summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
Diffstat (limited to 'includes')
-rw-r--r--includes/ban.inc15
-rw-r--r--includes/comment.inc26
-rw-r--r--includes/module.inc10
3 files changed, 25 insertions, 26 deletions
diff --git a/includes/ban.inc b/includes/ban.inc
index 618b275ec..e1b05fc1d 100644
--- a/includes/ban.inc
+++ b/includes/ban.inc
@@ -10,10 +10,9 @@ $index2type = array(0x01 => "addresses",
0x03 => "hostnames",
0x04 => "usernames");
-
function ban_match($mask, $category) {
// Perform query:
- $result = db_query("SELECT * FROM bans WHERE type = $category AND LOWER('$mask') LIKE LOWER(mask)");
+ $result = db_query("SELECT * FROM bans WHERE type = '$category' AND LOWER('$mask') LIKE LOWER(mask)");
// Return result:
return db_fetch_object($result);
@@ -25,29 +24,29 @@ function ban_add($mask, $category, $reason, $message = "") {
if (empty($mask)) {
$message = "failed: empty banmasks are not allowed.<P>\n";
}
- else if ($ban = db_fetch_object(db_query("SELECT * FROM bans WHERE type = $category AND '$mask' LIKE mask"))) {
+ else if ($ban = db_fetch_object(db_query("SELECT * FROM bans WHERE type = '$category' AND '$mask' LIKE mask"))) {
$message = "failed: ban is already matched by '$ban->mask'.<P>\n";
}
else {
$result = db_query("INSERT INTO bans (mask, type, reason, timestamp) VALUES ('$mask', '$category', '$reason', '". time() ."')");
- $message = "added new ban with mask `$mask'.<P>\n";
+ $message = "added new ban with mask '$mask'.<P>\n";
// Add log entry:
- watchdog("message", "added new ban `$mask' to category `". $index2type[$category] ."' with reason `$reason'.");
+ watchdog("message", "added new ban '$mask' to category '". $index2type[$category] ."' with reason '$reason'.");
}
}
function ban_delete($id) {
global $index2type;
- $result = db_query("SELECT * FROM bans WHERE id = $id");
+ $result = db_query("SELECT * FROM bans WHERE id = '$id'");
if ($ban = db_fetch_object($result)) {
// Perform query:
- $result = db_query("DELETE FROM bans WHERE id = $id");
+ $result = db_query("DELETE FROM bans WHERE id = '$id'");
// Deleted log entry:
- watchdog("message", "removed ban `$ban->mask' from category `". $index2type[$ban->type] ."'.");
+ watchdog("message", "removed ban '$ban->mask' from category '". $index2type[$ban->type] ."'.");
}
}
diff --git a/includes/comment.inc b/includes/comment.inc
index 7ec1d3734..2c8aaf3b9 100644
--- a/includes/comment.inc
+++ b/includes/comment.inc
@@ -34,7 +34,7 @@ function comment_moderate($moderate) {
foreach ($moderate as $id=>$vote) {
if ($vote != $comment_votes[$none] && !user_get($user, "history", "c$id")) {
// Update the comment's score:
- $result = db_query("UPDATE comments SET score = score $vote, votes = votes + 1 WHERE cid = $id");
+ $result = db_query("UPDATE comments SET score = score ". check_input($vote) .", votes = votes + 1 WHERE cid = '". check_input($id) ."'");
// Update the user's history:
$user = user_set($user, "history", "c$id", $vote);
@@ -52,13 +52,13 @@ function comment_reply($pid, $id) {
global $allowed_html, $link, $REQUEST_URI, $theme, $user;
if ($pid) {
- $item = db_fetch_object(db_query("SELECT comments.*, users.userid FROM comments LEFT JOIN users ON comments.author = users.id WHERE comments.cid = $pid"));
+ $item = db_fetch_object(db_query("SELECT comments.*, users.userid FROM comments LEFT JOIN users ON comments.author = users.id WHERE comments.cid = '$pid'"));
comment_view(new Comment($item->userid, $item->subject, $item->comment, $item->timestamp, $item->url, $item->fake_email, comment_score($comment), $comment->votes, $item->cid, $item->lid), t("reply to this comment"));
