X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Finc%2Fsmarty%2Fnode_methodz%2Ffunction.get_nodes_by_parent.php;h=b392c5155012fa0637da8c127aec10794c08aa83;hb=30a8a52a642cda1b743887289cf6e1b5feb41e60;hp=b6fe822dc38648c8c97c08aeb7c8d56424152ce4;hpb=17ec25133d7efb812a3396427bcf777ad6d71e49;p=mirrors%2FKyberia-bloodline.git

diff --git a/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_parent.php b/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_parent.php
index b6fe822..b392c51 100644
--- a/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_parent.php
+++ b/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_parent.php
@@ -1,54 +1,54 @@
 <?php
 
-	function smarty_function_get_nodes_by_parent($params,&$smarty) {
-		global $node;
-
-		$parent=$params['parent'];
-		$permissions=permissions::checkPerms($parent);
-		if (!$permissions['r']) {
-			$error=$error_messages['READ_PERMISSION_ERROR'];
-			return false;
-		}
-		$parent_vectot=$parent['node_vector'];
-
-		if ($params['listing_amount']=='all') $listing_amount='100';
-		else $listing_amount=$params['listing_amount'];
-		if (empty($params['offset'])) $offset=0;
-		else $offset=$params['offset'];
-
-		if ($params['orderby']) {
+function smarty_function_get_nodes_by_parent($params,&$smarty) {
+	global $node;
+
+	$parent=$params['parent'];
+	$permissions=permissions::checkPerms($parent);
+	if (!$permissions['r']) {
+		$error=$error_messages['READ_PERMISSION_ERROR'];
+		return false;
+	}
+	$parent_vectot=$parent['node_vector'];
+
+	if ($params['listing_amount']=='all') $listing_amount='100'; // XXX remove constant
+	else $listing_amount=$params['listing_amount'];
+	if (empty($params['offset'])) $offset=0;
+	else $offset=$params['offset'];
+
+	if ($params['orderby']) {
  			$orderby=addslashes($params['orderby']);
-		}
+	}
 
-		global $db,$node;
-		$node_id=$node['node_id'];
-		$user_id=$_SESSION['user_id'];
+	global $db,$node;
+	$node_id=$node['node_id'];
+	$user_id=$_SESSION['user_id'];
 if ($params['time']) $sql_time=" nodes.node_created > '".addslashes($params['time'])."' and ";
-		$q="select parent.node_name as parent_name,users.*,nodes.*,node_access.node_user_subchild_count from nodes left join nodes as parent on parent.node_id=nodes.node_parent left join node_access on node_access.node_id=nodes.node_id and node_access.user_id='$user_id' left  join users on users.user_id=nodes.node_creator where ";
-		$q.=" $sql_time nodes.node_parent='$parent' and nodes.node_system_access!='private'";
+	$q="select parent.node_name as parent_name,users.*,nodes.*,node_access.node_user_subchild_count from nodes left join nodes as parent on parent.node_id=nodes.node_parent left join node_access on node_access.node_id=nodes.node_id and node_access.user_id='$user_id' left  join users on users.user_id=nodes.node_creator where ";
+	$q.=" $sql_time nodes.node_parent='$parent' and nodes.node_system_access!='private'";
 
 
                 if ($_POST['template_event']=='filter_by') {
-	                if ($_POST['search_type']=='content')
+                if ($_POST['search_type']=='content')
        			         $sql_type.=" and node_content like '%".addslashes($_POST['node_content'])."%' ";
-			else {
-		                $q2="select user_id from users where login='".$_POST['node_content']."'";
-		                $userset=$db->query($q2);
-		                $userset->next();
-		                $id=$userset->getString('user_id');
-		                $sql_type=" and nodes.node_creator='$id'";
-	                }
+		else {
+	                $q2="select user_id from users where login='".db_escape_string($_POST['node_content'])."'";
+	                $userset=$db->query($q2);
+	                $userset->next();
+	                $id=$userset->getString('user_id');
+	                $sql_type=" and nodes.node_creator='$id'";
+                }
         	        $q.=$sql_type;
-	        }
+        }
 
-		if ($orderby) $q.=" order by $orderby ";
-		else $q.=" order by nodes.node_id desc ";
-		$q.= " LIMIT $offset,$listing_amount ";
-		$set=$db->query($q);
-		while ($set->next()) $pole[]=$set->getRecord();
-		$smarty->assign('get_nodes_by_parent',$pole);
+	if ($orderby) $q.=" order by $orderby ";
+	else $q.=" order by nodes.node_id desc ";
+	$q.= " LIMIT $offset,$listing_amount ";
+	$set=$db->query($q);
+	while ($set->next()) $pole[]=$set->getRecord();
+	$smarty->assign('get_nodes_by_parent',$pole);
 
-	}
+}
 ?>