diff options
author | Starla Insigna <hatkirby@fourisland.com> | 2008-12-19 21:06:16 -0500 |
---|---|---|
committer | Starla Insigna <hatkirby@fourisland.com> | 2008-12-19 21:06:16 -0500 |
commit | 31ac283c5bae32c91629fa36adf71572597f2cd5 (patch) | |
tree | 442d8a466e70a34caf4547c34ca1704f90d9c9f4 | |
parent | 7c7a1832c679729e7e97657be90a6d5de0cd37db (diff) | |
download | fourisland-31ac283c5bae32c91629fa36adf71572597f2cd5.tar.gz fourisland-31ac283c5bae32c91629fa36adf71572597f2cd5.tar.bz2 fourisland-31ac283c5bae32c91629fa36adf71572597f2cd5.zip |
Fixed Admin's movePending post deletion bug
Certain posts, when moved around, were strangely deleted from the pending queue. This was actually two seperate bugs, both causing the same problem. 1. When looking for the post to swap with, the movePending command would search for the next post with an ID greater than or less than the current ID, but it wouldn't actually sort the results correctly so that the corrent posts wouldn't neccessarily always be the post shown. This resulted in a seemingly random pending posts being deleted. This has been fixed by adding a simply "ORDER BY" clause to the SQL "SELECT" commands. 2. When re-inserting the pending posts into the queue (after swapping IDs), if one of the posts contained invalid characters requiring escaping, MySQL would reject the post without error and simply not insert it, resulting in one or more of the posts involved in the switch to be deleted. This has been fixed by wrapping the text of the post in the mysql_real_escape_string() function.
-rwxr-xr-x | pages/admin.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/pages/admin.php b/pages/admin.php index a3dbffc..11cb35c 100755 --- a/pages/admin.php +++ b/pages/admin.php | |||
@@ -364,7 +364,7 @@ if (isLoggedIn()) | |||
364 | { | 364 | { |
365 | if ($_GET['dir'] == 'up') | 365 | if ($_GET['dir'] == 'up') |
366 | { | 366 | { |
367 | $get2pending = "SELECT * FROM pending WHERE id < " . $_GET['id'] . " LIMIT 0,1"; | 367 | $get2pending = "SELECT * FROM pending WHERE id < " . $_GET['id'] . " ORDER BY id DESC LIMIT 0,1"; |
368 | $get2pending2 = mysql_query($get2pending); | 368 | $get2pending2 = mysql_query($get2pending); |
369 | $get2pending3 = mysql_fetch_array($get2pending2); | 369 | $get2pending3 = mysql_fetch_array($get2pending2); |
370 | 370 | ||
@@ -379,7 +379,7 @@ if (isLoggedIn()) | |||
379 | } | 379 | } |
380 | } else if ($_GET['dir'] == 'down') | 380 | } else if ($_GET['dir'] == 'down') |
381 | { | 381 | { |
382 | $get2pending = "SELECT * FROM pending WHERE id > " . $_GET['id'] . " LIMIT 0,1"; | 382 | $get2pending = "SELECT * FROM pending WHERE id > " . $_GET['id'] . " ORDER BY id ASC LIMIT 0,1"; |
383 | $get2pending2 = mysql_query($get2pending); | 383 | $get2pending2 = mysql_query($get2pending); |
384 | $get2pending3 = mysql_fetch_array($get2pending2); | 384 | $get2pending3 = mysql_fetch_array($get2pending2); |
385 | 385 | ||
@@ -399,11 +399,11 @@ if (isLoggedIn()) | |||
399 | $delpending = "DELETE FROM pending WHERE id = " . $_GET['id'] . " OR id = " . $otherPending['id']; | 399 | $delpending = "DELETE FROM pending WHERE id = " . $_GET['id'] . " OR id = " . $otherPending['id']; |
400 | $delpending2 = mysql_query($delpending); | 400 | $delpending2 = mysql_query($delpending); |
401 | 401 | ||
402 | $inspending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $_GET['id'] . ",\"" . $otherPending['title'] . "\",\"" . $otherPending['author'] . "\",\"" . $otherPending['text'] . "\",\"" . $otherPending['slug'] . "\")"; | 402 | $inspending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $_GET['id'] . ",\"" . $otherPending['title'] . "\",\"" . $otherPending['author'] . "\",\"" . mysql_real_escape_string($otherPending['text']) . "\",\"" . $otherPending['slug'] . "\")"; |
403 | $inspending2 = mysql_query($inspending); | 403 | $inspending2 = mysql_query($inspending); |
404 | 404 | ||
405 | $ins2pending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $otherPending['id'] . ",\"" . $getpending3['title'] . "\",\"" . $getpending3['author'] . "\",\"" . $getpending3['text'] . "\",\"" . $getpending3['slug'] . "\")"; | 405 | $ins2pending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $otherPending['id'] . ",\"" . $getpending3['title'] . "\",\"" . $getpending3['author'] . "\",\"" . mysql_real_escape_string($getpending3['text']) . "\",\"" . $getpending3['slug'] . "\")"; |
406 | $ins2pending2 = mysql_query($ins2pending); | 406 | $ins2pending2 = mysql_query($ins2pending) or die($ins2pending); |
407 | 407 | ||
408 | $tags1 = getTags($_GET['id'], 'pending'); | 408 | $tags1 = getTags($_GET['id'], 'pending'); |
409 | $tags2 = getTags($otherPending['id'], 'pending'); | 409 | $tags2 = getTags($otherPending['id'], 'pending'); |