From 31ac283c5bae32c91629fa36adf71572597f2cd5 Mon Sep 17 00:00:00 2001 From: Starla Insigna Date: Fri, 19 Dec 2008 21:06:16 -0500 Subject: Fixed Admin's movePending post deletion bug Certain posts, when moved around, were strangely deleted from the pending queue. This was actually two seperate bugs, both causing the same problem. 1. When looking for the post to swap with, the movePending command would search for the next post with an ID greater than or less than the current ID, but it wouldn't actually sort the results correctly so that the corrent posts wouldn't neccessarily always be the post shown. This resulted in a seemingly random pending posts being deleted. This has been fixed by adding a simply "ORDER BY" clause to the SQL "SELECT" commands. 2. When re-inserting the pending posts into the queue (after swapping IDs), if one of the posts contained invalid characters requiring escaping, MySQL would reject the post without error and simply not insert it, resulting in one or more of the posts involved in the switch to be deleted. This has been fixed by wrapping the text of the post in the mysql_real_escape_string() function. --- pages/admin.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'pages') diff --git a/pages/admin.php b/pages/admin.php index a3dbffc..11cb35c 100755 --- a/pages/admin.php +++ b/pages/admin.php @@ -364,7 +364,7 @@ if (isLoggedIn()) { if ($_GET['dir'] == 'up') { - $get2pending = "SELECT * FROM pending WHERE id < " . $_GET['id'] . " LIMIT 0,1"; + $get2pending = "SELECT * FROM pending WHERE id < " . $_GET['id'] . " ORDER BY id DESC LIMIT 0,1"; $get2pending2 = mysql_query($get2pending); $get2pending3 = mysql_fetch_array($get2pending2); @@ -379,7 +379,7 @@ if (isLoggedIn()) } } else if ($_GET['dir'] == 'down') { - $get2pending = "SELECT * FROM pending WHERE id > " . $_GET['id'] . " LIMIT 0,1"; + $get2pending = "SELECT * FROM pending WHERE id > " . $_GET['id'] . " ORDER BY id ASC LIMIT 0,1"; $get2pending2 = mysql_query($get2pending); $get2pending3 = mysql_fetch_array($get2pending2); @@ -399,11 +399,11 @@ if (isLoggedIn()) $delpending = "DELETE FROM pending WHERE id = " . $_GET['id'] . " OR id = " . $otherPending['id']; $delpending2 = mysql_query($delpending); - $inspending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $_GET['id'] . ",\"" . $otherPending['title'] . "\",\"" . $otherPending['author'] . "\",\"" . $otherPending['text'] . "\",\"" . $otherPending['slug'] . "\")"; + $inspending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $_GET['id'] . ",\"" . $otherPending['title'] . "\",\"" . $otherPending['author'] . "\",\"" . mysql_real_escape_string($otherPending['text']) . "\",\"" . $otherPending['slug'] . "\")"; $inspending2 = mysql_query($inspending); - $ins2pending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $otherPending['id'] . ",\"" . $getpending3['title'] . "\",\"" . $getpending3['author'] . "\",\"" . $getpending3['text'] . "\",\"" . $getpending3['slug'] . "\")"; - $ins2pending2 = mysql_query($ins2pending); + $ins2pending = "INSERT INTO pending (id, title, author, text, slug) VALUES (" . $otherPending['id'] . ",\"" . $getpending3['title'] . "\",\"" . $getpending3['author'] . "\",\"" . mysql_real_escape_string($getpending3['text']) . "\",\"" . $getpending3['slug'] . "\")"; + $ins2pending2 = mysql_query($ins2pending) or die($ins2pending); $tags1 = getTags($_GET['id'], 'pending'); $tags2 = getTags($otherPending['id'], 'pending'); -- cgit 1.4.1