Merge branch 'mime_types'
This commit is contained in:
green-ponies (jgen)
commit
3b6e113e8b
@ -103,7 +103,7 @@ abstract class BaseConfig implements Config {
|
|||||||
return $this->get($name, $default);
|
return $this->get($name, $default);
|
||||||
}
|
}
|
||||||
public function get_bool(/*string*/ $name, $default=null) {
|
public function get_bool(/*string*/ $name, $default=null) {
|
||||||
return undb_bool($this->get($name, $default));
|
return bool_escape($this->get($name, $default));
|
||||||
}
|
}
|
||||||
public function get_array(/*string*/ $name, $default=array()) {
|
public function get_array(/*string*/ $name, $default=array()) {
|
||||||
return explode(",", $this->get($name, ""));
|
return explode(",", $this->get($name, ""));
|
||||||
|
|||||||
@ -95,10 +95,10 @@ class PageRequestEvent extends Event {
|
|||||||
public function get_page_number() {
|
public function get_page_number() {
|
||||||
$page_number = 1;
|
$page_number = 1;
|
||||||
if($this->count_args() === 1) {
|
if($this->count_args() === 1) {
|
||||||
$page_number = int_escape($this->get_arg(0));
|
$page_number = (int)($this->get_arg(0));
|
||||||
}
|
}
|
||||||
else if($this->count_args() === 2) {
|
else if($this->count_args() === 2) {
|
||||||
$page_number = int_escape($this->get_arg(1));
|
$page_number = (int)($this->get_arg(1));
|
||||||
}
|
}
|
||||||
if($page_number === 0) $page_number = 1; // invalid -> 0
|
if($page_number === 0) $page_number = 1; // invalid -> 0
|
||||||
return $page_number;
|
return $page_number;
|
||||||
|
|||||||
@ -149,7 +149,7 @@ abstract class DataHandlerExtension extends Extension {
|
|||||||
/* hax: This seems like such a dirty way to do this.. */
|
/* hax: This seems like such a dirty way to do this.. */
|
||||||
|
|
||||||
/* Validate things */
|
/* Validate things */
|
||||||
$image_id = int_escape($event->metadata['replace']);
|
$image_id = (int)($event->metadata['replace']);
|
||||||
|
|
||||||
/* Check to make sure the image exists. */
|
/* Check to make sure the image exists. */
|
||||||
$existing = Image::by_id($image_id);
|
$existing = Image::by_id($image_id);
|
||||||
|
|||||||
@ -56,7 +56,7 @@ class Image {
|
|||||||
$this->$name = $value; // hax
|
$this->$name = $value; // hax
|
||||||
}
|
}
|
||||||
$this->posted_timestamp = strtotime($this->posted); // pray
|
$this->posted_timestamp = strtotime($this->posted); // pray
|
||||||
$this->locked = undb_bool($this->locked);
|
$this->locked = bool_escape($this->locked);
|
||||||
|
|
||||||
assert(is_numeric($this->id));
|
assert(is_numeric($this->id));
|
||||||
assert(is_numeric($this->height));
|
assert(is_numeric($this->height));
|
||||||
@ -385,16 +385,66 @@ class Image {
|
|||||||
/**
|
/**
|
||||||
* Get the image's mime type
|
* Get the image's mime type
|
||||||
*
|
*
|
||||||
* FIXME: now we handle more than just images
|
|
||||||
*
|
|
||||||
* @retval string
|
* @retval string
|
||||||
*/
|
*/
|
||||||
public function get_mime_type() {
|
public function get_mime_type() {
|
||||||
$type = strtolower($this->ext);
|
return __getMimeType( get_image_filename() );
|
||||||
if($type === "jpg") $type = "jpeg";
|
|
||||||
return 'image/'.$type;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get MIME type for file
|
||||||
|
*
|
||||||
|
* The contents of this function are taken from the __getMimeType() function
|
||||||
|
* from the "Amazon S3 PHP class" which is Copyright (c) 2008, Donovan Schönknecht
|
||||||
|
* and released under the 'Simplified BSD License'.
|
||||||
|
*
|
||||||
|
* @internal Used to get mime types
|
||||||
|
* @param string &$file File path
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public static function __getMimeType(&$file)
|
||||||
|
{
|
||||||
|
$type = false;
|
||||||
|
// Fileinfo documentation says fileinfo_open() will use the
|
||||||
|
// MAGIC env var for the magic file
|
||||||
|
if (extension_loaded('fileinfo') && isset($_ENV['MAGIC']) &&
|
||||||
|
($finfo = finfo_open(FILEINFO_MIME, $_ENV['MAGIC'])) !== false)
|
||||||
|
{
|
||||||
|
if (($type = finfo_file($finfo, $file)) !== false)
|
||||||
|
{
|
||||||
|
// Remove the charset and grab the last content-type
|
||||||
|
$type = explode(' ', str_replace('; charset=', ';charset=', $type));
|
||||||
|
$type = array_pop($type);
|
||||||
|
$type = explode(';', $type);
|
||||||
|
$type = trim(array_shift($type));
|
||||||
|
}
|
||||||
|
finfo_close($finfo);
|
||||||
|
|
||||||
|
// If anyone is still using mime_content_type()
|
||||||
|
} elseif (function_exists('mime_content_type'))
|
||||||
|
$type = trim(mime_content_type($file));
|
||||||
|
|
||||||
|
if ($type !== false && strlen($type) > 0) return $type;
|
||||||
|
|
||||||
|
// Otherwise do it the old fashioned way
|
||||||
|
static $exts = array(
|
||||||
|
'jpg' => 'image/jpeg', 'gif' => 'image/gif', 'png' => 'image/png',
|
||||||
|
'tif' => 'image/tiff', 'tiff' => 'image/tiff', 'ico' => 'image/x-icon',
|
||||||
|
'swf' => 'application/x-shockwave-flash', 'pdf' => 'application/pdf',
|
||||||
|
'zip' => 'application/zip', 'gz' => 'application/x-gzip',
|
||||||
|
'tar' => 'application/x-tar', 'bz' => 'application/x-bzip',
|
||||||
|
'bz2' => 'application/x-bzip2', 'txt' => 'text/plain',
|
||||||
|
'asc' => 'text/plain', 'htm' => 'text/html', 'html' => 'text/html',
|
||||||
|
'css' => 'text/css', 'js' => 'text/javascript',
|
||||||
|
'xml' => 'text/xml', 'xsl' => 'application/xsl+xml',
|
||||||
|
'ogg' => 'application/ogg', 'mp3' => 'audio/mpeg', 'wav' => 'audio/x-wav',
|
||||||
|
'avi' => 'video/x-msvideo', 'mpg' => 'video/mpeg', 'mpeg' => 'video/mpeg',
|
||||||
|
'mov' => 'video/quicktime', 'flv' => 'video/x-flv', 'php' => 'text/x-php'
|
||||||
|
);
|
||||||
|
$ext = strtolower(pathInfo($file, PATHINFO_EXTENSION));
|
||||||
|
return isset($exts[$ext]) ? $exts[$ext] : 'application/octet-stream';
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the image's filename extension
|
* Get the image's filename extension
|
||||||
*
|
*
|
||||||
@ -439,7 +489,7 @@ class Image {
|
|||||||
$sln = $database->engine->scoreql_to_sql('SCORE_BOOL_'.$ln);
|
$sln = $database->engine->scoreql_to_sql('SCORE_BOOL_'.$ln);
|
||||||
$sln = str_replace("'", "", $sln);
|
$sln = str_replace("'", "", $sln);
|
||||||
$sln = str_replace('"', "", $sln);
|
$sln = str_replace('"', "", $sln);
|
||||||
if(undb_bool($sln) !== $this->locked) {
|
if(bool_escape($sln) !== $this->locked) {
|
||||||
$database->execute("UPDATE images SET locked=:yn WHERE id=:id", array("yn"=>$sln, "id"=>$this->id));
|
$database->execute("UPDATE images SET locked=:yn WHERE id=:id", array("yn"=>$sln, "id"=>$this->id));
|
||||||
log_info("core-image", "Setting Image #{$this->id} lock to: $ln");
|
log_info("core-image", "Setting Image #{$this->id} lock to: $ln");
|
||||||
}
|
}
|
||||||
|
|||||||
@ -33,7 +33,7 @@ class User {
|
|||||||
public function User($row) {
|
public function User($row) {
|
||||||
global $_user_classes;
|
global $_user_classes;
|
||||||
|
|
||||||
$this->id = int_escape($row['id']);
|
$this->id = (int)($row['id']);
|
||||||
$this->name = $row['name'];
|
$this->name = $row['name'];
|
||||||
$this->email = $row['email'];
|
$this->email = $row['email'];
|
||||||
$this->join_date = $row['joindate'];
|
$this->join_date = $row['joindate'];
|
||||||
|
|||||||
@ -34,14 +34,18 @@ function int_escape($input) {
|
|||||||
* @retval string
|
* @retval string
|
||||||
*/
|
*/
|
||||||
function url_escape($input) {
|
function url_escape($input) {
|
||||||
if(is_null($input)) {
|
/* The function idn_to_ascii is used to support Unicode domains / URLs as well.
|
||||||
|
See here for more: http://php.net/manual/en/function.filter-var.php */
|
||||||
|
return filter_var(idn_to_ascii($input), FILTER_SANITIZE_URL);
|
||||||
|
|
||||||
|
/*if(is_null($input)) {
|
||||||
return "";
|
return "";
|
||||||
}
|
}
|
||||||
$input = str_replace('^', '^^', $input);
|
$input = str_replace('^', '^^', $input);
|
||||||
$input = str_replace('/', '^s', $input);
|
$input = str_replace('/', '^s', $input);
|
||||||
$input = str_replace('\\', '^b', $input);
|
$input = str_replace('\\', '^b', $input);
|
||||||
$input = rawurlencode($input);
|
$input = rawurlencode($input);
|
||||||
return $input;
|
return $input;*/
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -61,16 +65,31 @@ function sql_escape($input) {
|
|||||||
* @retval boolean
|
* @retval boolean
|
||||||
*/
|
*/
|
||||||
function bool_escape($input) {
|
function bool_escape($input) {
|
||||||
$input = strtolower($input);
|
/*
|
||||||
return (
|
Sometimes, I don't like PHP -- this, is one of those times...
|
||||||
$input === "y" ||
|
"a boolean FALSE is not considered a valid boolean value by this function."
|
||||||
$input === "yes" ||
|
Yay for Got'chas!
|
||||||
$input === "t" ||
|
http://php.net/manual/en/filter.filters.validate.php
|
||||||
$input === "true" ||
|
*/
|
||||||
$input === "on" ||
|
if (is_bool($value)) {
|
||||||
$input === 1 ||
|
return $value;
|
||||||
$input === true
|
} else {
|
||||||
);
|
$value = filter_var($input, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
|
||||||
|
if (!is_null($value)) {
|
||||||
|
return $value;
|
||||||
|
} else {
|
||||||
|
$input = strtolower($input);
|
||||||
|
return (
|
||||||
|
$input === "y" ||
|
||||||
|
$input === "yes" ||
|
||||||
|
$input === "t" ||
|
||||||
|
$input === "true" ||
|
||||||
|
$input === "on" ||
|
||||||
|
$input === 1 ||
|
||||||
|
$input === true
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -205,15 +224,6 @@ function show_ip($ip, $ban_reason) {
|
|||||||
return $ip;
|
return $ip;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Different databases have different ways to represent booleans; this
|
|
||||||
* will try and standardise them
|
|
||||||
*/
|
|
||||||
function undb_bool($val) {
|
|
||||||
if($val === true || $val == 'Y' || $val == 'y' || $val == 'T' || $val == 't' || $val === 1) return true;
|
|
||||||
if($val === false || $val == 'N' || $val == 'n' || $val == 'F' || $val == 'f' || $val === 0) return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Checks if a given string contains another at the beginning.
