[geeklog-cvs] Geeklog-1.x/public_html/links index.php,1.27,1.28
Dirk Haun
dhaun at qs1489.pair.com
Mon Dec 31 12:56:55 EST 2007
Update of /cvsroot/geeklog/Geeklog-1.x/public_html/links
In directory qs1489.pair.com:/tmp/cvs-serv48568/public_html/links
Modified Files:
index.php
Log Message:
A bunch of changes to properly handle single quotes and such in categories
Index: index.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/links/index.php,v
retrieving revision 1.27
retrieving revision 1.28
diff -C2 -d -r1.27 -r1.28
*** index.php 31 Dec 2007 13:23:55 -0000 1.27
--- index.php 31 Dec 2007 17:56:53 -0000 1.28
***************
*** 70,77 ****
$display = '';
if (isset($_GET['category'])) {
! $cid = strip_tags (COM_stripslashes ($_GET['category']));
} elseif (isset($_POST['category'])) {
! $cid = strip_tags (COM_stripslashes ($_POST['category']));
}
$page = 0;
if (isset ($_GET['page'])) {
--- 70,78 ----
$display = '';
if (isset($_GET['category'])) {
! $cid = strip_tags(COM_stripslashes($_GET['category']));
} elseif (isset($_POST['category'])) {
! $cid = strip_tags(COM_stripslashes($_POST['category']));
}
+ $cat = addslashes($cid);
$page = 0;
if (isset ($_GET['page'])) {
***************
*** 82,86 ****
}
! if (empty ($cid)) {
if ($page > 1) {
$page_title = sprintf ($LANG_LINKS[114] . ' (%d)', $page);
--- 83,87 ----
}
! if (empty($cid)) {
if ($page > 1) {
$page_title = sprintf ($LANG_LINKS[114] . ' (%d)', $page);
***************
*** 89,94 ****
}
} else {
! $category = DB_getItem ($_TABLES['linkcategories'], 'category',
! "cid='{$cid}'");
if ($page > 1) {
$page_title = sprintf ($LANG_LINKS[114] . ': %s (%d)', $category,
--- 90,95 ----
}
} else {
! $category = DB_getItem($_TABLES['linkcategories'], 'category',
! "cid = '{$cat}'");
if ($page > 1) {
$page_title = sprintf ($LANG_LINKS[114] . ': %s (%d)', $category,
***************
*** 101,105 ****
// Check has access to this category
if ($cid != $_LI_CONF['root']) {
! $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'");
$A = DB_fetchArray($result);
if (SEC_hasAccess ($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) < 2) {
--- 102,106 ----
// Check has access to this category
if ($cid != $_LI_CONF['root']) {
! $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$cat}'");
$A = DB_fetchArray($result);
if (SEC_hasAccess ($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) < 2) {
***************
*** 135,139 ****
// Create breadcrumb trail
! $linklist->set_var('breadcrumbs', links_breadcrumbs ($_LI_CONF['root'], $cid));
// Set dropdown for category jump
--- 136,140 ----
// Create breadcrumb trail
! $linklist->set_var('breadcrumbs', links_breadcrumbs($_LI_CONF['root'], $cid));
// Set dropdown for category jump
***************
*** 143,150 ****
if ($_LI_CONF['linkcols'] > 0) {
// Show categories
! $sql = "SELECT cid,pid,category,description FROM {$_TABLES['linkcategories']} WHERE pid='{$cid}'";
// check if we are using the multilanguage hack
if ($_LI_CONF['enable_multilingual_links']) {
! $sql .= COM_getLangSQL('cid','AND');
}
$sql .= COM_getPermSQL('AND') . " ORDER BY category";
--- 144,151 ----
if ($_LI_CONF['linkcols'] > 0) {
// Show categories
! $sql = "SELECT cid,pid,category,description FROM {$_TABLES['linkcategories']} WHERE pid='{$cat}'";
// check if we are using the multilanguage hack
if ($_LI_CONF['enable_multilingual_links']) {
! $sql .= COM_getLangSQL('cid', 'AND');
}
$sql .= COM_getPermSQL('AND') . " ORDER BY category";
***************
*** 154,164 ****
$linklist->set_var ('lang_categories', $LANG_LINKS_ADMIN[14]);
for ($i = 1; $i <= $nrows; $i++) {
! $C = DB_fetchArray ($result);
// Get number of child links user can see in this category
! $result1 = DB_query ("SELECT COUNT(*) AS count FROM {$_TABLES['links']} WHERE cid='{$C['cid']}'" . COM_getPermSQL ('AND'));
