diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-03-07 09:22:48 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-03-07 09:22:48 +0000 |
| commit | a9ec45378b36673d89684ff2f99ce7856f88a10f (patch) | |
| tree | c06a6656645879c46cbba54ba132ead65dd67028 /wp-inst | |
| parent | 43d565053807fbe458fe42ab67f5c41cc5437118 (diff) | |
| download | wordpress-mu-a9ec45378b36673d89684ff2f99ce7856f88a10f.tar.gz wordpress-mu-a9ec45378b36673d89684ff2f99ce7856f88a10f.tar.xz wordpress-mu-a9ec45378b36673d89684ff2f99ce7856f88a10f.zip | |
Cleanup
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@537 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-inst')
| -rw-r--r-- | wp-inst/wp-content/mu-plugins/global-categories.php | 1 | ||||
| -rw-r--r-- | wp-inst/wp-content/mu-plugins/invites.php | 22 | ||||
| -rw-r--r-- | wp-inst/wp-content/mu-plugins/misc.php | 2 |
3 files changed, 15 insertions, 10 deletions
diff --git a/wp-inst/wp-content/mu-plugins/global-categories.php b/wp-inst/wp-content/mu-plugins/global-categories.php index 75f12a9..49e01e9 100644 --- a/wp-inst/wp-content/mu-plugins/global-categories.php +++ b/wp-inst/wp-content/mu-plugins/global-categories.php @@ -3,6 +3,7 @@ function global_categories( $cat_ID ) { global $wpdb; + $cat_ID = intval( $cat_ID ); $details = $wpdb->get_row( "SELECT * FROM $wpdb->categories WHERE cat_ID = '$cat_ID'" ); if( $details == false ) { // this should *not* happen ever! return $cat_ID; diff --git a/wp-inst/wp-content/mu-plugins/invites.php b/wp-inst/wp-content/mu-plugins/invites.php index 730d580..5e58f66 100644 --- a/wp-inst/wp-content/mu-plugins/invites.php +++ b/wp-inst/wp-content/mu-plugins/invites.php @@ -37,7 +37,7 @@ function invites_check_user_hash() { header( "Location: ".get_option( "siteurl" ) ); die( ); } else { - $query = "SELECT meta_value FROM ".$wpdb->usermeta." WHERE user_id = '0' AND meta_key = 'invite' AND meta_value = '".$u."'"; + $query = "SELECT meta_value FROM ".$wpdb->usermeta." WHERE user_id = '0' AND meta_key = 'invite' AND meta_value = '".addslashes( $u )."'"; $userhash = $wpdb->get_results( $query, ARRAY_A ); if( $userhash == false ) { @@ -127,26 +127,27 @@ add_action('newblogform', 'invites_add_field'); function invites_cleanup_db( $val ) { global $wpdb, $wpmuBaseTablePrefix, $url, $weblog_title; if( isset( $_POST[ 'u' ] ) ) { - $wpdb->query( "DELETE FROM ".$wpdb->usermeta." WHERE meta_key = 'invite' AND meta_value = '".$_POST[ 'u' ]."'" ); - $wpdb->query( "DELETE FROM ".$wpdb->usermeta." WHERE meta_key = '{$_POST[ 'u' ]}_to_email'" ); - $wpdb->query( "DELETE FROM ".$wpdb->usermeta." WHERE meta_key = '{$_POST[ 'u' ]}_to_name'" ); + $u = addslashes( $_POST[ 'u' ] ); + $wpdb->query( "DELETE FROM ".$wpdb->usermeta." WHERE meta_key = 'invite' AND meta_value = '".$u."'" ); + $wpdb->query( "DELETE FROM ".$wpdb->usermeta." WHERE meta_key = '{$u}_to_email'" ); + $wpdb->query( "DELETE FROM ".$wpdb->usermeta." WHERE meta_key = '{$u}_to_name'" ); - $add_to_blogroll = $wpdb->get_var( "SELECT meta_value FROM {$wpdb->usermeta} WHERE meta_key = '{$_POST[ 'u' ]}_add_to_blogroll'" ); + $add_to_blogroll = $wpdb->get_var( "SELECT meta_value FROM {$wpdb->usermeta} WHERE meta_key = '{$u}_add_to_blogroll'" ); if( $add_to_blogroll ) { $userdetails = @unserialize( $add_to_blogroll ); if( is_array( $userdetails ) ) { $wpdb->query("INSERT INTO {$wpmuBaseTablePrefix}{$userdetails[ 'blogid' ]}_links (link_url, link_name, link_category, link_owner) VALUES('" . addslashes( $url ) . "','" . addslashes( $weblog_title ) . "', '1', '" . intval( $userdetails[ 'userid' ] ) . "' )" ); } - $wpdb->query( "DELETE FROM ".