Changeset 626
- Timestamp:
- 01/01/09 15:41:31 (14 years ago)
- Location:
- plugins/subscribeToComments
- Files:
-
- 5 edited
-
_admin.php (modified) (1 diff)
-
_define.php (modified) (1 diff)
-
class.subscriber.php (modified) (14 diffs)
-
index.php (modified) (1 diff)
-
lib.subscribeToComments.php (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
plugins/subscribeToComments/_admin.php
r489 r626 43 43 } 44 44 45 # import/Export 46 47 $core->addBehavior('exportFull', 48 array('subscribeToCommentsAdmin','exportFull')); 49 $core->addBehavior('exportSingle', 50 array('subscribeToCommentsAdmin','exportSingle')); 51 $core->addBehavior('importInit', 52 array('subscribeToCommentsAdmin','importInit')); 53 $core->addBehavior('importSingle', 54 array('subscribeToCommentsAdmin','importSingle')); 55 $core->addBehavior('importFull', 56 array('subscribeToCommentsAdmin','importFull')); 57 58 /** 59 @ingroup Subscribe to comments 60 @brief Admin 61 */ 62 class subscribeToCommentsAdmin 63 { 64 public static function exportFull(&$core,&$exp) 65 { 66 $exp->exportTable('comment_subscriber'); 67 } 68 69 public static function exportSingle(&$core,&$exp,$blog_id) 70 { 71 $exp->export('comment_subscriber', 72 'SELECT id, email, user_key, temp_key, temp_expire, status '. 73 'FROM '.$core->prefix.'comment_subscriber'); 74 } 75 76 public static function importInit(&$bk,&$core) 77 { 78 $bk->cur_comment_subscriber = $core->con->openCursor($core->prefix.'comment_subscriber'); 79 } 80 81 public static function importFull(&$line,&$bk,&$core) 82 { 83 if ($line->__name == 'comment_subscriber') 84 { 85 $bk->cur_comment_subscriber->clean(); 86 87 $bk->cur_comment_subscriber->id = (integer) $line->id; 88 89 $bk->cur_comment_subscriber->email = (string) $line->email; 90 $bk->cur_comment_subscriber->user_key = (string) $line->user_key; 91 $bk->cur_comment_subscriber->temp_key = (string) $line->temp_key; 92 $bk->cur_comment_subscriber->temp_expire = (string) $line->temp_expire; 93 94 $bk->cur_comment_subscriber->status = (integer) $line->status; 95 96 $rs = $core->con->select('SELECT id FROM '. 97 $core->prefix.'comment_subscriber WHERE (id = \''.$line->id.'\');'); 98 if ($rs->isEmpty()) 99 { 100 $bk->cur_comment_subscriber->insert(); 101 } 102 else 103 { 104 $bk->cur_comment_subscriber->update('WHERE (id = '.$core->con->escape($line->id).')'); 105 } 106 } 107 } 108 109 public static function importSingle(&$line,&$bk,&$core) 110 { 111 if ($line->__name == 'comment_subscriber') 112 { 113 $cur = $core->con->openCursor($core->prefix.'comment_subscriber'); 114 $cur->id = $line->id; 115 $cur->email = $line->email; 116 $cur->user_key = $line->user_key; 117 $cur->temp_key = $line->temp_key; 118 $cur->temp_expire = $line->temp_expire; 119 $cur->status = $line->status; 120 121 $rs = $core->con->select('SELECT id FROM '. 122 $core->prefix.'comment_subscriber WHERE (id = \''.$line->id.'\');'); 123 if ($rs->isEmpty()) 124 { 125 $cur->insert(); 126 } 127 else 128 { 129 $cur->update('WHERE (id = '.$core->con->escape($line->id).')'); 130 } 131 } 132 } 133 } 45 134 ?> -
plugins/subscribeToComments/_define.php
r608 r626 30 30 /* Description*/ "Subscribe to comments", 31 31 /* Author */ "Moe (http://gniark.net/)", 32 /* Version */ '1. 2.6-beta2',32 /* Version */ '1.3-alpha1', 33 33 /* Permissions */ 'admin' 34 34 ); -
plugins/subscribeToComments/class.subscriber.php