! $D = DB_fetchArray ($result1);
// Get number of child categories user can see in this category
! $result2 = DB_query ("SELECT COUNT(*) AS count FROM {$_TABLES['linkcategories']} WHERE pid='{$C['cid']}'" . COM_getPermSQL ('AND'));
$E = DB_fetchArray($result2);
--- 155,166 ----
$linklist->set_var ('lang_categories', $LANG_LINKS_ADMIN[14]);
for ($i = 1; $i <= $nrows; $i++) {
! $C = DB_fetchArray($result);
// Get number of child links user can see in this category
! $ccid = addslashes($C['cid']);
! $result1 = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['links']} WHERE cid='{$ccid}'" . COM_getPermSQL('AND'));
! $D = DB_fetchArray($result1);
// Get number of child categories user can see in this category
! $result2 = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['linkcategories']} WHERE pid='{$ccid}'" . COM_getPermSQL('AND'));
$E = DB_fetchArray($result2);
***************
*** 190,194 ****
$linklist->set_var ('category_count', $display_count);
$linklist->set_var ('width', floor (100 / $_LI_CONF['linkcols']));
! if (!empty ($cid) && ($cid == $C['cid'])) {
$linklist->parse ('category_col', 'actcol', true);
} else {
--- 192,196 ----
$linklist->set_var ('category_count', $display_count);
$linklist->set_var ('width', floor (100 / $_LI_CONF['linkcols']));
! if (!empty($cid) && ($cid == $C['cid'])) {
$linklist->parse ('category_col', 'actcol', true);
} else {
***************
*** 221,226 ****
$from_where = " FROM {$_TABLES['links']}";
if ($_LI_CONF['linkcols'] > 0) {
! if (!empty ($cid)) {
! $from_where .= " WHERE cid='" . addslashes ($cid) . "'";
} else {
$from_where .= " WHERE cid=''";
--- 223,228 ----
$from_where = " FROM {$_TABLES['links']}";
if ($_LI_CONF['linkcols'] > 0) {
! if (!empty($cid)) {
! $from_where .= " WHERE cid='" . addslashes($cid) . "'";
} else {
$from_where .= " WHERE cid=''";
***************
*** 242,246 ****
$result = DB_query ($sql . $from_where . $order . $limit);
$nrows = DB_numRows ($result);
! COM_errorLog("$nrows, $category, $cid, $page");
if ($nrows == 0) {
if (($cid == $_LI_CONF['root']) && ($page <= 1) && $_LI_CONF['show_top10']) {
--- 244,248 ----
$result = DB_query ($sql . $from_where . $order . $limit);
$nrows = DB_numRows ($result);
!
if ($nrows == 0) {
if (($cid == $_LI_CONF['root']) && ($page <= 1) && $_LI_CONF['show_top10']) {
***************
*** 263,276 ****
// Get current category name
$currentcategory = DB_getItem($_TABLES['linkcategories'], 'category',
! "cid='{$cid}'");
! $linklist->set_var ('link_category', $currentcategory);
! $linklist->set_var ('link_details', '');
for ($i = 0; $i < $nrows; $i++) {
! $A = DB_fetchArray ($result);
! prepare_link_item ($A, $linklist);
! $linklist->parse ('link_details', 'link', true);
}
! $linklist->parse ('category_links', 'catlinks', true);
$result = DB_query ('SELECT COUNT(*) AS count ' . $from_where);
--- 265,278 ----
// Get current category name
$currentcategory = DB_getItem($_TABLES['linkcategories'], 'category',
! "cid = '{$cat}'");
! $linklist->set_var('link_category', $currentcategory);
! $linklist->set_var('link_details', '');
for ($i = 0; $i < $nrows; $i++) {
! $A = DB_fetchArray($result);
! prepare_link_item($A, $linklist);
! $linklist->parse('link_details', 'link', true);
}
! $linklist->parse('category_links', 'catlinks', true);
$result = DB_query ('SELECT COUNT(*) AS count ' . $from_where);
***************
*** 284,288 ****
}
if ($pages > 0) {
! if (($_LI_CONF['linkcols'] > 0) && isset ($currentcategory)) {
$catlink = '?category=' . urlencode ($currentcategory);
} else {
--- 286,290 ----
}
if ($pages > 0) {
! if (($_LI_CONF['linkcols'] > 0) && isset($currentcategory)) {
$catlink = '?category=' . urlencode ($currentcategory);
} else {
More information about the geeklog-cvs
mailing list