makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Updates for the \' issue but fix for bug #496110 in admin_forums (changed names to utilise constants)

Browse source 
git-svn-id: file:///svn/phpbb/trunk@1681 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2001-12-24 13:05:00 +00:00
parent 7f8ba1c339
commit 631fb71118
3 changed files with 35 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/admin/admin_board.php
View file

@ -46,7 +46,7 @@ else
if( isset($HTTP_POST_VARS['submit']) ) if( isset($HTTP_POST_VARS['submit']) )
{ {
$sql = "UPDATE " . CONFIG_TABLE . " SET $sql = "UPDATE " . CONFIG_TABLE . " SET
config_value = '" . $new[$config_name] . "' config_value = '" . str_replace("\'", "''", $new[$config_name]) . "'
WHERE config_name = '$config_name'"; WHERE config_name = '$config_name'";
if( !$db->sql_query($sql) ) if( !$db->sql_query($sql) )
{ {

2
phpBB/admin/admin_disallow.php
View file

@ -46,7 +46,7 @@ if( isset($HTTP_POST_VARS['add_name']) )
else else
{ {
$sql = "INSERT INTO " . DISALLOW_TABLE . " (disallow_username) $sql = "INSERT INTO " . DISALLOW_TABLE . " (disallow_username)
VALUES('" . $disallowed_user . "')"; VALUES('" . str_replace("\'", "''", $disallowed_user) . "')";
$result = $db->sql_query( $sql ); $result = $db->sql_query( $sql );
if ( !$result ) if ( !$result )
{ {

66
phpBB/admin/admin_forums.php
View file

@ -253,7 +253,7 @@ if( !empty($mode) )
$newmode = 'modforum'; $newmode = 'modforum';
$buttonvalue = $lang['Update']; $buttonvalue = $lang['Update'];
$forum_id = intval($HTTP_GET_VARS['forum_id']); $forum_id = intval($HTTP_GET_VARS[POST_FORUM_URL]);
$row = get_info('forum', $forum_id); $row = get_info('forum', $forum_id);
@ -305,7 +305,7 @@ if( !empty($mode) )
"body" => "admin/forum_edit_body.tpl") "body" => "admin/forum_edit_body.tpl")
); );
$s_hidden_fields = '<input type="hidden" name="mode" value="' . $newmode .'" /><input type="hidden" name="forum_id" value="' . $forum_id . '" />'; $s_hidden_fields = '<input type="hidden" name="mode" value="' . $newmode .'" /><input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" />';
$template->assign_vars(array( $template->assign_vars(array(
'S_FORUM_ACTION' => append_sid("admin_forums.$phpEx"), 'S_FORUM_ACTION' => append_sid("admin_forums.$phpEx"),
@ -347,7 +347,7 @@ if( !empty($mode) )
$sql = "SELECT MAX(forum_order) AS max_order $sql = "SELECT MAX(forum_order) AS max_order
FROM " . FORUMS_TABLE . " FROM " . FORUMS_TABLE . "
WHERE cat_id = " . intval($HTTP_POST_VARS['cat_id']); WHERE cat_id = " . intval($HTTP_POST_VARS[POST_CAT_URL]);
if( !$result = $db->sql_query($sql) ) if( !$result = $db->sql_query($sql) )
{ {
message_die(GENERAL_ERROR, "Couldn't get order number from forums table", "", __LINE__, __FILE__, $sql); message_die(GENERAL_ERROR, "Couldn't get order number from forums table", "", __LINE__, __FILE__, $sql);
@ -382,7 +382,7 @@ if( !empty($mode) )
// There is no problem having duplicate forum names so we won't check for it. // There is no problem having duplicate forum names so we won't check for it.
