summary refs log tree commit diff stats
path: root/pages/admin.php
diff options
context:
space:
mode:
Diffstat (limited to 'pages/admin.php')
-rwxr-xr-xpages/admin.php18
1 files changed, 9 insertions, 9 deletions
diff --git a/pages/admin.php b/pages/admin.php index ecd90f5..90e540a 100755 --- a/pages/admin.php +++ b/pages/admin.php
@@ -41,7 +41,7 @@ if (isLoggedIn())
41 41
42 if ($_POST['type'] == 'draft') 42 if ($_POST['type'] == 'draft')
43 { 43 {
44 $insdraft = "INSERT INTO drafts (title,author,text,slug) VALUES (\"" . addslashes($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; 44 $insdraft = "INSERT INTO drafts (title,author,text,slug) VALUES (\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")";
45 $insdraft2 = mysql_query($insdraft); 45 $insdraft2 = mysql_query($insdraft);
46 46
47 $id = mysql_insert_id(); 47 $id = mysql_insert_id();
@@ -87,7 +87,7 @@ if (isLoggedIn())
87 generateError(404); 87 generateError(404);
88 } 88 }
89 89
90 $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . addslashes($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; 90 $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")";
91 $inspending2 = mysql_query($inspending); 91 $inspending2 = mysql_query($inspending);
92 92
93 addTags($id, $tags, 'pending'); 93 addTags($id, $tags, 'pending');
@@ -131,7 +131,7 @@ if (isLoggedIn())
131 131
132 if ($_POST['type'] == 'draft') 132 if ($_POST['type'] == 'draft')
133 { 133 {
134 $setdraft = "UPDATE drafts SET title = \"" . addslashes($_POST['title']) . "\", text = \"" . addslashes($_POST['text']) . "\" WHERE id = " . $_GET['id']; 134 $setdraft = "UPDATE drafts SET title = \"" . mysql_real_escape_string($_POST['title']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id'];
135 $setdraft2 = mysql_query($setdraft); 135 $setdraft2 = mysql_query($setdraft);
136 136
137 addTags($_GET['id'], $tags, 'draft'); 137 addTags($_GET['id'], $tags, 'draft');
@@ -179,7 +179,7 @@ if (isLoggedIn())
179 generateError(404); 179 generateError(404);
180 } 180 }
181 181
182 $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . addslashes($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; 182 $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")";
183 $inspending2 = mysql_query($inspending); 183 $inspending2 = mysql_query($inspending);
184 184
185 addTags($id, $tags, 'pending'); 185 addTags($id, $tags, 'pending');
@@ -284,7 +284,7 @@ if (isLoggedIn())
284 } else { 284 } else {
285 $tags = explode(',', $_POST['tags']); 285 $tags = explode(',', $_POST['tags']);
286 286
287 $setpending = "UPDATE pending SET title = \"" . addslashes($_POST['title']) . "\", text = \"" . addslashes($_POST['text']) . "\" WHERE id = " . $_GET['id']; 287 $setpending = "UPDATE pending SET title = \"" . mysql_real_escape_string($_POST['title']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id'];
288 $setpending2 = mysql_query($setpending); 288 $setpending2 = mysql_query($setpending);
289 289
290 removeTags($_GET['id'], 'pending'); 290 removeTags($_GET['id'], 'pending');
@@ -454,7 +454,7 @@ if (isLoggedIn())
454 } else { 454 } else {
455 $tags = explode(',', $_POST['tags']); 455 $tags = explode(',', $_POST['tags']);
456 456
457 $setpost = "UPDATE updates SET title = \"" . addslashes($_POST['title']) . "\", text = \"" . addslashes($_POST['text']) . "\" WHERE id = " . $_GET['id']; 457 $setpost = "UPDATE updates SET title = \"" . mysql_real_escape_string($_POST['title']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id'];
458 $setpost2 = mysql_query($setpost); 458 $setpost2 = mysql_query($setpost);
459 459
460 removeTags($_GET['id']); 460 removeTags($_GET['id']);
@@ -601,13 +601,13 @@ if (isLoggedIn())
601 $template = new FITemplate('admin/pollrss'); 601 $template = new FITemplate('admin/pollrss');
602 } else if ($_GET['step'] == 2) 602 } else if ($_GET['step'] == 2)
603 { 603 {
604 $insrss = "INSERT INTO pollrss (author,rss) VALUES (\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\")"; 604 $insrss = "INSERT INTO pollrss (author,rss) VALUES (\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")";
605 $insrss2 = mysql_query($insrss); 605 $insrss2 = mysql_query($insrss);
606 606
607 $template = new FITemplate('admin/newPoll'); 607 $template = new FITemplate('admin/newPoll');
608 } else if ($_GET['step'] == 3) 608 } else if ($_GET['step'] == 3)
609 { 609 {
610 $inspoll = "INSERT INTO polloftheweek (question,option1,option2,option3,option4) VALUES (\"" . addslashes($_POST['question']) . "\",\"" . $_POST['option1'] . "\",\"" . $_POST['option2'] . "\",\"" . $_POST['option3'] . "\",\"" . $_POST['option4'] . "\")"; 610 $inspoll = "INSERT INTO polloftheweek (question,option1,option2,option3,option4) VALUES (\"" . mysql_real_escape_string($_POST['question']) . "\",\"" . $_POST['option1'] . "\",\"" . $_POST['option2'] . "\",\"" . $_POST['option3'] . "\",\"" . $_POST['option4'] . "\")";
611 $inspoll2 = mysql_query($inspoll); 611 $inspoll2 = mysql_query($inspoll);
612 612
613 $cleardid = "TRUNCATE TABLE didpollalready"; 613 $cleardid = "TRUNCATE TABLE didpollalready";
@@ -654,7 +654,7 @@ if (isLoggedIn())
654 if (isset($_GET['approve'])) 654 if (isset($_GET['approve']))
655 { 655 {
656 $today = mktime(date('G'),date('i'),date('s'),date('m'),date('d'),date('Y')); 656 $today = mktime(date('G'),date('i'),date('s'),date('m'),date('d'),date('Y'));
657 $insquote = "INSERT INTO rash_quotes (quote,date) VALUES (\"" . addslashes($getpending3['quote']) . "\",\"" . $today . "\")"; 657 $insquote = "INSERT INTO rash_quotes (quote,date) VALUES (\"" . mysql_real_escape_string($getpending3['quote']) . "\",\"" . $today . "\")";
658 $insquote2 = mysql_query($insquote); 658 $insquote2 = mysql_query($insquote);
659 659
660 $delpending = "DELETE FROM rash_queue WHERE id = " . $_GET['id']; 660 $delpending = "DELETE FROM rash_queue WHERE id = " . $_GET['id'];