4images Forum & Community

4images Issues / Ausgaben => Feedback & Suggestions => Topic started by: thunderstrike on September 08, 2007, 08:01:18 PM

Title: [FIX] - admin/validateimages.php
Post by: thunderstrike on September 08, 2007, 08:01:18 PM

Detail: Check variable for right result.

Find:

Quote

$image_name = trim($HTTP_POST_VARS['image_name']);
  $image_description = trim($HTTP_POST_VARS['image_description']);

  $image_keywords = trim($HTTP_POST_VARS['image_keywords']);
  $image_keywords = preg_replace("/[\n\r]/is", " ", $image_keywords);
  $image_keywords = str_replace(","," ",$image_keywords);
  $image_keywords = ereg_replace("( ){2,}", " ", $image_keywords);

  $cat_id = intval($HTTP_POST_VARS['cat_id']);
  $user_id = (intval($HTTP_POST_VARS['user_id']) != 0) ? intval($HTTP_POST_VARS['user_id']) : $user_info['user_id'];

  $image_date = (trim($HTTP_POST_VARS['image_date']) != "") ? "UNIX_TIMESTAMP('".trim($HTTP_POST_VARS['image_date'])."')" : time();

  $remote_file = trim($HTTP_POST_VARS['remote_file']);
  $remote_thumb_file = trim($HTTP_POST_VARS['remote_thumb_file']);

  $old_file_name = trim($HTTP_POST_VARS['old_file_name']);
  $old_thumb_file_name = trim($HTTP_POST_VARS['old_thumb_file_name']);

  $image_download_url = trim($HTTP_POST_VARS['image_download_url']);

replace:

Code: [Select]

$image_name = (isset($HTTP_POST_VARS['image_name'])) ? trim($HTTP_POST_VARS['image_name']) : "";
$image_name = preg_replace("/[^A-Za-z0-9_-]+/i", "", $image_name);
$image_description = (isset($HTTP_POST_VARS['image_description']) && preg_match("/[a-zA-Z0-9\.\,;:%&#@!\^-_~`\"'\[\]\{\}\*\/\?\(\)\n\r]/", $HTTP_POST_VARS['image_description'])) ? trim($HTTP_POST_VARS['image_description']) : "";

$cat_id = (isset($HTTP_POST_VARS['cat_id'])) ? intval($HTTP_POST_VARS['cat_id']) : 0;
$cat_id = preg_replace("[^0-9]+/i", "", $cat_id);
$user_id = (isset($HTTP_POST_VARS['user_id']) && intval($HTTP_POST_VARS['user_id']) != 0) ? intval($HTTP_POST_VARS['user_id']) : $user_info['user_id'];
$user_id = preg_replace("/[^0-9]+/i", "", $user_id);

$image_date = (isset($HTTP_POST_VARS['image_date']) && trim($HTTP_POST_VARS['image_date']) != "") ? "UNIX_TIMESTAMP('".trim($HTTP_POST_VARS['image_date'])."')" : time();

$remote_file = (isset($HTTP_POST_VARS['remote_file'])) ? trim($HTTP_POST_VARS['remote_file']) : "";
$remote_thumb_file = (isset($HTTP_POST_VARS['remote_thumb_file'])) ? trim($HTTP_POST_VARS['remote_thumb_file']) : "";

$old_file_name = (isset($HTTP_POST_VARS['old_file_name'])) ? trim($HTTP_POST_VARS['old_file_name']) : "";
$old_thumb_file_name = (isset($HTTP_POST_VARS['old_thumb_file_name'])) ? trim($HTTP_POST_VARS['old_thumb_file_name']) : "";

$image_download_url = (isset($HTTP_POST_VARS['image_download_url']) && preg_match('@^(?:http://)?([^/]+)@i', $HTTP_POST_VARS['image_download_url'])) ? trim($HTTP_POST_VARS['image_download_url']) : "";


Title: Re: [FIX] - admin/validateimages.php
Post by: Mr_LovaLove on September 09, 2007, 12:03:01 AM

and what does that do !!?


u mean ur code will validate any post or image that admin post ??

Title: Re: [FIX] - admin/validateimages.php
Post by: thunderstrike on September 09, 2007, 12:40:11 AM

Better chek content.