Changeset 941
- Timestamp:
- 04/10/07 21:37:34 (1 year ago)
- Files:
-
- trunk/upload/admin_categories.php (modified) (1 diff)
- trunk/upload/admin_forums.php (modified) (1 diff)
- trunk/upload/admin_loader.php (modified) (1 diff)
- trunk/upload/admin_prune.php (modified) (1 diff)
- trunk/upload/admin_ranks.php (modified) (2 diffs)
- trunk/upload/admin_users.php (modified) (1 diff)
- trunk/upload/include/dblayer/mysql.php (modified) (1 diff)
- trunk/upload/include/dblayer/mysqli.php (modified) (1 diff)
- trunk/upload/include/dblayer/pgsql.php (modified) (1 diff)
- trunk/upload/include/dblayer/sqlite.php (modified) (1 diff)
- trunk/upload/moderate.php (modified) (4 diffs)
- trunk/upload/profile.php (modified) (1 diff)
- trunk/upload/userlist.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/upload/admin_categories.php
r934 r941 152 152 message('You must enter a category name.'); 153 153 154 if (! preg_match('#^\d+$#', $cat_order[$i]))154 if (!@preg_match('#^\d+$#', $cat_order[$i])) 155 155 message('Position must be an integer value.'); 156 156 trunk/upload/admin_forums.php
r600 r941 138 138 while (list($forum_id, $disp_position) = @each($_POST['position'])) 139 139 { 140 if (! preg_match('#^\d+$#', $disp_position))140 if (!@preg_match('#^\d+$#', $disp_position)) 141 141 message('Position must be a positive integer value.'); 142 142 trunk/upload/admin_loader.php
r100 r941 38 38 // The plugin to load should be supplied via GET 39 39 $plugin = isset($_GET['plugin']) ? $_GET['plugin'] : ''; 40 if (! preg_match('/^AM?P_(\w*?)\.php$/i', $plugin))40 if (!@preg_match('/^AM?P_(\w*?)\.php$/i', $plugin)) 41 41 message($lang_common['Bad request']); 42 42 trunk/upload/admin_prune.php
r214 r941 85 85 86 86 $prune_days = $_POST['req_prune_days']; 87 if (! preg_match('#^\d+$#', $prune_days))87 if (!@preg_match('#^\d+$#', $prune_days)) 88 88 message('Days to prune must be a positive integer.'); 89 89 trunk/upload/admin_ranks.php
r858 r941 47 47 message('You must enter a rank title.'); 48 48 49 if (! preg_match('#^\d+$#', $min_posts))49 if (!@preg_match('#^\d+$#', $min_posts)) 50 50 message('Minimum posts must be a positive integer value.'); 51 51 … … 78 78 message('You must enter a rank title.'); 79 79 80 if (! preg_match('#^\d+$#', $min_posts))80 if (!@preg_match('#^\d+$#', $min_posts)) 81 81 message('Minimum posts must be a positive integer value.'); 82 82 trunk/upload/admin_users.php
r600 r941 112 112 $ip = $_GET['show_users']; 113 113 114 if (! preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $ip))114 if (!@preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $ip)) 115 115 message('The supplied IP address is not correctly formatted.'); 116 116 trunk/upload/include/dblayer/mysql.php
r2 r941 157 157 function escape($str) 158 158 { 159 if (function_exists('mysql_real_escape_string')) 159 if (is_array($str)) 160 return ''; 161 else if (function_exists('mysql_real_escape_string')) 160 162 return mysql_real_escape_string($str, $this->link_id); 161 163 else trunk/upload/include/dblayer/mysqli.php
r2 r941 160 160 function escape($str) 161 161 { 162 return mysqli_real_escape_string($this->link_id, $str);162 return is_array($str) ? '' : mysqli_real_escape_string($this->link_id, $str); 163 163 } 164 164 trunk/upload/include/dblayer/pgsql.php
r58 r941 218 218 function escape($str) 219 219 { 220 return pg_escape_string($str);220 return is_array($str) ? '' : pg_escape_string($str); 221 221 } 222 222 trunk/upload/include/dblayer/sqlite.php
r58 r941 220 220 function escape($str) 221 221 { 222 return sqlite_escape_string($str);222 return is_array($str) ? '' : sqlite_escape_string($str); 223 223 } 224 224 trunk/upload/moderate.php
r931 r941 36 36 37 37 // Is get_host an IP address or a post ID? 38 if ( preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $_GET['get_host']))38 if (@preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $_GET['get_host'])) 39 39 $ip = $_GET['get_host']; 40 40 else … … 99 99 confirm_referrer('moderate.php'); 100 100 101 if ( preg_match('/[^0-9,]/', $posts))101 if (@preg_match('/[^0-9,]/', $posts)) 102 102 message($lang_common['Bad request']); 103 103 … … 288 288 confirm_referrer('moderate.php'); 289 289 290 if ( preg_match('/[^0-9,]/', $_POST['topics']))290 if (@preg_match('/[^0-9,]/', $_POST['topics'])) 291 291 message($lang_common['Bad request']); 292 292 … … 413 413 confirm_referrer('moderate.php'); 414 414 415 if ( preg_match('/[^0-9,]/', $topics))415 if (@preg_match('/[^0-9,]/', $topics)) 416 416 message($lang_common['Bad request']); 417 417 trunk/upload/profile.php
r940 r941 764 764 765 765 // If the ICQ UIN contains anything other than digits it's invalid 766 if ($form['icq'] != '' && preg_match('/[^0-9]/', $form['icq']))766 if ($form['icq'] != '' && @preg_match('/[^0-9]/', $form['icq'])) 767 767 message($lang_prof_reg['Bad ICQ']); 768 768 trunk/upload/userlist.php
r432 r941 42 42 $show_post_count = ($pun_config['o_show_post_count'] == '1' || $pun_user['g_id'] < PUN_GUEST) ? true : false; 43 43 44 $username = (isset($_GET['username']) && $pun_user['g_search_users'] == '1') ? $_GET['username']: '';44 $username = (isset($_GET['username']) && $pun_user['g_search_users'] == '1') ? pun_trim($_GET['username']) : ''; 45 45 $show_group = (!isset($_GET['show_group']) || intval($_GET['show_group']) < -1 && intval($_GET['show_group']) > 2) ? -1 : intval($_GET['show_group']); 46 46 $sort_by = (!isset($_GET['sort_by']) || $_GET['sort_by'] != 'username' && $_GET['sort_by'] != 'registered' && ($_GET['sort_by'] != 'num_posts' || !$show_post_count)) ? 'username' : $_GET['sort_by'];
