X-Git-Url: http://git.osdn.net/view?p=nucleus-jp%2Fnucleus-plugins.git;a=blobdiff_plain;f=NP_gallery%2Ftrunk%2Fgallery%2Fmember_class.php;fp=NP_gallery%2Ftrunk%2Fgallery%2Fmember_class.php;h=34dbe983919e7ab715d95eb490a69bb0ba645a0d;hp=5ed354d6bd55fe8535233acbfc01543575751dce;hb=4ec83b76381c7ae026495f4006ea041f1d4d13ac;hpb=73d0bf16e56272fad82a8f694b9aa572ce5444c3

diff --git a/NP_gallery/trunk/gallery/member_class.php b/NP_gallery/trunk/gallery/member_class.php
index 5ed354d..34dbe98 100644
--- a/NP_gallery/trunk/gallery/member_class.php
+++ b/NP_gallery/trunk/gallery/member_class.php
@@ -18,7 +18,7 @@ class GALLERY_MEMBER extends MEMBER {
 		if ($NPG_CONF['add_album'] == 'guest' ) return true;
 		if ($NPG_CONF['add_album'] == 'member' && $this->isloggedin() ) return true;
 		if ($NPG_CONF['add_album'] == 'select') {
-			$result = mysql_query('select addalbum from '.sql_table('plug_gallery_member').' where memberid='.$this->getID() );
+			$result = mysql_query('select addalbum from '.sql_table('plug_gallery_member').' where memberid='.intval($this->getID()) );
 			if(!$result) return false;
 			$row = mysql_fetch_assoc($result);
 			if($row['addalbum']) return true;
@@ -40,13 +40,13 @@ class GALLERY_MEMBER extends MEMBER {
 		}
 		
 		//album owner or guest/public album
-		$result = mysql_query('select ownerid from '.sql_table('plug_gallery_album').' where albumid='.$albumid);
+		$result = mysql_query('select ownerid from '.sql_table('plug_gallery_album').' where albumid='.intval($albumid));
 		if(!$result) return false;
 		$row = mysql_fetch_assoc($result);
 		if($row['ownerid'] == $this->getID() || $row['ownerid']==0) return true;
 		
 		//album team member
-		$result = mysql_query('select tmemberid from '.sql_table('plug_gallery_album_team').' where talbumid='.$albumid);
+		$result = mysql_query('select tmemberid from '.sql_table('plug_gallery_album_team').' where talbumid='.intval($albumid));
 		if(!$result) return false;
 		while($row = mysql_fetch_assoc($result)) {
 			if($this->getID() == $row['tmemberid']) return true;
@@ -59,13 +59,13 @@ class GALLERY_MEMBER extends MEMBER {
 		if ($this->isAdmin()) return true;
 		
 		//album owner except for public/guest albums -- only admin can modify those
-		$result = mysql_query('select ownerid from '.sql_table('plug_gallery_album').' where albumid <> 0 and albumid='.$albumid);
+		$result = mysql_query('select ownerid from '.sql_table('plug_gallery_album').' where albumid <> 0 and albumid='.intval($albumid));
 		if(!$result) return false;
 		$row = mysql_fetch_assoc($result);
 		if($row['ownerid'] == $this->getID()) return true;
 		
 		//album admin (from team)
-		$result = mysql_query('select tmemberid, tadmin from '.sql_table('plug_gallery_album_team').' where talbumid='.$albumid);
+		$result = mysql_query('select tmemberid, tadmin from '.sql_table('plug_gallery_album_team').' where talbumid='.intval($albumid));
 		if(!$result) return false;
 		while($row = mysql_fetch_assoc($result)) {
 			if($this->getID() == $row['tmemberid'] || $row['tadmin']) return true;
@@ -78,13 +78,13 @@ class GALLERY_MEMBER extends MEMBER {
 		if ($this->isAdmin()) return true;
 		
 		//picture owner
-		$result = mysql_query('select ownerid from '.sql_table('plug_gallery_picture').' where pictureid='.$pictureid);
+		$result = mysql_query('select ownerid from '.sql_table('plug_gallery_picture').' where pictureid='.intval($pictureid));
 		if(!$result) return false;
 		$row = mysql_fetch_assoc($result);
 		if($row['ownerid'] == $this->getID()) return true;
 		
 		//album owner, but not guest
-		$result = mysql_query('select a.ownerid from '.sql_table('plug_gallery_album').' as a, '.sql_table('plug_gallery_picture').' as p where a.albumid=p.albumid and p.pictureid='.$pictureid);
+		$result = mysql_query('select a.ownerid from '.sql_table('plug_gallery_album').' as a, '.sql_table('plug_gallery_picture').' as p where a.albumid=p.albumid and p.pictureid='.intval($pictureid));
 		if(!$result) return false;
 		$row = mysql_fetch_assoc($result);
 		if($row['ownerid'] == $this->getID() && $this->getID() <> 0) return true;
@@ -97,12 +97,12 @@ class GALLERY_MEMBER extends MEMBER {
 		
 		//super-admin
 		if ($this->isAdmin()) {
-			$result = sql_query('select cmemberid from '. sql_table('plug_gallery_comment'). ' where commentid = '.$commentid);
+			$result = sql_query('select cmemberid from '. sql_table('plug_gallery_comment'). ' where commentid = '.intval($commentid));
 			if (mysql_num_rows($result)) return true; else return false;
 		}
 		
 		//comment ovnwer
-		$result = sql_query('select cmemberid from '. sql_table('plug_gallery_comment'). ' where commentid = '.$commentid);
+		$result = sql_query('select cmemberid from '. sql_table('plug_gallery_comment'). ' where commentid = '.intval($commentid));
 		$row = mysql_fetch_assoc($result);
 		if($row['cmemberid'] == $this->getID()) return true;
 		
@@ -111,7 +111,7 @@ class GALLERY_MEMBER extends MEMBER {
 	function getAllowedAlbums() {
 		$allowed_albums = array();
 
-		$memberid = $this->getID();
+		$memberid = intval($this->getID());
 		if(!$memberid) $memberid=0; //guest
 
 		if($this->isadmin()) {
@@ -137,7 +137,7 @@ class GALLERY_MEMBER extends MEMBER {
 	function getAllowedAlbumsids() {
 		$allowed_albums = array();
 
-		$memberid = $this->getID();
+		$memberid = intval($this->getID());
 		if(!$memberid) $memberid=0; //guest
 
 		if($this->isadmin()) {