Changeset 118
- Timestamp:
- 04/11/06 21:32:56 (3 years ago)
- Location:
- trunk
- Files:
-
- 4 modified
-
admin/index.php (modified) (22 diffs)
-
common/functions_blog.php (modified) (3 diffs)
-
common/livesearch.php (modified) (2 diffs)
-
common/tb.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/admin/index.php
r115 r118 381 381 function show_cats() { 382 382 global $db; 383 $res =& $db->query("SELECT * FROM categories ");383 $res =& $db->query("SELECT * FROM categories ORDER BY name"); 384 384 if (PEAR::isError($res)) { 385 385 die($res->getMessage()); … … 529 529 <div class="log_head"> 530 530 <span class="log_subject"> 531 <a href="?action=edit_acro&id=<?=$row["id"]?>"><?= $row["acronym"]?></a> 531 <a href="?action=edit_acro&id=<?=$row["id"]?>"><?=stripslashes($row["acronym"])?></a> 532 532 </span> 533 533 </div> 534 534 <div class="log_body"> 535 535 <span class="log_contents"> 536 <?= $row["description"]?>536 <?=stripslashes($row["description"])?> 537 537 </span> 538 538 </div> … … 554 554 $cat["description"] = "Category description"; 555 555 } else { 556 $res =& $db->query( "SELECT * FROM acronyms WHERE id=$id");556 $res =& $db->query(sprintf("SELECT * FROM acronyms WHERE id = %d", $id)); 557 557 if (PEAR::isError($res)) { 558 558 die($res->getMessage()); … … 567 567 <div class="log_head"> 568 568 <span class="log_subject"> 569 <input type="text" name="acro[acronym]" value="<?= $acro["acronym"]?>" /> 569 <input type="text" name="acro[acronym]" value="<?=stripslashes($acro["acronym"])?>" /> 570 570 </span> 571 571 </div> 572 572 <div class="log_body"> 573 573 <span class="log_contents"> 574 <input type="text" name="acro[description]" value="<?= $acro["description"]?>" style="width: 500px;" />574 <input type="text" name="acro[description]" value="<?=stripslashes($acro["description"])?>" style="width: 500px;" /> 575 575 </span> 576 576 <input type="submit" value="save" /> … … 594 594 global $db; 595 595 if ($acro["id"]) { 596 $query = "UPDATE acronyms SET "; 597 $query .= "acronym='".$acro["acronym"]."'"; 598 $query .= ", description='".$acro["description"]."'"; 599 $query .= " WHERE id=".$acro["id"]; 600 } else { 601 $query = "INSERT INTO acronyms (acronym, description) VALUES ("; 602 $query .= "'".$acro["acronym"]."'"; 603 $query .= ", '".$acro["description"]."'"; 604 $query .= ")"; 596 $query = sprintf("UPDATE acronyms SET acronym = '%s', description = '%s' WHERE id = %d", 597 preg_quote(strip_tags($acro["acronym"]), "'"), 598 preg_quote(_strip_tags($acro["description"]), "'"), 599 $acro["id"] 600 ); 601 } else { 602 $query = sprintf("INSERT INTO acronyms (acronym, description) VALUES ('%s', '%s')", 603 preg_quote(strip_tags($acro["acronym"]), "'"), 604 preg_quote(_strip_tags($acro["description"]), "'") 605 ); 605 606 } 606 607 $res =& $db->query($query); … … 616 617 function delete_acro($id) { 617 618 global $db; 618 $query = "DELETE FROM acronyms WHERE id=$id";619 $query = sprintf("DELETE FROM acronyms WHERE id = %d", $id); 619 620 $res =& $db->query($query); 620 621 if (PEAR::isError($res)) { … … 642 643 643 644 <a href="?action=edit_author&id=<?=$row["id"]?>"> 644 <?= $row["fullname"]?>645 <?=stripslashes($row["fullname"])?> 645 646 <? if ($row["active"]) { ?> 646 647 (active) … … 650 651 </a> 651 652 <span class="log_cat"> 652 loginname: <?= $row["login"]?>653 loginname: <?=stripslashes($row["login"])?