From 8f52a0530e35e87e5624e1bb84283aa58ea78e2b Mon Sep 17 00:00:00 2001
From: niekt0 <niekt0@kyberia.cz>
Date: Wed, 28 Sep 2011 01:30:56 +0200
Subject: [PATCH] removing warnings

---
 wwwroot/inc/senate.inc                           |  2 ++
 .../function.get_nodes_by_parent.php             | 16 +++++++++-------
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/wwwroot/inc/senate.inc b/wwwroot/inc/senate.inc
index 2219113..1acd0f2 100644
--- a/wwwroot/inc/senate.inc
+++ b/wwwroot/inc/senate.inc
@@ -14,6 +14,8 @@ define('DEF_DATA_TEMPLATE',12);
 define('DEF_GALLERY_TEMPLATE',1041658);
 define('DEF_LAST_NODE',23);
 
+define('DEF_MAX_LISTING_AMMOUNT',100);
+
 // 1961061 citizens?
 // 1061495 citizens?
 // 1961070 citizens?
diff --git a/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_parent.php b/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_parent.php
index b392c51..35c1aa3 100644
--- a/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_parent.php
+++ b/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_parent.php
@@ -11,26 +11,28 @@ function smarty_function_get_nodes_by_parent($params,&$smarty) {
 	}
 	$parent_vectot=$parent['node_vector'];
 
-	if ($params['listing_amount']=='all') $listing_amount='100'; // XXX remove constant
+	if ($params['listing_amount']=='all') $listing_amount=DEF_MAX_LISTING_AMMOUNT;
 	else $listing_amount=$params['listing_amount'];
 	if (empty($params['offset'])) $offset=0;
 	else $offset=$params['offset'];
 
-	if ($params['orderby']) {
- 			$orderby=addslashes($params['orderby']);
+	if (isset($params['orderby'])) {
+ 		$orderby=db_escape_string($params['orderby']);
 	}
 
 	global $db,$node;
 	$node_id=$node['node_id'];
 	$user_id=$_SESSION['user_id'];
-if ($params['time']) $sql_time=" nodes.node_created > '".addslashes($params['time'])."' and ";
+	if (isset($params['time'])) {
+		$sql_time=" nodes.node_created > '".db_escape_string($params['time'])."' and ";
+	}
 	$q="select parent.node_name as parent_name,users.*,nodes.*,node_access.node_user_subchild_count from nodes left join nodes as parent on parent.node_id=nodes.node_parent left join node_access on node_access.node_id=nodes.node_id and node_access.user_id='$user_id' left  join users on users.user_id=nodes.node_creator where ";
 	$q.=" $sql_time nodes.node_parent='$parent' and nodes.node_system_access!='private'";
 
 
-                if ($_POST['template_event']=='filter_by') {
-                if ($_POST['search_type']=='content')
-       			         $sql_type.=" and node_content like '%".addslashes($_POST['node_content'])."%' ";
+                if (isset($_POST['template_event']) && $_POST['template_event']=='filter_by') {
+                if (isset($_POST['search_type']) && $_POST['search_type']=='content')
+       			         $sql_type.=" and node_content like '%".db_escape_string($_POST['node_content'])."%' ";
 		else {
 	                $q2="select user_id from users where login='".db_escape_string($_POST['node_content'])."'";
 	                $userset=$db->query($q2);
-- 
2.30.2