removing warnings

author niekt0 <niekt0@kyberia.cz>

Tue, 27 Sep 2011 23:30:56 +0000 (01:30 +0200)

committer niekt0 <niekt0@kyberia.cz>

Tue, 27 Sep 2011 23:30:56 +0000 (01:30 +0200)
author niekt0 <niekt0@kyberia.cz>
Tue, 27 Sep 2011 23:30:56 +0000 (01:30 +0200)
committer niekt0 <niekt0@kyberia.cz>
Tue, 27 Sep 2011 23:30:56 +0000 (01:30 +0200)
diff --git a/wwwroot/inc/senate.inc b/wwwroot/inc/senate.inc

index 2219113690e49dab28a987f0bcbbcb2d04effb51..1acd0f2a7e94a76d25d8f5f42bb45687de334b4c 100644 (file)
--- a/wwwroot/inc/senate.inc
+++ b/wwwroot/inc/senate.inc
@@ -14,6 +14,8 @@ define('DEF_DATA_TEMPLATE',12);
  define('DEF_GALLERY_TEMPLATE',1041658);
  define('DEF_LAST_NODE',23);
  
+define('DEF_MAX_LISTING_AMMOUNT',100);
+
  // 1961061 citizens?
  // 1061495 citizens?
  // 1961070 citizens?
diff --git a/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_parent.php b/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_parent.php

index b392c5155012fa0637da8c127aec10794c08aa83..35c1aa37a56ca7f55d43bdbdb4a9125a894eed0c 100644 (file)
--- a/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_parent.php
+++ b/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_parent.php
@@ -11,26 +11,28 @@ function smarty_function_get_nodes_by_parent($params,&$smarty) {
         }
         $parent_vectot=$parent['node_vector'];
  
-       if ($params['listing_amount']=='all') $listing_amount='100'; // XXX remove constant
+       if ($params['listing_amount']=='all') $listing_amount=DEF_MAX_LISTING_AMMOUNT;
         else $listing_amount=$params['listing_amount'];
         if (empty($params['offset'])) $offset=0;
         else $offset=$params['offset'];
  
-       if ($params['orderby']) {
-                       $orderby=addslashes($params['orderby']);
+       if (isset($params['orderby'])) {
+               $orderby=db_escape_string($params['orderby']);
         }
  
         global $db,$node;
         $node_id=$node['node_id'];
         $user_id=$_SESSION['user_id'];
-if ($params['time']) $sql_time=" nodes.node_created > '".addslashes($params['time'])."' and ";
+       if (isset($params['time'])) {
+               $sql_time=" nodes.node_created > '".db_escape_string($params['time'])."' and ";
+       }
         $q="select parent.node_name as parent_name,users.*,nodes.*,node_access.node_user_subchild_count from nodes left join nodes as parent on parent.node_id=nodes.node_parent left join node_access on node_access.node_id=nodes.node_id and node_access.user_id='$user_id' left  join users on users.user_id=nodes.node_creator where ";
         $q.=" $sql_time nodes.node_parent='$parent' and nodes.node_system_access!='private'";
  
  
-                if ($_POST['template_event']=='filter_by') {
-                if ($_POST['search_type']=='content')
-                                        $sql_type.=" and node_content like '%".addslashes($_POST['node_content'])."%' ";
+                if (isset($_POST['template_event']) && $_POST['template_event']=='filter_by') {
+                if (isset($_POST['search_type']) && $_POST['search_type']=='content')
+                                        $sql_type.=" and node_content like '%".db_escape_string($_POST['node_content'])."%' ";
                 else {
                         $q2="select user_id from users where login='".db_escape_string($_POST['node_content'])."'";
                         $userset=$db->query($q2);
author	niekt0 <niekt0@kyberia.cz>
	Tue, 27 Sep 2011 23:30:56 +0000 (01:30 +0200)
committer	niekt0 <niekt0@kyberia.cz>
	Tue, 27 Sep 2011 23:30:56 +0000 (01:30 +0200)
wwwroot/inc/senate.inc		patch \| blob \| blame \| history
wwwroot/inc/smarty/node_methodz/function.get_nodes_by_parent.php		patch \| blob \| blame \| history