r534 r626 56 56 57 57 $rs = $core->con->select('SELECT user_key FROM '.$core->prefix. 58 'comment_subscriber WHERE (id = '.$ this->id.') AND '.59 '(email = \''.$ this->email.'\');');58 'comment_subscriber WHERE (id = '.$core->con->escape($this->id).') AND '. 59 '(email = \''.$core->con->escape($this->email).'\');'); 60 60 if ($rs->isEmpty()) 61 61 { … … 81 81 82 82 $rs = $core->con->select('SELECT id FROM '. 83 $core->prefix.'comment_subscriber WHERE (email = \''.$email.'\');'); 83 $core->prefix.'comment_subscriber '. 84 'WHERE (email = \''.$core->con->escape($email).'\');'); 84 85 if ($rs->isEmpty()) 85 86 { … … 191 192 192 193 $rs = $core->con->select('SELECT id FROM '.$core->prefix.'comment_subscriber '. 193 'WHERE (email = \''.$ new_email.'\') LIMIT 1;');194 'WHERE (email = \''.$core->con->escape($new_email).'\') LIMIT 1;'); 194 195 if (!$rs->isEmpty()) 195 196 { … … 204 205 $cur->temp_key = $key; 205 206 $cur->temp_expire = date('Y-m-d H:i:s',strtotime('+1 day')); 206 $cur->update('WHERE (id = \''.$ this->id.'\') '.207 'AND (user_key = \''.$ this->key.'\');');207 $cur->update('WHERE (id = \''.$core->con->escape($this->id).'\') '. 208 'AND (user_key = \''.$core->con->escape($this->key).'\');'); 208 209 209 210 $url = subscribeToComments::url(). … … 235 236 { 236 237 $core->con->execute('DELETE FROM '.$core->prefix.'meta WHERE '. 237 '(post_id = '.$v.') AND (meta_type = \'subscriber\') AND '. 238 '(meta_id = \''.$this->id.'\');'); 238 '(post_id = '.$core->con->escape($v).') '. 239 'AND (meta_type = \'subscriber\') AND '. 240 '(meta_id = \''.$core->con->escape($this->id).'\');'); 239 241 } 240 242 } … … 252 254 $core->con->execute('DELETE FROM '.$core->prefix.'meta WHERE '. 253 255 '(meta_type = \'subscriber\') '. 254 'AND (meta_id = \''.$ this->id.'\');');256 'AND (meta_id = \''.$core->con->escape($this->id).'\');'); 255 257 # delete subscriber 256 258 $core->con->execute('DELETE FROM '.$core->prefix.'comment_subscriber '. 257 'WHERE (id = \''.$this->id.'\') AND (user_key = \''.$this->key.'\');'); 259 'WHERE (id = \''.$core->con->escape($this->id).'\') '. 260 'AND (user_key = \''.$core->con->escape($this->key).'\');'); 258 261 self::logout(); 259 262 } … … 270 273 $cur = $core->con->openCursor($core->prefix.'comment_subscriber'); 271 274 $cur->status = (($block) ? -1 : 1); 272 $cur->update('WHERE (id = \''.$ this->id.'\') '.273 'AND (user_key = \''.$ this->key.'\');');275 $cur->update('WHERE (id = \''.$core->con->escape($this->id).'\') '. 276 'AND (user_key = \''.$core->con->escape($this->key).'\');'); 274 277 } 275 278 … … 302 305 303 306 $rs = $core->con->select('SELECT id, user_key FROM '. 304 $core->prefix.'comment_subscriber WHERE (email = \''.$email.'\')'. 305 ' AND (user_key = \''.$key.'\');'); 307 $core->prefix.'comment_subscriber '. 308 ' WHERE (email = \''.$core->con->escape($email).'\')'. 309 ' AND (user_key = \''.$core->con->escape($key).'\');'); 306 310 if ($rs->isEmpty()) 307 311 { … … 325 329 326 330 $rs = $core->con->select('SELECT id, email, user_key FROM '. 327 $core->prefix.'comment_subscriber WHERE (email = \''.$email.'\')'. 331 $core->prefix.'comment_subscriber '. 332 ' WHERE (email = \''.$core->con->escape($email).'\')'. 328 333 ' AND (status = \'1\');'); 329 334 if (!$rs->isEmpty()) … … 361 366 $rs = $core->con->select('SELECT user_key FROM '. 362 367 $core->prefix.'comment_subscriber '. 363 'WHERE (id = \''.$id.'\') AND (user_key = \''.$key.'\');'); 368 'WHERE (id = \''.$core->con->escape($id).'\') '. 