$sql = "INSERT INTO " . FORUMS_TABLE . " (forum_id, forum_name, cat_id, forum_desc, forum_order, forum_status, prune_enable" . $field_sql . ") $sql = "INSERT INTO " . FORUMS_TABLE . " (forum_id, forum_name, cat_id, forum_desc, forum_order, forum_status, prune_enable" . $field_sql . ")
VALUES ('" . $next_id . "', '" . $HTTP_POST_VARS['forumname'] . "', " . intval($HTTP_POST_VARS['cat_id']) . ", '" . $HTTP_POST_VARS['forumdesc'] . "', $next_order, " . intval($HTTP_POST_VARS['forumstatus']) . ", " . intval($HTTP_POST_VARS['prune_enable']) . $value_sql . ")"; VALUES ('" . $next_id . "', '" . str_replace("\'", "''", $HTTP_POST_VARS['forumname']) . "', " . intval($HTTP_POST_VARS[POST_CAT_URL]) . ", '" . str_replace("\'", "''", $HTTP_POST_VARS['forumdesc']) . "', $next_order, " . intval($HTTP_POST_VARS['forumstatus']) . ", " . intval($HTTP_POST_VARS['prune_enable']) . $value_sql . ")";
if( !$result = $db->sql_query($sql) ) if( !$result = $db->sql_query($sql) )
{ {
message_die(GENERAL_ERROR, "Couldn't insert row in forums table", "", __LINE__, __FILE__, $sql); message_die(GENERAL_ERROR, "Couldn't insert row in forums table", "", __LINE__, __FILE__, $sql);
@ -392,7 +392,7 @@ if( !empty($mode) )
{ {
$new_forum_id = $db->sql_nextid(); $new_forum_id = $db->sql_nextid();
if($HTTP_POST_VARS['prune_days'] == "" || $HTTP_POST_VARS['prune_freq'] == "") if( $HTTP_POST_VARS['prune_days'] == "" || $HTTP_POST_VARS['prune_freq'] == "")
{ {
message_die(GENERAL_MESSAGE, $lang['Set_prune_data']); message_die(GENERAL_MESSAGE, $lang['Set_prune_data']);
} }
@ -422,23 +422,23 @@ if( !empty($mode) )
} }
$sql = "UPDATE " . FORUMS_TABLE . " $sql = "UPDATE " . FORUMS_TABLE . "
SET forum_name = '" . $HTTP_POST_VARS['forumname'] . "', cat_id = " . intval($HTTP_POST_VARS['cat_id']) . ", forum_desc = '" . $HTTP_POST_VARS['forumdesc'] . "', forum_status = " . intval($HTTP_POST_VARS['forumstatus']) . ", prune_enable = " . intval($HTTP_POST_VARS['prune_enable']) . " SET forum_name = '" . str_replace("\'", "''", $HTTP_POST_VARS['forumname']) . "', cat_id = " . intval($HTTP_POST_VARS[POST_CAT_URL]) . ", forum_desc = '" . str_replace("\'", "''", $HTTP_POST_VARS['forumdesc']) . "', forum_status = " . intval($HTTP_POST_VARS['forumstatus']) . ", prune_enable = " . intval($HTTP_POST_VARS['prune_enable']) . "
WHERE forum_id = " . intval($HTTP_POST_VARS['forum_id']); WHERE forum_id = " . intval($HTTP_POST_VARS[POST_FORUM_URL]);
if( !$result = $db->sql_query($sql) ) if( !$result = $db->sql_query($sql) )
{ {
message_die(GENERAL_ERROR, "Couldn't update forum information", "", __LINE__, __FILE__, $sql); message_die(GENERAL_ERROR, "Couldn't update forum information", "", __LINE__, __FILE__, $sql);
} }
if($HTTP_POST_VARS['prune_enable'] == 1) if( $HTTP_POST_VARS['prune_enable'] == 1 )
{ {
if($HTTP_POST_VARS['prune_days'] == "" || $HTTP_POST_VARS['prune_freq'] == "") if( $HTTP_POST_VARS['prune_days'] == "" || $HTTP_POST_VARS['prune_freq'] == "" )
{ {
message_die(GENERAL_MESSAGE, $lang['Set_prune_data']); message_die(GENERAL_MESSAGE, $lang['Set_prune_data']);
} }
$sql = "SELECT * $sql = "SELECT *
FROM " . PRUNE_TABLE . " FROM " . PRUNE_TABLE . "
WHERE forum_id = " . intval($HTTP_POST_VARS['forum_id']); WHERE forum_id = " . intval($HTTP_POST_VARS[POST_FORUM_URL]);
if( !$result = $db->sql_query($sql) ) if( !$result = $db->sql_query($sql) )
{ {
message_die(GENERAL_ERROR, "Couldn't get forum Prune Information","",__LINE__, __FILE__, $sql); message_die(GENERAL_ERROR, "Couldn't get forum Prune Information","",__LINE__, __FILE__, $sql);
@ -448,12 +448,12 @@ if( !empty($mode) )
{ {
$sql = "UPDATE " . PRUNE_TABLE . " $sql = "UPDATE " . PRUNE_TABLE . "
