[geeklog-cvs] Geeklog-1.x/plugins/links functions.inc,1.95,1.96
Dirk Haun
dhaun at qs1489.pair.com
Mon Dec 31 12:56:55 EST 2007
Update of /cvsroot/geeklog/Geeklog-1.x/plugins/links
In directory qs1489.pair.com:/tmp/cvs-serv48568/plugins/links
Modified Files:
functions.inc
Log Message:
A bunch of changes to properly handle single quotes and such in categories
Index: functions.inc
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/plugins/links/functions.inc,v
retrieving revision 1.95
retrieving revision 1.96
diff -C2 -d -r1.95 -r1.96
*** functions.inc 31 Dec 2007 12:27:09 -0000 1.95
--- functions.inc 31 Dec 2007 17:56:52 -0000 1.96
***************
*** 641,649 ****
*
*/
! function links_buildSql ($cid, $limits)
{
$where = '';
if ($cid != 'all') {
! $where = "cid='" . $cid . "'";
}
--- 641,649 ----
*
*/
! function links_buildSql($cid, $limits)
{
$where = '';
if ($cid != 'all') {
! $where = "cid='" . addslashes($cid) . "'";
}
***************
*** 775,780 ****
for ($i = 1; $i <= $nrows; $i++) {
$A = DB_fetchArray($result);
! $category = $A['category'];
! $cid = COM_makeSID ();
DB_query ("INSERT INTO {$_TABLES['linkcategories']} (cid,pid,category,owner_id,group_id,created,modified) VALUES ('{$cid}','{$_LI_CONF['root']}','{$category}','2','{$group_id}',NOW(),NOW())",1);
DB_query ("UPDATE {$_TABLES['links']} SET category='{$cid}' WHERE category='{$category}'",1);
--- 775,780 ----
for ($i = 1; $i <= $nrows; $i++) {
$A = DB_fetchArray($result);
! $category = addslashes($A['category']);
! $cid = addslashes(COM_makeSid());
DB_query ("INSERT INTO {$_TABLES['linkcategories']} (cid,pid,category,owner_id,group_id,created,modified) VALUES ('{$cid}','{$_LI_CONF['root']}','{$category}','2','{$group_id}',NOW(),NOW())",1);
DB_query ("UPDATE {$_TABLES['links']} SET category='{$cid}' WHERE category='{$category}'",1);
***************
*** 1436,1459 ****
{
global $_CONF, $_TABLES;
$sql = "SELECT cid,category
FROM {$_TABLES['linkcategories']}
! WHERE (pid='{$cid}') " . COM_getPermSQL('AND',0,$access) . "
ORDER BY category";
! $query = DB_QUERY($sql);
! while ( list($cid,$category) = DB_fetchArray($query) ) {
// set selected item
if ($cid == $sel) {
// yes, selected
! $menu .= '<option value="'.$cid.'" selected="selected">'.$indent.$category.'</option>';
} else {
// no, not selected
! $menu .= '<option value="'.$cid.'">'.$indent.$category.'</option>';
}
// Check and see if this category has any sub categories
! if (DB_count($_TABLES['linkcategories'], 'pid', $cid) > 0) {
// yes, call self
! $dum = links_select_box_recursive ($menu,$cid,$sel,$indent.' ',$access);
}
}
return $menu;
}
--- 1436,1465 ----
{
global $_CONF, $_TABLES;
+
+ $cat = addslashes($cid);
$sql = "SELECT cid,category
FROM {$_TABLES['linkcategories']}
! WHERE (pid='{$cat}') " . COM_getPermSQL('AND', 0, $access) . "
ORDER BY category";
! $query = DB_query($sql);
! while (list($cid, $category) = DB_fetchArray($query)) {
// set selected item
if ($cid == $sel) {
// yes, selected
! $menu .= '<option value="' . $cid . '" selected="selected">'
! . $indent . $category . '</option>';
} else {
// no, not selected
! $menu .= '<option value="' . $cid. '">' . $indent . $category
! . '</option>';
}
// Check and see if this category has any sub categories
! if (DB_count($_TABLES['linkcategories'], 'pid', addslashes($cid)) > 0) {
// yes, call self
! $dum = links_select_box_recursive ($menu, $cid, $sel,
! $indent . ' ', $access);
}
}
+
return $menu;
}
***************
*** 1473,1481 ****
$separator = ' : ';
$c = $cid;
$pid = '';
if ($root != $cid) {
while ($pid != $root) {
! $parent = DB_query("SELECT cid,pid,category FROM {$_TABLES['linkcategories']} WHERE cid='{$c}'");
$A = DB_fetchArray($parent);
if ($cid != $c) {
--- 1479,1488 ----
$separator = ' : ';
+ $cat = addslashes($cid);
$c = $cid;
$pid = '';
if ($root != $cid) {
while ($pid != $root) {
! $parent = DB_query("SELECT cid,pid,category FROM {$_TABLES['linkcategories']} WHERE cid='{$cat}'");
$A = DB_fetchArray($parent);
if ($cid != $c) {
***************
*** 1488,1491 ****
--- 1495,1499 ----
$pid = $A['pid'];
$c = $A['pid'];
+ $cat = addslashes($c);
}
}
More information about the geeklog-cvs
mailing list