From: niekt0 Date: Tue, 27 Sep 2011 23:30:56 +0000 (+0200) Subject: removing warnings X-Git-Url: https://git.harvie.cz/?a=commitdiff_plain;h=8f52a0530e35e87e5624e1bb84283aa58ea78e2b;p=mirrors%2FKyberia-bloodline.git removing warnings --- diff --git a/wwwroot/inc/senate.inc b/wwwroot/inc/senate.inc index 2219113..1acd0f2 100644 --- a/wwwroot/inc/senate.inc +++ b/wwwroot/inc/senate.inc @@ -14,6 +14,8 @@ define('DEF_DATA_TEMPLATE',12); define('DEF_GALLERY_TEMPLATE',1041658); define('DEF_LAST_NODE',23); +define('DEF_MAX_LISTING_AMMOUNT',100); + // 1961061 citizens? // 1061495 citizens? // 1961070 citizens? diff --git a/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_parent.php b/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_parent.php index b392c51..35c1aa3 100644 --- a/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_parent.php +++ b/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_parent.php @@ -11,26 +11,28 @@ function smarty_function_get_nodes_by_parent($params,&$smarty) { } $parent_vectot=$parent['node_vector']; - if ($params['listing_amount']=='all') $listing_amount='100'; // XXX remove constant + if ($params['listing_amount']=='all') $listing_amount=DEF_MAX_LISTING_AMMOUNT; else $listing_amount=$params['listing_amount']; if (empty($params['offset'])) $offset=0; else $offset=$params['offset']; - if ($params['orderby']) { - $orderby=addslashes($params['orderby']); + if (isset($params['orderby'])) { + $orderby=db_escape_string($params['orderby']); } global $db,$node; $node_id=$node['node_id']; $user_id=$_SESSION['user_id']; -if ($params['time']) $sql_time=" nodes.node_created > '".addslashes($params['time'])."' and "; + if (isset($params['time'])) { + $sql_time=" nodes.node_created > '".db_escape_string($params['time'])."' and "; + } $q="select parent.node_name as parent_name,users.*,nodes.*,node_access.node_user_subchild_count from nodes left join nodes as parent on parent.node_id=nodes.node_parent left join node_access on node_access.node_id=nodes.node_id and node_access.user_id='$user_id' left join users on users.user_id=nodes.node_creator where "; $q.=" $sql_time nodes.node_parent='$parent' and nodes.node_system_access!='private'"; - if ($_POST['template_event']=='filter_by') { - if ($_POST['search_type']=='content') - $sql_type.=" and node_content like '%".addslashes($_POST['node_content'])."%' "; + if (isset($_POST['template_event']) && $_POST['template_event']=='filter_by') { + if (isset($_POST['search_type']) && $_POST['search_type']=='content') + $sql_type.=" and node_content like '%".db_escape_string($_POST['node_content'])."%' "; else { $q2="select user_id from users where login='".db_escape_string($_POST['node_content'])."'"; $userset=$db->query($q2);