From ad7b5117657235e1fcb080389ab52a1b126736d0 Mon Sep 17 00:00:00 2001
From: niekt0 <niekt0@kyberia.cz>
Date: Mon, 20 Jun 2011 15:29:19 +0200
Subject: [PATCH] getUserSubmission_children fix

---
 wwwroot/backend/mysql/backend.inc | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/wwwroot/backend/mysql/backend.inc b/wwwroot/backend/mysql/backend.inc
index c85a43f..8b21936 100644
--- a/wwwroot/backend/mysql/backend.inc
+++ b/wwwroot/backend/mysql/backend.inc
@@ -276,9 +276,27 @@ node_parent='$node_handle' order by node_created $orderby LIMIT $offset,$limit";
 public static function GetUserSubmissionsChildren($user_id,$limit=23,$offset=0,$orderby='') {
   global $db;
 
-	  $q="select users.*,nodes.* from nodes
-left join users on users.user_id=nodes.node_creator where
-node_creator='$user_id' order by node_created $orderby LIMIT $offset,$limit";
+	if (!is_numeric($user_id)) {
+		return -1;
+	}
+	if (!is_numeric($limit)) {
+		return -1;
+	}
+	if (!is_numeric($offset)) {
+		return -1;
+	}
+
+	// XXX orderby mysql escape
+
+	$q = "select n1.* from nodes as n1 join 
+		(select node_id,node_creator from nodes where node_creator='$user_id')
+		as j2 on n1.node_parent=j2.node_id 
+		join users as j3 on j3.user_id=n1.node_creator order by node_created 
+		$orderby LIMIT $offset,$limit";
+
+//	  $q="select users.*,nodes.* from nodes
+// left join users on users.user_id=nodes.node_creator where
+// node_creator='$user_id' order by node_created $orderby LIMIT $offset,$limit";
 	//$q="select * from nodes LIMIT 10,10";
   #echo $q;
   $result=$db->query($q);
-- 
2.30.2