warning & sqli fix

[mirrors/Kyberia-bloodline.git] / wwwroot / nodes.php

diff --git a/wwwroot/nodes.php b/wwwroot/nodes.php
index a0aec7f8082e13bb81d2f800a2084fb538ed53b8..cbbed84728818af6f8f6910b6685b401fdbabc58 100644 (file)
--- a/wwwroot/nodes.php
+++ b/wwwroot/nodes.php
@@ -282,7 +282,7 @@ elseif ($transaction) {
 if ($permissions['r']) {
 
 //these 4 lines are not the source of kyberia lagging problems. leave them. started on the 10.4. data gained will be used for scientific purposes
-if ($_SESSION['user_id']) {
+if ((isset($_SESSION['user_id'])) && ($_SESSION['user_id'])) {
        $q="insert delayed into levenshtein set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."'";
        $db->update($q);
 }
@@ -308,7 +308,7 @@ if ($node['template_id']!='2019721'){
 // DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 //creating neural network
 $db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'");
-if (is_numeric($referer_id)) {
+if (isset($referer_id) && is_numeric($referer_id)) {
        $q="update neurons set synapse=synapse+1 where dst='".$node['node_id']."' and src='$referer_id'";
        $result=$db->update($q);
        if (!$result) {
@@ -343,7 +343,7 @@ else {
 
 
 //assigning user data to smarty if user logged in
-if ($user_id=$_SESSION['user_id']) {
+if (isset($_SESSION['user_id'])&&($user_id=$_SESSION['user_id'])) {
        $smarty->assign('_POST',$_POST);
        $smarty->assign('bookmarks',$_SESSION['bookmarks']);
        $smarty->assign('ignore',$_SESSION['ignore']);
@@ -434,7 +434,7 @@ else {
 }
 
 
-if ($node['template_id']!='2019721'){
+if (($node['template_id']!='2019721') && (isset($_SESSION['user_id']))){
 //setting user location
 $q="update users set last_action=NOW(),user_location_vector='".$node['node_vector']."',user_action='".addslashes($node['node_name'])."',user_action_id='".$node['node_id']."' where user_id='".$_SESSION['user_id']."'";
 $db->executequery($q);
@@ -510,18 +510,21 @@ if (!empty($_POST['template_event'])) {
         $children_count=$node['node_children_count'];
        $descendant_count=$node['node_descendant_count'];
 
-        if (is_numeric($_POST['listing_amount'])) $listing_amount=$_POST['listing_amount'];
-        elseif (!empty($_SESSION['listing_amount'])) $listing_amount=$_SESSION['listing_amount'];
+        if (isset($_POST['listing_amount']) && is_numeric($_POST['listing_amount'])) { 
+               $listing_amount=mysql_real_escape_string($_POST['listing_amount']);
+       }elseif (!empty($_SESSION['listing_amount'])) $listing_amount=$_SESSION['listing_amount'];
         else $listing_amount=DEFAULT_LISTING_AMOUNT;
        $smarty->assign('listing_amount',$listing_amount);
 
-       if ($_POST['listing_order']) $listing_order=$_POST['listing_order'];
-       elseif (!empty($_SESSION['listing_order'])) $listing_order=$_SESSION['listing_order'];
+       if (isset($_POST['listing_order']) && $_POST['listing_order']) {
+               $listing_order=mysql_real_escape_string($_POST['listing_order']);
+       } elseif (!empty($_SESSION['listing_order'])) $listing_order=$_SESSION['listing_order'];
        else $listing_order=DEFAULT_LISTING_ORDER;
        $smarty->assign('listing_order',$listing_order);
 
-       if (is_numeric($_POST['get_children_offset'])) $offset=$_POST['get_children_offset'];
-        else $offset=0;
+       if (isset ($_POST['get_children_offset']) && is_numeric($_POST['get_children_offset'])) {
+               $offset=$_POST['get_children_offset'];
+       } else { $offset=0; }
 
 
         //movement forward and backward
@@ -551,7 +554,7 @@ if ($node['external_link']=='header://svg' && !is_numeric($template_id)) {
 }
 
 //show own header
-elseif ($_SESSION['header_id']==true) {
+elseif (isset($_SESSION['header_id']) && ($_SESSION['header_id']==true)) {
        $smarty->assign('header_id',$_SESSION['header_id']);
        $smarty->template_dir=OWN_TEMPLATE_DIR;
        $content=$smarty->fetch($_SESSION['header_id'].".tpl");