[geeklog-cvs] geeklog-1.3/public_html usersettings.php,1.87,1.88
dhaun at geeklog.net
dhaun at geeklog.net
Sun Feb 1 05:49:14 EST 2004
Update of /usr/cvs/geeklog/geeklog-1.3/public_html
In directory geeklog_prod:/tmp/cvs-serv11914
Modified Files:
usersettings.php
Log Message:
More parameter checking
Index: usersettings.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/usersettings.php,v
retrieving revision 1.87
retrieving revision 1.88
diff -C2 -d -r1.87 -r1.88
*** usersettings.php 31 Jan 2004 19:51:53 -0000 1.87
--- usersettings.php 1 Feb 2004 10:49:12 -0000 1.88
***************
*** 819,825 ****
}
! return COM_refresh ($_CONF['site_url']
! // . '/usersettings.php?mode=edit&msg=5');
! . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=5');
}
}
--- 819,824 ----
}
! return COM_refresh ($_CONF['site_url'] . '/users.php?mode=profile&uid='
! . $_USER['uid'] . '&msg=5');
}
}
***************
*** 833,837 ****
function savepreferences($A)
{
! global $_TABLES, $_CONF, $_USER;
if (isset ($A['noicons']) && ($A['noicons'] == 'on')) {
--- 832,836 ----
function savepreferences($A)
{
! global $_CONF, $_TABLES, $_USER;
if (isset ($A['noicons']) && ($A['noicons'] == 'on')) {
***************
*** 866,911 ****
}
if ($A['maxstories'] < $_CONF['minnews']) {
$A['maxstories'] = $_CONF['minnews'];
}
! unset($tids);
! unset($aids);
! unset($boxes);
! unset($etids);
!
! $TIDS = @array_values($A[$_TABLES['topics']]);
! $AIDS = @array_values($A['selauthors']);
$BOXES = @array_values($A["{$_TABLES['blocks']}"]);
$ETIDS = @array_values($A['etids']);
$tids = '';
! if (sizeof($TIDS) > 0) {
! for ($i = 0; $i < sizeof($TIDS); $i++) {
! $tids .= $TIDS[$i] . ' ';
! }
}
$aids = '';
! if (sizeof($AIDS) > 0) {
! for ($i = 0; $i < sizeof($AIDS); $i++) {
! $aids .= $AIDS[$i] . ' ';
! }
}
$selectedblocks = '';
! if (count($BOXES) > 0) {
! for ($i = 1; $i <= count($BOXES); $i++) {
! $boxes .= current($BOXES);
! if ($i <> count($BOXES)) {
! $boxes .= ',';
! }
! next($BOXES);
! }
$blockresult = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ($boxes)");
! for ($x = 1; $x <= DB_numRows($blockresult); $x++) {
! $row = DB_fetchArray($blockresult);
if ($row['name'] <> 'user_block' AND $row['name'] <> 'admin_block' AND $row['name'] <> 'section_block') {
$selectedblocks .= $row['bid'];
! if ($x <> DB_numRows($blockresult)) {
$selectedblocks .= ' ';
}
--- 865,899 ----
}
+ $A['maxstories'] = COM_applyFilter ($A['maxstories'], true);
if ($A['maxstories'] < $_CONF['minnews']) {
$A['maxstories'] = $_CONF['minnews'];
}
! $TIDS = @array_values($A[$_TABLES['topics']]);
! $AIDS = @array_values($A['selauthors']);
$BOXES = @array_values($A["{$_TABLES['blocks']}"]);
$ETIDS = @array_values($A['etids']);
$tids = '';
! if (sizeof ($TIDS) > 0) {
! $tids = addslashes (implode (' ', $TIDS));
}
+
$aids = '';
! if (sizeof ($AIDS) > 0) {
! $aids = addslashes (implode (' ', $AIDS));
}
$selectedblocks = '';
! if (count ($BOXES) > 0) {
! $boxes = addslashes (implode (',', $BOXES));
!
