Modified for security.

[nucleus-jp/nucleus-plugins.git] / NP_gallery / trunk / gallery / add_picture.php

diff --git a/NP_gallery/trunk/gallery/add_picture.php b/NP_gallery/trunk/gallery/add_picture.php
index 0441ec9..a9b1896 100644 (file)
--- a/NP_gallery/trunk/gallery/add_picture.php
+++ b/NP_gallery/trunk/gallery/add_picture.php
@@ -15,7 +15,7 @@ body {
 \r
 //add_picture.php\r
 include('../../../config.php');\r
-include_once('config.php'); //gallery config\r
+include_once(dirname(__FILE__).'/config.php'); //gallery config\r
 include_once($DIR_LIBS . 'ITEM.php');\r
 \r
 \r
@@ -306,7 +306,7 @@ switch($type) {
                        else {\r
                                $j=0;\r
                                while($ids[$j]) {\r
-                                       $query = 'insert into '.sql_table('plug_gallery_promo').' values ('.$ids[$j].', '.$result['itemid'].')';\r
+                                       $query = 'insert into '.sql_table('plug_gallery_promo').' values ('.intval($ids[$j]).', '.intval($result['itemid']).')';\r
                                        sql_query($query);\r
                                        $j++;\r
                                }\r
@@ -457,7 +457,7 @@ function add_temp($albumid = 0, $filename, $filetype, $filesize, $filetempname,
      $query = 'insert into '\r
       .$temp_table\r
       .'(tempid,memberid,albumid,filename,intfilename,thumbfilename,title,description,promote,error)'\r
-      ." values (NULL, $memberid, $albumid, '$filename', '$int_filename', '$thumb_filename', '$defaulttitle', '$description', 0, '$error') ";\r
+      ." values (NULL, ".intval($memberid).", ".intval($albumid).", '".addslashes($filename)."', '".addslashes($int_filename)."', '".addslashes($thumb_filename)."', '".addslashes($defaulttitle)."', '".addslashes($description)."', 0, '".addslashes($error)."') ";\r
    //echo $query.'<br/>';\r
    $result = sql_query($query);\r
 \r