! $eid = COM_applyFilter ($_GET['eid']);
if (!empty ($eid)) {
if (($mode == 'personal') && ($_CONF['personalcalendars'] == 1) &&
***************
*** 483,489 ****
} else {
! $year = COM_applyFilter ($HTTP_GET_VARS['year']);
! $month = COM_applyFilter ($HTTP_GET_VARS['month']);
! $day = COM_applyFilter ($HTTP_GET_VARS['day']);
if (($year == 0) || ($month == 0) || ($day == 0)) {
$year = date ('Y');
--- 480,486 ----
} else {
! $year = COM_applyFilter ($_GET['year'], true);
! $month = COM_applyFilter ($_GET['month'], true);
! $day = COM_applyFilter ($_GET['day'], true);
if (($year == 0) || ($month == 0) || ($day == 0)) {
$year = date ('Y');
More information about the geeklog-cvs
mailing list