diff options
| author | Dries Buytaert <dries@buytaert.net> | 2001-05-20 19:30:39 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2001-05-20 19:30:39 +0000 |
| commit | 532233a9792c2495ba31d1f0b211d61ddec9ea6e (patch) | |
| tree | e8ccc139fb19fa72f5212a3507120b1c5ef00e81 | |
| parent | 4f1cf00f9ea7b578b9966883b0182179006ddcb8 (diff) | |
| download | brdo-532233a9792c2495ba31d1f0b211d61ddec9ea6e.tar.gz brdo-532233a9792c2495ba31d1f0b211d61ddec9ea6e.tar.bz2 | |
- Removed includes/timer.inc: it has been integrated in common.inc.
- Fixed a bug in node.php: UnConeD forgot to update 1 node_get_object().
- I changed the look of theme_morelink() a bit: it might not look better,
but at least the output is "correct".
- Various small improvements.
| -rw-r--r-- | includes/common.inc | 4 | ||||
| -rw-r--r-- | includes/node.inc | 2 | ||||
| -rw-r--r-- | includes/search.inc | 2 | ||||
| -rw-r--r-- | includes/structure.inc | 22 | ||||
| -rw-r--r-- | includes/theme.inc | 9 | ||||
| -rw-r--r-- | includes/timer.inc | 17 | ||||
| -rw-r--r-- | includes/variable.inc | 6 | ||||
| -rw-r--r-- | modules/poll.module | 2 | ||||
| -rw-r--r-- | modules/poll/poll.module | 2 | ||||
| -rw-r--r-- | node.php | 2 |
10 files changed, 31 insertions, 37 deletions
diff --git a/includes/common.inc b/includes/common.inc index 2ceb45505..7e4442712 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -76,6 +76,10 @@ function check_preview($text) { return check_output(check_input($text), 1); } +function check_query($text) { + return addslashes(stripslashes($text)); +} + function check_input($text) { foreach (module_list() as $module) $text = module_invoke($module, "filter", $text); return addslashes(stripslashes(substr($text, 0, variable_get("max_input_size", 10000)))); diff --git a/includes/node.inc b/includes/node.inc index 4bb14769d..9f4429c3f 100644 --- a/includes/node.inc +++ b/includes/node.inc @@ -4,7 +4,7 @@ $status = array(dumped => 0, expired => 1, queued => 2, posted => 3); $rstatus = array(0 => dumped, 1 => expired, 2 => queued, 3 => posted); function _node_get($conditions) { - foreach ($conditions as $key=>$value) $cond[] = "n.$key = '$value'"; + foreach ($conditions as $key=>$value) $cond[] = "n.". check_query($key) ." = '". check_query($value) ."'"; $where = implode(" AND ", $cond); if ($conditions[type]) { diff --git a/includes/search.inc b/includes/search.inc index 11247c525..f15db5ee6 100644 --- a/includes/search.inc +++ b/includes/search.inc @@ -10,7 +10,7 @@ function search_form($keys) { } function search_data($keys, $type) { - if ($keys && $type && $result = module_invoke($type, "search", check_input($keys))) { + if ($keys && $type && $result = module_invoke($type, "search", check_query($keys))) { foreach ($result as $entry) { $output .= "<P>\n"; $output .= " <B><U><A HREF=\"$entry[link]\">$entry[title]</A></U></B><BR>"; diff --git a/includes/structure.inc b/includes/structure.inc index 989ee7f2f..fdac8e811 100644 --- a/includes/structure.inc +++ b/includes/structure.inc @@ -18,32 +18,32 @@ function category_get_array($field, $value) { // save a category: function category_save($edit) { - if (!$edit[cid]) $edit[cid] = db_insert_id(db_query("INSERT INTO category (name) VALUES ('". check_input($edit[name])."')")); - foreach ($edit as $key=>$value) db_query("UPDATE category SET $key = '". check_input($value) ."' WHERE cid = '$edit[cid]'"); + if (!$edit[cid]) $edit[cid] = db_insert_id(db_query("INSERT INTO category (name) VALUES ('". check_query($edit[name])."')")); + foreach ($edit as $key=>$value) db_query("UPDATE category SET $key = '". check_query($value) ."' WHERE cid = '$edit[cid]'"); } // delete category $cid: function category_del($cid) { - db_query("DELETE FROM category WHERE cid = '". check_input($cid) ."'"); - db_query("UPDATE node SET cid = 0 WHERE cid = '". check_input($cid) ."'"); + db_query("DELETE FROM category WHERE cid = '". check_query($cid) ."'"); + db_query("UPDATE node SET cid = 0 WHERE cid = '". check_query($cid) ."'"); } // return post threshold: function category_post_threshold($cid) { - $category = db_fetch_object(db_query("SELECT post AS threshold FROM category WHERE cid = '". check_input($cid) ."'")); + $category = db_fetch_object(db_query("SELECT post AS threshold FROM category WHERE cid = '". check_query($cid) ."'")); return $category->threshold; } // return dump threshold: function category_dump_threshold($cid) { - $category = db_fetch_object(db_query("SELECT dump AS threshold FROM category WHERE cid = '". check_input($cid) ."'")); + $category = db_fetch_object(db_query("SELECT dump AS threshold FROM category WHERE cid = '". check_query($cid) ."'")); return $category->threshold; } // return expiration threshold: function category_expire_threshold($cid) { - $category = db_fetch_object(db_query("SELECT expire AS threshold FROM category WHERE cid = '". check_input($cid) ."'")); + $category = db_fetch_object(db_query("SELECT expire AS threshold FROM category WHERE cid = '". check_query($cid) ."'")); return $category->threshold; } @@ -97,8 +97,8 @@ function topic_get_array($field, $value) { // save a topic: function topic_save($edit) { - if (!