> 653 654 </span> 654 655 </span> … … 674 675 $author["active"] = 1; 675 676 } else { 676 $res =& $db->query( "SELECT * FROM authors WHERE id=$authorid");677 $res =& $db->query(sprintf("SELECT * FROM authors WHERE id = %d", $authorid)); 677 678 if (PEAR::isError($res)) { 678 679 die($res->getMessage()); … … 692 693 <span class="log_subject"> 693 694 <? if ($authorid) { ?> 694 <?= $author["login"]?> 695 <?=stripslashes($author["login"])?> 695 696 <? } else { ?> 696 login: <input type="text" name="author[login]" value="<?= $author["login"]?>" />697 login: <input type="text" name="author[login]" value="<?=stripslashes($author["login"])?>" /> 697 698 <? } ?> 698 699 </span> … … 708 709 </tr><tr> 709 710 <td align="right">email:</td> 710 <td><input type="text" name="author[email]" value="<?= $author["email"]?>" /></td>711 <td><input type="text" name="author[email]" value="<?=stripslashes($author["email"])?>" /></td> 711 712 </tr><tr> 712 713 <td align="right">website:</td> 713 <td><input type="text" name="author[website]" value="<?= $author["website"]?>" /></td>714 <td><input type="text" name="author[website]" value="<?=stripslashes($author["website"])?>" /></td> 714 715 </tr><tr> 715 716 <td align="right">full name: </td> 716 <td><input type="text" name="author[fullname]" value="<?= $author["fullname"]?>" /></td>717 <td><input type="text" name="author[fullname]" value="<?=stripslashes($author["fullname"])?>" /></td> 717 718 </tr></table> 718 719 </span> … … 753 754 if (!$error) { 754 755 if ($author["id"]) { 755 $query = "UPDATE authors SET "; 756 $query .= "\"fullname\"='".$author["fullname"]."'"; 757 $query .= ", \"email\"='".$author["email"]."'"; 758 $query .= ", \"website\"='".$author["website"]."'"; 759 $query .= ", active = ".(int)$author["active"]; 756 $query = sprintf("UPDATE authors SET fullname = '%s', email = '%s', website = '%s', active = %d", 757 preg_quote(strip_tags($author["fullname"]), "'"), 758 preg_quote(strip_tags($author["email"]), "'"), 759 preg_quote(strip_tags($author["website"]), "'"), 760 $author["active"] 761 ); 760 762 if (trim($author["password"])) { 761 $query .= ", password='".trim($author["password"])."'";763 $query .= sprintf(", password = '%s'", trim(preg_quote(strip_tags($author["password"]), "'"))); 762 764 } 763 $query .= " WHERE id=".$author["id"];765 $query .= sprintf(" WHERE id = %d", $author["id"]); 764 766 } else { 765 if (trim($author["password"])) { 766 $query = "INSERT INTO authors (\"password\", \"fullname\", \"email\", \"website\", \"login\", active) VALUES ('".trim($author["password"])."', "; 767 } else { 768 $query = "INSERT INTO authors (\"fullname\", \"email\", \"website\", \"login\", active) VALUES ("; 769 } 770 $query .= "'".$author["fullname"]."'"; 771 $query .= ", '".$author["email"]."'"; 772 $query .= ", '".$author["website"]."'"; 773 $query .= ", '".$author["login"]."'"; 774 $query .= ", ".(int)$author["active"]; 775 $query .= ")"; 767 $query = sprintf("INSERT INTO authors (password, fullname, email, website, login, active) VALUES ('%s', '%s', '%s', '%s', '%s', %d)", 768 preg_quote(strip_tags(trim($author["password"])), "'"), 769 preg_quote(strip_tags($author["fullname"]), "'"), 770 preg_quote(strip_tags($author["email"]), "'"), 771 preg_quote(strip_tags($author["website"]), "'"), 772 preg_quote(strip_tags($author["login"]), "'"), 773 $author["active"] 774 ); 776 775 } 777 776 $res =& $db->query($query); … … 810 809 <table border="0" cellspacing="0" cellpadding="0"><tr> 811 810 <td style="vertical-align: top;">blog title</td> 812 <td><input type="text" style="width: 200px;" name="settings[blogtitle]" value="<?= $settings["blogtitle"]?>" /></td>811 <td><input type="text" style="width: 200px;" name="settings[blogtitle]" value="<?