|
* Checks if a given string contains another at the beginning.
|
||||||
*
|
*
|
||||||
|
|||||||
@ -249,7 +249,7 @@ class Artists extends Extension {
|
|||||||
}
|
}
|
||||||
case "edited":
|
case "edited":
|
||||||
{
|
{
|
||||||
$artistID = int_escape($_POST['id']);
|
$artistID = (int)($_POST['id']);
|
||||||
$this->update_artist();
|
$this->update_artist();
|
||||||
$page->set_mode("redirect");
|
$page->set_mode("redirect");
|
||||||
$page->set_redirect(make_link("artist/view/".$artistID));
|
$page->set_redirect(make_link("artist/view/".$artistID));
|
||||||
@ -312,7 +312,7 @@ class Artists extends Extension {
|
|||||||
}
|
}
|
||||||
case "edit":
|
case "edit":
|
||||||
{
|
{
|
||||||
$aliasID = int_escape($event->get_arg(2));
|
$aliasID = (int)($event->get_arg(2));
|
||||||
$alias = $this->get_alias_by_id($aliasID);
|
$alias = $this->get_alias_by_id($aliasID);
|
||||||
$this->theme->show_alias_editor($alias);
|
$this->theme->show_alias_editor($alias);
|
||||||
break;
|
break;
|
||||||
@ -320,7 +320,7 @@ class Artists extends Extension {
|
|||||||
case "edited":
|
case "edited":
|
||||||
{
|
{
|
||||||
$this->update_alias();
|
$this->update_alias();
|
||||||
$aliasID = int_escape($_POST['aliasID']);
|
$aliasID = (int)($_POST['aliasID']);
|
||||||
$artistID = $this->get_artistID_by_aliasID($aliasID);
|
$artistID = $this->get_artistID_by_aliasID($aliasID);
|
||||||
$page->set_mode("redirect");
|
$page->set_mode("redirect");
|
||||||
$page->set_redirect(make_link("artist/view/".$artistID));
|
$page->set_redirect(make_link("artist/view/".$artistID));
|
||||||
@ -354,7 +354,7 @@ class Artists extends Extension {
|
|||||||
}
|
}
|
||||||
case "edit":
|
case "edit":
|
||||||
{
|
{
|
||||||
$urlID = int_escape($event->get_arg(2));
|
$urlID = (int)($event->get_arg(2));
|
||||||
$url = $this->get_url_by_id($urlID);
|
$url = $this->get_url_by_id($urlID);
|
||||||
$this->theme->show_url_editor($url);
|
$this->theme->show_url_editor($url);
|
||||||
break;
|
break;
|
||||||
@ -362,7 +362,7 @@ class Artists extends Extension {
|
|||||||
case "edited":
|
case "edited":
|
||||||
{
|
{
|
||||||
$this->update_url();
|
$this->update_url();
|
||||||
$urlID = int_escape($_POST['urlID']);
|
$urlID = (int)($_POST['urlID']);
|
||||||
$artistID = $this->get_artistID_by_urlID($urlID);
|
$artistID = $this->get_artistID_by_urlID($urlID);
|
||||||
$page->set_mode("redirect");
|
$page->set_mode("redirect");
|
||||||
$page->set_redirect(make_link("artist/view/".$artistID));
|
$page->set_redirect(make_link("artist/view/".$artistID));
|
||||||
@ -386,7 +386,7 @@ class Artists extends Extension {
|
|||||||
}
|
}
|
||||||
case "delete":
|
case "delete":
|
||||||
{
|
{
|
||||||
$memberID = int_escape($event->get_arg(2));
|
$memberID = (int)($event->get_arg(2));
|
||||||
$artistID = $this->get_artistID_by_memberID($memberID);
|
$artistID = $this->get_artistID_by_memberID($memberID);
|
||||||
$this->delete_member($memberID);
|
$this->delete_member($memberID);
|
||||||
$page->set_mode("redirect");
|
$page->set_mode("redirect");
|
||||||
@ -395,7 +395,7 @@ class Artists extends Extension {
|
|||||||
}
|
}
|
||||||
case "edit":
|
case "edit":
|
||||||
{
|
{
|
||||||
$memberID = int_escape($event->get_arg(2));
|
$memberID = (int)($event->get_arg(2));
|
||||||
$member = $this->get_member_by_id($memberID);
|
$member = $this->get_member_by_id($memberID);
|
||||||
$this->theme->show_member_editor($member);
|
$this->theme->show_member_editor($member);
|
||||||
break;
|
break;
|
||||||
@ -403,7 +403,7 @@ class Artists extends Extension {
|
|||||||
case "edited":
|
case "edited":
|
||||||
{
|
{
|
||||||
$this->update_member();
|
$this->update_member();
|
||||||
$memberID = int_escape($_POST['memberID']);
|
$memberID = (int)($_POST['memberID']);
|
||||||
$artistID = $this->get_artistID_by_memberID($memberID);
|
$artistID = $this->get_artistID_by_memberID($memberID);
|
||||||
$page->set_mode("redirect");
|
$page->set_mode("redirect");
|
||||||
$page->set_redirect(make_link("artist/view/".$artistID));
|
$page->set_redirect(make_link("artist/view/".$artistID));
|
||||||
|
|||||||
@ -97,7 +97,7 @@ class Blotter extends Extension {
|
|||||||
if(!$user->is_admin() || !$user->check_auth_token()) {
|
if(!$user->is_admin() || !$user->check_auth_token()) {
|
||||||
$this->theme->display_permission_denied();
|
$this->theme->display_permission_denied();
|
||||||
} else {
|
} else {
|
||||||
$id = int_escape($_POST['id']);
|
$id = (int)($_POST['id']);
|
||||||
if(!isset($id)) { die("No ID!"); }
|
if(!isset($id)) { die("No ID!"); }
|
||||||
$database->Execute("DELETE FROM blotter WHERE id=:id", array("id"=>$id));
|
$database->Execute("DELETE FROM blotter WHERE id=:id", array("id"=>$id));
|
||||||
log_info("blotter", "Removed Entry #$id");
|
log_info("blotter", "Removed Entry #$id");
|
||||||
|
|||||||
@ -124,7 +124,7 @@ class CommentList extends Extension {
|
|||||||
if($event->get_arg(0) === "add") {
|
if($event->get_arg(0) === "add") {
|
||||||
if(isset($_POST['image_id']) && isset($_POST['comment'])) {
|
if(isset($_POST['image_id']) && isset($_POST['comment'])) {
|
||||||
try {
|
try {
|
||||||
$i_iid = int_escape($_POST['image_id']);
|
$i_iid = (int)($_POST['image_id']);
|
||||||
$cpe = new CommentPostingEvent($_POST['image_id'], $user, $_POST['comment']);
|
$cpe = new CommentPostingEvent($_POST['image_id'], $user, $_POST['comment']);
|
||||||
send_event($cpe);
|
send_event($cpe);
|
||||||
$page->set_mode("redirect");
|
$page->set_mode("redirect");
|
||||||
@ -154,7 +154,7 @@ class CommentList extends Extension {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if($event->get_arg(0) === "list") {
|
else if($event->get_arg(0) === "list") {
|
||||||
$page_num = int_escape($event->get_arg(1));
|
$page_num = (int)($event->get_arg(1));
|
||||||
$this->build_page($page_num);
|
$this->build_page($page_num);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -242,7 +242,7 @@ class CommentList extends Extension {
|
|||||||
$event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM comments WHERE owner_id = $user_id)"));
|
$event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM comments WHERE owner_id = $user_id)"));
|
||||||
}
|
}
|
||||||
else if(preg_match("/commented_by_userid=([0-9]+)/i", $event->term, $matches)) {
|
else if(preg_match("/commented_by_userid=([0-9]+)/i", $event->term, $matches)) {
|
||||||
$user_id = int_escape($matches[1]);
|
$user_id = (int)($matches[1]);
|
||||||
$event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM comments WHERE owner_id = $user_id)"));
|
$event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM comments WHERE owner_id = $user_id)"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -340,7 +340,7 @@ class CommentList extends Extension {
|
|||||||
private function get_comments(/*int*/ $image_id) {
|
private function get_comments(/*int*/ $image_id) {
|
||||||
global $config;
|
global $config;
|
||||||
global $database;
|
global $database;
|
||||||
$i_image_id = int_escape($image_id);
|
$i_image_id = (int)($image_id);
|
||||||
$rows = $database->get_all("
|
$rows = $database->get_all("
|
||||||
SELECT
|
SELECT
|
||||||
users.id as user_id, users.name as user_name, users.email as user_email,
|
users.id as user_id, users.name as user_name, users.email as user_email,
|
||||||
@ -368,8 +368,8 @@ class CommentList extends Extension {
|
|||||||
// sqlite fails at intervals
|
// sqlite fails at intervals
|
||||||
if($database->engine->name === "sqlite") return false;
|
if($database->engine->name === "sqlite") return false;
|
||||||
|
|
||||||
$window = int_escape($config->get_int('comment_window'));
|
$window = (int)($config->get_int('comment_window'));
|
||||||
$max = int_escape($config->get_int('comment_limit'));
|
$max = (int)($config->get_int('comment_limit'));
|
||||||
|
|
||||||
if($database->engine->name == "mysql") $window_sql = "interval $window minute";
|
if($database->engine->name == "mysql") $window_sql = "interval $window minute";
|
||||||
else $window_sql = "interval '$window minute'";
|
else $window_sql = "interval '$window minute'";
|
||||||
|
|||||||
@ -157,13 +157,13 @@ class CommentListTheme extends Themelet {
|
|||||||
$tfe = new TextFormattingEvent($comment->comment);
|
$tfe = new TextFormattingEvent($comment->comment);
|
||||||
send_event($tfe);
|
send_event($tfe);
|
||||||
|
|
||||||
$i_uid = int_escape($comment->owner_id);
|
$i_uid = (int)($comment->owner_id);
|
||||||
$h_name = html_escape($comment->owner_name);
|
$h_name = html_escape($comment->owner_name);
|
||||||
$h_poster_ip = html_escape($comment->poster_ip);
|
$h_poster_ip = html_escape($comment->poster_ip);
|
||||||
$h_timestamp = autodate($comment->posted);
|
$h_timestamp = autodate($comment->posted);
|
||||||
$h_comment = ($trim ? truncate($tfe->stripped, 50) : $tfe->formatted);
|
$h_comment = ($trim ? truncate($tfe->stripped, 50) : $tfe->formatted);
|
||||||
$i_comment_id = int_escape($comment->comment_id);
|
$i_comment_id = (int)($comment->comment_id);
|
||||||
$i_image_id = int_escape($comment->image_id);
|
$i_image_id = (int)($comment->image_id);
|
||||||
|
|
||||||
if($i_uid == $config->get_int("anon_id")) {
|
if($i_uid == $config->get_int("anon_id")) {
|
||||||
$anoncode = "";
|
$anoncode = "";
|
||||||
@ -224,7 +224,7 @@ class CommentListTheme extends Themelet {
|
|||||||
protected function build_postbox(/*int*/ $image_id) {
|
protected function build_postbox(/*int*/ $image_id) {
|
||||||
global $config;
|
global $config;
|
||||||
|
|
||||||
$i_image_id = int_escape($image_id);
|
$i_image_id = (int)($image_id);
|
||||||
$hash = CommentList::get_hash();
|
$hash = CommentList::get_hash();
|
||||||
$h_captcha = $config->get_bool("comment_captcha") ? captcha_get_html() : "";
|
$h_captcha = $config->get_bool("comment_captcha") ? captcha_get_html() : "";
|
||||||
|
|
||||||
|
|||||||
@ -287,8 +287,8 @@ class DanbooruApi extends Extension {
