- Removed includes/timer.inc: it has been integrated in common.inc.
- Fixed a bug in node.php: UnConeD forgot to update 1 node_get_object(). - I changed the look of theme_morelink() a bit: it might not look better, but at least the output is "correct". - Various small improvements.3-00
Dries Buytaert
parent
4f1cf00f9e
commit
532233a979
|
|
@ -76,6 +76,10 @@ function check_preview($text) {
|
|||
return check_output(check_input($text), 1);
|
||||
}
|
||||
|
||||
function check_query($text) {
|
||||
return addslashes(stripslashes($text));
|
||||
}
|
||||
|
||||
function check_input($text) {
|
||||
foreach (module_list() as $module) $text = module_invoke($module, "filter", $text);
|
||||
return addslashes(stripslashes(substr($text, 0, variable_get("max_input_size", 10000))));
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ $status = array(dumped => 0, expired => 1, queued => 2, posted => 3);
|
|||
$rstatus = array(0 => dumped, 1 => expired, 2 => queued, 3 => posted);
|
||||
|
||||
function _node_get($conditions) {
|
||||
foreach ($conditions as $key=>$value) $cond[] = "n.$key = '$value'";
|
||||
foreach ($conditions as $key=>$value) $cond[] = "n.". check_query($key) ." = '". check_query($value) ."'";
|
||||
$where = implode(" AND ", $cond);
|
||||
|
||||
if ($conditions[type]) {
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ function search_form($keys) {
|
|||
}
|
||||
|
||||
function search_data($keys, $type) {
|
||||
if ($keys && $type && $result = module_invoke($type, "search", check_input($keys))) {
|
||||
if ($keys && $type && $result = module_invoke($type, "search", check_query($keys))) {
|
||||
foreach ($result as $entry) {
|
||||
$output .= "<P>\n";
|
||||
$output .= " <B><U><A HREF=\"$entry[link]\">$entry[title]</A></U></B><BR>";
|
||||
|
|
|
|||
|
|
@ -18,32 +18,32 @@ function category_get_array($field, $value) {
|
|||
|
||||
// save a category:
|
||||
function category_save($edit) {
|
||||
if (!$edit[cid]) $edit[cid] = db_insert_id(db_query("INSERT INTO category (name) VALUES ('". check_input($edit[name])."')"));
|
||||
foreach ($edit as $key=>$value) db_query("UPDATE category SET $key = '". check_input($value) ."' WHERE cid = '$edit[cid]'");
|
||||
if (!$edit[cid]) $edit[cid] = db_insert_id(db_query("INSERT INTO category (name) VALUES ('". check_query($edit[name])."')"));
|
||||
foreach ($edit as $key=>$value) db_query("UPDATE category SET $key = '". check_query($value) ."' WHERE cid = '$edit[cid]'");
|
||||
}
|
||||
|
||||
|
||||
// delete category $cid:
|
||||
function category_del($cid) {
|
||||
db_query("DELETE FROM category WHERE cid = '". check_input($cid) ."'");
|
||||
db_query("UPDATE node SET cid = 0 WHERE cid = '". check_input($cid) ."'");
|
||||
db_query("DELETE FROM category WHERE cid = '". check_query($cid) ."'");
|
||||
db_query("UPDATE node SET cid = 0 WHERE cid = '". check_query($cid) ."'");
|
||||
}
|
||||
|
||||
// return post threshold:
|
||||
function category_post_threshold($cid) {
|
||||
$category = db_fetch_object(db_query("SELECT post AS threshold FROM category WHERE cid = '". check_input($cid) ."'"));
|
||||
$category = db_fetch_object(db_query("SELECT post AS threshold FROM category WHERE cid = '". check_query($cid) ."'"));
|
||||
return $category->threshold;
|
||||
}
|
||||
|
||||
// return dump threshold:
|
||||
function category_dump_threshold($cid) {
|
||||
$category = db_fetch_object(db_query("SELECT dump AS threshold FROM category WHERE cid = '". check_input($cid) ."'"));
|
||||
$category = db_fetch_object(db_query("SELECT dump AS threshold FROM category WHERE cid = '". check_query($cid) ."'"));
|
||||
return $category->threshold;
|
||||
}
|
||||
|
||||
// return expiration threshold:
|
||||
function category_expire_threshold($cid) {
|
||||
$category = db_fetch_object(db_query("SELECT expire AS threshold FROM category WHERE cid = '". check_input($cid) ."'"));
|
||||
$category = db_fetch_object(db_query("SELECT expire AS threshold FROM category WHERE cid = '". check_query($cid) ."'"));
|
||||
return $category->threshold;
|
||||
}
|
||||
|
||||
|
|
@ -97,8 +97,8 @@ function topic_get_array($field, $value) {
|
|||
|
||||
// save a topic:
|
||||
function topic_save($edit) {
|
||||
if (!$edit[tid]) $edit[tid] = db_insert_id(db_query("INSERT INTO topic (name) VALUES ('". check_input($edit[name])."')"));
|
||||
foreach ($edit as $key=>$value) db_query("UPDATE topic SET $key = '". check_input($value) ."' WHERE tid = '$edit[tid]'");
|
||||
if (!$edit[tid]) $edit[tid] = db_insert_id(db_query("INSERT INTO topic (name) VALUES ('". check_query($edit[name])."')"));