$wpdb->usermeta." WHERE meta_key = '{$_POST[ 'u' ]}_add_to_blogroll'" ); + $wpdb->query( "DELETE FROM ".$wpdb->usermeta." WHERE meta_key = '{$u}_add_to_blogroll'" ); } - $id = $wpdb->get_var( "SELECT ID FROM ".$wpdb->users." WHERE user_login = '" . $_POST[ 'weblog_id' ] . "'" ); + $id = $wpdb->get_var( "SELECT ID FROM ".$wpdb->users." WHERE user_login = '" . addslashes( $weblog_id ) . "'" ); if( $id ) { - $wpdb->query( "UPDATE ".$wpdb->usermeta." SET user_id = '".$id."', meta_key = 'invited_by' WHERE meta_key = '".$_POST[ 'u' ]."_invited_by'" ); + $wpdb->query( "UPDATE ".$wpdb->usermeta." SET user_id = '".$id."', meta_key = 'invited_by' WHERE meta_key = '".$u."_invited_by'" ); $wpdb->query( "INSERT INTO ".$wpdb->usermeta." ( `umeta_id` , `user_id` , `meta_key` , `meta_value` ) VALUES ( NULL, '{$id}', 'invites_left' , '" . get_site_option( "invites_per_user" ) . "' )" ); - $wpdb->query( "INSERT INTO ".$wpdb->usermeta." ( `umeta_id` , `user_id` , `meta_key` , `meta_value` ) VALUES ( NULL, '{$id}', 'invite_hash' , '{$_POST[ 'u' ]}' )" ); + $wpdb->query( "INSERT INTO ".$wpdb->usermeta." ( `umeta_id` , `user_id` , `meta_key` , `meta_value` ) VALUES ( NULL, '{$id}', 'invite_hash' , '{$u}' )" ); } } } @@ -226,6 +227,7 @@ function expire_old_invites() { function delete_invite( $uid ) { global $wpdb; + $uid = addslashes( $uid ); $email = $wpdb->get_var( "SELECT meta_value FROM ".$wpdb->usermeta." WHERE meta_key = '{$uid}_to_email'" ); if( $email ) { $invited_by = $wpdb->get_var( "SELECT meta_value FROM ".$wpdb->usermeta." WHERE meta_key = '{$uid}_invited_by'" ); @@ -256,7 +258,7 @@ function invites_admin_content() { switch( $_GET[ 'action' ] ) { case "updateinvitedefaults": - update_site_option( "invites_per_user", $_GET[ 'invites_per_user' ] ); + update_site_option( "invites_per_user", intval( $_GET[ 'invites_per_user' ] ) ); update_site_option( "invites_default_message", $_GET[ 'invites_default_message' ] ); update_site_option( "invites_default_subject", $_GET[ 'invites_default_subject' ] ); update_site_option( "invites_add_number", intval( $_GET[ 'invites_add_number' ] ) ); diff --git a/wp-inst/wp-content/mu-plugins/misc.php b/wp-inst/wp-content/mu-plugins/misc.php index b843362..a256bf7 100644 --- a/wp-inst/wp-content/mu-plugins/misc.php +++ b/wp-inst/wp-content/mu-plugins/misc.php @@ -65,6 +65,7 @@ add_filter( "check_uploaded_file", "upload_is_file_too_big" ); add_filter('the_title', 'wp_filter_kses'); function update_posts_count( $post_id ) { global $wpdb; + $post_id = intval( $post_id ); $c = $wpdb->get_var( "SELECT count(*) FROM {$wpdb->posts} WHERE post_status = 'publish' and post_type='post'" ); update_option( "post_count", $c ); } @@ -72,6 +73,7 @@ add_action( "publish_post", "update_posts_count" ); function update_pages_last_updated( $post_id ) { global $wpdb; + $post_id = intval( $post_id ); if( $wpdb->get_var( "SELECT post_type FROM {$wpdb->posts} WHERE post_status = 'publish' and ID = '$post_id'" ) == 'page' ) update_option( "pages_last_updated", time() ); } |