- Timestamp:
- 12/19/10 10:35:49 (17 months ago)
- Location:
- branches/1.5/libs
- Files:
-
- 5 modified
-
Announcements.php (modified) (3 diffs)
-
Category.php (modified) (5 diffs)
-
Feeds.php (modified) (1 diff)
-
PluginManagement.php (modified) (11 diffs)
-
Post.php (modified) (8 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/1.5/libs/Announcements.php
r2299 r2317 56 56 $maintenance->getSiteAnnouncement($h); 57 57 if ($h->vars['admin_announcement_enabled']) { 58 $announcements[] = urldecode($h->vars['admin_announcement']);58 $announcements[] = $h->vars['admin_announcement']; 59 59 } 60 60 … … 88 88 89 89 // Check if install file has not been run 90 $sql = "SELECT miscdata_value FROM ".TABLE_MISCDATA." WHERE miscdata_key = %s"; 91 $hotaru_version = $h->db->get_var($h->db->prepare($sql, 'hotaru_version')); 90 $hotaru_version = $h->db->get_var("SELECT miscdata_value FROM ".TABLE_MISCDATA." WHERE miscdata_key = 'hotaru_version'"); 92 91 if (version_compare($h->version, $hotaru_version, '>')) { 93 92 $announcements[] = $h->lang['admin_announcement_run_install']; … … 114 113 $announcements = $h->vars['admin_announcements']; 115 114 116 if (!is_array($announcements)) { 117 return false; 118 } else { 115 if (is_array($announcements)) { 119 116 return $announcements; 120 117 } 118 return FALSE; 121 119 } 122 120 -
branches/1.5/libs/Category.php
r1690 r2317 36 36 { 37 37 $sql = "SELECT category_id FROM " . TABLE_CATEGORIES . " WHERE category_safe_name = %s"; 38 $cat_id = $h->db->get_var($h->db->prepare($sql, urlencode($cat_safe_name)));38 $cat_id = $h->db->get_var($h->db->prepare($sql, $cat_safe_name)); 39 39 return $cat_id; 40 40 } … … 59 59 $cat_name = $h->db->get_var($h->db->prepare($sql, $cat_id)); 60 60 } 61 return urldecode($cat_name);61 return $cat_name; 62 62 } 63 63 … … 88 88 } 89 89 90 return urldecode($cat_safe_name);90 return $cat_safe_name; 91 91 } 92 92 … … 243 243 // return false if duplicate name 244 244 $sql = "SELECT category_name FROM " . TABLE_CATEGORIES . " WHERE category_name = %s"; 245 $exists = $h->db->get_var($h->db->prepare($sql, urlencode($new_cat_name)));245 $exists = $h->db->get_var($h->db->prepare($sql, $new_cat_name)); 246 246 if ($exists) { return false; } 247 247 … … 258 258 //insert new category after parent category: 259 259 $sql = "INSERT INTO " . TABLE_CATEGORIES . " (category_parent, category_name, category_safe_name, category_order, category_updateby) VALUES (%d, %s, %s, %d, %d)"; 260 $h->db->query($h->db->prepare($sql, $parent, urlencode($new_cat_name), urlencode(make_url_friendly($new_cat_name)), $position, $h->currentUser->id));260 $h->db->query($h->db->prepare($sql, $parent, $new_cat_name, make_url_friendly($new_cat_name), $position, $h->currentUser->id)); 261 261 262 262 $this->rebuildTree($h, 1, 0); -
branches/1.5/libs/Feeds.php
r2175 r2317 40 40 41 41 $feed = new RSS($h->url(array('page'=>'rss'))); 42 $feed->title = stripslashes(html_entity_decode( urldecode($title), ENT_QUOTES, 'UTF-8'));42 $feed->title = stripslashes(html_entity_decode($title, ENT_QUOTES, 'UTF-8')); 43 43 $feed->link = html_entity_decode($link, ENT_QUOTES, 'UTF-8'); 44 44 $feed->description = $description; -
branches/1.5/libs/PluginManagement.php
r2247 r2317 64 64 $p['folder'] = $plugin_row->plugin_folder; 65 65 $p['author'] = $plugin_row->plugin_author; 66 $p['authorurl'] = urldecode($plugin_row->plugin_authorurl);66 $p['authorurl'] = $plugin_row->plugin_authorurl; 67 67 $p['status'] = ($plugin_row->plugin_enabled) ? 'active' : 'inactive'; 68 68 $p['version'] = $plugin_row->plugin_version; … … 82 82 83 83 if (isset($plugin_details['authorurl'])) { 84 $p['authorurl'] = urldecode($plugin_details['authorurl']);84 $p['authorurl'] = $plugin_details['authorurl']; 85 85 } 86 86 … … 166 166 public function getPluginsMeta() 167 167 { 168 $plugin_list = getFilenames(PLUGINS, "short");168 $plugin_list = FileSystem::listFiles(PLUGINS); 169 169 $plugins_array = array(); 170 170 foreach ($plugin_list as $plugin_folder_name) { … … 184 184 public function readPluginMeta($plugin_file) 185 185 { 186 if ($plugin_file == 'placeholder.txt') {187 return FALSE;188 }189 190 186 // Include the generic_pmd class that reads post metadata from the a plugin 191 187 