|
|||||||
}
|
}
|
||||||
} else
|
} else
|
||||||
{
|
{
|
||||||
$limit = isset($_GET['limit']) ? int_escape($_GET['limit']) : 100;
|
$limit = isset($_GET['limit']) ? (int)($_GET['limit']) : 100;
|
||||||
$start = isset($_GET['offset']) ? int_escape($_GET['offset']) : 0;
|
$start = isset($_GET['offset']) ? (int)($_GET['offset']) : 0;
|
||||||
$tags = isset($_GET['tags']) ? Tag::explode($_GET['tags']) : array();
|
$tags = isset($_GET['tags']) ? Tag::explode($_GET['tags']) : array();
|
||||||
$results = Image::find_images($start, $limit, $tags);
|
$results = Image::find_images($start, $limit, $tags);
|
||||||
}
|
}
|
||||||
@ -346,14 +346,14 @@ class DanbooruApi extends Extension {
|
|||||||
/* Currently disabled to maintain identical functionality to danbooru 1.0's own "broken" find_tags
|
/* Currently disabled to maintain identical functionality to danbooru 1.0's own "broken" find_tags
|
||||||
elseif(isset($_GET['tags']))
|
elseif(isset($_GET['tags']))
|
||||||
{
|
{
|
||||||
$start = isset($_GET['after_id']) ? int_escape($_GET['offset']) : 0;
|
$start = isset($_GET['after_id']) ? (int)($_GET['offset']) : 0;
|
||||||
$tags = Tag::explode($_GET['tags']);
|
$tags = Tag::explode($_GET['tags']);
|
||||||
|
|
||||||
}
|
}
|
||||||
*/
|
*/
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$start = isset($_GET['after_id']) ? int_escape($_GET['offset']) : 0;
|
$start = isset($_GET['after_id']) ? (int)($_GET['offset']) : 0;
|
||||||
$sqlresult = $database->execute("SELECT id,tag,count FROM tags WHERE count > 0 AND id >= ? ORDER BY id DESC",array($start));
|
$sqlresult = $database->execute("SELECT id,tag,count FROM tags WHERE count > 0 AND id >= ? ORDER BY id DESC",array($start));
|
||||||
while(!$sqlresult->EOF)
|
while(!$sqlresult->EOF)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -58,7 +58,7 @@ class Favorites extends Extension {
|
|||||||
public function onPageRequest(PageRequestEvent $event) {
|
public function onPageRequest(PageRequestEvent $event) {
|
||||||
global $page, $user;
|
global $page, $user;
|
||||||
if($event->page_matches("change_favorite") && !$user->is_anonymous() && $user->check_auth_token()) {
|
if($event->page_matches("change_favorite") && !$user->is_anonymous() && $user->check_auth_token()) {
|
||||||
$image_id = int_escape($_POST['image_id']);
|
$image_id = (int)($_POST['image_id']);
|
||||||
if((($_POST['favorite_action'] == "set") || ($_POST['favorite_action'] == "unset")) && ($image_id > 0)) {
|
if((($_POST['favorite_action'] == "set") || ($_POST['favorite_action'] == "unset")) && ($image_id > 0)) {
|
||||||
send_event(new FavoriteSetEvent($image_id, $user, ($_POST['favorite_action'] == "set")));
|
send_event(new FavoriteSetEvent($image_id, $user, ($_POST['favorite_action'] == "set")));
|
||||||
}
|
}
|
||||||
@ -128,7 +128,7 @@ class Favorites extends Extension {
|
|||||||
$event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM user_favorites WHERE user_id = $user_id)"));
|
$event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM user_favorites WHERE user_id = $user_id)"));
|
||||||
}
|
}
|
||||||
else if(preg_match("/favorited_by_userno=([0-9]+)/i", $event->term, $matches)) {
|
else if(preg_match("/favorited_by_userno=([0-9]+)/i", $event->term, $matches)) {
|
||||||
$user_id = int_escape($matches[1]);
|
$user_id = (int)($matches[1]);
|
||||||
$event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM user_favorites WHERE user_id = $user_id)"));
|
$event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM user_favorites WHERE user_id = $user_id)"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -4,7 +4,7 @@ class FavoritesTheme extends Themelet {
|
|||||||
public function get_voter_html(Image $image, $is_favorited) {
|
public function get_voter_html(Image $image, $is_favorited) {
|
||||||
global $page, $user;
|
global $page, $user;
|
||||||
|
|
||||||
$i_image_id = int_escape($image->id);
|
$i_image_id = (int)($image->id);
|
||||||
$name = $is_favorited ? "unset" : "set";
|
$name = $is_favorited ? "unset" : "set";
|
||||||
$label = $is_favorited ? "Un-Favorite" : "Favorite";
|
$label = $is_favorited ? "Un-Favorite" : "Favorite";
|
||||||
$html = "
|
$html = "
|
||||||
|
|||||||
@ -30,7 +30,7 @@ class Featured extends Extension {
|
|||||||
if($event->page_matches("featured_image")) {
|
if($event->page_matches("featured_image")) {
|
||||||
if($event->get_arg(0) == "set" && $user->check_auth_token()) {
|
if($event->get_arg(0) == "set" && $user->check_auth_token()) {
|
||||||
if($user->can("edit_feature") && isset($_POST['image_id'])) {
|
if($user->can("edit_feature") && isset($_POST['image_id'])) {
|
||||||
$id = int_escape($_POST['image_id']);
|
$id = (int)($_POST['image_id']);
|
||||||
if($id > 0) {
|
if($id > 0) {
|
||||||
$config->set_int("featured_id", $id);
|
$config->set_int("featured_id", $id);
|
||||||
$page->set_mode("redirect");
|
$page->set_mode("redirect");
|
||||||
@ -42,7 +42,7 @@ class Featured extends Extension {
|
|||||||
$image = Image::by_id($config->get_int("featured_id"));
|
$image = Image::by_id($config->get_int("featured_id"));
|
||||||
if(!is_null($image)) {
|
if(!is_null($image)) {
|
||||||
$page->set_mode("data");
|
$page->set_mode("data");
|
||||||
$page->set_type("image/jpeg");
|
$page->set_type($image->get_mime_type());
|
||||||
$page->set_data(file_get_contents($image->get_image_filename()));
|
$page->set_data(file_get_contents($image->get_image_filename()));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -21,7 +21,7 @@ class FeaturedTheme extends Themelet {
|
|||||||
|
|
||||||
public function build_featured_html(Image $image, $query=null) {
|
public function build_featured_html(Image $image, $query=null) {
|
||||||
global $config;
|
global $config;
|
||||||
$i_id = int_escape($image->id);
|
$i_id = (int)($image->id);
|
||||||
$h_view_link = make_link("post/view/$i_id", $query);
|
$h_view_link = make_link("post/view/$i_id", $query);
|
||||||
$h_thumb_link = $image->get_thumb_link();
|
$h_thumb_link = $image->get_thumb_link();
|
||||||
$h_tip = html_escape($image->get_tooltip());
|
$h_tip = html_escape($image->get_tooltip());
|
||||||
|
|||||||
@ -92,8 +92,8 @@ class Forum extends Extension {
|
|||||||
}
|
}
|
||||||
case "view":
|
case "view":
|
||||||
{
|
{
|
||||||
$threadID = int_escape($event->get_arg(1));
|
$threadID = (int)($event->get_arg(1));
|
||||||
$pageNumber = int_escape($event->get_arg(2));
|
$pageNumber = (int)($event->get_arg(2));
|
||||||
|
|
||||||
$this->show_posts($event, $user->is_admin());
|
$this->show_posts($event, $user->is_admin());
|
||||||
if($user->is_admin()) $this->theme->add_actions_block($page, $threadID);
|
if($user->is_admin()) $this->theme->add_actions_block($page, $threadID);
|
||||||
@ -131,8 +131,8 @@ class Forum extends Extension {
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case "delete":
|
case "delete":
|
||||||
$threadID = int_escape($event->get_arg(1));
|
$threadID = (int)($event->get_arg(1));
|
||||||
$postID = int_escape($event->get_arg(2));
|
$postID = (int)($event->get_arg(2));
|
||||||
|
|
||||||
if ($user->is_admin()) {$this->delete_post($postID);}
|
if ($user->is_admin()) {$this->delete_post($postID);}
|
||||||
|
|
||||||
@ -140,7 +140,7 @@ class Forum extends Extension {
|
|||||||
$page->set_redirect(make_link("forum/view/".$threadID));
|
$page->set_redirect(make_link("forum/view/".$threadID));
|
||||||
break;
|
break;
|
||||||
case "nuke":
|
case "nuke":
|
||||||
$threadID = int_escape($event->get_arg(1));
|
$threadID = (int)($event->get_arg(1));
|
||||||
|
|
||||||
if ($user->is_admin())
|
if ($user->is_admin())
|
||||||
$this->delete_thread($threadID);
|
$this->delete_thread($threadID);
|
||||||
@ -160,7 +160,7 @@ class Forum extends Extension {
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
$threadID = int_escape($_POST["threadID"]);
|
$threadID = (int)($_POST["threadID"]);
|
||||||
|
|
||||||
$this->save_new_post($threadID, $user);
|
$this->save_new_post($threadID, $user);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -38,7 +38,7 @@ class IcoFileHandler extends Extension {
|
|||||||
public function onPageRequest(PageRequestEvent $event) {
|
public function onPageRequest(PageRequestEvent $event) {
|
||||||
global $config, $database, $page;
|
global $config, $database, $page;
|
||||||
if($event->page_matches("get_ico")) {
|
if($event->page_matches("get_ico")) {
|
||||||
$id = int_escape($event->get_arg(0));
|
$id = (int)($event->get_arg(0));
|
||||||
$image = Image::by_id($id);
|
$image = Image::by_id($id);
|
||||||
$hash = $image->hash;
|
$hash = $image->hash;
|
||||||
$ha = substr($hash, 0, 2);
|
$ha = substr($hash, 0, 2);
|
||||||
|
|||||||
@ -43,7 +43,7 @@ class SVGFileHandler extends Extension {
|
|||||||
public function onPageRequest(PageRequestEvent $event) {
|
public function onPageRequest(PageRequestEvent $event) {
|
||||||
global $config, $database, $page;
|
global $config, $database, $page;
|
||||||
if($event->page_matches("get_svg")) {
|
if($event->page_matches("get_svg")) {
|
||||||
$id = int_escape($event->get_arg(0));
|
$id = (int)($event->get_arg(0));
|
||||||
$image = Image::by_id($id);
|
$image = Image::by_id($id);
|
||||||
$hash = $image->hash;
|
$hash = $image->hash;
|
||||||
|
|
||||||
@ -97,8 +97,8 @@ class MiniSVGParser {
|
|||||||
|
|
||||||
function startElement($parser, $name, $attrs) {
|
function startElement($parser, $name, $attrs) {
|
||||||
if($name == "SVG") {
|
if($name == "SVG") {
|
||||||
$this->width = int_escape($attrs["WIDTH"]);
|
$this->width = (int)($attrs["WIDTH"]);
|
||||||
$this->height = int_escape($attrs["HEIGHT"]);
|
$this->height = (int)($attrs["HEIGHT"]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -180,11 +180,11 @@ class ImageIO extends Extension {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if($event->page_matches("image")) {
|
else if($event->page_matches("image")) {
|
||||||
