OSDN Git Service
(root)
/
nucleus-jp
/
nucleus-next.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
1ce5d2c
)
FIX:ブログ追加作成処理でDB向けエスケープ処理した文字列が画面表示に使用されていた不具合を修正
author
reine
<reine@users.sourceforge.jp>
Tue, 24 Apr 2012 16:16:41 +0000
(
01:16
+0900)
committer
reine
<reine@users.sourceforge.jp>
Tue, 24 Apr 2012 16:16:41 +0000
(
01:16
+0900)
nucleus/libs/ADMIN.php
patch
|
blob
|
history
diff --git
a/nucleus/libs/ADMIN.php
b/nucleus/libs/ADMIN.php
index
d113217
..
401a766
100644
(file)
--- a/
nucleus/libs/ADMIN.php
+++ b/
nucleus/libs/ADMIN.php
@@
-3614,15
+3614,15
@@
class Admin
);
);
- // add slashes for sql queries
- $bname = DB::quoteValue($bname);
- $bshortname = DB::quoteValue($bshortname);
- $btimeoffset = DB::quoteValue($btimeoffset);
- $bdesc = DB::quoteValue($bdesc);
- $bdefskin = DB::quoteValue($bdefskin);
-
// create blog
// create blog
- $query = 'INSERT INTO '.sql_table('blog')." (bname, bshortname, bdesc, btimeoffset, bdefskin) VALUES ($bname, $bshortname, $bdesc, $btimeoffset, $bdefskin)";
+ $query = sprintf('INSERT INTO %s (bname, bshortname, bdesc, btimeoffset, bdefskin) VALUES (%s, %s, %s, %s, %s)',
+ sql_table('blog'),
+ DB::quoteValue($bname),
+ DB::quoteValue($bshortname),
+ DB::quoteValue($bdesc),
+ DB::quoteValue($btimeoffset),
+ DB::quoteValue($bdefskin)
+ );
DB::execute($query);
$blogid = DB::getInsertId();
$blog =& $manager->getBlog($blogid);
DB::execute($query);
$blogid = DB::getInsertId();
$blog =& $manager->getBlog($blogid);
@@
-3630,8
+3630,13
@@
class Admin
// create new category
$catdefname = (defined('_EBLOGDEFAULTCATEGORY_NAME') ? _EBLOGDEFAULTCATEGORY_NAME : 'General');
$catdefdesc = (defined('_EBLOGDEFAULTCATEGORY_DESC') ? _EBLOGDEFAULTCATEGORY_DESC : 'Items that do not fit in other categories');
// create new category
$catdefname = (defined('_EBLOGDEFAULTCATEGORY_NAME') ? _EBLOGDEFAULTCATEGORY_NAME : 'General');
$catdefdesc = (defined('_EBLOGDEFAULTCATEGORY_DESC') ? _EBLOGDEFAULTCATEGORY_DESC : 'Items that do not fit in other categories');
- $sql = 'INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, %s, %s)';
- DB::execute(sprintf($sql, sql_table('category'), $blogid, DB::quoteValue($catdefname), DB::quoteValue($catdefdesc)));
+ $query = sprintf('INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, %s, %s)',
+ sql_table('category'),
+ $blogid,
+ DB::quoteValue($catdefname),
+ DB::quoteValue($catdefdesc)
+ );
+ DB::execute($query);
$catid = DB::getInsertId();
// set as default category
$catid = DB::getInsertId();
// set as default category
@@
-3640,7
+3645,7
@@
class Admin
// create team member
$memberid = $member->getID();
// create team member
$memberid = $member->getID();
- $query =
'INSERT INTO '.sql_table('team')." (tmember, tblog, tadmin) VALUES ($memberid, $blogid, 1)"
;
+ $query =
sprintf('INSERT INTO %s (tmember, tblog, tadmin) VALUES (%d, %d, 1)', sql_table('team'), $memberid, $blogid)
;
DB::execute($query);
$itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item');
DB::execute($query);
$itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item');