« on: September 08, 2007, 06:40:13 PM »
Detail: Check variable for right result.
Find:
$user_name = (isset($HTTP_POST_VARS['user_name'])) ? trim($HTTP_POST_VARS['user_name']) : "";
$user_name = preg_replace("/[^A-Za-z0-9_-]+/i", "", $user_name);
$comment_headline = (isset($HTTP_POST_VARS['comment_headline']) && preg_match("/[a-zA-Z0-9\.\,;:%&#@!\^-_~`\"'\[\]\{\}\*\/\?\(\)\n\r]/", $HTTP_POST_VARS['comment_headline'])) ? trim($HTTP_POST_VARS['comment_headline']) : "";
$comment_text = (isset($HTTP_POST_VARS['comment_text']) && preg_match("/[a-zA-Z0-9\.\,;:%&#@!\^-_~`\"'\[\]\{\}\*\/\?\(\)\n\r]/", $HTTP_POST_VARS['comment_text'])) ? trim($HTTP_POST_VARS['comment_text']) : "";
$comment_ip = (isset($HTTP_POST_VARS['comment_ip'])) ? trim($HTTP_POST_VARS['comment_ip']) : "";
$comment_ip = preg_replace("/[^\.0-9]+/", "", $comment_ip);
$comment_date = (isset($HTTP_POST_VARS['comment_date'])) ? trim($HTTP_POST_VARS['comment_date']) : "";
Find:
$image_name = trim($HTTP_POST_VARS['image_name']);
if ($image_name != "") {
$condition .= " AND INSTR(LCASE(i.image_name),'".strtolower($image_name)."')>0";
}
$image_id = intval($HTTP_POST_VARS['image_id']);
if ($image_id != 0) {
$condition .= " AND INSTR(LCASE(c.image_id),'".strtolower($image_id)."')>0";
}
$user_name = trim($HTTP_POST_VARS['user_name']);
if ($user_name != "") {
$condition .= " AND INSTR(LCASE(c.user_name),'".strtolower($user_name)."')>0";
}
$comment_headline = trim($HTTP_POST_VARS['comment_headline']);
if ($comment_headline != "") {
$condition .= " AND INSTR(LCASE(c.comment_headline),'".strtolower($comment_headline)."')>0";
}
$comment_text = trim($HTTP_POST_VARS['comment_text']);
if ($comment_text != "") {
$condition .= " AND INSTR(LCASE(c.comment_text),'".strtolower($comment_text)."')>0";
}
$dateafter = trim($HTTP_POST_VARS['dateafter']);
if ($dateafter != "") {
$condition .= " AND c.comment_date > UNIX_TIMESTAMP('$dateafter')";
}
$datebefore = trim($HTTP_POST_VARS['datebefore']);
if ($datebefore != "") {
$condition .= " AND c.comment_date < UNIX_TIMESTAMP('$datebefore')";
}
$orderby = trim($HTTP_POST_VARS['orderby']);
if ($orderby == "") {
$orderby = "i.image_name";
}
$limitstart = (isset($HTTP_POST_VARS['limitstart'])) ? trim($HTTP_POST_VARS['limitstart']) : "";
if ($limitstart == "") {
$limitstart = 0;
}
else {
$limitstart--;
}
$limitnumber = trim($HTTP_POST_VARS['limitnumber']);
if ($limitnumber == "") {
$limitnumber = 5000;
}
replace:
$image_name = (isset($HTTP_POST_VARS['image_name'])) ? trim($HTTP_POST_VARS['image_name']) : "";
$image_name = preg_replace("/[^A-Za-z0-9_-]+/i", "", $image_name);
if ($image_name != "") {
$condition .= " AND INSTR(LCASE(i.image_name),'".strtolower($image_name)."') > 0";
}
$image_id = (isset($HTTP_POST_VARS['image_id'])) ? intval($HTTP_POST_VARS['image_id']) : 0;
$image_id = preg_replace("/[^0-9]+/i", "", $image_id);
if ($image_id != 0) {
$condition .= " AND INSTR(LCASE(c.image_id),'".strtolower($image_id)."') > 0";
}
$user_name = (isset($HTTP_POST_VARS['user_name'])) ? trim($HTTP_POST_VARS['user_name']) : "";
$user_name = preg_replace("/[^A-Za-z0-9_-]+/i", "", $user_name);
if ($user_name != "") {
$condition .= " AND INSTR(LCASE(c.user_name),'".strtolower($user_name)."') > 0";
}
$comment_headline = (isset($HTTP_POST_VARS['comment_headline']) && preg_match("/[a-zA-Z0-9\.\,;:%&#@!\^-_~`\"'\[\]\{\}\*\/\?\(\)\n\r]/", $HTTP_POST_VARS['comment_headline'])) ? trim($HTTP_POST_VARS['comment_headline']) : "";
if ($comment_headline != "") {
$condition .= " AND INSTR(LCASE(c.comment_headline),'".strtolower($comment_headline)."') > 0";
}
$comment_text = (isset($HTTP_POST_VARS['comment_text']) && preg_match("/[a-zA-Z0-9\.\,;:%&#@!\^-_~`\"'\[\]\{\}\*\/\?\(\)\n\r]/", $HTTP_POST_VARS['comment_text'])) ? trim($HTTP_POST_VARS['comment_text']) : "";
if ($comment_text != "") {
$condition .= " AND INSTR(LCASE(c.comment_text),'".strtolower($comment_text)."') > 0";
}
$dateafter = (isset($HTTP_POST_VARS['dateafter'])) ? trim($HTTP_POST_VARS['dateafter']) : "";
if ($dateafter != "") {
$condition .= " AND c.comment_date > UNIX_TIMESTAMP('$dateafter')";
}
$datebefore = (isset($HTTP_POST_VARS['datebefore'])) ? trim($HTTP_POST_VARS['datebefore']) : "";
if ($datebefore != "") {
$condition .= " AND c.comment_date < UNIX_TIMESTAMP('$datebefore')";
}
$orderby = (isset($HTTP_POST_VARS['orderby'])) ? trim($HTTP_POST_VARS['orderby']) : "";
if ($orderby == "") {
$orderby = "i.image_name";
}
$limitstart = (isset($HTTP_POST_VARS['limitstart'])) ? trim($HTTP_POST_VARS['limitstart']) : "";
if ($limitstart == "") {
$limitstart = 0;
}
else {
$limitstart--;
}
$limitnumber = (isset($HTTP_POST_VARS['limitnumber'])) ? trim($HTTP_POST_VARS['limitnumber']) : "";
if ($limitnumber == "") {
$limitnumber = 5000;
}
Logged
8 steps need when ask question -
- PHP version (ACP - > phpinfo())
- mySQL version (ACP - > phpinfo())
- 4images version
- Post screenshot / URL
- Post code in BB Code (no need full file for code) or post attach file
- It doesn't work. What is say - what is do for no work
- Install MOD ? If so - please say (troubleshooting)
- Read FAQ ? Install Bug fixes ?
