}\r
\r
function setNPGoption($oname, $ovalue) {\r
+ $oname=addslashes($oname);\r
+ $ovalue=addslashes($ovalue);\r
$result = mysql_query("select * from ".sql_table('plug_gallery_config')." where oname='$oname'" );\r
if(@ mysql_num_rows($result)) {\r
sql_query("update ".sql_table('plug_gallery_config')." set ovalue='$ovalue' where oname='$oname'");\r
$result = mysql_query("select count(*) as noi, albumid from ".sql_table('plug_gallery_picture')." group by albumid" );\r
if($result) {\r
while ($row = mysql_fetch_assoc($result)) {\r
- $result2 = mysql_query("select numberofimages from ".sql_table('plug_gallery_album')." where albumid = ".$row['albumid']);\r
+ $result2 = mysql_query("select numberofimages from ".sql_table('plug_gallery_album')." where albumid = ".intval($row['albumid']));\r
$row2 = mysql_fetch_assoc($result2);\r
if($row2['numberofimages'] <> $row['noi']) {\r
- sql_query("update ".sql_table('plug_gallery_album')." set numberofimages={$row['noi']} where albumid = ".$row['albumid']);\r
+ sql_query("update ".sql_table('plug_gallery_album')." set numberofimages={$row['noi']} where albumid = ".intval($row['albumid']));\r
}\r
}\r
}\r
$abs_dir = substr($DIR_NUCLEUS,0,strlen($DIR_NUCLEUS) - 8);\r
\r
//redo the thumbnails and intermediate images\r
- if($id) $album = ' where albumid='.$id;\r
+ if($id) $album = ' where albumid='.invtal($id);\r
$query = 'select * from '.sql_table('plug_gallery_picture').$album;\r
$result = sql_query($query);\r
\r
if(is_file($abs_dir.$row->filename)) {\r
//make new thumbnail\r
if($new_thumb = resizeImage($row->filename, $NPG_CONF['thumbwidth'], $NPG_CONF['thumbheight'], $row->thumb_filename)) {\r
- sql_query('update '.sql_table('plug_gallery_picture').' set thumb_filename=\''.$new_thumb.'\' where pictureid='.$row->pictureid);\r
+ sql_query('update '.sql_table('plug_gallery_picture').' set thumb_filename=\''.addslashes($new_thumb).'\' where pictureid='.intval($row->pictureid));\r
}\r
else echo '<br/>file: '.$abs_dir.$row->thumb_filename.' could not be resized<br/>';\r
//make new intermediate picture\r
if($new_thumb = resizeImage($row->filename, $NPG_CONF['maxwidth'], $NPG_CONF['maxheight'], $row->int_filename)) {\r
- sql_query('update '.sql_table('plug_gallery_picture').' set int_filename=\''.$new_thumb.'\' where pictureid='.$row->pictureid);\r
+ sql_query('update '.sql_table('plug_gallery_picture').' set int_filename=\''.addslashes($new_thumb).'\' where pictureid='.intval($row->pictureid));\r
\r
}\r
else echo '<br/>file: '.$abs_dir.$row->int_filename.' could not be resized<br/>';\r