Fixed Admin's movePending post deletion bug

Certain posts, when moved around, were strangely deleted from the pending queue. This was actually two seperate bugs, both causing the same problem. 1. When looking for the post to swap with, the movePending command would search for the next post with an ID greater than or less than the current ID, but it wouldn't actually sort the results correctly so that the corrent posts wouldn't neccessarily always be the post shown. This resulted in a seemingly random pending posts being deleted. This has been fixed by adding a simply "ORDER BY" clause to the SQL "SELECT" commands. 2. When re-inserting the pending posts into the queue (after swapping IDs), if one of the posts contained invalid characters requiring escaping, MySQL would reject the post without error and simply not insert it, resulting in one or more of the posts involved in the switch to be deleted. This has been fixed by wrapping the text of the post in the mysql_real_escape_string() function.
author: Starla Insigna <hatkirby@fourisland.com> 2008-12-19 21:06:16 -0500
committer: Starla Insigna <hatkirby@fourisland.com> 2008-12-19 21:06:16 -0500
commit: 31ac283c5bae32c91629fa36adf71572597f2cd5 (patch)
tree: 442d8a466e70a34caf4547c34ca1704f90d9c9f4
parent: 7c7a1832c679729e7e97657be90a6d5de0cd37db (diff)
download: fourisland-31ac283c5bae32c91629fa36adf71572597f2cd5.tar.gz
fourisland-31ac283c5bae32c91629fa36adf71572597f2cd5.tar.bz2
fourisland-31ac283c5bae32c91629fa36adf71572597f2cd5.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/pages/admin.php b/pages/admin.php
index a3dbffc..11cb35c 100755
--- a/pages/admin.php
+++ b/pages/admin.php

@@ -364,7 +364,7 @@ if (isLoggedIn())
                        {
                                if ($_GET['dir'] == 'up')
                                {
-                                        $get2pending = "SELECT * FROM pending WHERE id < " . $_GET['id'] . " LIMIT 0,1";
+                                        $get2pending = "SELECT * FROM pending WHERE id < " . $_GET['id'] . " ORDER BY id DESC LIMIT 0,1";
                                        $get2pending2 = mysql_query($get2pending);
                                        $get2pending3 = mysql_fetch_array($get2pending2);
@@ -379,7 +379,7 @@ if (isLoggedIn())
                                        }
                                } else if ($_GET['dir'] == 'down')
                                {
-                                        $get2pending = "SELECT * FROM pending WHERE id > " . $_GET['id'] . " LIMIT 0,1";
+                                        $get2pending = "SELECT * FROM pending WHERE id > " . $_GET['id'] . " ORDER BY id ASC LIMIT 0,1";
                                        $get2pending2 = mysql_query($get2pending);
                                        $get2pending3 = mysql_fetch_array($get2pending2);
@@ -399,11 +399,11 @@ if (isLoggedIn())
                                        $delpending = "DELETE FROM pending WHERE id = " . $_GET['id'] . " OR id = " . $otherPending['id'];
                                        $delpending2 = mysql_query($delpending);
-                                        $inspending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $_GET['id'] . ",\"" . $otherPending['title'] . "\",\"" . $otherPending['author'] . "\",\"" . $otherPending['text'] . "\",\"" . $otherPending['slug'] . "\")";
+                                        $inspending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $_GET['id'] . ",\"" . $otherPending['title'] . "\",\"" . $otherPending['author'] . "\",\"" . mysql_real_escape_string($otherPending['text']) . "\",\"" . $otherPending['slug'] . "\")";
                                        $inspending2 = mysql_query($inspending);
-                                        $ins2pending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $otherPending['id'] . ",\"" . $getpending3['title'] . "\",\"" . $getpending3['author'] . "\",\"" . $getpending3['text'] . "\",\"" . $getpending3['slug'] . "\")";
+                                        $ins2pending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $otherPending['id'] . ",\"" . $getpending3['title'] . "\",\"" . $getpending3['author'] . "\",\"" . mysql_real_escape_string($getpending3['text']) . "\",\"" . $getpending3['slug'] . "\")";
-                                        $ins2pending2 = mysql_query($ins2pending);
+                                        $ins2pending2 = mysql_query($ins2pending) or die($ins2pending);
                                        $tags1 = getTags($_GET['id'], 'pending');
                                        $tags2 = getTags($otherPending['id'], 'pending');
author	Starla Insigna <hatkirby@fourisland.com>	2008-12-19 21:06:16 -0500
committer	Starla Insigna <hatkirby@fourisland.com>	2008-12-19 21:06:16 -0500
commit	31ac283c5bae32c91629fa36adf71572597f2cd5 (patch)
tree	442d8a466e70a34caf4547c34ca1704f90d9c9f4
parent	7c7a1832c679729e7e97657be90a6d5de0cd37db (diff)
download	fourisland-31ac283c5bae32c91629fa36adf71572597f2cd5.tar.gz fourisland-31ac283c5bae32c91629fa36adf71572597f2cd5.tar.bz2 fourisland-31ac283c5bae32c91629fa36adf71572597f2cd5.zip