SET prune_days = " . intval($HTTP_POST_VARS['prune_days']) . ", prune_freq = " . intval($HTTP_POST_VARS['prune_freq']) . " SET prune_days = " . intval($HTTP_POST_VARS['prune_days']) . ", prune_freq = " . intval($HTTP_POST_VARS['prune_freq']) . "
WHERE forum_id = " . intval($HTTP_POST_VARS['forum_id']); WHERE forum_id = " . intval($HTTP_POST_VARS[POST_FORUM_URL]);
} }
else else
{ {
$sql = "INSERT INTO " . PRUNE_TABLE . " (forum_id, prune_days, prune_freq) $sql = "INSERT INTO " . PRUNE_TABLE . " (forum_id, prune_days, prune_freq)
VALUES(" . intval($HTTP_POST_VARS['forum_id']) . ", " . intval($HTTP_POST_VARS['prune_days']) . ", " . intval($HTTP_POST_VARS['prune_freq']) . ")"; VALUES(" . intval($HTTP_POST_VARS[POST_FORUM_URL]) . ", " . intval($HTTP_POST_VARS['prune_days']) . ", " . intval($HTTP_POST_VARS['prune_freq']) . ")";
} }
if( !$result = $db->sql_query($sql) ) if( !$result = $db->sql_query($sql) )
@ -509,7 +509,7 @@ if( !empty($mode) )
$newmode = 'modcat'; $newmode = 'modcat';
$buttonvalue = $lang['Update']; $buttonvalue = $lang['Update'];
$cat_id = intval($HTTP_GET_VARS['cat_id']); $cat_id = intval($HTTP_GET_VARS[POST_CAT_URL]);
$row = get_info('category', $cat_id); $row = get_info('category', $cat_id);
$cat_title = $row['cat_title']; $cat_title = $row['cat_title'];
@ -518,7 +518,7 @@ if( !empty($mode) )
"body" => "admin/category_edit_body.tpl") "body" => "admin/category_edit_body.tpl")
); );
$s_hidden_fields = '<input type="hidden" name="mode" value="' . $newmode . '" /><input type="hidden" name="cat_id" value="' . $cat_id . '" />'; $s_hidden_fields = '<input type="hidden" name="mode" value="' . $newmode . '" /><input type="hidden" name="' . POST_CAT_URL . '" value="' . $cat_id . '" />';
$template->assign_vars(array( $template->assign_vars(array(
'CAT_TITLE' => $cat_title, 'CAT_TITLE' => $cat_title,
@ -538,8 +538,8 @@ if( !empty($mode) )
case 'modcat': case 'modcat':
// Modify a category in the DB // Modify a category in the DB
$sql = "UPDATE " . CATEGORIES_TABLE . " $sql = "UPDATE " . CATEGORIES_TABLE . "
SET cat_title = '" . $HTTP_POST_VARS['cat_title'] . "' SET cat_title = '" . str_replace("\'", "''", $HTTP_POST_VARS['cat_title']) . "'
WHERE cat_id = " . intval($HTTP_POST_VARS['cat_id']); WHERE cat_id = " . intval($HTTP_POST_VARS[POST_CAT_URL]);
if( !$result = $db->sql_query($sql) ) if( !$result = $db->sql_query($sql) )
{ {
message_die(GENERAL_ERROR, "Couldn't update forum information", "", __LINE__, __FILE__, $sql); message_die(GENERAL_ERROR, "Couldn't update forum information", "", __LINE__, __FILE__, $sql);
@ -553,7 +553,7 @@ if( !empty($mode) )
case 'deleteforum': case 'deleteforum':
// Show form to delete a forum // Show form to delete a forum
$forum_id = intval($HTTP_GET_VARS['forum_id']); $forum_id = intval($HTTP_GET_VARS[POST_FORUM_URL]);
$select_to = '<select name="to_id">'; $select_to = '<select name="to_id">';
$select_to .= "<option value=\"-1\"$s>" . $lang['Delete_all_posts'] . "</option>\n"; $select_to .= "<option value=\"-1\"$s>" . $lang['Delete_all_posts'] . "</option>\n";
@ -651,7 +651,7 @@ if( !empty($mode) )
// //
// Show form to delete a category // Show form to delete a category
// //
$cat_id = intval($HTTP_GET_VARS['cat_id']); $cat_id = intval($HTTP_GET_VARS[POST_CAT_URL]);
$buttonvalue = $lang['Move_and_Delete']; $buttonvalue = $lang['Move_and_Delete'];
$newmode = 'movedelcat'; $newmode = 'movedelcat';
@ -757,7 +757,7 @@ if( !empty($mode) )
// Change order of forums in the DB // Change order of forums in the DB
// //
$move = intval($HTTP_GET_VARS['move']); $move = intval($HTTP_GET_VARS['move']);
$forum_id = intval($HTTP_GET_VARS['forum_id']); $forum_id = intval($HTTP_GET_VARS[POST_FORUM_URL]);
$forum_info = get_info('forum', $forum_id); $forum_info = get_info('forum', $forum_id);