$num = int_escape($event->get_arg(0));
|
$num = (int)($event->get_arg(0));
|
||||||
$this->send_file($num, "image");
|
$this->send_file($num, "image");
|
||||||
}
|
}
|
||||||
else if($event->page_matches("thumb")) {
|
else if($event->page_matches("thumb")) {
|
||||||
$num = int_escape($event->get_arg(0));
|
$num = (int)($event->get_arg(0));
|
||||||
$this->send_file($num, "thumb");
|
$this->send_file($num, "thumb");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -58,7 +58,7 @@ class ImageBan extends Extension {
|
|||||||
if($event->page_matches("image_hash_ban")) {
|
if($event->page_matches("image_hash_ban")) {
|
||||||
if($user->can("ban_image")) {
|
if($user->can("ban_image")) {
|
||||||
if($event->get_arg(0) == "dnp") {
|
if($event->get_arg(0) == "dnp") {
|
||||||
$image = Image::by_id(int_escape($event->get_arg(1)));
|
$image = Image::by_id((int)($event->get_arg(1)));
|
||||||
if($image) {
|
if($image) {
|
||||||
send_event(new AddImageHashBanEvent($image->hash, "DNP"));
|
send_event(new AddImageHashBanEvent($image->hash, "DNP"));
|
||||||
send_event(new ImageDeletionEvent($image));
|
send_event(new ImageDeletionEvent($image));
|
||||||
@ -74,7 +74,7 @@ class ImageBan extends Extension {
|
|||||||
$page->set_redirect(make_link("image_hash_ban/list/1"));
|
$page->set_redirect(make_link("image_hash_ban/list/1"));
|
||||||
}
|
}
|
||||||
if(isset($_POST['image_id'])) {
|
if(isset($_POST['image_id'])) {
|
||||||
$image = Image::by_id(int_escape($_POST['image_id']));
|
$image = Image::by_id((int)($_POST['image_id']));
|
||||||
if($image) {
|
if($image) {
|
||||||
send_event(new ImageDeletionEvent($image));
|
send_event(new ImageDeletionEvent($image));
|
||||||
$page->set_mode("redirect");
|
$page->set_mode("redirect");
|
||||||
@ -93,7 +93,7 @@ class ImageBan extends Extension {
|
|||||||
else if($event->get_arg(0) == "list") {
|
else if($event->get_arg(0) == "list") {
|
||||||
$page_num = 0;
|
$page_num = 0;
|
||||||
if($event->count_args() == 2) {
|
if($event->count_args() == 2) {
|
||||||
$page_num = int_escape($event->get_arg(1));
|
$page_num = (int)($event->get_arg(1));
|
||||||
}
|
}
|
||||||
$page_size = 100;
|
$page_size = 100;
|
||||||
$page_count = ceil($database->get_one("SELECT COUNT(id) FROM image_bans")/$page_size);
|
$page_count = ceil($database->get_one("SELECT COUNT(id) FROM image_bans")/$page_size);
|
||||||
@ -131,8 +131,8 @@ class ImageBan extends Extension {
|
|||||||
global $database;
|
global $database;
|
||||||
|
|
||||||
// FIXME: many
|
// FIXME: many
|
||||||
$size_i = int_escape($size);
|
$size_i = (int)($size);
|
||||||
$offset_i = int_escape($page-1)*$size_i;
|
$offset_i = (int)($page-1)*$size_i;
|
||||||
$where = array("(1=1)");
|
$where = array("(1=1)");
|
||||||
$args = array();
|
$args = array();
|
||||||
if(!empty($_GET['hash'])) {
|
if(!empty($_GET['hash'])) {
|
||||||
|
|||||||
@ -204,7 +204,7 @@ class Index extends Extension {
|
|||||||
}
|
}
|
||||||
else if(preg_match("/^ratio(<|>|<=|>=|=)(\d+):(\d+)$/", $event->term, $matches)) {
|
else if(preg_match("/^ratio(<|>|<=|>=|=)(\d+):(\d+)$/", $event->term, $matches)) {
|
||||||
$cmp = $matches[1];
|
$cmp = $matches[1];
|
||||||
$args = array("width"=>int_escape($matches[2]), "height"=>int_escape($matches[3]));
|
$args = array("width"=>(int)($matches[2]), "height"=>(int)($matches[3]));
|
||||||
$event->add_querylet(new Querylet('width / height '.$cmp.' :width / :height', $args));
|
$event->add_querylet(new Querylet('width / height '.$cmp.' :width / :height', $args));
|
||||||
}
|
}
|
||||||
else if(preg_match("/^(filesize|id)(<|>|<=|>=|=)(\d+[kmg]?b?)$/i", $event->term, $matches)) {
|
else if(preg_match("/^(filesize|id)(<|>|<=|>=|=)(\d+[kmg]?b?)$/i", $event->term, $matches)) {
|
||||||
@ -233,7 +233,7 @@ class Index extends Extension {
|
|||||||
}
|
}
|
||||||
else if(preg_match("/^size(<|>|<=|>=|=)(\d+)x(\d+)$/", $event->term, $matches)) {
|
else if(preg_match("/^size(<|>|<=|>=|=)(\d+)x(\d+)$/", $event->term, $matches)) {
|
||||||
$cmp = $matches[1];
|
$cmp = $matches[1];
|
||||||
$args = array("width"=>int_escape($matches[2]), "height"=>int_escape($matches[3]));
|
$args = array("width"=>(int)($matches[2]), "height"=>(int)($matches[3]));
|
||||||
$event->add_querylet(new Querylet('width '.$cmp.' :width AND height '.$cmp.' :height', $args));
|
$event->add_querylet(new Querylet('width '.$cmp.' :width AND height '.$cmp.' :height', $args));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -47,7 +47,7 @@ class LogDatabase extends Extension {
|
|||||||
if($user->can("view_eventlog")) {
|
if($user->can("view_eventlog")) {
|
||||||
$wheres = array();
|
$wheres = array();
|
||||||
$args = array();
|
$args = array();
|
||||||
$page_num = int_escape($event->get_arg(0));
|
$page_num = (int)($event->get_arg(0));
|
||||||
if($page_num <= 0) $page_num = 1;
|
if($page_num <= 0) $page_num = 1;
|
||||||
if(!empty($_GET["time"])) {
|
if(!empty($_GET["time"])) {
|
||||||
$wheres[] = "date_sent LIKE :time";
|
$wheres[] = "date_sent LIKE :time";
|
||||||
@ -77,7 +77,7 @@ class LogDatabase extends Extension {
|
|||||||
}
|
}
|
||||||
if(!empty($_GET["priority"])) {
|
if(!empty($_GET["priority"])) {
|
||||||
$wheres[] = "priority >= :priority";
|
$wheres[] = "priority >= :priority";
|
||||||
$args["priority"] = int_escape($_GET["priority"]);
|
$args["priority"] = (int)($_GET["priority"]);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$wheres[] = "priority >= :priority";
|
$wheres[] = "priority >= :priority";
|
||||||
|
|||||||
@ -100,7 +100,7 @@ class LogDatabaseTheme extends Themelet {
|
|||||||
}
|
}
|
||||||
|
|
||||||
protected function link_image($id) {
|
protected function link_image($id) {
|
||||||
$iid = int_escape($id[1]);
|
$iid = (int)($id[1]);
|
||||||
return "<a href='".make_link("post/view/$iid")."'>Image #$iid</a>";
|
return "<a href='".make_link("post/view/$iid")."'>Image #$iid</a>";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -211,7 +211,7 @@ class Notes extends Extension {
|
|||||||
public function onSearchTermParse(SearchTermParseEvent $event) {
|
public function onSearchTermParse(SearchTermParseEvent $event) {
|
||||||
$matches = array();
|
$matches = array();
|
||||||
if(preg_match("/note=(.*)/i", $event->term, $matches)) {
|
if(preg_match("/note=(.*)/i", $event->term, $matches)) {
|
||||||
$notes = int_escape($matches[1]);
|
$notes = (int)($matches[1]);
|
||||||
$event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM notes WHERE note = $notes)"));
|
$event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM notes WHERE note = $notes)"));
|
||||||
}
|
}
|
||||||
else if(preg_match("/notes(<|>|<=|>=|=)(\d+)/", $event->term, $matches)) {
|
else if(preg_match("/notes(<|>|<=|>=|=)(\d+)/", $event->term, $matches)) {
|
||||||
@ -232,7 +232,7 @@ class Notes extends Extension {
|
|||||||
$event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM notes WHERE user_id = $user_id)"));
|
$event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM notes WHERE user_id = $user_id)"));
|
||||||
}
|
}
|
||||||
else if(preg_match("/notes_by_userno=([0-9]+)/i", $event->term, $matches)) {
|
else if(preg_match("/notes_by_userno=([0-9]+)/i", $event->term, $matches)) {
|
||||||
$user_id = int_escape($matches[1]);
|
$user_id = (int)($matches[1]);
|
||||||
$event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM notes WHERE user_id = $user_id)"));
|
$event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM notes WHERE user_id = $user_id)"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -259,12 +259,12 @@ class Notes extends Extension {
|
|||||||
private function add_new_note() {
|
private function add_new_note() {
|
||||||
global $database, $user;
|
global $database, $user;
|
||||||
|
|
||||||
$imageID = int_escape($_POST["image_id"]);
|
$imageID = (int)($_POST["image_id"]);
|
||||||
$user_id = $user->id;
|
$user_id = $user->id;
|
||||||
$noteX1 = int_escape($_POST["note_x1"]);
|
$noteX1 = (int)($_POST["note_x1"]);
|
||||||
$noteY1 = int_escape($_POST["note_y1"]);
|
$noteY1 = (int)($_POST["note_y1"]);
|
||||||
$noteHeight = int_escape($_POST["note_height"]);
|
$noteHeight = (int)($_POST["note_height"]);
|
||||||
$noteWidth = int_escape($_POST["note_width"]);
|
$noteWidth = (int)($_POST["note_width"]);
|
||||||
$noteText = html_escape($_POST["note_text"]);
|
$noteText = html_escape($_POST["note_text"]);
|
||||||
|
|
||||||
$database->execute("
|
$database->execute("
|
||||||
@ -292,7 +292,7 @@ class Notes extends Extension {
|
|||||||
private function add_note_request() {
|
private function add_note_request() {
|
||||||
global $database, $user;
|
global $database, $user;
|
||||||
|
|
||||||
$image_id = int_escape($_POST["image_id"]);
|
$image_id = (int)($_POST["image_id"]);
|
||||||
$user_id = $user->id;
|
$user_id = $user->id;
|
||||||
|
|
||||||
$database->execute("
|
$database->execute("
|
||||||
@ -314,12 +314,12 @@ class Notes extends Extension {
|
|||||||
*/
|
*/
|
||||||
private function update_note()
|
private function update_note()
|
||||||
{
|
{
|
||||||
$imageID = int_escape($_POST["image_id"]);
|
$imageID = (int)($_POST["image_id"]);
|
||||||
$noteID = int_escape($_POST["note_id"]);
|
$noteID = (int)($_POST["note_id"]);
|
||||||
$noteX1 = int_escape($_POST["note_x1"]);
|
$noteX1 = (int)($_POST["note_x1"]);
|
||||||
$noteY1 = int_escape($_POST["note_y1"]);
|
$noteY1 = (int)($_POST["note_y1"]);
|
||||||
$noteHeight = int_escape($_POST["note_height"]);
|
$noteHeight = (int)($_POST["note_height"]);
|
||||||
$noteWidth = int_escape($_POST["note_width"]);
|
$noteWidth = (int)($_POST["note_width"]);
|
||||||
$noteText = mysql_real_escape_string(html_escape($_POST["note_text"]));
|
$noteText = mysql_real_escape_string(html_escape($_POST["note_text"]));
|
||||||
|
|
||||||
// validate parameters
|
// validate parameters
|
||||||
@ -363,8 +363,8 @@ class Notes extends Extension {
|
|||||||
*/
|
*/
|
||||||