=stripslashes($settings["blogtitle"])?>" /></td> 813 812 </tr><tr> 814 813 <td style="vertical-align: top;">blog/meta description:</td> 815 <td><textarea name="settings[blogdescription]" style="width: 200px; height: 100px;"><?= $settings["blogdescription"]?></textarea></td>814 <td><textarea name="settings[blogdescription]" style="width: 200px; height: 100px;"><?=stripslashes($settings["blogdescription"])?></textarea></td> 816 815 </tr><tr> 817 816 <td style="vertical-align: top;">meta keywords</td> 818 817 <td> 819 <textarea name="settings[blogkeywords]" style="width: 200px; height: 100px;"><?= $settings["blogkeywords"]?></textarea>818 <textarea name="settings[blogkeywords]" style="width: 200px; height: 100px;"><?=stripslashes($settings["blogkeywords"])?></textarea> 820 819 </td> 821 820 </tr><tr> … … 860 859 /* construct queries to sync database with userinput */ 861 860 foreach ($settings as $key=>$val) { 862 if (array_key_exists( $key, $settings_db)) {861 if (array_key_exists(preg_quote(_strip_tags($key), "'"), $settings_db)) { 863 862 //setting was there, we need to UPDATE it 864 $queries[] = sprintf("UPDATE settings SET settingvalue ='%s' WHERE settingname='%s'", $val, $key);863 $queries[] = sprintf("UPDATE settings SET settingvalue = '%s' WHERE settingname = '%s'", preg_quote(_strip_tags($val), "'"), preg_quote(strip_tags($key), "'")); 865 864 } else { 866 865 //setting was not there, we need to INSERT it 867 $queries[] = sprintf("INSERT INTO settings (settingname, settingvalue) VALUES ('%s','%s')", $key, $val);866 $queries[] = sprintf("INSERT INTO settings (settingname, settingvalue) VALUES ('%s','%s')", preg_quote(strip_tags($key), "'"), preg_quote(_strip_tags($val), "'")); 868 867 } 869 868 } … … 907 906 <table border="0" cellspacing="1" cellpadding="0"><tr> 908 907 <td>name</td> 909 <td><input style="width: 300px;" type="text" name="link[<?=$row["id"]?>][linktitle]" value="<?= $row["linktitle"]?>" /></td>908 <td><input style="width: 300px;" type="text" name="link[<?=$row["id"]?>][linktitle]" value="<?=stripslashes($row["linktitle"])?>" /></td> 910 909 </tr><tr> 911 910 <td>link</td> 912 <td><input style="width: 300px;" type="text" name="link[<?=$row["id"]?>][url]" value="<?= $row["url"]?>" /></td>911 <td><input style="width: 300px;" type="text" name="link[<?=$row["id"]?>][url]" value="<?=stripslashes($row["url"])?>" /></td> 913 912 </tr><tr> 914 913 <td>image</td> 915 <td><input style="width: 300px;" type="text" name="link[<?=$row["id"]?>][image]" value="<?= $row["image"]?>" /></td>914 <td><input style="width: 300px;" type="text" name="link[<?=$row["id"]?>][image]" value="<?=stripslashes($row["image"])?>" /></td> 916 915 </tr><tr> 917 916 <td>pos</td> 918 917 <td> 919 <input style="width: 30px;" type="text" name="link[<?=$row["id"]?>][sortorder]" value="<?= $row["sortorder"]?>" />918 <input style="width: 30px;" type="text" name="link[<?=$row["id"]?>][sortorder]" value="<?=(int)$row["sortorder"]?>" /> 920 919 <input type="button" name="del" value="del" onclick="document.getElementById('state_<?=$row["id"]?>').value='delete'; document.getElementById('settingsform').submit();"> 921 920 </td> … … 963 962 if (strlen(trim($v["linktitle"])) && strlen(trim($v["url"]))) { 964 963 $sql = "INSERT INTO menulinks (url, linktitle, image, sortorder) VALUES "; 965 $sql .= sprintf("('%s', '%s', '%s', %d)", $v["url"], $v["linktitle"], $v["image"], $v["sortorder"]); 964 $sql .