$blockresult = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ($boxes)");
! $numRows = DB_numRows($blockresult);
! for ($x = 1; $x <= $numRows; $x++) {
! $row = DB_fetchArray ($blockresult);
if ($row['name'] <> 'user_block' AND $row['name'] <> 'admin_block' AND $row['name'] <> 'section_block') {
$selectedblocks .= $row['bid'];
! if ($x <> $numRows) {
$selectedblocks .= ' ';
}
***************
*** 914,928 ****
}
! if (sizeof($ETIDS) > 0) {
! for ($i = 0; $i < sizeof($ETIDS); $i++) {
! $etids .= $ETIDS[$i] . " ";
! }
}
if (!isset ($A['tzid'])) {
$A['tzid'] = '';
}
! // Save theme, when doing so, put in cookie so we can set the user's theme even when they aren't logged in
! DB_query("UPDATE {$_TABLES['users']} SET theme='{$A['theme']}',language='{$A['language']}' WHERE uid = {$_USER['uid']}");
setcookie ($_CONF['cookie_theme'], $A['theme'], time() + 31536000,
$_CONF['cookie_path'], $_CONF['cookiedomain'],
--- 902,929 ----
}
! $etids = '';
! if (sizeof ($ETIDS) > 0) {
! $etids = addslashes (implode (' ', $ETIDS));
}
+
if (!isset ($A['tzid'])) {
$A['tzid'] = '';
}
! $A['theme'] = COM_applyFilter ($A['theme']);
! if (empty ($A['theme'])) {
! $A['theme'] = $_CONF['theme'];
! }
!
! $A['language'] = COM_applyFilter ($A['language']);
! if (empty ($A['language'])) {
! $A['language'] = $_CONF['language'];
! }
!
! // Save theme, when doing so, put in cookie so we can set the user's theme
! // even when they aren't logged in
! $theme = addslashes ($A['theme']);
! $language = addslashes ($A['language']);
! DB_query("UPDATE {$_TABLES['users']} SET theme='$theme',language='$language' WHERE uid = '{$_USER['uid']}'");
setcookie ($_CONF['cookie_theme'], $A['theme'], time() + 31536000,
$_CONF['cookie_path'], $_CONF['cookiedomain'],
***************
*** 932,935 ****
--- 933,938 ----
$_CONF['cookiesecure']);
+ $A['dfid'] = COM_applyFilter ($A['dfid'], true);
+
DB_query("UPDATE {$_TABLES['userprefs']} SET noicons='{$A['noicons']}', willing='{$A['willing']}', dfid='{$A['dfid']}', tzid='{$A['tzid']}', emailfromadmin='{$A['emailfromadmin']}', emailfromuser='{$A['emailfromuser']}', showonline='{$A['showonline']}' WHERE uid='{$_USER['uid']}'");
***************
*** 938,941 ****
--- 941,961 ----
}
DB_save($_TABLES['userindex'],"uid,tids,aids,boxes,noboxes,maxstories,etids","'{$_USER['uid']}','$tids','$aids','$selectedblocks','{$A['noboxes']}',{$A['maxstories']},'$etids'");
+
+ $A['commentmode'] = COM_applyFilter ($A['commentmode']);
+ if (empty ($A['commentmode'])) {
+ $A['commentmode'] = $_CONF['comment_mode'];
+ }
+ $A['commentmode'] = addslashes ($A['commentmode']);
+
+ $A['commentorder'] = COM_applyFilter ($A['commentorder']);
+ if (empty ($A['commentorder'])) {
+ $A['commentorder'] = 'ASC';
+ }
+ $A['commentorder'] = addslashes ($A['commentorder']);
+
+ $A['commentlimit'] = COM_applyFilter ($A['commentlimit'], true);
+ if ($A['commentlimit'] <= 0) {
+ $A['commentlimit'] = $_CONF['comment_limit'];
+ }
DB_save($_TABLES['usercomment'],'uid,commentmode,commentorder,commentlimit',"'{$_USER['uid']}','{$A['commentmode']}','{$A['commentorder']}','{$A['commentlimit']}'");
More information about the geeklog-cvs
mailing list