private function delete_note()
|
private function delete_note()
|
||||||
{
|
{
|
||||||
$imageID = int_escape($_POST["image_id"]);
|
$imageID = (int)($_POST["image_id"]);
|
||||||
$noteID = int_escape($_POST["note_id"]);
|
$noteID = (int)($_POST["note_id"]);
|
||||||
|
|
||||||
// validate parameters
|
// validate parameters
|
||||||
if(is_null($imageID) || !is_numeric($imageID))
|
if(is_null($imageID) || !is_numeric($imageID))
|
||||||
@ -389,7 +389,7 @@ class Notes extends Extension {
|
|||||||
*/
|
*/
|
||||||
private function nuke_notes() {
|
private function nuke_notes() {
|
||||||
global $database;
|
global $database;
|
||||||
$image_id = int_escape($_POST["image_id"]);
|
$image_id = (int)($_POST["image_id"]);
|
||||||
$database->execute("DELETE FROM notes WHERE image_id = ?", array($image_id));
|
$database->execute("DELETE FROM notes WHERE image_id = ?", array($image_id));
|
||||||
log_info("notes", "Notes deleted from {$image_id} by {$user->name}");
|
log_info("notes", "Notes deleted from {$image_id} by {$user->name}");
|
||||||
}
|
}
|
||||||
@ -401,7 +401,7 @@ class Notes extends Extension {
|
|||||||
*/
|
*/
|
||||||
private function nuke_requests() {
|
private function nuke_requests() {
|
||||||
global $database;
|
global $database;
|
||||||
$image_id = int_escape($_POST["image_id"]);
|
$image_id = (int)($_POST["image_id"]);
|
||||||
|
|
||||||
$database->execute("DELETE FROM note_request WHERE image_id = ?", array($image_id));
|
$database->execute("DELETE FROM note_request WHERE image_id = ?", array($image_id));
|
||||||
|
|
||||||
|
|||||||
@ -48,7 +48,7 @@ class NumericScore extends Extension {
|
|||||||
global $config, $database, $user, $page;
|
global $config, $database, $user, $page;
|
||||||
|
|
||||||
if($event->page_matches("numeric_score_votes")) {
|
if($event->page_matches("numeric_score_votes")) {
|
||||||
$image_id = int_escape($event->get_arg(0));
|
$image_id = (int)($event->get_arg(0));
|
||||||
$x = $database->get_all(
|
$x = $database->get_all(
|
||||||
"SELECT users.name as username, user_id, score
|
"SELECT users.name as username, user_id, score
|
||||||
FROM numeric_score_votes
|
FROM numeric_score_votes
|
||||||
@ -67,7 +67,7 @@ class NumericScore extends Extension {
|
|||||||
}
|
}
|
||||||
if($event->page_matches("numeric_score_vote") && $user->check_auth_token()) {
|
if($event->page_matches("numeric_score_vote") && $user->check_auth_token()) {
|
||||||
if(!$user->is_anonymous()) {
|
if(!$user->is_anonymous()) {
|
||||||
$image_id = int_escape($_POST['image_id']);
|
$image_id = (int)($_POST['image_id']);
|
||||||
$char = $_POST['vote'];
|
$char = $_POST['vote'];
|
||||||
$score = null;
|
$score = null;
|
||||||
if($char == "up") $score = 1;
|
if($char == "up") $score = 1;
|
||||||
@ -80,7 +80,7 @@ class NumericScore extends Extension {
|
|||||||
}
|
}
|
||||||
if($event->page_matches("numeric_score/remove_votes_on") && $user->check_auth_token()) {
|
if($event->page_matches("numeric_score/remove_votes_on") && $user->check_auth_token()) {
|
||||||
if($user->can("edit_other_vote")) {
|
if($user->can("edit_other_vote")) {
|
||||||
$image_id = int_escape($_POST['image_id']);
|
$image_id = (int)($_POST['image_id']);
|
||||||
$database->execute(
|
$database->execute(
|
||||||
"DELETE FROM numeric_score_votes WHERE image_id=?",
|
"DELETE FROM numeric_score_votes WHERE image_id=?",
|
||||||
array($image_id));
|
array($image_id));
|
||||||
@ -93,7 +93,7 @@ class NumericScore extends Extension {
|
|||||||
}
|
}
|
||||||
if($event->page_matches("numeric_score/remove_votes_by") && $user->check_auth_token()) {
|
if($event->page_matches("numeric_score/remove_votes_by") && $user->check_auth_token()) {
|
||||||
if($user->can("edit_other_vote")) {
|
if($user->can("edit_other_vote")) {
|
||||||
$this->delete_votes_by(int_escape($_POST['user_id']));
|
$this->delete_votes_by((int)($_POST['user_id']));
|
||||||
$page->set_mode("redirect");
|
$page->set_mode("redirect");
|
||||||
$page->set_redirect(make_link());
|
$page->set_redirect(make_link());
|
||||||
}
|
}
|
||||||
@ -110,13 +110,13 @@ class NumericScore extends Extension {
|
|||||||
$year = $_GET['year'];
|
$year = $_GET['year'];
|
||||||
}
|
}
|
||||||
//month
|
//month
|
||||||
if(empty($_GET['month']) || int_escape($_GET['month']) > 12){
|
if(empty($_GET['month']) || (int)($_GET['month']) > 12){
|
||||||
$month = date("m");
|
$month = date("m");
|
||||||
}else{
|
}else{
|
||||||
$month = $_GET['month'];
|
$month = $_GET['month'];
|
||||||
}
|
}
|
||||||
//day
|
//day
|
||||||
if(empty($_GET['day']) || int_escape($_GET['day']) > 31){
|
if(empty($_GET['day']) || (int)($_GET['day']) > 31){
|
||||||
$day = date("d");
|
$day = date("d");
|
||||||
}else{
|
}else{
|
||||||
$day = $_GET['day'];
|
$day = $_GET['day'];
|
||||||
@ -245,13 +245,13 @@ class NumericScore extends Extension {
|
|||||||
array("ns_user_id"=>$duser->id)));
|
array("ns_user_id"=>$duser->id)));
|
||||||
}
|
}
|
||||||
if(preg_match("/^upvoted_by_id=(\d+)$/", $event->term, $matches)) {
|
if(preg_match("/^upvoted_by_id=(\d+)$/", $event->term, $matches)) {
|
||||||
$iid = int_escape($matches[1]);
|
$iid = (int)($matches[1]);
|
||||||
$event->add_querylet(new Querylet(
|
$event->add_querylet(new Querylet(
|
||||||
"images.id in (SELECT image_id FROM numeric_score_votes WHERE user_id=:ns_user_id AND score=1)",
|
"images.id in (SELECT image_id FROM numeric_score_votes WHERE user_id=:ns_user_id AND score=1)",
|
||||||
array("ns_user_id"=>$iid)));
|
array("ns_user_id"=>$iid)));
|
||||||
}
|
}
|
||||||
if(preg_match("/^downvoted_by_id=(\d+)$/", $event->term, $matches)) {
|
if(preg_match("/^downvoted_by_id=(\d+)$/", $event->term, $matches)) {
|
||||||
$iid = int_escape($matches[1]);
|
$iid = (int)($matches[1]);
|
||||||
$event->add_querylet(new Querylet(
|
$event->add_querylet(new Querylet(
|
||||||
"images.id in (SELECT image_id FROM numeric_score_votes WHERE user_id=:ns_user_id AND score=-1)",
|
"images.id in (SELECT image_id FROM numeric_score_votes WHERE user_id=:ns_user_id AND score=-1)",
|
||||||
array("ns_user_id"=>$iid)));
|
array("ns_user_id"=>$iid)));
|
||||||
|
|||||||
@ -3,8 +3,8 @@
|
|||||||
class NumericScoreTheme extends Themelet {
|
class NumericScoreTheme extends Themelet {
|
||||||
public function get_voter_html(Image $image) {
|
public function get_voter_html(Image $image) {
|
||||||
global $user;
|
global $user;
|
||||||
$i_image_id = int_escape($image->id);
|
$i_image_id = (int)($image->id);
|
||||||
$i_score = int_escape($image->numeric_score);
|
$i_score = (int)($image->numeric_score);
|
||||||
|
|
||||||
$html = "
|
$html = "
|
||||||
Current Score: $i_score
|
Current Score: $i_score
|
||||||
|
|||||||
@ -28,7 +28,7 @@ class PM {
|
|||||||
$this->sent_date = $a["sent_date"];
|
$this->sent_date = $a["sent_date"];
|
||||||
$this->subject = $a["subject"];
|
$this->subject = $a["subject"];
|
||||||
$this->message = $a["message"];
|
$this->message = $a["message"];
|
||||||
$this->is_read = undb_bool($a["is_read"]);
|
$this->is_read = bool_escape($a["is_read"]);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$this->id = -1;
|
$this->id = -1;
|
||||||
@ -105,13 +105,13 @@ class PrivMsg extends Extension {
|
|||||||
if(!$user->is_anonymous()) {
|
if(!$user->is_anonymous()) {
|
||||||
switch($event->get_arg(0)) {
|
switch($event->get_arg(0)) {
|
||||||
case "read":
|
case "read":
|
||||||
$pm_id = int_escape($event->get_arg(1));
|
$pm_id = (int)($event->get_arg(1));
|
||||||
$pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", array("id" => $pm_id));
|
$pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", array("id" => $pm_id));
|
||||||
if(is_null($pm)) {
|
if(is_null($pm)) {
|
||||||
$this->theme->display_error(404, "No such PM", "There is no PM #$pm_id");
|
$this->theme->display_error(404, "No such PM", "There is no PM #$pm_id");
|
||||||
}
|
}
|
||||||
else if(($pm["to_id"] == $user->id) || $user->can("view_other_pms")) {
|
else if(($pm["to_id"] == $user->id) || $user->can("view_other_pms")) {
|
||||||
$from_user = User::by_id(int_escape($pm["from_id"]));
|
$from_user = User::by_id((int)($pm["from_id"]));
|
||||||
$database->execute("UPDATE private_message SET is_read='Y' WHERE id = :id", array("id" => $pm_id));
|
$database->execute("UPDATE private_message SET is_read='Y' WHERE id = :id", array("id" => $pm_id));
|
||||||
$database->cache->delete("pm-count-{$user->id}");
|
$database->cache->delete("pm-count-{$user->id}");
|
||||||
$this->theme->display_message($page, $from_user, $user, new PM($pm));
|
$this->theme->display_message($page, $from_user, $user, new PM($pm));
|
||||||
@ -122,7 +122,7 @@ class PrivMsg extends Extension {
|
|||||||
break;
|
break;
|
||||||
case "delete":
|
case "delete":
|
||||||
if($user->check_auth_token()) {
|
if($user->check_auth_token()) {
|
||||||
$pm_id = int_escape($_POST["pm_id"]);
|
$pm_id = (int)($_POST["pm_id"]);
|
||||||
$pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", array("id" => $pm_id));
|
$pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", array("id" => $pm_id));
|
||||||
if(is_null($pm)) {
|
if(is_null($pm)) {
|
||||||
$this->theme->display_error(404, "No such PM", "There is no PM #$pm_id");
|
$this->theme->display_error(404, "No such PM", "There is no PM #$pm_id");
|
||||||
@ -138,7 +138,7 @@ class PrivMsg extends Extension {
|
|||||||
break;
|
break;
|
||||||
case "send":
|
case "send":
|
||||||
if($user->check_auth_token()) {
|
if($user->check_auth_token()) {
|
||||||
$to_id = int_escape($_POST["to_id"]);
|
$to_id = (int)($_POST["to_id"]);
|
||||||
$from_id = $user->id;
|
$from_id = $user->id;
|
||||||
$subject = $_POST["subject"];
|
$subject = $_POST["subject"];
|
||||||
$message = $_POST["message"];
|
$message = $_POST["message"];
|
||||||
|
|||||||
@ -96,14 +96,14 @@ class Pools extends Extension {
|
|||||||
|
|
||||||
// Check if we have pool id, since this is most often the case.
