X-Git-Url: http://git.osdn.net/view?p=nucleus-jp%2Fnucleus-next.git;a=blobdiff_plain;f=nucleus%2Fconvert%2Ffunctions.inc.php;h=6f27dfdd32fbf12fdf2cbd44050912d0989595c7;hp=cf28fb5b75fcda4e56ab8a5309d1b23903b5f667;hb=c90b0980cfa3e79cd4bc7eed551a64a5e2b02a5c;hpb=fe4e862f6b23596d657c5228588785dfe537fb8f
diff --git a/nucleus/convert/functions.inc.php b/nucleus/convert/functions.inc.php
index cf28fb5..6f27dfd 100644
--- a/nucleus/convert/functions.inc.php
+++ b/nucleus/convert/functions.inc.php
@@ -12,7 +12,7 @@
/**
* @license http://nucleuscms.org/license.txt GNU General Public License
* @copyright Copyright (C) 2002-2006 The Nucleus Group
- * @version $Id: functions.inc.php 1624 2012-01-09 11:36:20Z sakamocchi $
+ * @version $Id: functions.inc.php 1889 2012-06-17 08:46:45Z sakamocchi $
*/
// try to set a long timeout time
@@ -228,8 +228,10 @@ class BlogImport {
}
// - call callback
- if ($this->strCallback && function_exists($this->strCallback)) {
- call_user_func_array($this->strCallback, array(&$aData));
+ if ( $this->strCallback && function_exists($this->strCallback) )
+ {
+ $params = array(&$aData);
+ call_user_func_array($this->strCallback, $params);
}
if ($this->bDebug) {
@@ -294,7 +296,7 @@ class BlogImport {
$query = 'SELECT bname as text, bnumber as value FROM '.sql_table('blog');
$template['name'] = 'blogid';
$template['selected'] = $CONF['DefaultBlog'];
- showlist($query,'select',$template);
+ echo showlist($query,'select',$template);
break;
// ----------------------------------------------------------------------------------------
case 'ConvertSelectMembers':
@@ -796,34 +798,45 @@ class BlogImport {
}
function sql_addToItem($title, $body, $more, $blogid, $authorid, $timestamp, $closed, $category, $karmapos, $karmaneg) {
- $title = trim(addslashes($title));
- $body = trim(addslashes($body));
- $more = trim(addslashes($more));
- $timestamp = date("Y-m-d H:i:s", $timestamp);
+ $title = DB::quoteValue(trim($title));
+ $body = DB::quoteValue(trim($body));
+ $more = DB::quoteValue(trim($more));
+ $timestamp = DB::formatDateTime($timestamp);
$query = 'INSERT INTO '.sql_table('item').' (ITITLE, IBODY, IMORE, IBLOG, IAUTHOR, ITIME, ICLOSED, IKARMAPOS, IKARMANEG, ICAT) '
- . "VALUES ('$title', '$body', '$more', $blogid, $authorid, '$timestamp', $closed, $karmapos, $karmaneg, $category)";
+ . "VALUES ($title, $body, $more, $blogid, $authorid, $timestamp, $closed, $karmapos, $karmaneg, $category)";
if ( DB::execute($query) === FALSE )
{
+<<<<<<< HEAD
die("Error while executing query: " . $query);
+=======
+ die('Error while executing query: ' . $query);
+>>>>>>> skinnable-master
}
return DB::getInsertId();
}
function sql_addToBlog($name, $shortname, $ownerid) {
- $name = addslashes($name);
- $shortname = addslashes($shortname);
+ $name = DB::quoteValue($name);
+ $shortname = DB::quoteValue($shortname);
// create new category first
DB::execute('INSERT INTO '.sql_table('category')." (CNAME, CDESC) VALUES ('General','Items that do not fit in another category')");
$defcat = DB::getInsertId();
+<<<<<<< HEAD
$query = 'INSERT INTO '.sql_table('blog')." (BNAME, BSHORTNAME, BCOMMENTS, BMAXCOMMENTS, BDEFCAT) VALUES ('$name','$shortname',1 ,0, $defcat)";
if ( DB::execute($query) === FALSE )
{
die("Error while executing query: " . $query);
+=======
+ $query = 'INSERT INTO '.sql_table('blog')." (BNAME, BSHORTNAME, BCOMMENTS, BMAXCOMMENTS, BDEFCAT) VALUES ($name, $shortname, 1, 0, $defcat)";
+ if ( DB::execute($query) === FALSE )
+ {
+ die('Error while executing query: ' . $query);
+>>>>>>> skinnable-master
}
$id = DB::getInsertId();
@@ -837,20 +850,24 @@ class BlogImport {
}
function sql_addToComments($name, $url, $body, $blogid, $itemid, $memberid, $timestamp, $host, $ip='') {
- $name = addslashes($name);
- $url = addslashes($url);
- $body = trim(addslashes($body));
- $host = addslashes($host);
- $ip = addslashes($ip);
- $timestamp = date("Y-m-d H:i:s", $timestamp);
+ $name = DB::quoteValue($name);
