Commit 532233a9 authored by Dries's avatar Dries
Browse files

- Removed includes/timer.inc: it has been integrated in common.inc.

- Fixed a bug in node.php: UnConeD forgot to update 1 node_get_object().

- I changed the look of theme_morelink() a bit: it might not look better,
  but at least the output is "correct".

- Various small improvements.
parent 4f1cf00f
......@@ -76,6 +76,10 @@ function check_preview($text) {
return check_output(check_input($text), 1);
}
function check_query($text) {
return addslashes(stripslashes($text));
}
function check_input($text) {
foreach (module_list() as $module) $text = module_invoke($module, "filter", $text);
return addslashes(stripslashes(substr($text, 0, variable_get("max_input_size", 10000))));
......
......@@ -4,7 +4,7 @@
$rstatus = array(0 => dumped, 1 => expired, 2 => queued, 3 => posted);
function _node_get($conditions) {
foreach ($conditions as $key=>$value) $cond[] = "n.$key = '$value'";
foreach ($conditions as $key=>$value) $cond[] = "n.". check_query($key) ." = '". check_query($value) ."'";
$where = implode(" AND ", $cond);
if ($conditions[type]) {
......
......@@ -10,7 +10,7 @@ function search_form($keys) {
}
function search_data($keys, $type) {
if ($keys && $type && $result = module_invoke($type, "search", check_input($keys))) {
if ($keys && $type && $result = module_invoke($type, "search", check_query($keys))) {
foreach ($result as $entry) {
$output .= "<P>\n";
$output .= " <B><U><A HREF=\"$entry[link]\">$entry[title]</A></U></B><BR>";
......
......@@ -18,32 +18,32 @@ function category_get_array($field, $value) {
// save a category:
function category_save($edit) {
if (!$edit[cid]) $edit[cid] = db_insert_id(db_query("INSERT INTO category (name) VALUES ('". check_input($edit[name])."')"));
foreach ($edit as $key=>$value) db_query("UPDATE category SET $key = '". check_input($value) ."' WHERE cid = '$edit[cid]'");
if (!$edit[cid]) $edit[cid] = db_insert_id(db_query("INSERT INTO category (name) VALUES ('". check_query($edit[name])."')"));
foreach ($edit as $key=>$value) db_query("UPDATE category SET $key = '". check_query($value) ."' WHERE cid = '$edit[cid]'");
}
// delete category $cid:
function category_del($cid) {
db_query("DELETE FROM category WHERE cid = '". check_input($cid) ."'");
db_query("UPDATE node SET cid = 0 WHERE cid = '". check_input($cid) ."'");
db_query("DELETE FROM category WHERE cid = '". check_query($cid) ."'");
db_query("UPDATE node SET cid = 0 WHERE cid = '". check_query($cid) ."'");
}
// return post threshold:
function category_post_threshold($cid) {
$category = db_fetch_object(db_query("SELECT post AS threshold FROM category WHERE cid = '". check_input($cid) ."'"));
$category = db_fetch_object(db_query("SELECT post AS threshold FROM category WHERE cid = '". check_query($cid) ."'"));
return $category->threshold;
}
// return dump threshold:
function category_dump_threshold($cid) {
$category = db_fetch_object(db_query("SELECT dump AS threshold FROM category WHERE cid = '". check_input($cid) ."'"));
$category = db_fetch_object(db_query("SELECT dump AS threshold FROM category WHERE cid = '". check_query($cid) ."'"));
return $category->threshold;
}
// return expiration threshold:
function category_expire_threshold($cid) {
$category = db_fetch_object(db_query("SELECT expire AS threshold FROM category WHERE cid = '". check_input($cid) ."'"));
$category = db_fetch_object(db_query("SELECT expire AS threshold FROM category WHERE cid = '". check_query($cid) ."'"));
return $category->threshold;
}
......@@ -97,8 +97,8 @@ function topic_get_array($field, $value) {
// save a topic:
function topic_save($edit) {
if (!$edit[tid]) $edit[tid] = db_insert_id(db_query("INSERT INTO topic (name) VALUES ('". check_input($edit[name])."')"));
foreach ($edit as $key=>$value) db_query("UPDATE topic SET $key = '". check_input($value) ."' WHERE tid = '$edit[tid]'");