|
// Check if we have pool id, since this is most often the case.
|
||||||
if (isset($_POST["pool_id"])) {
|
if (isset($_POST["pool_id"])) {
|
||||||
$pool_id = int_escape($_POST["pool_id"]);
|
$pool_id = (int)($_POST["pool_id"]);
|
||||||
$pool = $this->get_single_pool($pool_id);
|
$pool = $this->get_single_pool($pool_id);
|
||||||
}
|
}
|
||||||
|
|
||||||
// What action are we trying to perform?
|
// What action are we trying to perform?
|
||||||
switch($event->get_arg(0)) {
|
switch($event->get_arg(0)) {
|
||||||
case "list": //index
|
case "list": //index
|
||||||
$this->list_pools($page, int_escape($event->get_arg(1)));
|
$this->list_pools($page, (int)($event->get_arg(1)));
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case "new": // Show form for new pools
|
case "new": // Show form for new pools
|
||||||
@ -127,17 +127,17 @@ class Pools extends Extension {
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case "view":
|
case "view":
|
||||||
$poolID = int_escape($event->get_arg(1));
|
$poolID = (int)($event->get_arg(1));
|
||||||
$this->get_posts($event, $poolID);
|
$this->get_posts($event, $poolID);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case "updated":
|
case "updated":
|
||||||
$this->get_history(int_escape($event->get_arg(1)));
|
$this->get_history((int)($event->get_arg(1)));
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case "revert":
|
case "revert":
|
||||||
if(!$user->is_anonymous()) {
|
if(!$user->is_anonymous()) {
|
||||||
$historyID = int_escape($event->get_arg(1));
|
$historyID = (int)($event->get_arg(1));
|
||||||
$this->revert_history($historyID);
|
$this->revert_history($historyID);
|
||||||
$page->set_mode("redirect");
|
$page->set_mode("redirect");
|
||||||
$page->set_redirect(make_link("pool/updated"));
|
$page->set_redirect(make_link("pool/updated"));
|
||||||
@ -404,7 +404,7 @@ class Pools extends Extension {
|
|||||||
private function add_posts() {
|
private function add_posts() {
|
||||||
global $database;
|
global $database;
|
||||||
|
|
||||||
$poolID = int_escape($_POST['pool_id']);
|
$poolID = (int)($_POST['pool_id']);
|
||||||
$images = "";
|
$images = "";
|
||||||
|
|
||||||
foreach ($_POST['check'] as $imageID){
|
foreach ($_POST['check'] as $imageID){
|
||||||
@ -439,7 +439,7 @@ class Pools extends Extension {
|
|||||||
private function order_posts() {
|
private function order_posts() {
|
||||||
global $database;
|
global $database;
|
||||||
|
|
||||||
$poolID = int_escape($_POST['pool_id']);
|
$poolID = (int)($_POST['pool_id']);
|
||||||
|
|
||||||
foreach($_POST['imgs'] as $data) {
|
foreach($_POST['imgs'] as $data) {
|
||||||
list($imageORDER, $imageID) = $data;
|
list($imageORDER, $imageID) = $data;
|
||||||
@ -463,7 +463,7 @@ class Pools extends Extension {
|
|||||||
private function remove_posts() {
|
private function remove_posts() {
|
||||||
global $database;
|
global $database;
|
||||||
|
|
||||||
$poolID = int_escape($_POST['pool_id']);
|
$poolID = (int)($_POST['pool_id']);
|
||||||
$images = "";
|
$images = "";
|
||||||
|
|
||||||
foreach($_POST['check'] as $imageID) {
|
foreach($_POST['check'] as $imageID) {
|
||||||
@ -527,7 +527,7 @@ class Pools extends Extension {
|
|||||||
private function get_posts($event, /*int*/ $poolID) {
|
private function get_posts($event, /*int*/ $poolID) {
|
||||||
global $config, $user, $database;
|
global $config, $user, $database;
|
||||||
|
|
||||||
$pageNumber = int_escape($event->get_arg(2));
|
$pageNumber = (int)($event->get_arg(2));
|
||||||
if(is_null($pageNumber) || !is_numeric($pageNumber))
|
if(is_null($pageNumber) || !is_numeric($pageNumber))
|
||||||
$pageNumber = 0;
|
$pageNumber = 0;
|
||||||
else if ($pageNumber <= 0)
|
else if ($pageNumber <= 0)
|
||||||
@ -535,7 +535,7 @@ class Pools extends Extension {
|
|||||||
else
|
else
|
||||||
$pageNumber--;
|
$pageNumber--;
|
||||||
|
|
||||||
$poolID = int_escape($poolID);
|
$poolID = (int)($poolID);
|
||||||
$pool = $this->get_pool($poolID);
|
$pool = $this->get_pool($poolID);
|
||||||
|
|
||||||
$imagesPerPage = $config->get_int("poolsImagesPerPage");
|
$imagesPerPage = $config->get_int("poolsImagesPerPage");
|
||||||
|
|||||||
@ -41,7 +41,7 @@ class RandomImage extends Extension {
|
|||||||
if($action === "download") {
|
if($action === "download") {
|
||||||
if(!is_null($image)) {
|
if(!is_null($image)) {
|
||||||
$page->set_mode("data");
|
$page->set_mode("data");
|
||||||
$page->set_type("image/jpeg");
|
$page->set_type($image->get_mime_type());
|
||||||
$page->set_data(file_get_contents($image->get_image_filename()));
|
$page->set_data(file_get_contents($image->get_image_filename()));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -7,7 +7,7 @@ class RandomImageTheme extends Themelet {
|
|||||||
|
|
||||||
public function build_random_html(Image $image, $query=null) {
|
public function build_random_html(Image $image, $query=null) {
|
||||||
global $config;
|
global $config;
|
||||||
$i_id = int_escape($image->id);
|
$i_id = (int)($image->id);
|
||||||
$h_view_link = make_link("post/view/$i_id", $query);
|
$h_view_link = make_link("post/view/$i_id", $query);
|
||||||
$h_thumb_link = $image->get_thumb_link();
|
$h_thumb_link = $image->get_thumb_link();
|
||||||
$h_tip = html_escape($image->get_tooltip());
|
$h_tip = html_escape($image->get_tooltip());
|
||||||
|
|||||||
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
class RatingsTheme extends Themelet {
|
class RatingsTheme extends Themelet {
|
||||||
public function get_rater_html(/*int*/ $image_id, /*string*/ $rating) {
|
public function get_rater_html(/*int*/ $image_id, /*string*/ $rating) {
|
||||||
$i_image_id = int_escape($image_id);
|
$i_image_id = (int)($image_id);
|
||||||
$s_checked = $rating == 's' ? " checked" : "";
|
$s_checked = $rating == 's' ? " checked" : "";
|
||||||
$q_checked = $rating == 'q' ? " checked" : "";
|
$q_checked = $rating == 'q' ? " checked" : "";
|
||||||
$e_checked = $rating == 'e' ? " checked" : "";
|
$e_checked = $rating == 'e' ? " checked" : "";
|
||||||
|
|||||||
@ -18,7 +18,7 @@ class RegenThumb extends Extension {
|
|||||||
global $config, $database, $page, $user;
|
global $config, $database, $page, $user;
|
||||||
|
|
||||||
if($event->page_matches("regen_thumb") && $user->is_admin() && isset($_POST['image_id'])) {
|
if($event->page_matches("regen_thumb") && $user->is_admin() && isset($_POST['image_id'])) {
|
||||||
$image = Image::by_id(int_escape($_POST['image_id']));
|
$image = Image::by_id((int)($_POST['image_id']));
|
||||||
send_event(new ThumbnailGenerationEvent($image->hash, $image->ext, true));
|
send_event(new ThumbnailGenerationEvent($image->hash, $image->ext, true));
|
||||||
$this->theme->display_results($page, $image);
|
$this->theme->display_results($page, $image);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -43,7 +43,7 @@ class ReportImage extends Extension {
|
|||||||
if($event->page_matches("image_report")) {
|
if($event->page_matches("image_report")) {
|
||||||
if($event->get_arg(0) == "add") {
|
if($event->get_arg(0) == "add") {
|
||||||
if(isset($_POST['image_id']) && isset($_POST['reason'])) {
|
if(isset($_POST['image_id']) && isset($_POST['reason'])) {
|
||||||
$image_id = int_escape($_POST['image_id']);
|
$image_id = (int)($_POST['image_id']);
|
||||||
send_event(new AddReportedImageEvent($image_id, $user->id, $_POST['reason']));
|
send_event(new AddReportedImageEvent($image_id, $user->id, $_POST['reason']));
|
||||||
$page->set_mode("redirect");
|
$page->set_mode("redirect");
|
||||||
$page->set_redirect(make_link("post/view/$image_id"));
|
$page->set_redirect(make_link("post/view/$image_id"));
|
||||||
@ -137,7 +137,7 @@ class ReportImage extends Extension {
|
|||||||
|
|
||||||
$reports = array();
|
$reports = array();
|
||||||
foreach($all_reports as $report) {
|
foreach($all_reports as $report) {
|
||||||
$image_id = int_escape($report['image_id']);
|
$image_id = (int)($report['image_id']);
|
||||||
$image = Image::by_id($image_id);
|
$image = Image::by_id($image_id);
|
||||||
if(is_null($image)) {
|
if(is_null($image)) {
|
||||||
send_event(new RemoveReportedImageEvent($report['id']));
|
send_event(new RemoveReportedImageEvent($report['id']));
|
||||||
|
|||||||
@ -64,7 +64,7 @@ class ReportImageTheme extends Themelet {
|
|||||||
public function display_image_banner(Image $image, /*array*/ $reporters) {
|
public function display_image_banner(Image $image, /*array*/ $reporters) {
|
||||||
global $config, $page;
|
global $config, $page;
|
||||||
|
|
||||||
$i_image = int_escape($image->id);
|