$edit[tid]) $edit[tid] = db_insert_id(db_query("INSERT INTO topic (name) VALUES ('". check_input($edit[name])."')")); - foreach ($edit as $key=>$value) db_query("UPDATE topic SET $key = '". check_input($value) ."' WHERE tid = '$edit[tid]'"); + if (!$edit[tid]) $edit[tid] = db_insert_id(db_query("INSERT INTO topic (name) VALUES ('". check_query($edit[name])."')")); + foreach ($edit as $key=>$value) db_query("UPDATE topic SET $key = '". check_query($value) ."' WHERE tid = '$edit[tid]'"); } // returns a sorted tree-representation of all topics: @@ -113,8 +113,8 @@ function topic_tree($parent = 0, $name = "", $tree = array()) { // delete topic $tid: function topic_del($tid) { - db_query("DELETE FROM topic WHERE tid = '". check_input($tid) ."'"); - db_query("UPDATE node SET tid = 0 WHERE tid = '". check_input($tid) ."'"); + db_query("DELETE FROM topic WHERE tid = '". check_query($tid) ."'"); + db_query("UPDATE node SET tid = 0 WHERE tid = '". check_query($tid) ."'"); } // return linked string with name of topic $tid: diff --git a/includes/theme.inc b/includes/theme.inc index 269a5da2e..dc2108eab 100644 --- a/includes/theme.inc +++ b/includes/theme.inc @@ -98,7 +98,14 @@ function theme_blocks($region, $theme) { } function theme_morelink($theme, $node) { - return ($node->body) ? "[ <A HREF=\"node.php?id=$node->nid\"><FONT COLOR=\"$theme->link\">". t("read more") ."</FONT></A> | ". sizeof(explode(" ", $node->body)) ." ". t("words") ." | <A HREF=\"node.php?id=$node->nid\"><FONT COLOR=\"$theme->link\">". format_plural(node_get_comments($node->nid), "comment", "comments") ."</FONT></A> ]" : "[ <A HREF=\"node.php?id=$node->nid\"><FONT COLOR=\"$theme->link\">". format_plural(node_get_comments($node->nid), "comment", "comments") ."</FONT></A> ]"; + if ($node->body) { + $link[] = "<A HREF=\"node.php?id=$node->nid\"><FONT COLOR=\"$theme->link\">". t("read more") ."</FONT></A>"; + } + if ($node->comment) { + $link[] = "<A HREF=\"node.php?id=$node->nid\"><FONT COLOR=\"$theme->link\">". format_plural(node_get_comments($node->nid), "comment", "comments") ."</FONT></A>"; + } + + return ($link ? "[ ". implode(" | ", $link) ." ]" : ""); } function theme_moderation_results($theme, $node) { diff --git a/includes/timer.inc b/includes/timer.inc deleted file mode 100644 index e6740f366..000000000 --- a/includes/timer.inc +++ /dev/null @@ -1,17 +0,0 @@ -<?php - -$timer = 0; - -function timer_print() { - global $timer; - $stop = explode(" ", microtime()); - $diff = $stop[0] - $timer[0]; - print "<PRE>execution time: $diff ms</PRE>"; -} - -function timer_start() { - global $timer; - $timer = explode(" ", microtime()); -} - -?>
\ No newline at end of file diff --git a/includes/variable.inc b/includes/variable.inc index 618c7f4ce..86f1694b2 100644 --- a/includes/variable.inc +++ b/includes/variable.inc @@ -39,8 +39,8 @@ function variable_get($name, $default, $object = 0) { function variable_set($name, $value) { global $conf; - db_query("DELETE FROM variable WHERE name = '". check_input($name) ."'"); - db_query("INSERT INTO variable (name, value) VALUES ('". check_input($name) ."', '". check_input($value) ."')"); + db_query("DELETE FROM variable WHERE name = '". check_query($name) ."'"); + db_query("INSERT INTO variable (name, value) VALUES ('". check_query($name) ."', '". check_query($value) ."')"); $conf[$name] = $value; } @@ -48,7 +48,7 @@ function variable_set($name, $value) { function variable_del($name) { global $conf; - db_query("DELETE FROM variable WHERE name = '". check_input($name) ."'"); + db_query("DELETE FROM variable WHERE name = '". check_query($name) ."'"); $conf[$name] = ""; } diff --git a/modules/poll.module b/modules/poll.module index 677db3d31..a786a820d 100644 --- a/modules/poll.module +++ b/modules/poll.module @@ -263,7 +263,7 @@ function poll_admin() { print poll_overview(poll_query($type)); break; case "edit": - print poll_form(poll_get_choices_array(node_get_array(array("nid" => check_input($id))))); + print poll_form(poll_get_choices_array(node_get_array(array("nid" => $id)))); break; case "help": poll_help(); diff --git a/modules/poll/poll.module b/modules/poll/poll.module index 677db3d31..a786a820d 100644 --- a/modules/poll/poll.module +++ b/modules/poll/poll.module @@ -263,7 +263,7 @@ function poll_admin() { print poll_overview(poll_query($type)); break; case "edit": - print poll_form(poll_get_choices_array(node_get_array(array("nid" => check_input($id))))); + print poll_form(poll_get_choices_array(node_get_array(array("nid" => $id)))); break; case "help": poll_help(); @@ -93,7 +93,7 @@ if ($number > 1) { $theme->footer(); } elseif ($number) { - $node = ($title ? node_get_object(array("title" => check_input($title))) : node_get_object(nid, check_input($id))); + $node = ($title ? node_get_object(array("title" => $title)) : node_get_object(array("nid" => $id))); if ($node && node_visible($node)) { switch ($op) { case "history": |