}
else {
$pid = 0;
if ($link == "story") {
- $item = db_fetch_object(db_query("SELECT stories.*, users.userid FROM stories LEFT JOIN users ON stories.author = users.id WHERE stories.status != 0 AND stories.id = $id"));
+ $item = db_fetch_object(db_query("SELECT stories.*, users.userid FROM stories LEFT JOIN users ON stories.author = users.id WHERE stories.status != 0 AND stories.id = '$id'"));
$theme->article($item, "");
}
}
@@ -132,7 +132,7 @@ function comment_post($pid, $id, $subject, $comment) {
global $theme, $link, $user;
// Check for duplicate comments:
- $duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE link = '$link' AND pid = '$pid' AND lid = '$id' AND subject = '". check_input($subject) ."' AND comment = '". check_input($comment) ."'"), 0);
+ $duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE link = '$link' AND pid = '$pid' AND lid = '$id' AND subject = '$subject' AND comment = '$comment'"), 0);
if ($duplicate != 0) {
watchdog("error", "comment: attempt to insert duplicate comment");
@@ -145,7 +145,7 @@ function comment_post($pid, $id, $subject, $comment) {
watchdog("comment", "comment: added comment with subject '$subject'");
// Add comment to database:
- db_query("INSERT INTO comments (link, lid, pid, author, subject, comment, hostname, timestamp, score) VALUES ('". check_input($link) ."', $id, $pid, '$user->id', '". check_input($subject) ."', '". check_input($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."', '". ($user->userid ? 1 : 0) ."')");
+ db_query("INSERT INTO comments (link, lid, pid, author, subject, comment, hostname, timestamp, score) VALUES ('$link', '$id', '$pid', '$user->id', '$subject', '$comment', '". getenv("REMOTE_ADDR") ."', '". time() ."', '". ($user->userid ? 1 : 0) ."')");
}
}
@@ -155,7 +155,7 @@ function comment_score($comment) {
}
function comment_num_replies($id, $count = 0) {
- $result = db_query("SELECT COUNT(cid) FROM comments WHERE pid = $id");
+ $result = db_query("SELECT COUNT(cid) FROM comments WHERE pid = '$id'");
return ($result) ? db_result($result, 0) : 0;
}
@@ -165,7 +165,7 @@ function comment_num_filtered($lid, $pid) {
$threshold = ($user->id) ? $user->threshold : "0";
$pid = ($pid) ? $pid : 0;
- $result = db_query("SELECT COUNT(cid) FROM comments WHERE lid = $lid AND pid = $pid AND ((votes = 0 AND score < $threshold) OR (score / votes < $threshold))");
+ $result = db_query("SELECT COUNT(cid) FROM comments WHERE lid = '$lid' AND pid = '$pid' AND ((votes = 0 AND score < $threshold) OR (score / votes < $threshold))");
return ($result) ? db_result($result, 0) : 0;
}
@@ -183,7 +183,7 @@ function comment_moderation($comment) {
}
else {
// comment has already been moderated:
- $output .= "<TABLE BORDER=\"0\" CELLSPACING=\"1\" CELLPADDING=\"1\"><TR><TD>". t("score") .":</TD><TD>". check_output($comment->score) ."</TD></TR><TR><TD>". t("votes") .":</TD><TD>". check_output($comment->votes) ."</TR></TABLE>\n";
+ $output .= "<TABLE BORDER=\"0\" CELLSPACING=\"1\" CELLPADDING=\"1\"><TR><TD ALIGN=\"right\">". t("score") .":</TD><TD>". check_output($comment->score) ."</TD></TR><TR><TD ALIGN=\"right\">". t("votes") .":</TD><TD>". check_output($comment->votes) ."</TR></TABLE>\n";
}
return $output;
@@ -221,8 +221,8 @@ function comment_order($order) {
}
function comment_query($link, $lid, $order, $pid = -1) {
- $query .= "SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE link = '$link' AND c.lid = $lid";
