Checked

git-svn-id: https://svn.sourceforge.jp/svnroot/nucleus-jp/plugin@1057 1ca29b6e-896d-4ea0-84a5-967f57386b96

diff --git a/NP_gallery/trunk/gallery/add_picture.php b/NP_gallery/trunk/gallery/add_picture.php
index a9b1896..19025bd 100644 (file)
--- a/NP_gallery/trunk/gallery/add_picture.php
+++ b/NP_gallery/trunk/gallery/add_picture.php
@@ -70,7 +70,7 @@ if(!$NPG_CONF['batch_add_num']) $NPG_CONF['batch_add_num'] = 10;
 \r
 //todo: display header\r
 \r
-\r
+if (!preg_match('/^([a-z0-9_]+|`[^`]+`)$/i',$NPG_CONF['temp_table'])) exit;\r
 $type = requestvar('type');\r
 switch($type) {\r
        case 'firststage':\r
@@ -366,6 +366,7 @@ switch($type) {
 function add_temp($albumid = 0, $filename, $filetype, $filesize, $filetempname, $description = '') {\r
        global $NPG_CONF, $gmember, $NP_BASE_DIR,$manager;\r
        $memberid = $gmember->getID();\r
+       if (!preg_match('/^([a-z0-9_]+|`[^`]+`)$/i',$NPG_CONF['temp_table'])) exit;\r
        $temp_table = $NPG_CONF['temp_table'];\r
        $int_filename = '';\r
        $thumb_filename = '';\r

diff --git a/NP_gallery/trunk/gallery/forms.php b/NP_gallery/trunk/gallery/forms.php
index 5a14d98..21cb425 100644 (file)
--- a/NP_gallery/trunk/gallery/forms.php
+++ b/NP_gallery/trunk/gallery/forms.php
@@ -293,6 +293,7 @@ function addPictureForm($albumid = 0, $num_files = 0) {
 \r
 function addpictureformjupload($albumid = 0, $num_files = 0) {\r
        global $NPG_CONF,$CONF;\r
+       if (!preg_match('/^([a-z0-9_]+|`[^`]+`)$/i',$NPG_CONF['temp_table'])) exit;\r
        $exist_temp_table = mysql_query('SELECT 1 FROM '.$NPG_CONF['temp_table'].' LIMIT 0');\r
        if ($exist_temp_table) sql_query('drop table '. $NPG_CONF['temp_table']);\r
 \r
@@ -358,6 +359,7 @@ function addTempPictureForm($albumid = 0) {
        global $NPG_CONF, $gmember,$manager,$CONF,$NP_BASE_DIR;\r
        \r
        $NPG_CONF = getNPGConfig();\r
+       if (!preg_match('/^([a-z0-9_]+|`[^`]+`)$/i',$NPG_CONF['temp_table'])) exit;\r
        $table_name = $NPG_CONF['temp_table'];\r
        \r
        $promo_allowed = false;\r

diff --git a/NP_gallery/trunk/gallery/functions.php b/NP_gallery/trunk/gallery/functions.php
index ca486b5..609b12f 100644 (file)
--- a/NP_gallery/trunk/gallery/functions.php
+++ b/NP_gallery/trunk/gallery/functions.php
@@ -173,7 +173,7 @@ function database_cleanup() {
                        $result2 = mysql_query("select numberofimages from ".sql_table('plug_gallery_album')." where albumid = ".intval($row['albumid']));\r
                        $row2 = mysql_fetch_assoc($result2);\r
                        if($row2['numberofimages'] <> $row['noi']) {\r
-                               sql_query("update ".sql_table('plug_gallery_album')." set numberofimages={$row['noi']} where albumid = ".intval($row['albumid']));\r
+                               sql_query("update ".sql_table('plug_gallery_album')." set numberofimages=".intval($row['noi'])." where albumid = ".intval($row['albumid']));\r
                        }\r
                }\r
        }\r

diff --git a/NP_gallery/trunk/gallery/picture_class.php b/NP_gallery/trunk/gallery/picture_class.php
index d03b799..2ce2393 100644 (file)
--- a/NP_gallery/trunk/gallery/picture_class.php
+++ b/NP_gallery/trunk/gallery/picture_class.php
@@ -77,8 +77,8 @@ class PICTURE {
                        $this->description = stripslashes($this->description);\r
                        $this->description = addslashes($this->description);\r
                        sql_query("update ".sql_table('plug_gallery_picture')\r
-                               ." set title='".addslashes($this->title)."', "\r
-                               ."description='".addslashes($this->description)."', " \r
+                               ." set title='".$this->title."', "\r
+                               ."description='".$this->description."', " \r
                                ."keywords='".addslashes($this->keywords)."',"\r
                                ."albumid=".intval($this->albumid)." "\r
                                ."where pictureid=".intval($this->id) );\r
@@ -465,7 +465,7 @@ class PICTURE {
                if(!$NPG_CONF['viewtime']) $NPG_CONF['viewtime'] = 30 ;\r
                $cuttime = $NPG_CONF['viewtime'];\r
                //first test for duplicates\r
-               $query = 'select * from '.sql_table('plug_gallery_views')." where vpictureid = ".($pictureid);\r
+               $query = 'select * from '.sql_table('plug_gallery_views')." where vpictureid = ".intval($pictureid);\r
                //$result = mysql_query($query);\r
                //print_r($result);\r
                //$numrows= mysql_num_rows($result);\r

diff --git a/NP_gallery/trunk/gallery/update/np_gallery_update061.php b/NP_gallery/trunk/gallery/update/np_gallery_update061.php
index f5adb88..a201076 100644 (file)
--- a/NP_gallery/trunk/gallery/update/np_gallery_update061.php
+++ b/NP_gallery/trunk/gallery/update/np_gallery_update061.php
@@ -57,7 +57,7 @@ if(!mysql_num_rows($res)) {
                ' add column tdesc int unsigned first ';\r
        sql_query($query);\r
        if(!$new_id) $new_id = 1;\r
-       $query = 'UPDATE '.sql_table('plug_gallery_template').' set tdesc = '.$new_id;\r
+       $query = 'UPDATE '.sql_table('plug_gallery_template').' set tdesc = '.intval($new_id);\r
        sql_query($query);\r
 }\r
 \r