@ -781,7 +781,7 @@ if( !empty($mode) )
// Change order of categories in the DB // Change order of categories in the DB
// //
$move = intval($HTTP_GET_VARS['move']); $move = intval($HTTP_GET_VARS['move']);
$cat_id = intval($HTTP_GET_VARS['cat_id']); $cat_id = intval($HTTP_GET_VARS[POST_CAT_URL]);
$sql = "UPDATE " . CATEGORIES_TABLE . " $sql = "UPDATE " . CATEGORIES_TABLE . "
SET cat_order = cat_order + $move SET cat_order = cat_order + $move
@ -797,7 +797,7 @@ if( !empty($mode) )
break; break;
case 'forum_sync': case 'forum_sync':
sync('forum', intval($HTTP_GET_VARS['forum_id'])); sync('forum', intval($HTTP_GET_VARS[POST_FORUM_URL]));
$show_index = TRUE; $show_index = TRUE;
break; break;
@ -875,11 +875,11 @@ if( $total_categories = $db->sql_numrows($q_categories) )
'CAT_ID' => $cat_id, 'CAT_ID' => $cat_id,
'CAT_DESC' => $category_rows[$i]['cat_title'], 'CAT_DESC' => $category_rows[$i]['cat_title'],
'U_CAT_EDIT' => append_sid("admin_forums.$phpEx?mode=editcat&amp;cat_id=$cat_id"), 'U_CAT_EDIT' => append_sid("admin_forums.$phpEx?mode=editcat&amp;" . POST_CAT_URL . "=$cat_id"),
'U_CAT_DELETE' => append_sid("admin_forums.$phpEx?mode=deletecat&cat_id=$cat_id"), 'U_CAT_DELETE' => append_sid("admin_forums.$phpEx?mode=deletecat&amp;" . POST_CAT_URL . "=$cat_id"),
'U_CAT_MOVE_UP' => append_sid("admin_forums.$phpEx?mode=cat_order&move=-15&cat_id=$cat_id"), 'U_CAT_MOVE_UP' => append_sid("admin_forums.$phpEx?mode=cat_order&amp;move=-15&amp;" . POST_CAT_URL . "=$cat_id"),
'U_CAT_MOVE_DOWN' => append_sid("admin_forums.$phpEx?mode=cat_order&move=15&cat_id=$cat_id"), 'U_CAT_MOVE_DOWN' => append_sid("admin_forums.$phpEx?mode=cat_order&amp;move=15&amp;" . POST_CAT_URL . "=$cat_id"),
'U_VIEWCAT' => append_sid($phpbb_root_path."index.$phpEx?viewcat=$cat_id")) 'U_VIEWCAT' => append_sid($phpbb_root_path."index.$phpEx?" . POST_CAT_URL . "=$cat_id"))
); );
for($j = 0; $j < $total_forums; $j++) for($j = 0; $j < $total_forums; $j++)
@ -896,12 +896,12 @@ if( $total_categories = $db->sql_numrows($q_categories) )
'NUM_TOPICS' => $forum_rows[$j]['forum_topics'], 'NUM_TOPICS' => $forum_rows[$j]['forum_topics'],
'NUM_POSTS' => $forum_rows[$j]['forum_posts'], 'NUM_POSTS' => $forum_rows[$j]['forum_posts'],
'U_VIEWFORUM' => append_sid($phpbb_root_path."viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id&amp;" . $forum_rows[$j]['forum_posts']), 'U_VIEWFORUM' => append_sid($phpbb_root_path."viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id"),
'U_FORUM_EDIT' => append_sid("admin_forums.$phpEx?mode=editforum&amp;forum_id=$forum_id"), 'U_FORUM_EDIT' => append_sid("admin_forums.$phpEx?mode=editforum&amp;" . POST_FORUM_URL . "=$forum_id"),
'U_FORUM_DELETE' => append_sid("admin_forums.$phpEx?mode=deleteforum&amp;forum_id=$forum_id"), 'U_FORUM_DELETE' => append_sid("admin_forums.$phpEx?mode=deleteforum&amp;" . POST_FORUM_URL . "=$forum_id"),
'U_FORUM_MOVE_UP' => append_sid("admin_forums.$phpEx?mode=forum_order&amp;move=-15&forum_id=$forum_id"), 'U_FORUM_MOVE_UP' => append_sid("admin_forums.$phpEx?mode=forum_order&amp;move=-15&amp;" . POST_FORUM_URL . "=$forum_id"),
'U_FORUM_MOVE_DOWN' => append_sid("admin_forums.$phpEx?mode=forum_order&amp;move=15&forum_id=$forum_id"), 'U_FORUM_MOVE_DOWN' => append_sid("admin_forums.$phpEx?mode=forum_order&amp;move=15&amp;" . POST_FORUM_URL . "=$forum_id"),
'U_FORUM_RESYNC' => append_sid("admin_forums.$phpEx?mode=forum_sync&amp;forum_id=$forum_id")) 'U_FORUM_RESYNC' => append_sid("admin_forums.$phpEx?mode=forum_sync&amp;" . POST_FORUM_URL . "=$forum_id"))
); );
}// if ... forumid == catid }// if ... forumid == catid
@ -916,4 +916,4 @@ $template->pparse("body");
include('page_footer_admin.'.$phpEx); include('page_footer_admin.'.$phpEx);
?> ?>