OSDN Git Service

(root) / nucleus-jp / nucleus-plugins.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Modified for security.
[nucleus-jp/nucleus-plugins.git] / NP_gallery / trunk / gallery / functions.php
diff --git a/NP_gallery/trunk/gallery/functions.php b/NP_gallery/trunk/gallery/functions.php
index b8238ea..ca486b5 100644 (file)
--- a/NP_gallery/trunk/gallery/functions.php
+++ b/NP_gallery/trunk/gallery/functions.php
@@ -155,6 +155,8 @@ function getNPGConfig() {
 }\r
 \r
 function setNPGoption($oname, $ovalue) {\r
+       $oname=addslashes($oname);\r
+       $ovalue=addslashes($ovalue);\r
        $result = mysql_query("select * from ".sql_table('plug_gallery_config')." where oname='$oname'" );\r
        if(@ mysql_num_rows($result)) {\r
                sql_query("update ".sql_table('plug_gallery_config')." set ovalue='$ovalue' where oname='$oname'");\r
@@ -168,10 +170,10 @@ function database_cleanup() {
        $result = mysql_query("select count(*) as noi, albumid from ".sql_table('plug_gallery_picture')." group by albumid" );\r
        if($result) {\r
                while ($row = mysql_fetch_assoc($result)) {\r
-                       $result2 = mysql_query("select numberofimages from ".sql_table('plug_gallery_album')." where albumid = ".$row['albumid']);\r
+                       $result2 = mysql_query("select numberofimages from ".sql_table('plug_gallery_album')." where albumid = ".intval($row['albumid']));\r
                        $row2 = mysql_fetch_assoc($result2);\r
                        if($row2['numberofimages'] <> $row['noi']) {\r
-                               sql_query("update ".sql_table('plug_gallery_album')." set numberofimages={$row['noi']} where albumid = ".$row['albumid']);\r
+                               sql_query("update ".sql_table('plug_gallery_album')." set numberofimages={$row['noi']} where albumid = ".intval($row['albumid']));\r
                        }\r
                }\r
        }\r
@@ -187,7 +189,7 @@ function rethumb($id=0) {
        $abs_dir = substr($DIR_NUCLEUS,0,strlen($DIR_NUCLEUS) - 8);\r
        \r
        //redo the thumbnails and intermediate images\r
-       if($id) $album = ' where albumid='.$id;\r
+       if($id) $album = ' where albumid='.invtal($id);\r
        $query = 'select * from '.sql_table('plug_gallery_picture').$album;\r
        $result = sql_query($query);\r
 \r
@@ -199,12 +201,12 @@ function rethumb($id=0) {
                if(is_file($abs_dir.$row->filename)) {\r
                        //make new thumbnail\r
                        if($new_thumb = resizeImage($row->filename, $NPG_CONF['thumbwidth'], $NPG_CONF['thumbheight'], $row->thumb_filename)) {\r
-                               sql_query('update '.sql_table('plug_gallery_picture').' set thumb_filename=\''.$new_thumb.'\' where pictureid='.$row->pictureid);\r
+                               sql_query('update '.sql_table('plug_gallery_picture').' set thumb_filename=\''.addslashes($new_thumb).'\' where pictureid='.intval($row->pictureid));\r
                        }\r
                        else echo '<br/>file: '.$abs_dir.$row->thumb_filename.' could not be resized<br/>';\r
                        //make new intermediate picture\r
                        if($new_thumb = resizeImage($row->filename, $NPG_CONF['maxwidth'], $NPG_CONF['maxheight'], $row->int_filename)) {\r
-                               sql_query('update '.sql_table('plug_gallery_picture').' set int_filename=\''.$new_thumb.'\' where pictureid='.$row->pictureid);\r
+                               sql_query('update '.sql_table('plug_gallery_picture').' set int_filename=\''.addslashes($new_thumb).'\' where pictureid='.intval($row->pictureid));\r
 \r
                        }\r
                        else echo '<br/>file: '.$abs_dir.$row->int_filename.' could not be resized<br/>';\r
Nucleus CMS日本語版用プラグインのうち、日本語版開発者がサポートしているもの
About OSDN
Find Software
Develop Software
Help