[geeklog-cvs] Geeklog-1.x/public_html/admin/plugins/links category.php, 1.12, 1.13
Dirk Haun
dhaun at qs1489.pair.com
Mon Dec 31 12:56:55 EST 2007
Update of /cvsroot/geeklog/Geeklog-1.x/public_html/admin/plugins/links
In directory qs1489.pair.com:/tmp/cvs-serv48568/public_html/admin/plugins/links
Modified Files:
category.php
Log Message:
A bunch of changes to properly handle single quotes and such in categories
Index: category.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/admin/plugins/links/category.php,v
retrieving revision 1.12
retrieving revision 1.13
diff -C2 -d -r1.12 -r1.13
*** category.php 31 Dec 2007 12:27:09 -0000 1.12
--- category.php 31 Dec 2007 17:56:53 -0000 1.13
***************
*** 124,127 ****
--- 124,128 ----
$indent = $indent + 1;
+ $cid = addslashes($cid);
// get all children of present category
***************
*** 140,144 ****
$A['indent'] = $indent;
$data_arr[] = $A;
! if (DB_count($_TABLES['linkcategories'], 'pid', $A['cid']) > 0) {
$data_arr = links_list_categories_recursive($data_arr, $A['cid'], $indent);
}
--- 141,145 ----
$A['indent'] = $indent;
$data_arr[] = $A;
! if (DB_count($_TABLES['linkcategories'], 'pid', addslashes($A['cid'])) > 0) {
$data_arr = links_list_categories_recursive($data_arr, $A['cid'], $indent);
}
***************
*** 150,154 ****
-
// Returns form to create a new category or edit an existing one
--- 151,154 ----
***************
*** 160,163 ****
--- 160,166 ----
$retval = '';
+ $cid = addslashes($cid);
+ $pid = addslashes($pid);
+
if (!empty($pid)) {
// have parent id, so making a new subcategory
***************
*** 274,278 ****
-
/*
* Save changes to category information
--- 277,280 ----
***************
*** 290,296 ****
}
// clean 'em up
! $description = addslashes (COM_checkHTML (COM_checkWords ($description)));
! $category = addslashes (COM_checkHTML (COM_checkWords ($category)));
if (empty($category) || empty($description)) {
--- 292,306 ----
}
+ // Check cid to make sure not illegal
+ if (($cid == $_LI_CONF['root']) || ($cid == 'user')) {
+ return 11;
+ }
+
// clean 'em up
! $description = addslashes (COM_checkHTML(COM_checkWords($description)));
! $category = addslashes (COM_checkHTML(COM_checkWords($category)));
! $pid = addslashes(strip_tags($pid));
! $cid = addslashes(strip_tags($cid));
! $old_cid = addslashes(strip_tags($old_cid));
if (empty($category) || empty($description)) {
***************
*** 298,306 ****
}
- // Check cid to make sure not illegal
- if (($cid == $_LI_CONF['root']) || ($cid == 'user')) {
- return 11;
- }
-
// Check that they didn't delete the cid. If so, get the hidden one
if (empty($cid) && !empty($old_cid)) {
--- 308,311 ----
***************
*** 403,410 ****
*/
! function links_delete_category ($cid)
{
global $_TABLES, $LANG_LINKS_ADMIN;
if (DB_count ($_TABLES['linkcategories'], 'cid', $cid) > 0) {
// item exists so check access rights
--- 408,416 ----
*/
! function links_delete_category($cid)
{
global $_TABLES, $LANG_LINKS_ADMIN;
+ $cid = addslashes($cid);
if (DB_count ($_TABLES['linkcategories'], 'cid', $cid) > 0) {
// item exists so check access rights
***************
*** 451,458 ****
// delete category
if ((($mode == $LANG_ADMIN['delete']) && !empty ($LANG_ADMIN['delete'])) || ($mode=="delete")) {
! $cid = COM_applyFilter($_REQUEST['cid']);
! if (!isset($cid) || empty($cid)) {
! COM_errorLog('Attempted to delete category cid=' . $cid );
! $display .= COM_refresh($_CONF['site_admin_url'] . '/plugins/links/category.php');
} else {
$msg = links_delete_category($cid);
--- 457,468 ----
// delete category
if ((($mode == $LANG_ADMIN['delete']) && !empty ($LANG_ADMIN['delete'])) || ($mode=="delete")) {
! $cid = '';
! if (isset($_REQUEST['cid'])) {
! $cid = strip_tags($_REQUEST['cid']);
! }
! if (empty($cid)) {
! COM_errorLog('Attempted to delete empty category');
! $display .= COM_refresh($_CONF['site_admin_url']
! . '/plugins/links/category.php');
} else {
$msg = links_delete_category($cid);
***************
*** 466,477 ****
// save category
} else if (($mode == $LANG_ADMIN['save']) && !empty ($LANG_ADMIN['save'])) {
! $msg = links_save_category (COM_applyFilter ($_POST['cid']),
! COM_applyFilter ($_POST['old_cid']),
! COM_applyFilter ($_POST['pid']), $_POST['category'],
! $_POST['description'], COM_applyFilter ($_POST['tid']),
! COM_applyFilter ($_POST['owner_id'], true),
! COM_applyFilter ($_POST['group_id'], true),
! $_POST['perm_owner'], $_POST['perm_group'],
! $_POST['perm_members'], $_POST['perm_anon']);
$display .= COM_siteHeader ('menu', $LANG_LINKS_ADMIN[11]);
--- 476,486 ----
// save category
} else if (($mode == $LANG_ADMIN['save']) && !empty ($LANG_ADMIN['save'])) {
! $msg = links_save_category($_POST['cid'], $_POST['old_cid'],
! $_POST['pid'], $_POST['category'],
! $_POST['description'], COM_applyFilter($_POST['tid']),
! COM_applyFilter($_POST['owner_id'], true),
! COM_applyFilter($_POST['group_id'], true),
! $_POST['perm_owner'], $_POST['perm_group'],
! $_POST['perm_members'], $_POST['perm_anon']);
$display .= COM_siteHeader ('menu', $LANG_LINKS_ADMIN[11]);
***************
*** 482,495 ****
// edit category
} else if ($mode == 'edit') {
! $display .= COM_siteHeader ('menu', $LANG_LINKS_ADMIN[56]);
$pid = '';
if (isset($_GET['pid'])) {
! $pid = COM_applyFilter($_GET['pid']);
}
$cid = '';
if (isset($_GET['cid'])) {
! $cid = COM_applyFilter($_GET['cid']);
}
! $display .= links_edit_category($cid,$pid);
$display .= COM_siteFooter();
--- 491,504 ----
// edit category
} else if ($mode == 'edit') {
! $display .= COM_siteHeader('menu', $LANG_LINKS_ADMIN[56]);
$pid = '';
if (isset($_GET['pid'])) {
! $pid = strip_tags(COM_stripslashes($_GET['pid']));
}
$cid = '';
if (isset($_GET['cid'])) {
! $cid = strip_tags(COM_stripslashes($_GET['cid']));
}
! $display .= links_edit_category($cid, $pid);
$display .= COM_siteFooter();
More information about the geeklog-cvs
mailing list