require_once(EXTENSIONS.'GenericPHPConfig/class.metadata.php'); … … 227 223 // Clear the database cache to ensure stored plugins and hooks 228 224 // are up-to-date. 229 $h->deleteFiles(CACHE.'db_cache');225 FileSystem::deleteFiles(CACHE.'db_cache'); 230 226 231 227 // Clear the css/js cache to ensure any new ones get included 232 $h->deleteFiles(CACHE.'css_js_cache');228 FileSystem::deleteFiles(CACHE.'css_js_cache'); 233 229 234 230 // Clear the language cache to ensure any new language files get included … … 263 259 264 260 $sql = "REPLACE INTO ".TABLE_PLUGINS." (plugin_enabled, plugin_name, plugin_folder, plugin_class, plugin_extends, plugin_type, plugin_desc, plugin_requires, plugin_version, plugin_author, plugin_authorurl, plugin_updateby) VALUES (%d, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %d)"; 265 $h->db->query($h->db->prepare($sql, $h->plugin->enabled, $h->plugin->name, $h->plugin->folder, $h->plugin->class, $h->plugin->extends, $h->plugin->type, $h->plugin->desc, $h->plugin->requires, $h->plugin->version, $h->plugin->author, urlencode($h->plugin->authorurl), $h->currentUser->id));261 $h->db->query($h->db->prepare($sql, $h->plugin->enabled, $h->plugin->name, $h->plugin->folder, $h->plugin->class, $h->plugin->extends, $h->plugin->type, $h->plugin->desc, $h->plugin->requires, $h->plugin->version, $h->plugin->author, $h->plugin->authorurl, $h->currentUser->id)); 266 262 267 263 // Get the last order number - doing this after REPLACE INTO because … … 276 272 // upgrading: 277 273 $sql = "UPDATE ".TABLE_PLUGINS." SET plugin_enabled = %d, plugin_name = %s, plugin_folder = %s, plugin_class = %s, plugin_extends = %s, plugin_type = %s, plugin_desc = %s, plugin_requires = %s, plugin_version = %s, plugin_author = %s, plugin_authorurl = %s, plugin_updateby = %d WHERE plugin_folder = %s"; 278 $h->db->query($h->db->prepare($sql, $h->plugin->enabled, $h->plugin->name, $h->plugin->folder, $h->plugin->class, $h->plugin->extends, $h->plugin->type, $h->plugin->desc, $h->plugin->requires, $h->plugin->version, $h->plugin->author, urlencode($h->plugin->authorurl), $h->currentUser->id, $h->plugin->folder));274 $h->db->query($h->db->prepare($sql, $h->plugin->enabled, $h->plugin->name, $h->plugin->folder, $h->plugin->class, $h->plugin->extends, $h->plugin->type, $h->plugin->desc, $h->plugin->requires, $h->plugin->version, $h->plugin->author, $h->plugin->authorurl, $h->currentUser->id, $h->plugin->folder)); 279 275 } 280 276 … … 398 394 { 399 395 // Clear the database cache to ensure plugins and hooks are up-to-date. 400 $h->deleteFiles(CACHE.'db_cache');396 FileSystem::deleteFiles(CACHE.'db_cache'); 401 397 402 398 // Clear the css/js cache to ensure any new ones get included 403 $h->deleteFiles(CACHE.'css_js_cache');399 FileSystem::deleteFiles(CACHE.'css_js_cache'); 404 400 405 401 // Clear the language cache to ensure any new language files get included … … 420 416 { 421 417 // Clear the database cache to ensure plugins and hooks are up-to-date. 422 $h->deleteFiles(CACHE.'db_cache');418 FileSystem::deleteFiles(CACHE.'db_cache'); 423 419 424 420 // Clear the css/js cache to ensure this plugin's files are removed 425 $h->deleteFiles(CACHE.'css_js_cache');421 FileSystem::deleteFiles(CACHE.'css_js_cache'); 426 422 427 423 // Clear the language cache to ensure any new language files get included … … 553 549 { // 0 = deactivate, 1 = activate 554 550 // Clear the database cache to ensure plugins and hooks are up-to-date. 555 $h->deleteFiles(CACHE.'db_cache');551 FileSystem::deleteFiles(CACHE.'db_cache'); 556 552 557 553 // Clear the css/js cache to ensure any new ones get included 558 $h->deleteFiles(CACHE.'css_js_cache');554 FileSystem::deleteFiles(CACHE.'css_js_cache'); 559 555 560 556 // Get the enabled status for this plugin... … … 770 766 771 767 } 772 773 ?> -
branches/1.5/libs/Post.php