= sprintf("('%s', '%s', '%s', %d)", 965 preg_quote(strip_tags($v["url"]), "'"), 966 preg_quote(strip_tags($v["linktitle"]), "'"), 967 preg_quote(strip_tags($v["image"]), "'"), 968 $v["sortorder"] 969 ); 966 970 $res = $db->query($sql); 967 971 } … … 969 973 /* from db. this can be either be marked as delete or save */ 970 974 if ($v["state"] == "delete") { 971 $sql = sprintf("DELETE FROM menulinks WHERE id =%d", $k);975 $sql = sprintf("DELETE FROM menulinks WHERE id = %d", $k); 972 976 $res = $db->query($sql); 973 977 } elseif ($v["state"] == "save") { 974 978 $sql = "UPDATE menulinks SET "; 975 $sql .= sprintf("url ='%s'", $v["url"]);976 $sql .= sprintf(", linktitle ='%s'", $v["linktitle"]);977 $sql .= sprintf(", image ='%s'", $v["image"]);978 $sql .= sprintf(", sortorder =%d", $v["sortorder"]);979 $sql .= sprintf(" WHERE id =%d", $k);979 $sql .= sprintf("url = '%s'", preg_quote(strip_tags($v["url"]), "'")); 980 $sql .= sprintf(", linktitle = '%s'", preg_quote(strip_tags($v["linktitle"]), "'")); 981 $sql .= sprintf(", image = '%s'", preg_quote(strip_tags($v["image"]), "'")); 982 $sql .= sprintf(", sortorder = %d", $v["sortorder"]); 983 $sql .= sprintf(" WHERE id = %d", $k); 980 984 $res = $db->query($sql); 981 985 } … … 991 995 function show_comments($options) { 992 996 global $db; 993 if (!$options["top"]) { $options["top"] = 0; } else { $options["top"]= (int)$options["top"]; }997 if (!$options["top"]) { $options["top"] = 0; } else { $options["top"] = (int)$options["top"]; } 994 998 if (!$options["limit"]) { $options["limit"] = 15; } else { $options["limit"] = (int)$options["limit"]; } 995 999 /* create an array with the article titles */ … … 998 1002 $articles[0] = "no article"; 999 1003 while ($res->fetchInto($row, DB_FETCHMODE_ASSOC)) { 1000 $articles[$row["id"]] = $row["title"];1004 $articles[$row["id"]] = stripslashes($row["title"]); 1001 1005 } 1002 1006 /* loop through the comments */ … … 1004 1008 $res_count->fetchInto($counter_r, DB_FETCHMODE_NUM); 1005 1009 $counter = $counter_r[0]; 1006 $res =& $db->limitQuery("SELECT * FROM comments ORDER BY date DESC", (int)$options["top"], $options["limit"]);1010 $res =& $db->limitQuery("SELECT * FROM comments ORDER BY date DESC", $options["top"], $options["limit"]); 1007 1011 if (PEAR::isError($res)) { 1008 1012 die($res->getMessage()); … … 1016 1020 <?=$row["title"]?> (<?=$articles[$row["articles_id"]]?>) 1017 1021 <span class="log_cat"><br /> 1018 name: <?= $row["name"]?> ip: <?=$row["ip"]?><br />1019 website: <?= $row["website"]?> email: <?=$row["email"]?>1022 name: <?=stripslashes(htmlspecialchars($row["name"]))?> ip: <?=$row["ip"]?><br /> 1023 website: <?=stripslashes(htmlspecialchars($row["website"]))?> email: <?=stripslashes(htmlspecialchars($row["email"]))?> 1020 1024 </span> 1021 1025 </span> 1022 1026 </div> 1023 1027 <div class="log_contents<?=($row["deleted"]?" log_deleted":"")?>"> 1024 <?= $row["comment"]?>1028 <?=stripslashes(htmlspecialchars($row["comment"]))?> 1025 1029 </div> 1026 1030 <div class="log_foot"> … … 1093 1097 echo "\t<link rel=\"icon\" href=\"favicon.ico\" type=\"image/x-icon\" />\n"; 1094 1098 echo "\t<link rel=\"shortcut icon\" href=\"favicon.ico\" type=\"image/x-icon\" />\n"; 1095 echo "\t<title>". $title." - MvBlog powered</title>\n";1099 echo "\t<title>".stripslashes($title)." - MvBlog powered</title>\n"; 1096 1100 echo "</head>\n"; 1097 1101 echo "<body>\n"; -
trunk/common/functions_blog.php
