diff options
Diffstat (limited to 'pages/admin.php')
-rwxr-xr-x | pages/admin.php | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/pages/admin.php b/pages/admin.php index ecd90f5..90e540a 100755 --- a/pages/admin.php +++ b/pages/admin.php | |||
@@ -41,7 +41,7 @@ if (isLoggedIn()) | |||
41 | 41 | ||
42 | if ($_POST['type'] == 'draft') | 42 | if ($_POST['type'] == 'draft') |
43 | { | 43 | { |
44 | $insdraft = "INSERT INTO drafts (title,author,text,slug) VALUES (\"" . addslashes($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; | 44 | $insdraft = "INSERT INTO drafts (title,author,text,slug) VALUES (\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; |
45 | $insdraft2 = mysql_query($insdraft); | 45 | $insdraft2 = mysql_query($insdraft); |
46 | 46 | ||
47 | $id = mysql_insert_id(); | 47 | $id = mysql_insert_id(); |
@@ -87,7 +87,7 @@ if (isLoggedIn()) | |||
87 | generateError(404); | 87 | generateError(404); |
88 | } | 88 | } |
89 | 89 | ||
90 | $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . addslashes($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; | 90 | $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; |
91 | $inspending2 = mysql_query($inspending); | 91 | $inspending2 = mysql_query($inspending); |
92 | 92 | ||
93 | addTags($id, $tags, 'pending'); | 93 | addTags($id, $tags, 'pending'); |
@@ -131,7 +131,7 @@ if (isLoggedIn()) | |||
131 | 131 | ||
132 | if ($_POST['type'] == 'draft') | 132 | if ($_POST['type'] == 'draft') |
133 | { | 133 | { |
134 | $setdraft = "UPDATE drafts SET title = \"" . addslashes($_POST['title']) . "\", text = \"" . addslashes($_POST['text']) . "\" WHERE id = " . $_GET['id']; | 134 | $setdraft = "UPDATE drafts SET title = \"" . mysql_real_escape_string($_POST['title']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id']; |
135 | $setdraft2 = mysql_query($setdraft); | 135 | $setdraft2 = mysql_query($setdraft); |
136 | 136 | ||
137 | addTags($_GET['id'], $tags, 'draft'); | 137 | addTags($_GET['id'], $tags, 'draft'); |
@@ -179,7 +179,7 @@ if (isLoggedIn()) | |||
179 | generateError(404); | 179 | generateError(404); |
180 | } | 180 | } |
181 | 181 | ||
182 | $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . addslashes($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; | 182 | $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; |
183 | $inspending2 = mysql_query($inspending); | 183 | $inspending2 = mysql_query($inspending); |
184 | 184 | ||
185 | addTags($id, $tags, 'pending'); | 185 | addTags($id, $tags, 'pending'); |
@@ -284,7 +284,7 @@ if (isLoggedIn()) | |||
284 | } else { | 284 | } else { |
285 | $tags = explode(',', $_POST['tags']); | 285 | $tags = explode(',', $_POST['tags']); |
286 | 286 | ||
287 | $setpending = "UPDATE pending SET title = \"" . addslashes($_POST['title']) . "\", text = \"" . addslashes($_POST['text']) . "\" WHERE id = " . $_GET['id']; | 287 | $setpending = "UPDATE pending SET title = \"" . mysql_real_escape_string($_POST['title']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id']; |
288 | $setpending2 = mysql_query($setpending); | 288 | $setpending2 = mysql_query($setpending); |
289 | 289 | ||
290 | removeTags($_GET['id'], 'pending'); | 290 | removeTags($_GET['id'], 'pending'); |
@@ -454,7 +454,7 @@ if (isLoggedIn()) | |||
454 | } else { | 454 | } else { |
455 | $tags = explode(',', $_POST['tags']); | 455 | $tags = explode(',', $_POST['tags']); |
456 | 456 | ||
457 | $setpost = "UPDATE updates SET title = \"" . addslashes($_POST['title']) . "\", text = \"" . addslashes($_POST['text']) . "\" WHERE id = " . $_GET['id']; | 457 | $setpost = "UPDATE updates SET title = \"" . mysql_real_escape_string($_POST['title']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id']; |
458 | $setpost2 = mysql_query($setpost); | 458 | $setpost2 = mysql_query($setpost); |
459 | 459 | ||
460 | removeTags($_GET['id']); | 460 | removeTags($_GET['id']); |
@@ -601,13 +601,13 @@ if (isLoggedIn()) | |||
601 | $template = new FITemplate('admin/pollrss'); | 601 | $template = new FITemplate('admin/pollrss'); |
602 | } else if ($_GET['step'] == 2) | 602 | } else if ($_GET['step'] == 2) |
603 | { | 603 | { |
604 | $insrss = "INSERT INTO pollrss (author,rss) VALUES (\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\")"; | 604 | $insrss = "INSERT INTO pollrss (author,rss) VALUES (\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")"; |
605 | $insrss2 = mysql_query($insrss); | 605 | $insrss2 = mysql_query($insrss); |
606 | 606 | ||
607 | $template = new FITemplate('admin/newPoll'); | 607 | $template = new FITemplate('admin/newPoll'); |
608 | } else if ($_GET['step'] == 3) | 608 | } else if ($_GET['step'] == 3) |
609 | { | 609 | { |
610 | $inspoll = "INSERT INTO polloftheweek (question,option1,option2,option3,option4) VALUES (\"" . addslashes($_POST['question']) . "\",\"" . $_POST['option1'] . "\",\"" . $_POST['option2'] . "\",\"" . $_POST['option3'] . "\",\"" . $_POST['option4'] . "\")"; | 610 | $inspoll = "INSERT INTO polloftheweek (question,option1,option2,option3,option4) VALUES (\"" . mysql_real_escape_string($_POST['question']) . "\",\"" . $_POST['option1'] . "\",\"" . $_POST['option2'] . "\",\"" . $_POST['option3'] . "\",\"" . $_POST['option4'] . "\")"; |
611 | $inspoll2 = mysql_query($inspoll); | 611 | $inspoll2 = mysql_query($inspoll); |
612 | 612 | ||
613 | $cleardid = "TRUNCATE TABLE didpollalready"; | 613 | $cleardid = "TRUNCATE TABLE didpollalready"; |
@@ -654,7 +654,7 @@ if (isLoggedIn()) | |||
654 | if (isset($_GET['approve'])) | 654 | if (isset($_GET['approve'])) |
655 | { | 655 | { |
656 | $today = mktime(date('G'),date('i'),date('s'),date('m'),date('d'),date('Y')); | 656 | $today = mktime(date('G'),date('i'),date('s'),date('m'),date('d'),date('Y')); |
657 | $insquote = "INSERT INTO rash_quotes (quote,date) VALUES (\"" . addslashes($getpending3['quote']) . "\",\"" . $today . "\")"; | 657 | $insquote = "INSERT INTO rash_quotes (quote,date) VALUES (\"" . mysql_real_escape_string($getpending3['quote']) . "\",\"" . $today . "\")"; |
658 | $insquote2 = mysql_query($insquote); | 658 | $insquote2 = mysql_query($insquote); |
659 | 659 | ||
660 | $delpending = "DELETE FROM rash_queue WHERE id = " . $_GET['id']; | 660 | $delpending = "DELETE FROM rash_queue WHERE id = " . $_GET['id']; |