r2296 r2317 94 94 $this->pubDate = $post_row->post_pub_date; 95 95 $this->status = $post_row->post_status; 96 $this->type = urldecode($post_row->post_type);97 $this->category = urldecode($post_row->post_category);98 $this->tags = stripslashes( urldecode($post_row->post_tags));99 $this->title = stripslashes( urldecode($post_row->post_title));100 $this->origUrl = urldecode($post_row->post_orig_url);101 $this->domain = urldecode($post_row->post_domain);102 $this->url = urldecode($post_row->post_url);103 $this->content = stripslashes( urldecode($post_row->post_content));96 $this->type = $post_row->post_type; 97 $this->category = $post_row->post_category; 98 $this->tags = stripslashes($post_row->post_tags); 99 $this->title = stripslashes($post_row->post_title); 100 $this->origUrl = $post_row->post_orig_url; 101 $this->domain = $post_row->post_domain; 102 $this->url = $post_row->post_url; 103 $this->content = stripslashes($post_row->post_content); 104 104 $this->comments = $post_row->post_comments; 105 105 $this->subscribe = $post_row->post_subscribe; … … 155 155 $sql = "INSERT INTO " . TABLE_POSTS . " SET post_author = %d, post_date = CURRENT_TIMESTAMP, post_status = %s, post_type = %s, post_category = %d, post_tags = %s, post_title = %s, post_orig_url = %s, post_domain = %s, post_url = %s, post_content = %s, post_subscribe = %d, post_updateby = %d"; 156 156 157 $h->db->query($h->db->prepare($sql, $this->author, $this->status, urlencode($this->type), $this->category, urlencode(trim($this->tags)), urlencode(trim($this->title)), urlencode($this->origUrl), urlencode($this->domain), urlencode(trim($this->url)), urlencode(trim($this->content)), $this->subscribe, $h->currentUser->id));157 $h->db->query($h->db->prepare($sql, $this->author, $this->status, $this->type, $this->category, trim($this->tags), trim($this->title), $this->origUrl, $this->domain, trim($this->url), trim($this->content), $this->subscribe, $h->currentUser->id)); 158 158 159 159 $last_insert_id = $h->db->get_var($h->db->prepare("SELECT LAST_INSERT_ID()")); … … 194 194 $sql = "UPDATE " . TABLE_POSTS . " SET post_author = %d, post_status = %s, post_type = %s, post_category = %d, post_tags = %s, post_title = %s, post_orig_url = %s, post_domain = %s, post_url = %s, post_content = %s, post_subscribe = %d, post_comments = %s, post_updateby = %d WHERE post_id = %d"; 195 195 196 $h->db->query($h->db->prepare($sql, $this->author, $this->status, urlencode($this->type), $this->category, urlencode(trim($this->tags)), urlencode(trim($this->title)), urlencode($this->origUrl), urlencode($this->domain), urlencode(trim($this->url)), urlencode(trim($this->content)), $this->subscribe, $this->comments, $h->currentUser->id, $this->id));196 $h->db->query($h->db->prepare($sql, $this->author, $this->status, $this->type, $this->category, trim($this->tags), trim($this->title), $this->origUrl, $this->domain, trim($this->url), trim($this->content), $this->subscribe, $this->comments, $h->currentUser->id, $this->id)); 197 197 198 198 $h->post->id = $this->id; // a small hack to get the id for use in plugins. … … 282 282 { 283 283 $sql = "SELECT post_id, post_status FROM " . TABLE_POSTS . " WHERE post_orig_url = %s"; 284 $posts = $h->db->get_results($h->db->prepare($sql, urlencode($url)));284 $posts = $h->db->get_results($h->db->prepare($sql, $url)); 285 285 286 286 if (!$posts) { return false; } … … 296 296 // One last check to see if a post is present: 297 297 $sql = "SELECT * FROM " . TABLE_POSTS . " WHERE post_orig_url = %s LIMIT 1"; 298 $post = $h->db->get_row($h->db->prepare($sql, urlencode($url)));298 $post = $h->db->get_row($h->db->prepare($sql, $url)); 299 299 300 300 // if present return the first existing row … … 316 316 317 317 $sql = "SELECT post_id, post_status FROM " . TABLE_POSTS . " WHERE post_title = %s"; 318 $posts = $h->db->get_results($h->db->prepare($sql, urlencode($title)));318 $posts = $h->db->get_results($h->db->prepare($sql, $title)); 319 319 320 320 if (!$posts) { return false; } … … 330 330 // One last check to see if a post is present: 331 331 $sql = "SELECT post_id FROM " . TABLE_POSTS . " WHERE post_title = %s LIMIT 1"; 332 $post_id = $h->db->get_var($h->db->prepare($sql, urlencode($title)));332 $post_id = $h->db->get_var($h->db->prepare($sql, $title)); 333 333 334 334 if ($post_id) { return $post_id; } else { return false; } … … 345 345 { 346 346 $sql = "SELECT post_id FROM " . TABLE_POSTS . " WHERE post_url = %s LIMIT 1"; 347 $post_id = $h->db->get_var($h->db->prepare($sql, urlencode($post_url)));347 $post_id = $h->db->get_var($h->db->prepare($sql, $post_url)); 348 348 if ($post_id) { return $post_id; } else { return false; } 349 349 }
