warning & sqli fix

author niekt0 <niekt0@kyberia.cz>

Sat, 13 Nov 2010 09:20:43 +0000 (10:20 +0100)

committer niekt0 <niekt0@kyberia.cz>

Sat, 13 Nov 2010 09:20:43 +0000 (10:20 +0100)
author niekt0 <niekt0@kyberia.cz>
Sat, 13 Nov 2010 09:20:43 +0000 (10:20 +0100)
committer niekt0 <niekt0@kyberia.cz>
Sat, 13 Nov 2010 09:20:43 +0000 (10:20 +0100)
diff --git a/wwwroot/nodes.php b/wwwroot/nodes.php

index b4f0404db8240f7f8107459d1bba4ea4f084d339..cbbed84728818af6f8f6910b6685b401fdbabc58 100644 (file)
--- a/wwwroot/nodes.php
+++ b/wwwroot/nodes.php
@@ -308,7 +308,7 @@ if ($node['template_id']!='2019721'){
  // DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  //creating neural network
  $db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'");
  // DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  //creating neural network
  $db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'");
-if (is_numeric($referer_id)) {
+if (isset($referer_id) && is_numeric($referer_id)) {
         $q="update neurons set synapse=synapse+1 where dst='".$node['node_id']."' and src='$referer_id'";
         $result=$db->update($q);
         if (!$result) {
         $q="update neurons set synapse=synapse+1 where dst='".$node['node_id']."' and src='$referer_id'";
         $result=$db->update($q);
         if (!$result) {
@@ -510,18 +510,21 @@ if (!empty($_POST['template_event'])) {
          $children_count=$node['node_children_count'];
         $descendant_count=$node['node_descendant_count'];
  
          $children_count=$node['node_children_count'];
         $descendant_count=$node['node_descendant_count'];
  
-        if (is_numeric($_POST['listing_amount'])) $listing_amount=$_POST['listing_amount'];
-        elseif (!empty($_SESSION['listing_amount'])) $listing_amount=$_SESSION['listing_amount'];
+        if (isset($_POST['listing_amount']) && is_numeric($_POST['listing_amount'])) { 
+               $listing_amount=mysql_real_escape_string($_POST['listing_amount']);
+       }elseif (!empty($_SESSION['listing_amount'])) $listing_amount=$_SESSION['listing_amount'];
          else $listing_amount=DEFAULT_LISTING_AMOUNT;
         $smarty->assign('listing_amount',$listing_amount);
  
          else $listing_amount=DEFAULT_LISTING_AMOUNT;
         $smarty->assign('listing_amount',$listing_amount);
  
-       if ($_POST['listing_order']) $listing_order=$_POST['listing_order'];
-       elseif (!empty($_SESSION['listing_order'])) $listing_order=$_SESSION['listing_order'];
+       if (isset($_POST['listing_order']) && $_POST['listing_order']) {
+               $listing_order=mysql_real_escape_string($_POST['listing_order']);
+       } elseif (!empty($_SESSION['listing_order'])) $listing_order=$_SESSION['listing_order'];
         else $listing_order=DEFAULT_LISTING_ORDER;
         $smarty->assign('listing_order',$listing_order);
  
         else $listing_order=DEFAULT_LISTING_ORDER;
         $smarty->assign('listing_order',$listing_order);
  
-       if (is_numeric($_POST['get_children_offset'])) $offset=$_POST['get_children_offset'];
-        else $offset=0;
+       if (isset ($_POST['get_children_offset']) && is_numeric($_POST['get_children_offset'])) {
+               $offset=$_POST['get_children_offset'];
+       } else { $offset=0; }
  
  
          //movement forward and backward
  
  
          //movement forward and backward
author	niekt0 <niekt0@kyberia.cz>
	Sat, 13 Nov 2010 09:20:43 +0000 (10:20 +0100)
committer	niekt0 <niekt0@kyberia.cz>
	Sat, 13 Nov 2010 09:20:43 +0000 (10:20 +0100)