- if ($pid >= 0) $query .= " AND pid = $pid";
+ $query .= "SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE link = '$link' AND c.lid = '$lid'";
+ if ($pid >= 0) $query .= " AND pid = '$pid'";
if ($order == 1) $query .= " ORDER BY c.timestamp DESC";
else if ($order == 2) $query .= " ORDER BY c.timestamp";
else if ($order == 3) $query .= " ORDER BY c.score DESC";
@@ -262,7 +262,7 @@ function comment_view($comment, $folded = 0) {
function comment_thread_min($cid, $threshold) {
global $user;
- $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.pid = $cid ORDER BY c.timestamp, c.cid");
+ $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.pid = '$cid' ORDER BY c.timestamp, c.cid");
print "<UL>";
while ($comment = db_fetch_object($result)) {
@@ -275,7 +275,7 @@ function comment_thread_min($cid, $threshold) {
function comment_thread_max($cid, $mode, $threshold, $level = 0, $dummy = 0) {
global $link, $user;
- $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE link = '$link' AND c.pid = $cid ORDER BY c.timestamp, c.cid");
+ $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE link = '$link' AND c.pid = '$cid' ORDER BY c.timestamp, c.cid");
print "<UL>";
while ($comment = db_fetch_object($result)) {
@@ -304,7 +304,7 @@ function comment_render($lid, $cid) {
}
if ($cid > 0) {
- $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE cid = $cid");
+ $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE cid = '$cid'");
if ($comment = db_fetch_object($result)) {
comment_view($comment, comment_link($comment));
}
diff --git a/includes/module.inc b/includes/module.inc
index c339ee8f7..a4f6c005d 100644
--- a/includes/module.inc
+++ b/includes/module.inc
@@ -15,7 +15,7 @@ function module_execute($module, $hook, $argument = "") {
function module_rehash_crons($name, $module) {
if ($module["cron"]) {
if (!db_fetch_object(db_query("SELECT * FROM crons WHERE module = '$name'"))) {
- db_query("INSERT INTO crons (module, scheduled, timestamp) VALUES ('". check_input($name) ."', '172800', '0')");
+ db_query("INSERT INTO crons (module, scheduled, timestamp) VALUES ('$name', '172800', '0')");
}
}
else {
@@ -27,11 +27,11 @@ function module_rehash_blocks($name, $module) {
db_query("UPDATE blocks SET remove = '1' WHERE module = '$name'");
if ($module["block"] && $blocks = $module["block"]()) {
foreach ($blocks as $offset=>$block) {
- if (!db_fetch_object(db_query("SELECT * FROM blocks WHERE module = '$name' AND name = '". check_input($block["info"]) ."'"))) {
- db_query("INSERT INTO blocks (name, module, offset) VALUES ('". check_input($block["info"]) ."', '". check_input($name) ."', '". check_input($offset) ."')");
+ if (!db_fetch_object(db_query("SELECT * FROM blocks WHERE module = '$name' AND name = '$block[info]'"))) {
+ db_query("INSERT INTO blocks (name, module, offset) VALUES ('$block[info]', '$name', '$offset')");
}
else {
- db_query("UPDATE blocks SET offset = '". check_input($offset) ."', remove = '0' WHERE module = '$name' AND name = '". check_input($block["info"]) ."'");
+ db_query("UPDATE blocks SET offset = '$offset', remove = '0' WHERE module = '$name' AND name = '$block[info]'");
}
}
}
@@ -45,7 +45,7 @@ function module_rehash($name) {
$result = db_query("SELECT * FROM modules WHERE name = '$name'");
if (!$object = db_fetch_object($result)) {
- db_query("INSERT INTO modules (name) VALUES ('". check_input($name) ."')");
+ db_query("INSERT INTO modules (name) VALUES ('$name')");
}
// rehash crons (if necessary):
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-24 15:59:54 +0000