r116 r118 263 263 if ($res->numRows()) { 264 264 $res->fetchInto($r); 265 $pagedescription = nl2br( $r[0]);265 $pagedescription = nl2br(stripslashes($r[0])); 266 266 } else { 267 267 $pagedescription = ""; … … 294 294 while ($res->fetchInto($row, DB_FETCHMODE_ASSOC)) { 295 295 if($row["image"]) { 296 echo "\t<li class=\"link_list_item\"><a href=\"". htmlspecialchars($row["url"])."\"><img src=\"".$row["image"]."\" alt=\"".$row["linktitle"]."\" /></a></li>\n";296 echo "\t<li class=\"link_list_item\"><a href=\"".stripslashes(htmlspecialchars($row["url"]))."\"><img src=\"".stripslashes($row["image"])."\" alt=\"".stripslashes($row["linktitle"])."\" /></a></li>\n"; 297 297 } else { 298 echo "\t<li class=\"link_list_item\"><a href=\"". htmlspecialchars($row["url"])."\">".$row["linktitle"]."</a></li>\n";298 echo "\t<li class=\"link_list_item\"><a href=\"".stripslashes(htmlspecialchars($row["url"]))."\">".stripslashes($row["linktitle"])."</a></li>\n"; 299 299 } 300 300 } … … 443 443 $r =& $db->query("SELECT COUNT(*) FROM articles WHERE aside = 0 AND date <= $max_time AND categories_id=".$k); 444 444 $r->fetchInto($count); 445 ?><li class="category_list_item"><a href="index.php?action=archive_cat&c=<?=$k?>"><?=str_replace(" ", " ", $v)?></a> (<?=$count[0]?>)</li><?445 ?><li class="category_list_item"><a href="index.php?action=archive_cat&c=<?=$k?>"><?=str_replace(" ", " ", stripslashes($v))?></a> (<?=$count[0]?>)</li><? 446 446 } 447 447 } -
trunk/common/livesearch.php
r83 r118 24 24 $searchstring = urldecode($_REQUEST["s"]); 25 25 $query = "SELECT id,title FROM articles WHERE public=1 AND active=1 AND aside=0 AND"; 26 $query .= " (upper(title) LIKE '%".strtoupper($searchstring)."%' OR upper(head) LIKE '%".strtoupper($searchstring)."%' OR upper(body) LIKE '%".strtoupper($searchstring)."%')"; 26 $query .= sprintf(" (upper(title) LIKE '%%%s%%' OR upper(head) LIKE '%%%s%%' OR upper(body) LIKE '%%%s%%')", 27 preg_quote(strip_tags(strtoupper($searchstring)), "'"), 28 preg_quote(strip_tags(strtoupper($searchstring)), "'"), 29 preg_quote(strip_tags(strtoupper($searchstring)), "'") 30 ); 27 31 $query .= " ORDER BY date DESC"; 28 32 … … 38 42 $ret .= "\t<item>\n"; 39 43 $ret .= "\t\t<articleID>".$row[0]."</articleID>\n"; 40 $ret .= "\t\t<articleTitle>". $row[1]."</articleTitle>\n";44 $ret .= "\t\t<articleTitle>".stripslashes($row[1])."</articleTitle>\n"; 41 45 $ret .= "\t</item>\n"; 42 46 } -
trunk/common/tb.php
r83 r118 34 34 echo "</response>"; 35 35 } 36 exit(); 36 37 } 37 38 $tb_id = $_GET["id"]; 39 /* check to see if this article is here */ 40 $sql = sprintf("SELECT COUNT(*) AS count FROM articles WHERE active = 1 AND public = 1 AND id = %d", $tb_id); 41 $res =& $db->query($sql); 42 $res->fetchInto($row, DB_FETCHMODE_ASSOC); 43 if (!$row["count"]) { 44 tb_response(1, "Invalid post."); 45 } 38 46 $tb_url = $_POST["url"]; 39 47 $title = $_POST["title"]; … … 50 58 } 51 59 52 $sql = "INSERT INTO comments (name, website, email, comment, date, articles_id, title) VALUES (";53 $sql .= "'".$blog_name."'"; 54 $sql .= ", '".$tb_url."'"; 55 $sql .= ", ' '"; 56 $sql .= ", '<strong>".$title."</strong>\n\n".$excerpt."'"; 57 $sql .= ", ".mktime(); 58 $sql .= ", ".$tb_id; 59 $sql .= ", '".$title."'"; 60 $sql .= ")";60 $sql = sprintf("INSERT INTO comments (name, website, email, comment, date, articles_id, title) VALUES ('%s', '%s', '%s', '%s', %d, %d, '%s'", 61 preg_quote(strip_tags($blog_name), "'"), 62 preg_quote(strip_tags($tb_url), "'"), 63 " ", 64 "<strong>".preg_quote(strip_tags($title), "'")."</strong>\n\n".preg_quote(strip_tags($excerpt), "'"), 65 mktime(), 66 $tb_id, 67 preg_quote(strip_tags($title), "'") 68 ); 61 69 $res =& $db->query($sql); 62 70 if (PEAR::isError($res)) {
