From 31ac283c5bae32c91629fa36adf71572597f2cd5 Mon Sep 17 00:00:00 2001
From: Starla Insigna <hatkirby@fourisland.com>
Date: Fri, 19 Dec 2008 21:06:16 -0500
Subject: Fixed Admin's movePending post deletion bug

Certain posts, when moved around, were strangely deleted from the pending queue. This was actually two seperate bugs, both causing the same problem.

1. When looking for the post to swap with, the movePending command would search for the next post with an ID greater than or less than the current
   ID, but it wouldn't actually sort the results correctly so that the corrent posts wouldn't neccessarily always be the post shown. This resulted in
   a seemingly random pending posts being deleted. This has been fixed by adding a simply "ORDER BY" clause to the SQL "SELECT" commands.

2. When re-inserting the pending posts into the queue (after swapping IDs), if one of the posts contained invalid characters requiring escaping,
   MySQL would reject the post without error and simply not insert it, resulting in one or more of the posts involved in the switch to be deleted.
   This has been fixed by wrapping the text of the post in the mysql_real_escape_string() function.
---
 pages/admin.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'pages/admin.php')

diff --git a/pages/admin.php b/pages/admin.php
index a3dbffc..11cb35c 100755
--- a/pages/admin.php
+++ b/pages/admin.php
@@ -364,7 +364,7 @@ if (isLoggedIn())
 			{
 				if ($_GET['dir'] == 'up')
 				{
-					$get2pending = "SELECT * FROM pending WHERE id < " . $_GET['id'] . " LIMIT 0,1";
+					$get2pending = "SELECT * FROM pending WHERE id < " . $_GET['id'] . " ORDER BY id DESC LIMIT 0,1";
 					$get2pending2 = mysql_query($get2pending);
 					$get2pending3 = mysql_fetch_array($get2pending2);
 
@@ -379,7 +379,7 @@ if (isLoggedIn())
 					}
 				} else if ($_GET['dir'] == 'down')
 				{
-					$get2pending = "SELECT * FROM pending WHERE id > " . $_GET['id'] . " LIMIT 0,1";
+					$get2pending = "SELECT * FROM pending WHERE id > " . $_GET['id'] . " ORDER BY id ASC LIMIT 0,1";
 					$get2pending2 = mysql_query($get2pending);
 					$get2pending3 = mysql_fetch_array($get2pending2);
 
@@ -399,11 +399,11 @@ if (isLoggedIn())
 					$delpending = "DELETE FROM pending WHERE id = " . $_GET['id'] . " OR id = " . $otherPending['id'];
 					$delpending2 = mysql_query($delpending);
 
-					$inspending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $_GET['id'] . ",\"" . $otherPending['title'] . "\",\"" . $otherPending['author'] . "\",\"" . $otherPending['text'] . "\",\"" . $otherPending['slug'] . "\")";
+					$inspending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $_GET['id'] . ",\"" . $otherPending['title'] . "\",\"" . $otherPending['author'] . "\",\"" . mysql_real_escape_string($otherPending['text']) . "\",\"" . $otherPending['slug'] . "\")";
 					$inspending2 = mysql_query($inspending);
 
-					$ins2pending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $otherPending['id'] . ",\"" . $getpending3['title'] . "\",\"" . $getpending3['author'] . "\",\"" . $getpending3['text'] . "\",\"" . $getpending3['slug'] . "\")";
-					$ins2pending2 = mysql_query($ins2pending);
+					$ins2pending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $otherPending['id'] . ",\"" . $getpending3['title'] . "\",\"" . $getpending3['author'] . "\",\"" . mysql_real_escape_string($getpending3['text']) . "\",\"" . $getpending3['slug'] . "\")";
+					$ins2pending2 = mysql_query($ins2pending) or die($ins2pending);
 
 					$tags1 = getTags($_GET['id'], 'pending');
 					$tags2 = getTags($otherPending['id'], 'pending');
-- 
cgit 1.4.1