diff --git a/pages/admin.php b/pages/admin.php index a3dbffc..11cb35c 100755 --- a/pages/admin.php +++ b/pages/admin.php
@@ -364,7 +364,7 @@ if (isLoggedIn())
364	{	364	{
365	if ($_GET['dir'] == 'up')	365	if ($_GET['dir'] == 'up')
366	{	366	{
367	$get2pending = "SELECT * FROM pending WHERE id < " . $_GET['id'] . " LIMIT 0,1";	367	$get2pending = "SELECT * FROM pending WHERE id < " . $_GET['id'] . " ORDER BY id DESC LIMIT 0,1";
368	$get2pending2 = mysql_query($get2pending);	368	$get2pending2 = mysql_query($get2pending);
369	$get2pending3 = mysql_fetch_array($get2pending2);	369	$get2pending3 = mysql_fetch_array($get2pending2);
370		370
@@ -379,7 +379,7 @@ if (isLoggedIn())
379	}	379	}
380	} else if ($_GET['dir'] == 'down')	380	} else if ($_GET['dir'] == 'down')
381	{	381	{
382	$get2pending = "SELECT * FROM pending WHERE id > " . $_GET['id'] . " LIMIT 0,1";	382	$get2pending = "SELECT * FROM pending WHERE id > " . $_GET['id'] . " ORDER BY id ASC LIMIT 0,1";
383	$get2pending2 = mysql_query($get2pending);	383	$get2pending2 = mysql_query($get2pending);
384	$get2pending3 = mysql_fetch_array($get2pending2);	384	$get2pending3 = mysql_fetch_array($get2pending2);
385		385
@@ -399,11 +399,11 @@ if (isLoggedIn())
399	$delpending = "DELETE FROM pending WHERE id = " . $_GET['id'] . " OR id = " . $otherPending['id'];	399	$delpending = "DELETE FROM pending WHERE id = " . $_GET['id'] . " OR id = " . $otherPending['id'];
400	$delpending2 = mysql_query($delpending);	400	$delpending2 = mysql_query($delpending);
401		401
402	$inspending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $_GET['id'] . ",\"" . $otherPending['title'] . "\",\"" . $otherPending['author'] . "\",\"" . $otherPending['text'] . "\",\"" . $otherPending['slug'] . "\")";	402	$inspending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $_GET['id'] . ",\"" . $otherPending['title'] . "\",\"" . $otherPending['author'] . "\",\"" . mysql_real_escape_string($otherPending['text']) . "\",\"" . $otherPending['slug'] . "\")";
403	$inspending2 = mysql_query($inspending);	403	$inspending2 = mysql_query($inspending);
404		404
405	$ins2pending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $otherPending['id'] . ",\"" . $getpending3['title'] . "\",\"" . $getpending3['author'] . "\",\"" . $getpending3['text'] . "\",\"" . $getpending3['slug'] . "\")";	405	$ins2pending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $otherPending['id'] . ",\"" . $getpending3['title'] . "\",\"" . $getpending3['author'] . "\",\"" . mysql_real_escape_string($getpending3['text']) . "\",\"" . $getpending3['slug'] . "\")";
406	$ins2pending2 = mysql_query($ins2pending);	406	$ins2pending2 = mysql_query($ins2pending) or die($ins2pending);
407		407
408	$tags1 = getTags($_GET['id'], 'pending');	408	$tags1 = getTags($_GET['id'], 'pending');
409	$tags2 = getTags($otherPending['id'], 'pending');	409	$tags2 = getTags($otherPending['id'], 'pending');