4images Forum & Community
4images Issues / Ausgaben => Feedback & Suggestions => Topic started by: thunderstrike on September 08, 2007, 08:01:18 PM
-
Detail: Check variable for right result.
Find:
$image_name = trim($HTTP_POST_VARS['image_name']);
$image_description = trim($HTTP_POST_VARS['image_description']);
$image_keywords = trim($HTTP_POST_VARS['image_keywords']);
$image_keywords = preg_replace("/[\n\r]/is", " ", $image_keywords);
$image_keywords = str_replace(","," ",$image_keywords);
$image_keywords = ereg_replace("( ){2,}", " ", $image_keywords);
$cat_id = intval($HTTP_POST_VARS['cat_id']);
$user_id = (intval($HTTP_POST_VARS['user_id']) != 0) ? intval($HTTP_POST_VARS['user_id']) : $user_info['user_id'];
$image_date = (trim($HTTP_POST_VARS['image_date']) != "") ? "UNIX_TIMESTAMP('".trim($HTTP_POST_VARS['image_date'])."')" : time();
$remote_file = trim($HTTP_POST_VARS['remote_file']);
$remote_thumb_file = trim($HTTP_POST_VARS['remote_thumb_file']);
$old_file_name = trim($HTTP_POST_VARS['old_file_name']);
$old_thumb_file_name = trim($HTTP_POST_VARS['old_thumb_file_name']);
$image_download_url = trim($HTTP_POST_VARS['image_download_url']);
replace:
$image_name = (isset($HTTP_POST_VARS['image_name'])) ? trim($HTTP_POST_VARS['image_name']) : "";
$image_name = preg_replace("/[^A-Za-z0-9_-]+/i", "", $image_name);
$image_description = (isset($HTTP_POST_VARS['image_description']) && preg_match("/[a-zA-Z0-9\.\,;:%&#@!\^-_~`\"'\[\]\{\}\*\/\?\(\)\n\r]/", $HTTP_POST_VARS['image_description'])) ? trim($HTTP_POST_VARS['image_description']) : "";
$cat_id = (isset($HTTP_POST_VARS['cat_id'])) ? intval($HTTP_POST_VARS['cat_id']) : 0;
$cat_id = preg_replace("[^0-9]+/i", "", $cat_id);
$user_id = (isset($HTTP_POST_VARS['user_id']) && intval($HTTP_POST_VARS['user_id']) != 0) ? intval($HTTP_POST_VARS['user_id']) : $user_info['user_id'];
$user_id = preg_replace("/[^0-9]+/i", "", $user_id);
$image_date = (isset($HTTP_POST_VARS['image_date']) && trim($HTTP_POST_VARS['image_date']) != "") ? "UNIX_TIMESTAMP('".trim($HTTP_POST_VARS['image_date'])."')" : time();
$remote_file = (isset($HTTP_POST_VARS['remote_file'])) ? trim($HTTP_POST_VARS['remote_file']) : "";
$remote_thumb_file = (isset($HTTP_POST_VARS['remote_thumb_file'])) ? trim($HTTP_POST_VARS['remote_thumb_file']) : "";
$old_file_name = (isset($HTTP_POST_VARS['old_file_name'])) ? trim($HTTP_POST_VARS['old_file_name']) : "";
$old_thumb_file_name = (isset($HTTP_POST_VARS['old_thumb_file_name'])) ? trim($HTTP_POST_VARS['old_thumb_file_name']) : "";
$image_download_url = (isset($HTTP_POST_VARS['image_download_url']) && preg_match('@^(?:http://)?([^/]+)@i', $HTTP_POST_VARS['image_download_url'])) ? trim($HTTP_POST_VARS['image_download_url']) : "";
-
and what does that do !!?
u mean ur code will validate any post or image that admin post ??
-
Better chek content.