summary refs log tree commit diff stats
path: root/pages
diff options
context:
space:
mode:
authorStarla Insigna <hatkirby@fourisland.com>2008-12-19 21:06:16 -0500
committerStarla Insigna <hatkirby@fourisland.com>2008-12-19 21:06:16 -0500
commit31ac283c5bae32c91629fa36adf71572597f2cd5 (patch)
tree442d8a466e70a34caf4547c34ca1704f90d9c9f4 /pages
parent7c7a1832c679729e7e97657be90a6d5de0cd37db (diff)
downloadfourisland-31ac283c5bae32c91629fa36adf71572597f2cd5.tar.gz
fourisland-31ac283c5bae32c91629fa36adf71572597f2cd5.tar.bz2
fourisland-31ac283c5bae32c91629fa36adf71572597f2cd5.zip
Fixed Admin's movePending post deletion bug
Certain posts, when moved around, were strangely deleted from the pending queue. This was actually two seperate bugs, both causing the same problem.

1. When looking for the post to swap with, the movePending command would search for the next post with an ID greater than or less than the current
   ID, but it wouldn't actually sort the results correctly so that the corrent posts wouldn't neccessarily always be the post shown. This resulted in
   a seemingly random pending posts being deleted. This has been fixed by adding a simply "ORDER BY" clause to the SQL "SELECT" commands.

2. When re-inserting the pending posts into the queue (after swapping IDs), if one of the posts contained invalid characters requiring escaping,
   MySQL would reject the post without error and simply not insert it, resulting in one or more of the posts involved in the switch to be deleted.
   This has been fixed by wrapping the text of the post in the mysql_real_escape_string() function.
Diffstat (limited to 'pages')
-rwxr-xr-xpages/admin.php10
1 files changed, 5 insertions, 5 deletions
diff --git a/pages/admin.php b/pages/admin.php index a3dbffc..11cb35c 100755 --- a/pages/admin.php +++ b/pages/admin.php
@@ -364,7 +364,7 @@ if (isLoggedIn())
364 { 364 {
365 if ($_GET['dir'] == 'up') 365 if ($_GET['dir'] == 'up')
366 { 366 {
367 $get2pending = "SELECT * FROM pending WHERE id < " . $_GET['id'] . " LIMIT 0,1"; 367 $get2pending = "SELECT * FROM pending WHERE id < " . $_GET['id'] . " ORDER BY id DESC LIMIT 0,1";
368 $get2pending2 = mysql_query($get2pending); 368 $get2pending2 = mysql_query($get2pending);
369 $get2pending3 = mysql_fetch_array($get2pending2); 369 $get2pending3 = mysql_fetch_array($get2pending2);
370 370
@@ -379,7 +379,7 @@ if (isLoggedIn())
379 } 379 }
380 } else if ($_GET['dir'] == 'down') 380 } else if ($_GET['dir'] == 'down')
381 { 381 {
382 $get2pending = "SELECT * FROM pending WHERE id > " . $_GET['id'] . " LIMIT 0,1"; 382 $get2pending = "SELECT * FROM pending WHERE id > " . $_GET['id'] . " ORDER BY id ASC LIMIT 0,1";
383 $get2pending2 = mysql_query($get2pending); 383 $get2pending2 = mysql_query($get2pending);
384 $get2pending3 = mysql_fetch_array($get2pending2); 384 $get2pending3 = mysql_fetch_array($get2pending2);
385 385
@@ -399,11 +399,11 @@ if (isLoggedIn())
399 $delpending = "DELETE FROM pending WHERE id = " . $_GET['id'] . " OR id = " . $otherPending['id']; 399 $delpending = "DELETE FROM pending WHERE id = " . $_GET['id'] . " OR id = " . $otherPending['id'];
400 $delpending2 = mysql_query($delpending); 400 $delpending2 = mysql_query($delpending);
401 401
402 $inspending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $_GET['id'] . ",\"" . $otherPending['title'] . "\",\"" . $otherPending['author'] . "\",\"" . $otherPending['text'] . "\",\"" . $otherPending['slug'] . "\")"; 402 $inspending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $_GET['id'] . ",\"" . $otherPending['title'] . "\",\"" . $otherPending['author'] . "\",\"" . mysql_real_escape_string($otherPending['text']) . "\",\"" . $otherPending['slug'] . "\")";
403 $inspending2 = mysql_query($inspending); 403 $inspending2 = mysql_query($inspending);
404 404
405 $ins2pending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $otherPending['id'] . ",\"" . $getpending3['title'] . "\",\"" . $getpending3['author'] . "\",\"" . $getpending3['text'] . "\",\"" . $getpending3['slug'] . "\")"; 405 $ins2pending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $otherPending['id'] . ",\"" . $getpending3['title'] . "\",\"" . $getpending3['author'] . "\",\"" . mysql_real_escape_string($getpending3['text']) . "\",\"" . $getpending3['slug'] . "\")";
406 $ins2pending2 = mysql_query($ins2pending); 406 $ins2pending2 = mysql_query($ins2pending) or die($ins2pending);
407 407
408 $tags1 = getTags($_GET['id'], 'pending'); 408 $tags1 = getTags($_GET['id'], 'pending');
409 $tags2 = getTags($otherPending['id'], 'pending'); 409 $tags2 = getTags($otherPending['id'], 'pending');