$i_image = (int)($image->id);
|
||||||
$html = "";
|
$html = "";
|
||||||
if(count($reporters) > 0) {
|
if(count($reporters) > 0) {
|
||||||
$html .= "<b>Image reported by ".html_escape(implode(", ", $reporters))."</b><p>";
|
$html .= "<b>Image reported by ".html_escape(implode(", ", $reporters))."</b><p>";
|
||||||
|
|||||||
@ -105,7 +105,7 @@ class ResizeImage extends Extension {
|
|||||||
|
|
||||||
if ( $event->page_matches("resize") && $user->is_admin() ) {
|
if ( $event->page_matches("resize") && $user->is_admin() ) {
|
||||||
// Try to get the image ID
|
// Try to get the image ID
|
||||||
$image_id = int_escape($event->get_arg(0));
|
$image_id = (int)($event->get_arg(0));
|
||||||
if (empty($image_id)) {
|
if (empty($image_id)) {
|
||||||
$image_id = isset($_POST['image_id']) ? $_POST['image_id'] : null;
|
$image_id = isset($_POST['image_id']) ? $_POST['image_id'] : null;
|
||||||
}
|
}
|
||||||
@ -126,10 +126,10 @@ class ResizeImage extends Extension {
|
|||||||
$width = $height = 0;
|
$width = $height = 0;
|
||||||
|
|
||||||
if (isset($_POST['resize_width'])) {
|
if (isset($_POST['resize_width'])) {
|
||||||
$width = int_escape($_POST['resize_width']);
|
$width = (int)($_POST['resize_width']);
|
||||||
}
|
}
|
||||||
if (isset($_POST['resize_height'])) {
|
if (isset($_POST['resize_height'])) {
|
||||||
$height = int_escape($_POST['resize_height']);
|
$height = (int)($_POST['resize_height']);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Attempt to resize the image */
|
/* Attempt to resize the image */
|
||||||
|
|||||||
@ -7,7 +7,7 @@ class ResizeImageTheme extends Themelet {
|
|||||||
public function get_resize_html(/*int*/ $image_id) {
|
public function get_resize_html(/*int*/ $image_id) {
|
||||||
global $user, $config;
|
global $user, $config;
|
||||||
|
|
||||||
$i_image_id = int_escape($image_id);
|
$i_image_id = (int)($image_id);
|
||||||
|
|
||||||
$html = "
|
$html = "
|
||||||
".make_form(make_link("resize"),'POST',false,'resize_image')."
|
".make_form(make_link("resize"),'POST',false,'resize_image')."
|
||||||
|
|||||||
@ -71,10 +71,10 @@ class ShimmieApi extends Extension {
|
|||||||
if($event->page_matches("api/shimmie/get_image")) {
|
if($event->page_matches("api/shimmie/get_image")) {
|
||||||
$arg = $event->get_arg(0);
|
$arg = $event->get_arg(0);
|
||||||
if(!empty($arg)){
|
if(!empty($arg)){
|
||||||
$image = Image::by_id(int_escape($event->get_arg(0)));
|
$image = Image::by_id((int)($event->get_arg(0)));
|
||||||
}
|
}
|
||||||
elseif(isset($_GET['id'])){
|
elseif(isset($_GET['id'])){
|
||||||
$image = Image::by_id(int_escape($_GET['id']));
|
$image = Image::by_id((int)($_GET['id']));
|
||||||
}
|
}
|
||||||
// FIXME: handle null image
|
// FIXME: handle null image
|
||||||
$image->get_tag_array(); // tag data isn't loaded into the object until necessary
|
$image->get_tag_array(); // tag data isn't loaded into the object until necessary
|
||||||
|
|||||||
@ -173,7 +173,7 @@ class ShimmieWebTestCase extends SCoreWebTestCase {
|
|||||||
foreach($headers as $header) {
|
foreach($headers as $header) {
|
||||||
$parts = explode(":", $header);
|
$parts = explode(":", $header);
|
||||||
if(trim($parts[0]) == "X-Shimmie-Image-ID") {
|
if(trim($parts[0]) == "X-Shimmie-Image-ID") {
|
||||||
$image_id = int_escape(trim($parts[1]));
|
$image_id = (int)(trim($parts[1]));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -40,12 +40,12 @@ class Tag_History extends Extension {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if($event->page_matches("tag_history/all")) {
|
else if($event->page_matches("tag_history/all")) {
|
||||||
$page_id = int_escape($event->get_arg(0));
|
$page_id = (int)($event->get_arg(0));
|
||||||
$this->theme->display_global_page($page, $this->get_global_tag_history($page_id), $page_id);
|
$this->theme->display_global_page($page, $this->get_global_tag_history($page_id), $page_id);
|
||||||
}
|
}
|
||||||
else if($event->page_matches("tag_history") && $event->count_args() == 1) {
|
else if($event->page_matches("tag_history") && $event->count_args() == 1) {
|
||||||
// must be an attempt to view a tag history
|
// must be an attempt to view a tag history
|
||||||
$image_id = int_escape($event->get_arg(0));
|
$image_id = (int)($event->get_arg(0));
|
||||||
$this->theme->display_history_page($page, $image_id, $this->get_tag_history_from_id($image_id));
|
$this->theme->display_history_page($page, $image_id, $this->get_tag_history_from_id($image_id));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -119,7 +119,7 @@ class Tag_History extends Extension {
|
|||||||
private function process_revert_request($revert_id) {
|
private function process_revert_request($revert_id) {
|
||||||
global $page;
|
global $page;
|
||||||
|
|
||||||
$revert_id = int_escape($revert_id);
|
$revert_id = (int)($revert_id);
|
||||||
|
|
||||||
// check for the nothing case
|
// check for the nothing case
|
||||||
if($revert_id < 1) {
|
if($revert_id < 1) {
|
||||||
|
|||||||
@ -125,7 +125,7 @@ class TagList extends Extension {
|
|||||||
*/
|
*/
|
||||||
private function get_tags_min() {
|
private function get_tags_min() {
|
||||||
if(isset($_GET['mincount'])) {
|
if(isset($_GET['mincount'])) {
|
||||||
return int_escape($_GET['mincount']);
|
return (int)($_GET['mincount']);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
global $config;
|
global $config;
|
||||||
|
|||||||
@ -24,7 +24,7 @@ class taggerTheme extends Themelet {
|
|||||||
}
|
}
|
||||||
private function html(Image $image) {
|
private function html(Image $image) {
|
||||||
global $config;
|
global $config;
|
||||||
$i_image_id = int_escape($image->id);
|
$i_image_id = (int)($image->id);
|
||||||
$h_source = html_escape($image->source);
|
$h_source = html_escape($image->source);
|
||||||
$h_query = isset($_GET['search'])? $h_query= "search=".url_escape($_GET['search']) : "";
|
$h_query = isset($_GET['search'])? $h_query= "search=".url_escape($_GET['search']) : "";
|
||||||
|
|
||||||
|
|||||||
@ -51,14 +51,14 @@ class Tips extends Extension {
|
|||||||
break;
|
break;
|
||||||
case "status":
|
case "status":
|
||||||
// FIXME: HTTP GET CSRF
|
// FIXME: HTTP GET CSRF
|
||||||
$tipID = int_escape($event->get_arg(1));
|
$tipID = (int)($event->get_arg(1));
|
||||||
$this->setStatus($tipID);
|
$this->setStatus($tipID);
|
||||||
$page->set_mode("redirect");
|
$page->set_mode("redirect");
|
||||||
$page->set_redirect(make_link("tips/list"));
|
$page->set_redirect(make_link("tips/list"));
|
||||||
break;
|
break;
|
||||||
case "delete":
|
case "delete":
|
||||||
// FIXME: HTTP GET CSRF
|
// FIXME: HTTP GET CSRF
|
||||||
$tipID = int_escape($event->get_arg(1));
|
$tipID = (int)($event->get_arg(1));
|
||||||
$this->deleteTip($tipID);
|
$this->deleteTip($tipID);
|
||||||
$page->set_mode("redirect");
|
$page->set_mode("redirect");
|
||||||
$page->set_redirect(make_link("tips/list"));
|
$page->set_redirect(make_link("tips/list"));
|
||||||
|
|||||||
@ -121,7 +121,7 @@ class Upload extends Extension {
|
|||||||
throw new UploadException("Can not replace Image: disk nearly full");
|
throw new UploadException("Can not replace Image: disk nearly full");
|
||||||
}
|
}
|
||||||
// Try to get the image ID
|
// Try to get the image ID
|
||||||
$image_id = int_escape($event->get_arg(0));
|
$image_id = (int)($event->get_arg(0));
|
||||||
if(empty($image_id)) {
|
if(empty($image_id)) {
|
||||||
$image_id = isset($_POST['image_id']) ? $_POST['image_id'] : null;
|
$image_id = isset($_POST['image_id']) ? $_POST['image_id'] : null;
|
||||||
}
|
}
|
||||||
@ -180,12 +180,12 @@ class Upload extends Extension {
|
|||||||
$source = isset($_POST['source']) ? $_POST['source'] : null;
|
$source = isset($_POST['source']) ? $_POST['source'] : null;
|
||||||
$ok = true;
|
$ok = true;
|
||||||
foreach($_FILES as $name => $file) {
|
foreach($_FILES as $name => $file) {
|
||||||
$tags = $this->tags_for_upload_slot(int_escape(substr($name, 4)));
|
$tags = $this->tags_for_upload_slot((int)(substr($name, 4)));
|
||||||
$ok = $ok & $this->try_upload($file, $tags, $source);
|
$ok = $ok & $this->try_upload($file, $tags, $source);
|
||||||
}
|
}
|
||||||
foreach($_POST as $name => $value) {
|
foreach($_POST as $name => $value) {
|
||||||
if(substr($name, 0, 3) == "url" && strlen($value) > 0) {
|
if(substr($name, 0, 3) == "url" && strlen($value) > 0) {
|
||||||
$tags = $this->tags_for_upload_slot(int_escape(substr($name, 3)));
|
$tags = $this->tags_for_upload_slot((int)(substr($name, 3)));
|
||||||
$ok = $ok & $this->try_transload($value, $tags, $source);
|
