$parent=$params['parent'];
$permissions=permissions::checkPerms($parent);
if (!$permissions['r']) {
$parent=$params['parent'];
$permissions=permissions::checkPerms($parent);
if (!$permissions['r']) {
else $listing_amount=$params['listing_amount'];
if (empty($params['offset'])) $offset=0;
else $offset=$params['offset'];
else $listing_amount=$params['listing_amount'];
if (empty($params['offset'])) $offset=0;
else $offset=$params['offset'];
$q="select parent.node_name as parent_name,users.*,nodes.*,node_access.node_user_subchild_count from nodes left join nodes as parent on parent.node_id=nodes.node_parent left join node_access on node_access.node_id=nodes.node_id and node_access.user_id='$user_id' left join users on users.user_id=nodes.node_creator where ";
$q.=" $sql_time nodes.node_parent='$parent' and nodes.node_system_access!='private'";
$q="select parent.node_name as parent_name,users.*,nodes.*,node_access.node_user_subchild_count from nodes left join nodes as parent on parent.node_id=nodes.node_parent left join node_access on node_access.node_id=nodes.node_id and node_access.user_id='$user_id' left join users on users.user_id=nodes.node_creator where ";
$q.=" $sql_time nodes.node_parent='$parent' and nodes.node_system_access!='private'";
- if ($_POST['template_event']=='filter_by') {
- if ($_POST['search_type']=='content')
- $sql_type.=" and node_content like '%".addslashes($_POST['node_content'])."%' ";
+ if (isset($_POST['template_event']) && $_POST['template_event']=='filter_by') {
+ if (isset($_POST['search_type']) && $_POST['search_type']=='content')
+ $sql_type.=" and node_content like '%".db_escape_string($_POST['node_content'])."%' ";
else $q.=" order by nodes.node_id desc ";
$q.= " LIMIT $offset,$listing_amount ";
$set=$db->query($q);
else $q.=" order by nodes.node_id desc ";
$q.= " LIMIT $offset,$listing_amount ";
$set=$db->query($q);