|
||||
foreach ($edit as $key=>$value) db_query("UPDATE topic SET $key = '". check_query($value) ."' WHERE tid = '$edit[tid]'");
|
||||
}
|
||||
|
||||
// returns a sorted tree-representation of all topics:
|
||||
|
|
@ -113,8 +113,8 @@ function topic_tree($parent = 0, $name = "", $tree = array()) {
|
|||
|
||||
// delete topic $tid:
|
||||
function topic_del($tid) {
|
||||
db_query("DELETE FROM topic WHERE tid = '". check_input($tid) ."'");
|
||||
db_query("UPDATE node SET tid = 0 WHERE tid = '". check_input($tid) ."'");
|
||||
db_query("DELETE FROM topic WHERE tid = '". check_query($tid) ."'");
|
||||
db_query("UPDATE node SET tid = 0 WHERE tid = '". check_query($tid) ."'");
|
||||
}
|
||||
|
||||
// return linked string with name of topic $tid:
|
||||
|
|
|
|||
|
|
@ -98,7 +98,14 @@ function theme_blocks($region, $theme) {
|
|||
}
|
||||
|
||||
function theme_morelink($theme, $node) {
|
||||
return ($node->body) ? "[ <A HREF=\"node.php?id=$node->nid\"><FONT COLOR=\"$theme->link\">". t("read more") ."</FONT></A> | ". sizeof(explode(" ", $node->body)) ." ". t("words") ." | <A HREF=\"node.php?id=$node->nid\"><FONT COLOR=\"$theme->link\">". format_plural(node_get_comments($node->nid), "comment", "comments") ."</FONT></A> ]" : "[ <A HREF=\"node.php?id=$node->nid\"><FONT COLOR=\"$theme->link\">". format_plural(node_get_comments($node->nid), "comment", "comments") ."</FONT></A> ]";
|
||||
if ($node->body) {
|
||||
$link[] = "<A HREF=\"node.php?id=$node->nid\"><FONT COLOR=\"$theme->link\">". t("read more") ."</FONT></A>";
|
||||
}
|
||||
if ($node->comment) {
|
||||
$link[] = "<A HREF=\"node.php?id=$node->nid\"><FONT COLOR=\"$theme->link\">". format_plural(node_get_comments($node->nid), "comment", "comments") ."</FONT></A>";
|
||||
}
|
||||
|
||||
return ($link ? "[ ". implode(" | ", $link) ." ]" : "");
|
||||
}
|
||||
|
||||
function theme_moderation_results($theme, $node) {
|
||||
|
|
|
|||
|
|
@ -1,17 +0,0 @@
|
|||
<?php
|
||||
|
||||
$timer = 0;
|
||||
|
||||
function timer_print() {
|
||||
global $timer;
|
||||
$stop = explode(" ", microtime());
|
||||
$diff = $stop[0] - $timer[0];
|
||||
print "<PRE>execution time: $diff ms</PRE>";
|
||||
}
|
||||
|
||||
function timer_start() {
|
||||
global $timer;
|
||||
$timer = explode(" ", microtime());
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
@ -39,8 +39,8 @@ function variable_get($name, $default, $object = 0) {
|
|||
function variable_set($name, $value) {
|
||||
global $conf;
|
||||
|
||||
db_query("DELETE FROM variable WHERE name = '". check_input($name) ."'");
|
||||
db_query("INSERT INTO variable (name, value) VALUES ('". check_input($name) ."', '". check_input($value) ."')");
|
||||
db_query("DELETE FROM variable WHERE name = '". check_query($name) ."'");
|
||||
db_query("INSERT INTO variable (name, value) VALUES ('". check_query($name) ."', '". check_query($value) ."')");
|
||||
|
||||
$conf[$name] = $value;
|
||||
}
|
||||
|
|
@ -48,7 +48,7 @@ function variable_set($name, $value) {
|
|||
function variable_del($name) {
|
||||
global $conf;
|
||||
|
||||
db_query("DELETE FROM variable WHERE name = '". check_input($name) ."'");
|
||||
db_query("DELETE FROM variable WHERE name = '". check_query($name) ."'");
|
||||
|
||||
$conf[$name] = "";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -263,7 +263,7 @@ function poll_admin() {
|
|||
print poll_overview(poll_query($type));
|
||||
break;
|
||||
case "edit":
|
||||
print poll_form(poll_get_choices_array(node_get_array(array("nid" => check_input($id)))));
|
||||
print poll_form(poll_get_choices_array(node_get_array(array("nid" => $id))));
|
||||
break;
|
||||
case "help":
|
||||
poll_help();
|
||||
|
|
|
|||
|
|
@ -263,7 +263,7 @@ function poll_admin() {
|
|||
print poll_overview(poll_query($type));
|
||||
break;
|
||||
case "edit":
|
||||
print poll_form(poll_get_choices_array(node_get_array(array("nid" => check_input($id)))));
|
||||
print poll_form(poll_get_choices_array(node_get_array(array("nid" => $id))));
|
||||
break;
|
||||
case "help":
|
||||
poll_help();
|
||||
|
|
|
|||
2
node.php
2
node.php
|
|
@ -93,7 +93,7 @@ if ($number > 1) {
|
|||
$theme->footer();
|
||||
}
|
||||
elseif ($number) {
|
||||
$node = ($title ? node_get_object(array("title" => check_input($title))) : node_get_object(nid, check_input($id)));
|
||||
$node = ($title ? node_get_object(array("title" => $title)) : node_get_object(array("nid" => $id)));
|
||||
if ($node && node_visible($node)) {
|
||||
switch ($op) {
|
||||
case "history":
|
||||
|
|
|
|||
Loading…
Reference in New Issue