adam/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-06-02 04:15:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

- merge rev 2765,2769 from branch 2.0

Browse Source 
* 2765 mysql potential injection paranoia + code compaction in common.inc.php
* 2769 added an image sort order by privacy level (admins only)
* 2769 fix an IE6 display issue with quick search on index page

git-svn-id: http://piwigo.org/svn/trunk@2770 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
rvelices
2008-10-18 00:45:45 +00:00
parent faa543851b
commit 90be9fbb84
5 changed files with 25 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/ws_functions.inc.php
+6 -4
View File
@@ -187,6 +187,7 @@ function ws_caddie_add($params, &$service)
{
return new PwgError(401, 'Access denied');
}
$params['image_id'] = array_map( 'intval',$params['image_id'] );
if ( empty($params['image_id']) )
{
return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
@@ -291,7 +292,7 @@ SELECT i.*, GROUP_CONCAT(category_id) cat_ids
AND ', $where_clauses).'
GROUP BY i.id
'.$order_by.'
LIMIT '.$params['per_page']*$params['page'].','.$params['per_page'];
LIMIT '.(int)($params['per_page']*$params['page']).','.(int)$params['per_page'];
$result = pwg_query($query);
while ($row = mysql_fetch_assoc($result))
@@ -683,8 +684,8 @@ SELECT id, date, author, content
FROM '.COMMENTS_TABLE.'
WHERE '.$where_comments.'
ORDER BY date
LIMIT '.$params['comments_per_page']*(int)$params['comments_page'].
','.$params['comments_per_page'];
LIMIT '.(int)($params['comments_per_page']*$params['comments_page']).
','.(int)$params['comments_per_page'];
$result = pwg_query($query);
while ($row = mysql_fetch_assoc($result))
@@ -857,6 +858,7 @@ function ws_images_setPrivacyLevel($params, &$service)
{
return new PwgError(401, 'Access denied');
}
$params['image_id'] = array_map( 'intval',$params['image_id'] );
if ( empty($params['image_id']) )
{
return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
@@ -1342,7 +1344,7 @@ SELECT DISTINCT i.* FROM '.IMAGES_TABLE.' i
WHERE '. implode('
AND ', $where_clauses).'
'.$order_by.'
LIMIT '.$params['per_page']*$params['page'].','.$params['per_page'];
LIMIT '.(int)($params['per_page']*$params['page']).','.(int)$params['per_page'];
$result = pwg_query($query);
while ($row = mysql_fetch_assoc($result))