$ok = $ok & $this->try_transload($value, $tags, $source);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -292,8 +292,8 @@ class Upload extends Extension {
|
|||||||
if($event->image_id == -1) {
|
if($event->image_id == -1) {
|
||||||
throw new UploadException("File type not recognised");
|
throw new UploadException("File type not recognised");
|
||||||
}
|
}
|
||||||
//header("X-Shimmie-Image-ID: ".int_escape($event->image_id));
|
//header("X-Shimmie-Image-ID: ".(int)($event->image_id));
|
||||||
$page->add_http_header("X-Shimmie-Image-ID: ".int_escape($event->image_id));
|
$page->add_http_header("X-Shimmie-Image-ID: ".(int)($event->image_id));
|
||||||
}
|
}
|
||||||
catch(UploadException $ex) {
|
catch(UploadException $ex) {
|
||||||
$this->theme->display_upload_error($page, "Error with ".html_escape($file['name']),
|
$this->theme->display_upload_error($page, "Error with ".html_escape($file['name']),
|
||||||
|
|||||||
@ -294,7 +294,7 @@ class UserPage extends Extension {
|
|||||||
$event->add_querylet(new Querylet("images.owner_id = $user_id"));
|
$event->add_querylet(new Querylet("images.owner_id = $user_id"));
|
||||||
}
|
}
|
||||||
else if(preg_match("/^(poster|user)_id=([0-9]+)$/i", $event->term, $matches)) {
|
else if(preg_match("/^(poster|user)_id=([0-9]+)$/i", $event->term, $matches)) {
|
||||||
$user_id = int_escape($matches[2]);
|
$user_id = (int)($matches[2]);
|
||||||
$event->add_querylet(new Querylet("images.owner_id = $user_id"));
|
$event->add_querylet(new Querylet("images.owner_id = $user_id"));
|
||||||
}
|
}
|
||||||
else if($user->can("view_ip") && preg_match("/^(poster|user)_ip=([0-9\.]+)$/i", $event->term, $matches)) {
|
else if($user->can("view_ip") && preg_match("/^(poster|user)_ip=([0-9\.]+)$/i", $event->term, $matches)) {
|
||||||
|
|||||||
@ -187,7 +187,7 @@ class UserPageTheme extends Themelet {
|
|||||||
</form>
|
</form>
|
||||||
";
|
";
|
||||||
|
|
||||||
$i_user_id = int_escape($duser->id);
|
$i_user_id = (int)($duser->id);
|
||||||
|
|
||||||
if($user->can("edit_user_class")) {
|
if($user->can("edit_user_class")) {
|
||||||
global $_user_classes;
|
global $_user_classes;
|
||||||
|
|||||||
@ -75,7 +75,7 @@ class ViewImage extends Extension {
|
|||||||
$event->page_matches("post/next")
|
$event->page_matches("post/next")
|
||||||
) {
|
) {
|
||||||
|
|
||||||
$image_id = int_escape($event->get_arg(0));
|
$image_id = (int)($event->get_arg(0));
|
||||||
|
|
||||||
if(isset($_GET['search'])) {
|
if(isset($_GET['search'])) {
|
||||||
$search_terms = explode(' ', $_GET['search']);
|
$search_terms = explode(' ', $_GET['search']);
|
||||||
@ -109,7 +109,7 @@ class ViewImage extends Extension {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if($event->page_matches("post/view")) {
|
if($event->page_matches("post/view")) {
|
||||||
$image_id = int_escape($event->get_arg(0));
|
$image_id = (int)($event->get_arg(0));
|
||||||
|
|
||||||
$image = Image::by_id($image_id);
|
$image = Image::by_id($image_id);
|
||||||
|
|
||||||
@ -128,7 +128,7 @@ class ViewImage extends Extension {
|
|||||||
if($event->page_matches("post/set")) {
|
if($event->page_matches("post/set")) {
|
||||||
if(!isset($_POST['image_id'])) return;
|
if(!isset($_POST['image_id'])) return;
|
||||||
|
|
||||||
$image_id = int_escape($_POST['image_id']);
|
$image_id = (int)($_POST['image_id']);
|
||||||
|
|
||||||
send_event(new ImageInfoSetEvent(Image::by_id($image_id)));
|
send_event(new ImageInfoSetEvent(Image::by_id($image_id)));
|
||||||
|
|
||||||
|
|||||||
@ -99,7 +99,7 @@ class Wiki extends Extension {
|
|||||||
}
|
}
|
||||||
else if($event->page_matches("wiki_admin/save")) {
|
else if($event->page_matches("wiki_admin/save")) {
|
||||||
$title = $_POST['title'];
|
$title = $_POST['title'];
|
||||||
$rev = int_escape($_POST['revision']);
|
$rev = (int)($_POST['revision']);
|
||||||
$body = $_POST['body'];
|
$body = $_POST['body'];
|
||||||
$lock = $user->is_admin() && isset($_POST['lock']) && ($_POST['lock'] == "on");
|
$lock = $user->is_admin() && isset($_POST['lock']) && ($_POST['lock'] == "on");
|
||||||
|
|
||||||
|
|||||||
@ -40,7 +40,7 @@ class WikiTheme extends Themelet {
|
|||||||
protected function create_edit_html(WikiPage $page) {
|
protected function create_edit_html(WikiPage $page) {
|
||||||
$h_title = html_escape($page->title);
|
$h_title = html_escape($page->title);
|
||||||
$u_title = url_escape($page->title);
|
$u_title = url_escape($page->title);
|
||||||
$i_revision = int_escape($page->revision) + 1;
|
$i_revision = (int)($page->revision) + 1;
|
||||||
|
|
||||||
global $user;
|
global $user;
|
||||||
if($user->is_admin()) {
|
if($user->is_admin()) {
|
||||||
@ -73,7 +73,7 @@ class WikiTheme extends Themelet {
|
|||||||
"
|
"
|
||||||
<td>".make_form(make_link("wiki_admin/edit"))."
|
<td>".make_form(make_link("wiki_admin/edit"))."
|
||||||
<input type='hidden' name='title' value='".html_escape($page->title)."'>
|
<input type='hidden' name='title' value='".html_escape($page->title)."'>
|
||||||
<input type='hidden' name='revision' value='".int_escape($page->revision)."'>
|
<input type='hidden' name='revision' value='".(int)($page->revision)."'>
|
||||||
<input type='submit' value='Edit'>
|
<input type='submit' value='Edit'>
|
||||||
</form></td>
|
</form></td>
|
||||||
" :
|
" :
|
||||||
@ -82,7 +82,7 @@ class WikiTheme extends Themelet {
|
|||||||
$edit .= "
|
$edit .= "
|
||||||
<td>".make_form(make_link("wiki_admin/delete_revision"))."
|
<td>".make_form(make_link("wiki_admin/delete_revision"))."
|
||||||
<input type='hidden' name='title' value='".html_escape($page->title)."'>
|
<input type='hidden' name='title' value='".html_escape($page->title)."'>
|
||||||
<input type='hidden' name='revision' value='".int_escape($page->revision)."'>
|
<input type='hidden' name='revision' value='".(int)($page->revision)."'>
|
||||||
<input type='submit' value='Delete This Version'>
|
<input type='submit' value='Delete This Version'>
|
||||||
</form></td>
|
</form></td>
|
||||||
<td>".make_form(make_link("wiki_admin/delete_all"))."
|
<td>".make_form(make_link("wiki_admin/delete_all"))."
|
||||||
|
|||||||
@ -93,12 +93,12 @@ class CustomCommentListTheme extends CommentListTheme {
|
|||||||
$tfe = new TextFormattingEvent($comment->comment);
|
$tfe = new TextFormattingEvent($comment->comment);
|
||||||
send_event($tfe);
|
send_event($tfe);
|
||||||
|
|
||||||
$i_uid = int_escape($comment->owner_id);
|
$i_uid = (int)($comment->owner_id);
|
||||||
$h_name = html_escape($comment->owner_name);
|
$h_name = html_escape($comment->owner_name);
|
||||||
$h_poster_ip = html_escape($comment->poster_ip);
|
$h_poster_ip = html_escape($comment->poster_ip);
|
||||||
$h_comment = ($trim ? substr($tfe->stripped, 0, 50)."..." : $tfe->formatted);
|
$h_comment = ($trim ? substr($tfe->stripped, 0, 50)."..." : $tfe->formatted);
|
||||||
$i_comment_id = int_escape($comment->comment_id);
|
$i_comment_id = (int)($comment->comment_id);
|
||||||
$i_image_id = int_escape($comment->image_id);
|
$i_image_id = (int)($comment->image_id);
|
||||||
$h_posted = autodate($comment->posted);
|
$h_posted = autodate($comment->posted);
|
||||||
|
|
||||||
$stripped_nonl = str_replace("\n", "\\n", substr($tfe->stripped, 0, 50));
|
$stripped_nonl = str_replace("\n", "\\n", substr($tfe->stripped, 0, 50));
|
||||||
|
|||||||
@ -59,12 +59,12 @@ class CustomCommentListTheme extends CommentListTheme {
|
|||||||
$tfe = new TextFormattingEvent($comment->comment);
|
$tfe = new TextFormattingEvent($comment->comment);
|
||||||
send_event($tfe);
|
send_event($tfe);
|
||||||
|
|
||||||
$i_uid = int_escape($comment->owner_id);
|
$i_uid = (int)($comment->owner_id);
|
||||||
$h_name = html_escape($comment->owner_name);
|
$h_name = html_escape($comment->owner_name);
|
||||||
$h_poster_ip = html_escape($comment->poster_ip);
|
$h_poster_ip = html_escape($comment->poster_ip);
|
||||||
$h_comment = ($trim ? substr($tfe->stripped, 0, 50)."..." : $tfe->formatted);
|
$h_comment = ($trim ? substr($tfe->stripped, 0, 50)."..." : $tfe->formatted);
|
||||||
$i_comment_id = int_escape($comment->comment_id);
|
$i_comment_id = (int)($comment->comment_id);
|
||||||
$i_image_id = int_escape($comment->image_id);
|
$i_image_id = (int)($comment->image_id);
|
||||||
|
|
||||||
$stripped_nonl = str_replace("\n", "\\n", substr($tfe->stripped, 0, 50));
|
$stripped_nonl = str_replace("\n", "\\n", substr($tfe->stripped, 0, 50));
|
||||||
$stripped_nonl = str_replace("\r", "\\r", $stripped_nonl);
|
$stripped_nonl = str_replace("\r", "\\r", $stripped_nonl);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user