+ $url = DB::quoteValue($url);
+ $body = DB::quoteValue(trim($body));
+ $host = DB::quoteValue($host);
+ $ip = DB::quoteValue($ip);
+ $timestamp = DB::formatDateTime($timestamp);
$query = 'INSERT INTO '.sql_table('comment')
. ' (CUSER, CMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CBLOG, CIP) '
- . "VALUES ('$name', '$url', $memberid, '$body', $itemid, '$timestamp', '$host', $blogid, '$ip')";
+ . "VALUES ($name, $url, $memberid, $body, $itemid, $timestamp, $host, $blogid, $ip)";
if ( DB::execute($query) === FALSE )
{
+<<<<<<< HEAD
die("Error while executing query: " . $query);
+=======
+ die('Error while executing query: ' . $query);
+>>>>>>> skinnable-master
}
return DB::getInsertId();
@@ -863,7 +880,11 @@ class BlogImport {
if ( DB::execute($query) === FALSE )
{
+<<<<<<< HEAD
die("Error while executing query: " . $query);
+=======
+ die('Error while executing query: ' . $query);
+>>>>>>> skinnable-master
}
return DB::getInsertId();
@@ -893,16 +914,20 @@ if ($ver > 250)
// TODO: remove this function (replaced by BlogImport::sql_addToItem)
function convert_addToItem($title, $body, $more, $blogid, $authorid, $timestamp, $closed, $category, $karmapos, $karmaneg) {
- $title = trim(addslashes($title));
- $body = trim(addslashes($body));
- $more = trim(addslashes($more));
+ $title = DB::quoteValue(trim($title));
+ $body = DB::quoteValue(trim($body));
+ $more = DB::quoteValue(trim($more));
$query = 'INSERT INTO '.sql_table('item').' (ITITLE, IBODY, IMORE, IBLOG, IAUTHOR, ITIME, ICLOSED, IKARMAPOS, IKARMANEG, ICAT) '
- . "VALUES ('$title', '$body', '$more', $blogid, $authorid, '$timestamp', $closed, $karmapos, $karmaneg, $category)";
+ . "VALUES ($title, $body, $more, $blogid, $authorid, '$timestamp', $closed, $karmapos, $karmaneg, $category)";
if ( DB::execute($query) === FALSE )
{
+<<<<<<< HEAD
die("Error while executing query: " . $query);
+=======
+ die('Error while executing query: ' . $query);
+>>>>>>> skinnable-master
}
return DB::getInsertId();
@@ -911,17 +936,24 @@ if ($ver > 250)
// TODO: remove this function (replaced by BlogImport::sql_addToBlog)
function convert_addToBlog($name, $shortname, $ownerid) {
- $name = addslashes($name);
- $shortname = addslashes($shortname);
+ $name = DB::quoteValue($name);
+ $shortname = DB::quoteValue($shortname);
// create new category first
DB::execute('INSERT INTO '.sql_table('category')." (CNAME, CDESC) VALUES ('General','Items that do not fit in another categort')");
$defcat = DB::getInsertId();
+<<<<<<< HEAD
$query = 'INSERT INTO '.sql_table('blog')." (BNAME, BSHORTNAME, BCOMMENTS, BMAXCOMMENTS, BDEFCAT) VALUES ('$name','$shortname',1 ,0, $defcat)";
if ( DB::execute($query) === FALSE )
{
die("Error while executing query: " . $query);
+=======
+ $query = 'INSERT INTO '.sql_table('blog')." (BNAME, BSHORTNAME, BCOMMENTS, BMAXCOMMENTS, BDEFCAT) VALUES ($name, $shortname, 1, 0, $defcat)";
+ if ( DB::execute($query) === FALSE )
+ {
+ die('Error while executing query: ' . $query);
+>>>>>>> skinnable-master
}
$id = DB::getInsertId();
@@ -932,15 +964,15 @@ if ($ver > 250)
// TODO: remove this function (replaced by BlogImport::sql_addToComments)
function convert_addToComments($name, $url, $body, $blogid, $itemid, $memberid, $timestamp, $host, $ip='') {
- $name = addslashes($name);
- $url = addslashes($url);
- $body = trim(addslashes($body));
- $host = addslashes($host);
- $ip = addslashes($ip);
+ $name = DB::quoteValue($name);
+ $url = DB::quoteValue($url);
+ $body = DB::quoteValue(trim($body));
+ $host = DB::quoteValue($host);
+ $ip = DB::quoteValue($ip);
$query = 'INSERT INTO '.sql_table('comment')
. ' (CUSER, CMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CBLOG, CIP) '
- . "VALUES ('$name', '$url', $memberid, '$body', $itemid, '$timestamp', '$host', $blogid, '$ip')";
+ . "VALUES ($name, $url, $memberid, $body, $itemid, '$timestamp', $host, $blogid, $ip)";
if ( DB::execute($query) === FALSE )
{
@@ -994,7 +1026,7 @@ if ($ver > 250)
Nucleus Convert