369 'AND (user_key = \''.$core->con->escape($key).'\');'); 364 370 if ($rs->isEmpty()) 365 371 { … … 402 408 $rs = $core->con->select('SELECT status FROM '. 403 409 $core->prefix.'comment_subscriber '. 404 'WHERE (id = \''.$id.'\') AND (user_key = \''.$key.'\');'); 410 'WHERE (id = \''.$core->con->escape($id).'\') '. 411 'AND (user_key = \''.$core->con->escape($key).'\');'); 405 412 if ($rs->isEmpty()) 406 413 { … … 455 462 456 463 $rs = $core->con->select('SELECT email FROM '. 457 $core->prefix.'comment_subscriber WHERE (id = \''.$id.'\');'); 464 $core->prefix.'comment_subscriber '. 465 'WHERE (id = \''.$core->con->escape($id).'\');'); 458 466 459 467 if ($rs->isEmpty()) … … 477 485 $rs = $core->con->select('SELECT id, email, temp_expire FROM '. 478 486 $core->prefix.'comment_subscriber '. 479 'WHERE (temp_key = \''.$ temp_key.'\') LIMIT 1;');487 'WHERE (temp_key = \''.$core->con->escape($temp_key).'\') LIMIT 1;'); 480 488 if ($rs->isEmpty()) {throw new Exception(__('Invalid key.'));} 481 $rs_new_email = $core->con->select('SELECT id FROM '.$core->prefix.'comment_subscriber '. 482 'WHERE (email = \''.$new_email.'\') LIMIT 1;'); 489 $rs_new_email = $core->con->select( 490 'SELECT id FROM '.$core->prefix.'comment_subscriber '. 491 'WHERE (email = \''.$core->con->escape($new_email).'\') LIMIT 1;'); 492 483 493 if (!$rs_new_email->isEmpty()) 484 494 { … … 499 509 $cur->temp_key = null; 500 510 $cur->temp_expire = null; 501 $cur->update('WHERE (id = '.$rs->id.') AND (temp_key = \''.$temp_key.'\');'); 511 $cur->update('WHERE (id = '.$core->con->escape($rs->id).') '. 512 'AND (temp_key = \''.$core->con->escape($temp_key).'\');'); 502 513 503 514 $subject = sprintf(subscribeToComments::getSetting('account_subject'), -
plugins/subscribeToComments/index.php
r608 r626 550 550 </p> 551 551 <p><?php printf(__('The code will appear after the %s tag.'), 552 '<code><tpl EntryIf comments_active="1"></code>');</p>552 '<code><tpl:EntryIf comments_active="1"></code>'); ?></p> 553 553 <div class="code" id="code_tpl_link"> 554 554 <h4><?php echo(__('or')); ?></h4> -
plugins/subscribeToComments/lib.subscribeToComments.php
r600 r626 289 289 $rs = $core->con->select('SELECT post_type AS type '. 290 290 'FROM '.$core->prefix.'post '. 291 (($blog) ? 'WHERE blog_id = \''.$core->blog->id.'\' ' : ''). 291 (($blog) 292 ? 'WHERE blog_id = \''.$core->con->escape($core->blog->id).'\' ' 293 : ''). 292 294 'GROUP BY type ORDER BY type ASC;'); 293 295 … … 366 368 $rs = $core->con->select( 367 369 'SELECT notification_sent FROM '.$core->prefix.'comment '. 368 'WHERE (comment_id = '.$rs->comment_id.') AND (notification_sent = 1);' 370 'WHERE (comment_id = '.$core->con->escape($rs->comment_id).') '. 371 'AND (notification_sent = 1);' 369 372 ); 370 373 if ($rs->isEmpty()) … … 399 402 $rs = $core->con->select( 400 403 'SELECT notification_sent FROM '.$core->prefix.'comment '. 401 'WHERE (comment_id = '.$comment_id.') AND (notification_sent = 1);' 404 'WHERE (comment_id = '.$core->con->escape($comment_id).') '. 405 'AND (notification_sent = 1);' 402 406 ); 403 407 … … 422 426 $cur_sent = $core->con->openCursor($core->prefix.'comment'); 423 427 $cur_sent->notification_sent = 1; 424 $cur_sent->update('WHERE comment_id = '.$comment_id.';'); 428 $cur_sent->update('WHERE comment_id = '. 429 $core->con->escape($comment_id).';'); 425 430 426 431 if (!$rs->isEmpty())
Note: See TracChangeset
for help on using the changeset viewer.