if (!$edit[tid]) $edit[tid] = db_insert_id(db_query("INSERT INTO topic (name) VALUES ('". check_query($edit[name])."')"));
foreach ($edit as $key=>$value) db_query("UPDATE topic SET $key = '". check_query($value) ."' WHERE tid = '$edit[tid]'");
}
// returns a sorted tree-representation of all topics:
......@@ -113,8 +113,8 @@ function topic_tree($parent = 0, $name = "", $tree = array()) {
// delete topic $tid:
function topic_del($tid) {
db_query("DELETE FROM topic WHERE tid = '". check_input($tid) ."'");
db_query("UPDATE node SET tid = 0 WHERE tid = '". check_input($tid) ."'");
db_query("DELETE FROM topic WHERE tid = '". check_query($tid) ."'");
db_query("UPDATE node SET tid = 0 WHERE tid = '". check_query($tid) ."'");
}
// return linked string with name of topic $tid:
......
......@@ -98,7 +98,14 @@ function theme_blocks($region, $theme) {
}
function theme_morelink($theme, $node) {
return ($node->body) ? "[ <A HREF=\"node.php?id=$node->nid\"><FONT COLOR=\"$theme->link\">". t("read more") ."</FONT></A> | ". sizeof(explode(" ", $node->body)) ." ". t("words") ." | <A HREF=\"node.php?id=$node->nid\"><FONT COLOR=\"$theme->link\">". format_plural(node_get_comments($node->nid), "comment", "comments") ."</FONT></A> ]" : "[ <A HREF=\"node.php?id=$node->nid\"><FONT COLOR=\"$theme->link\">". format_plural(node_get_comments($node->nid), "comment", "comments") ."</FONT></A> ]";
if ($node->body) {
$link[] = "<A HREF=\"node.php?id=$node->nid\"><FONT COLOR=\"$theme->link\">". t("read more") ."</FONT></A>";
}
if ($node->comment) {
$link[] = "<A HREF=\"node.php?id=$node->nid\"><FONT COLOR=\"$theme->link\">". format_plural(node_get_comments($node->nid), "comment", "comments") ."</FONT></A>";
}
return ($link ? "[ ". implode(" | ", $link) ." ]" : "");
}
function theme_moderation_results($theme, $node) {
......
<?php
$timer = 0;
function timer_print() {
global $timer;
$stop = explode(" ", microtime());
$diff = $stop[0] - $timer[0];
print "<PRE>execution time: $diff ms</PRE>";
}
function timer_start() {
global $timer;
$timer = explode(" ", microtime());
}
?>
\ No newline at end of file
......@@ -39,8 +39,8 @@ function variable_get($name, $default, $object = 0) {
function variable_set($name, $value) {
global $conf;
db_query("DELETE FROM variable WHERE name = '". check_input($name) ."'");
db_query("INSERT INTO variable (name, value) VALUES ('". check_input($name) ."', '". check_input($value) ."')");
db_query("DELETE FROM variable WHERE name = '". check_query($name) ."'");
db_query("INSERT INTO variable (name, value) VALUES ('". check_query($name) ."', '". check_query($value) ."')");
$conf[$name] = $value;
}
......@@ -48,7 +48,7 @@ function variable_set($name, $value) {
function variable_del($name) {
global $conf;
db_query("DELETE FROM variable WHERE name = '". check_input($name) ."'");
db_query("DELETE FROM variable WHERE name = '". check_query($name) ."'");
$conf[$name] = "";
}
......
......@@ -263,7 +263,7 @@ function poll_admin() {
print poll_overview(poll_query($type));
break;
case "edit":
print poll_form(poll_get_choices_array(node_get_array(array("nid" => check_input($id)))));
print poll_form(poll_get_choices_array(node_get_array(array("nid" => $id))));
break;
case "help":
poll_help();
......
......@@ -263,7 +263,7 @@ function poll_admin() {
print poll_overview(poll_query($type));
break;
case "edit":
print poll_form(poll_get_choices_array(node_get_array(array("nid" => check_input($id)))));
print poll_form(poll_get_choices_array(node_get_array(array("nid" => $id))));
break;
case "help":
poll_help();
......
......@@ -93,7 +93,7 @@ function node_history($node) {
$theme->footer();
}
elseif ($number) {
$node = ($title ? node_get_object(array("title" => check_input($title))) : node_get_object(nid, check_input($id)));
$node = ($title ? node_get_object(array("title" => $title)) : node_get_object(array("nid" => $id)));
if ($node && node_visible($node)) {
switch ($op) {
case "history":
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment