lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-17 15:10:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

keep some default value be integer 2

Browse Source
This commit is contained in:
xiaomlove
2021-01-06 02:19:03 +08:00
parent 28ab56fe70
commit 38dae7c068
25 changed files with 100 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
admanage.php
View File

@@ -252,7 +252,7 @@ elseif ($action == 'submit')
else
{
if ($_POST['isedit']){
$id = $_POST['id'] ?? 0;
$id = intval($_POST['id'] ?? 0);
if (!$id)
{
stderr($lang_admanage['std_error'], $lang_admanage['std_invalid_id']);
@@ -276,8 +276,8 @@ elseif ($action == 'submit')
$name = $_POST['ad']['name'];
$starttime = $_POST['ad']['starttime'];
$endtime = $_POST['ad']['endtime'];
$displayorder = $_POST['ad']['displayorder'] ?? 0;
$enabled = $_POST['ad']['enabled'] ?? 0;
$displayorder = intval($_POST['ad']['displayorder'] ?? 0);
$enabled = intval($_POST['ad']['enabled'] ?? 0);
$type = $_POST['ad']['type'];
if (!$name || !$type)
{
@@ -317,8 +317,8 @@ elseif ($action == 'submit')
case 'image':
if (!$_POST['ad']['image']['url'] || !$_POST['ad']['image']['link'])
stderr($lang_admanage['std_error'], $lang_admanage['std_missing_form_data']);
$_POST['ad']['image']['width'] = $_POST['ad']['image']['width'] ?? 0;
$_POST['ad']['image']['height'] = $_POST['ad']['image']['height'] ?? 0;
$_POST['ad']['image']['width'] = intval($_POST['ad']['image']['width'] ?? 0);
$_POST['ad']['image']['height'] = intval($_POST['ad']['image']['height'] ?? 0);
$parameters = serialize($_POST['ad']['image']);
$imgadd = "";
if ($_POST['ad']['image']['width'])
@@ -330,8 +330,8 @@ elseif ($action == 'submit')
$code = "<a href=\"adredir.php?id=".$adid."&amp;url=".rawurlencode(htmlspecialchars($_POST['ad']['image']['link']))."\" target=\"_blank\"><img border=\"0\" src=\"".htmlspecialchars($_POST['ad']['image']['url'])."\"".$imgadd." alt=\"ad\" /></a>";
break;
case 'flash':
$_POST['ad']['flash']['width'] = $_POST['ad']['flash']['width'] ?? 0;
$_POST['ad']['flash']['height'] = $_POST['ad']['flash']['height'] ?? 0;
$_POST['ad']['flash']['width'] = intval($_POST['ad']['flash']['width'] ?? 0);
$_POST['ad']['flash']['height'] = intval($_POST['ad']['flash']['height'] ?? 0);
if (!$_POST['ad']['flash']['url'] || !$_POST['ad']['flash']['width'] || !$_POST['ad']['flash']['height'])
stderr($lang_admanage['std_error'], $lang_admanage['std_missing_form_data']);
$parameters = serialize($_POST['ad']['flash']);

2
bookmark.php
View File

@@ -9,7 +9,7 @@ header("Cache-Control: no-cache, must-revalidate" );
header("Pragma: no-cache" );
header("Content-Type: text/xml; charset=utf-8");
$torrentid = $_GET['torrentid'] ?? 0;
$torrentid = intval($_GET['torrentid'] ?? 0);
if(isset($CURUSER))
{
$res_bookmark = sql_query("SELECT * FROM bookmarks WHERE torrentid=" . sqlesc($torrentid) . " AND userid=" . sqlesc($CURUSER[id]));

38
catmanage.php
View File

@@ -640,7 +640,7 @@ elseif($action == 'submit')
{
$dbtablename=return_category_db_table_name($type);
if ($_POST['isedit']){
$id = $_POST['id'] ?? 0;
$id = intval($_POST['id'] ?? 0);
if (!$id)
{
stderr($lang_catmanage['std_error'], $lang_catmanage['std_invalid_id']);
@@ -658,22 +658,22 @@ elseif($action == 'submit')
if (!$name)
stderr($lang_catmanage['std_error'], $lang_catmanage['std_missing_form_data']);
$updateset[] = "name=".sqlesc($name);
$sort_index = $_POST['sort_index'] ?? 0;
$sort_index = intval($_POST['sort_index'] ?? 0);
$updateset[] = "sort_index=".sqlesc($sort_index);
$Cache->delete_value($dbtablename.'_list');
}
elseif ($type=='searchbox'){
$name = $_POST['name'];
$catsperrow = $_POST['catsperrow'] ?? 0;
$catpadding = $_POST['catpadding'] ?? 0;
$catsperrow = intval($_POST['catsperrow'] ?? 0);
$catpadding = intval($_POST['catpadding'] ?? 0);
if (!$name || !$catsperrow || !$catpadding)
stderr($lang_catmanage['std_error'], $lang_catmanage['std_missing_form_data']);
$showsource = $_POST['showsource'] ?? 0;
$showmedium = $_POST['showmedium'] ?? 0;
$showcodec = $_POST['showcodec'] ?? 0;
$showstandard = $_POST['showstandard'] ?? 0;
$showprocessing = $_POST['showprocessing'] ?? 0;
$showteam = $_POST['showteam'] ?? 0;
$showsource = intval($_POST['showsource'] ?? 0);
$showmedium = intval($_POST['showmedium'] ?? 0);
$showcodec = intval($_POST['showcodec'] ?? 0);
$showstandard = intval($_POST['showstandard'] ?? 0);
$showprocessing = intval($_POST['showprocessing'] ?? 0);
$showteam = intval($_POST['showteam'] ?? 0);
$showaudiocodec = $_POST['showaudiocodec'];
$updateset[] = "catsperrow=".sqlesc($catsperrow);
$updateset[] = "catpadding=".sqlesc($catpadding);
@@ -720,13 +720,13 @@ elseif($action == 'submit')
$name = $_POST['name'];
$image = trim($_POST['image']);
$class_name = trim($_POST['class_name']);
$source = $_POST['source'] ?? 0;
$medium = $_POST['medium'] ?? 0;
$codec = $_POST['codec'] ?? 0;
$standard = $_POST['standard'] ?? 0;
$processing = $_POST['processing'] ?? 0;
$team = $_POST['team'] ?? 0;
$audiocodec = $_POST['audiocodec'] ?? 0;
$source = intval($_POST['source'] ?? 0);
$medium = intval($_POST['medium'] ?? 0);
$codec = intval($_POST['codec'] ?? 0);
$standard = intval($_POST['standard'] ?? 0);
$processing = intval($_POST['processing'] ?? 0);
$team = intval($_POST['team'] ?? 0;
$audiocodec = intval($_POST['audiocodec'] ?? 0);
if (!$name || !$image)
stderr($lang_catmanage['std_error'], $lang_catmanage['std_missing_form_data']);
if (!valid_file_name($image))
@@ -756,9 +756,9 @@ elseif($action == 'submit')
elseif ($type=='category'){
$name = $_POST['name'];
$image = trim($_POST['image']);
$mode = $_POST['mode'] ?? 0;
$mode = intval($_POST['mode'] ?? 0);
$class_name = trim($_POST['class_name']);
$sort_index = $_POST['sort_index'] ?? 0;
$sort_index = intval($_POST['sort_index'] ?? 0);
if (!$name || !$image)
stderr($lang_catmanage['std_error'], $lang_catmanage['std_missing_form_data']);
if (!valid_file_name($image))

2
checkuser.php
View File

@@ -4,7 +4,7 @@ dbconn();
require_once(get_langfile_path());
loggedinorreturn();
parked();
$id = $_GET["id"] ?? 0;
$id = intval($_GET["id"] ?? 0);
int_check($id,true);
function bark($msg)
{

4
delete.php
View File

@@ -16,7 +16,7 @@ function bark($msg) {
if (!mkglobal("id"))
bark($lang_delete['std_missing_form_date']);
$id = $id ?? 0;
$id = intval($id ?? 0);
if (!$id)
die();
@@ -28,7 +28,7 @@ if (!$row)
if ($CURUSER["id"] != $row["owner"] && get_user_class() < $torrentmanage_class)
bark($lang_delete['std_not_owner']);
$rt = $_POST["reasontype"] ?? 0;
$rt = intval($_POST["reasontype"] ?? 0);
if (!is_int($rt) || $rt < 1 || $rt > 5)
bark($lang_delete['std_invalid_reason']."$rt.");

4
downloadsubs.php
View File

@@ -13,8 +13,8 @@ $dirname = $_GET["torrentid"];
if (!$filename || !$dirname)
die("File name missing\n");
$filename = $filename ?? 0;
$dirname = $dirname ?? 0;
$filename = intval($filename ?? 0);
$dirname = intval($dirname ?? 0);
$res = sql_query("SELECT * FROM subs WHERE id=$filename") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);

14
faqactions.php
View File

@@ -108,7 +108,7 @@ elseif (isset($_GET['action']) && $_GET['action'] == "editsect" && $_POST['id']
// ACTION: delete - delete a section or item
elseif (isset($_GET['action']) && $_GET['action'] == "delete" && isset($_GET['id'])) {
if ($_GET[confirm] == "yes") {
sql_query("DELETE FROM `faq` WHERE `id`=".sqlesc($_GET['id'] ?? 0)." LIMIT 1") or sqlerr();
sql_query("DELETE FROM `faq` WHERE `id`=".sqlesc(intval($_GET['id'] ?? 0))." LIMIT 1") or sqlerr();
header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php");
die;
}
@@ -132,8 +132,8 @@ elseif (isset($_GET['action']) && $_GET['action'] == "additem" && $_GET['inid']
print("<tr><td>Question:</td><td><input style=\"width: 600px;\" type=\"text\" name=\"question\" value=\"\" /></td></tr>\n");
print("<tr><td style=\"vertical-align: top;\">Answer:</td><td><textarea rows=20 style=\"width: 600px; height=600px;\" name=\"answer\"></textarea></td></tr>\n");
print("<tr><td>Status:</td><td><select name=\"flag\" style=\"width: 110px;\"><option value=\"0\" style=\"color: #FF0000;\">Hidden</option><option value=\"1\" style=\"color: #000000;\">Normal</option><option value=\"2\" style=\"color: #0000FF;\">Updated</option><option value=\"3\" style=\"color: #008000;\" selected=\"selected\">New</option></select></td></tr>");
print("<input type=hidden name=categ value=\"".($_GET['inid'] ?? 0)."\">");
print("<input type=hidden name=langid value=\"".($_GET['langid'] ?? 0)."\">");
print("<input type=hidden name=categ value=\"".(intval($_GET['inid'] ?? 0))."\">");
print("<input type=hidden name=langid value=\"".(intval($_GET['langid'] ?? 0))."\">");
print("<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" value=\"Add\" style=\"width: 60px;\"></td></tr>\n");
print("</table></form>");
end_main_frame();
@@ -168,15 +168,15 @@ elseif (isset($_GET['action']) && $_GET['action'] == "addsection") {
elseif (isset($_GET['action']) && $_GET['action'] == "addnewitem" && $_POST['question'] != NULL && $_POST['answer'] != NULL) {
$question = $_POST['question'];
$answer = $_POST['answer'];
$categ = $_POST[categ] ?? 0;
$langid = $_POST['langid'] ?? 0;
$categ = intval($_POST[categ] ?? 0);
$langid = intval($_POST['langid'] ?? 0);
$res = sql_query("SELECT MAX(`order`) AS maxorder, MAX(`link_id`) AS maxlinkid FROM `faq` WHERE `type`='item' AND `categ`=".sqlesc($categ)." AND lang_id=".sqlesc($langid));
while ($arr = mysql_fetch_array($res, MYSQLI_BOTH))
{
$order = $arr['maxorder'] + 1;
$link_id = $arr['maxlinkid']+1;
}
sql_query("INSERT INTO `faq` (`link_id`, `type`, `lang_id`, `question`, `answer`, `flag`, `categ`, `order`) VALUES ('$link_id', 'item', ".sqlesc($langid).", ".sqlesc($question).", ".sqlesc($answer).", " . sqlesc($_POST['flag'] ?? 0) . ", ".sqlesc($categ).", ".sqlesc($order).")") or sqlerr();
sql_query("INSERT INTO `faq` (`link_id`, `type`, `lang_id`, `question`, `answer`, `flag`, `categ`, `order`) VALUES ('$link_id', 'item', ".sqlesc($langid).", ".sqlesc($question).", ".sqlesc($answer).", " . sqlesc(intval($_POST['flag'] ?? 0)) . ", ".sqlesc($categ).", ".sqlesc($order).")") or sqlerr();
header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php");
die;
}
@@ -184,7 +184,7 @@ elseif (isset($_GET['action']) && $_GET['action'] == "addnewitem" && $_POST['que
// subACTION: addnewsect - add a new section to the db
elseif (isset($_GET['action']) && $_GET['action'] == "addnewsect" && $_POST['title'] != NULL && $_POST['flag'] != NULL) {
$title = $_POST['title'];
$language = $_POST['language'] ?? 0;
$language = intval($_POST['language'] ?? 0);
$res = sql_query("SELECT MAX(`order`) AS maxorder, MAX(`link_id`) AS maxlinkid FROM `faq` WHERE `type`='categ' AND `lang_id` = ".sqlesc($language));
while ($arr = mysql_fetch_array($res, MYSQLI_BOTH)) {$order = $arr['maxorder'] + 1;$link_id = $arr['maxlinkid']+1;}
sql_query("INSERT INTO `faq` (`link_id`,`type`,`lang_id`, `question`, `answer`, `flag`, `categ`, `order`) VALUES (".sqlesc($link_id).",'categ', ".sqlesc($language).", ".sqlesc($title).", '', ".sqlesc($_POST['flag']).", '0', ".sqlesc($order).")") or sqlerr();

2
fastdelete.php
View File

@@ -15,7 +15,7 @@ function bark($msg) {
if (!mkglobal("id"))
bark($lang_fastdelete['std_missing_form_data']);
$id = $id ?? 0;
$id = intval($id ?? 0);
int_check($id);
$sure = $_GET["sure"];

2
getusertorrentlistajax.php
View File

@@ -161,7 +161,7 @@ function maketable($res, $mode = 'seeding')
return $ret;
}
$id = $_GET['userid'] ?? 0;
$id = intval($_GET['userid'] ?? 0);
$type = $_GET['type'];
if (!in_array($type,array('uploaded','seeding','leeching','completed','incomplete')))
die;

8
include/functions_announce.php
View File

@@ -199,8 +199,8 @@ function check_client($peer_id, $agent, &$agent_familyid)
{
if($row_allowed_ua['peer_id_matchtype'] == 'dec')
{
$match_target[$i+1] = $match_target[$i+1] ?? 0;
$match_bench[$i+1] = $match_bench[$i+1] ?? 0;
$match_target[$i+1] = intval($match_target[$i+1] ?? 0);
$match_bench[$i+1] = intval($match_bench[$i+1] ?? 0);
}
else if($row_allowed_ua['peer_id_matchtype'] == 'hex')
{
@@ -249,8 +249,8 @@ function check_client($peer_id, $agent, &$agent_familyid)
{
if($row_allowed_ua['agent_matchtype'] == 'dec')
{
$match_target[$i+1] = $match_target[$i+1] ?? 0;
$match_bench[$i+1] = $match_bench[$i+1] ?? 0;
$match_target[$i+1] = intval($match_target[$i+1] ?? 0);
$match_bench[$i+1] = intval($match_bench[$i+1] ?? 0);
}
else if($row_allowed_ua['agent_matchtype'] == 'hex')
{

2
index.php
View File

@@ -270,7 +270,7 @@ if ($CURUSER && $showpolls_main == "yes")
print("</h2>");
if ($pollexists)
{
$pollid = $arr["id"] ?? 0;
$pollid = intval($arr["id"] ?? 0);
$question = $arr["question"];
$o = array($arr["option0"], $arr["option1"], $arr["option2"], $arr["option3"], $arr["option4"],

2
iphistory.php
View File

@@ -7,7 +7,7 @@ loggedinorreturn();
if (get_user_class() < $userprofile_class)
permissiondenied();
$userid = $_GET["id"] ?? 0;
$userid = intval($_GET["id"] ?? 0);
if (!is_valid_id($userid))
stderr($lang_iphistory['std_error'], $lang_iphistory['std_invalid_id']);

2
massmail.php
View File

@@ -4,7 +4,7 @@ dbconn();
loggedinorreturn();
if (get_user_class() < UC_SYSOP)
stderr("Error", "Permission denied.");
$class = $_POST["class"] ?? 0;
$class = intval($_POST["class"] ?? 0);
if ($class)
int_check($class,true);
$or = $_POST["or"];

4
maxlogin.php
View File

@@ -33,7 +33,7 @@ function searchform () {
<?php
}
$countrows = number_format(get_row_count("loginattempts")) + 1;
$page = $_GET["page"] ?? 0;
$page = intval($_GET["page"] ?? 0);
$order = $_GET['order'];
if ($order == 'id')
@@ -120,7 +120,7 @@ stdfoot();
stdfoot();
}elseif ($action == 'save') {
$id = sqlesc($_POST['id']);
$id = sqlesc(intval($_POST['id'] ?? 0));
$ip = sqlesc($_POST['ip']);
$attempts = sqlesc($_POST['attempts']);
$type = sqlesc($_POST['type']);

4
modrules.php
View File

@@ -63,7 +63,7 @@ elseif ($_GET["act"] == "edit"){
stdfoot();
}
elseif ($_GET["act"]=="edited"){
$id = $_POST["id"] ?? 0;
$id = intval($_POST["id"] ?? 0);
$title = $_POST["title"];
$text = $_POST["text"];
$language = $_POST["language"];
@@ -72,7 +72,7 @@ elseif ($_GET["act"]=="edited"){
}
elseif ($_GET["act"]=="del"){
$id = (int)$_GET["id"];
$sure = $_GET["sure"] ?? 0;
$sure = intval($_GET["sure"] ?? 0);
if (!$sure)
{
stderr("Delete Rule","You are about to delete a rule. Click <a class=altlink href=?act=del&id=$id&sure=1>here</a> if you are sure.",false);

2
moforums.php
View File

@@ -151,7 +151,7 @@ $nr = mysql_num_rows($res);
<?php if ($act == "editforum") {
//EDIT PAGE FOR THE FORUMS
$id = $_GET["id"] ?? 0;
$id = intval($_GET["id"] ?? 0);
$result = sql_query ("SELECT * FROM overforums where id = '$id'");
if ($row = mysql_fetch_array($result)) {

38
mybar.php
View File

@@ -1,8 +1,8 @@
<?php
require "include/bittorrent.php";
dbconn();
$userid = $_GET["userid"] ?? 0;
$bgpic = $_GET["bgpic"] ?? 0;
$userid = intval($_GET["userid"] ?? 0);
$bgpic = intval($_GET["bgpic"] ?? 0);
if (!$userid)
die;
if (!preg_match("/.*userid=([0-9]+)\.png$/i", $_SERVER['REQUEST_URI']))
@@ -27,22 +27,22 @@ imagealphablending($my_img, false);
if (!$_GET['noname'])
{
if (isset($_GET['namered']) && $_GET['namered']>=0 && $_GET['namered']<=255)
$namered = $_GET['namered'] ?? 0;
$namered = intval($_GET['namered'] ?? 0);
else $namered=255;
if (isset($_GET['namegreen']) && $_GET['namegreen']>=0 && $_GET['namegreen']<=255)
$namegreen = $_GET['namegreen'] ?? 0;
$namegreen = intval($_GET['namegreen'] ?? 0);
else $namegreen=255;
if (isset($_GET['nameblue']) && $_GET['nameblue']>=0 && $_GET['nameblue']<=255)
$nameblue = $_GET['nameblue'] ?? 0;
$nameblue = intval($_GET['nameblue'] ?? 0);
else $nameblue=255;
if (isset($_GET['namesize']) && $_GET['namesize']>=1 && $_GET['namesize']<=5)
$namesize = $_GET['namesize'] ?? 0;
$namesize = intval($_GET['namesize'] ?? 0);
else $namesize=3;
if (isset($_GET['namex']) && $_GET['namex']>=0 && $_GET['namex']<=350)
$namex = $_GET['namex'] ?? 0;
$namex = intval($_GET['namex'] ?? 0);
else $namex=10;
if (isset($_GET['namey']) && $_GET['namey']>=0 && $_GET['namey']<=19)
$namey = $_GET['namey'] ?? 0;
$namey = intval($_GET['namey'] ?? 0);
else $namey=3;
$name_colour = imagecolorallocate($my_img, $namered, $namegreen, $nameblue);
imagestring($my_img, $namesize, $namex, $namey, $username, $name_colour);
@@ -51,22 +51,22 @@ if (!$_GET['noname'])
if (!$_GET['noup'])
{
if (isset($_GET['upred']) && $_GET['upred']>=0 && $_GET['upred']<=255)
$upred = $_GET['upred'] ?? 0;
$upred = intval($_GET['upred'] ?? 0);
else $upred=0;
if (isset($_GET['upgreen']) && $_GET['upgreen']>=0 && $_GET['upgreen']<=255)
$upgreen = $_GET['upgreen'] ?? 0;
$upgreen = intval($_GET['upgreen'] ?? 0);
else $upgreen=255;
if (isset($_GET['upblue']) && $_GET['upblue']>=0 && $_GET['upblue']<=255)
$upblue = $_GET['upblue'] ?? 0;
$upblue = intval($_GET['upblue'] ?? 0);
else $upblue=0;
if (isset($_GET['upsize']) && $_GET['upsize']>=1 && $_GET['upsize']<=5)
$upsize = $_GET['upsize'] ?? 0;
$upsize = intval($_GET['upsize'] ?? 0);
else $upsize=3;
if (isset($_GET['upx']) && $_GET['upx']>=0 && $_GET['upx']<=350)
$upx = $_GET['upx'] ?? 0;
$upx = intval($_GET['upx'] ?? 0);
else $upx=100;
if (isset($_GET['upy']) && $_GET['upy']>=0 && $_GET['upy']<=19)
$upy = $_GET['upy'] ?? 0;
$upy = intval($_GET['upy'] ?? 0);
else $upy=3;
$up_colour = imagecolorallocate($my_img, $upred, $upgreen, $upblue);
imagestring($my_img, $upsize, $upx, $upy, $uploaded, $up_colour);
@@ -75,19 +75,19 @@ if (!$_GET['noup'])
if (!$_GET['nodown'])
{
if (isset($_GET['downred']) && $_GET['downred']>=0 && $_GET['downred']<=255)
$downred = $_GET['downred'] ?? 0;
$downred = intval($_GET['downred'] ?? 0);
else $downred=255;
if (isset($_GET['downgreen']) && $_GET['downgreen']>=0 && $_GET['downgreen']<=255)
$downgreen = $_GET['downgreen'] ?? 0;
$downgreen = intval($_GET['downgreen'] ?? 0);
else $downgreen=0;
if (isset($_GET['downblue']) && $_GET['downblue']>=0 && $_GET['downblue']<=255)
$downblue = $_GET['downblue'] ?? 0;
$downblue = intval($_GET['downblue'] ?? 0);
else $downblue=0;
if (isset($_GET['downsize']) && $_GET['downsize']>=1 && $_GET['downsize']<=5)
$downsize = $_GET['downsize'] ?? 0;
$downsize = intval($_GET['downsize'] ?? 0);
else $downsize=3;
if (isset($_GET['downx']) && $_GET['downx']>=0 && $_GET['downx']<=350)
$downx = $_GET['downx'] ?? 0;
$downx = intval($_GET['downx'] ?? 0);
else $downx=180;
if (isset($_GET['downy']) && $_GET['downy']>=0 && $_GET['downy']<=19)
$downy = $_GET['downy'];

8
news.php
View File

@@ -12,12 +12,12 @@ $action = htmlspecialchars($_GET["action"] ?? '');
if ($action == 'delete')
{
$newsid = $_GET["newsid"] ?? 0;
$newsid = intval($_GET["newsid"] ?? 0);
int_check($newsid,true);
$returnto = !empty($_GET["returnto"]) ? htmlspecialchars($_GET["returnto"]) : htmlspecialchars($_SERVER["HTTP_REFERER"]);
$sure = $_GET["sure"] ?? 0;
$sure = intval($_GET["sure"] ?? 0);
if (!$sure)
stderr($lang_news['std_delete_news_item'], $lang_news['std_are_you_sure'] . "<a class=altlink href=?action=delete&newsid=$newsid&returnto=$returnto&sure=1>".$lang_news['std_here']."</a>".$lang_news['std_if_sure'],false);
@@ -41,7 +41,7 @@ if ($action == 'add')
if (!$title)
stderr($lang_news['std_error'], $lang_news['std_news_title_empty']);
$added = $_POST["added"] ?? 0;
$added = intval($_POST["added"] ?? 0);
if (!$added)
$added = sqlesc(date("Y-m-d H:i:s"));
$notify = $_POST['notify'] ?? '';
@@ -59,7 +59,7 @@ if ($action == 'add')
if ($action == 'edit')
{
$newsid = $_GET["newsid"] ?? 0;
$newsid = intval($_GET["newsid"] ?? 0);
int_check($newsid,true);
$res = sql_query("SELECT * FROM news WHERE id=".sqlesc($newsid)) or sqlerr(__FILE__, __LINE__);

4
shoutbox.php
View File

@@ -62,7 +62,7 @@ countdown(time);
if(isset($_GET["sent"]) && $_GET["sent"]=="yes"){
if(!isset($_GET["shbox_text"]) || !$_GET['shbox_text'])
{
$userid=$CURUSER["id"] ?? 0;
$userid=intval($CURUSER["id"] ?? 0);
}
else
{
@@ -77,7 +77,7 @@ else
}
elseif ($_GET["type"] == 'shoutbox')
{
$userid=$CURUSER["id"] ?? 0;
$userid=intval($CURUSER["id"] ?? 0);
if (!$userid){
write_log("Someone is hacking shoutbox. - IP : ".getip(),'mod');
die($lang_shoutbox['text_no_permission_to_shoutbox']);

10
staffbox.php
View File

@@ -68,7 +68,7 @@ if ($action == "viewpm")
if (get_user_class() < $staffmem_class)
permissiondenied();
$pmid = $_GET["pmid"] ?? 0;
$pmid = intval($_GET["pmid"] ?? 0);
$ress4 = sql_query("SELECT * FROM staffmessages WHERE id=".sqlesc($pmid));
$arr4 = mysql_fetch_assoc($ress4);
@@ -126,7 +126,7 @@ if ($action == "answermessage") {
permissiondenied();
$answeringto = $_GET["answeringto"];
$receiver = $_GET["receiver"] ?? 0;
$receiver = intval($_GET["receiver"] ?? 0);
int_check($receiver,true);
@@ -166,7 +166,7 @@ if ($action == "takeanswer") {
if (get_user_class() < $staffmem_class)
permissiondenied();
$receiver = $_POST["receiver"] ?? 0;
$receiver = intval($_POST["receiver"] ?? 0);
$answeringto = $_POST["answeringto"];
int_check($receiver,true);
@@ -195,7 +195,7 @@ $Cache->delete_value('staff_new_message_count');
if ($action == "deletestaffmessage") {
$id = $_GET["id"] ?? 0;
$id = intval($_GET["id"] ?? 0);
if (!is_numeric($id) || $id < 1 || floor($id) != $id)
die;
@@ -218,7 +218,7 @@ if ($action == "setanswered") {
if (get_user_class() < $staffmem_class)
permissiondenied();
$id = $_GET["id"] ?? 0;
$id = intval($_GET["id"] ?? 0);
sql_query ("UPDATE staffmessages SET answered=1, answeredby = $CURUSER[id] WHERE id = $id") or sqlerr();
$Cache->delete_value('staff_new_message_count');

10
subtitles.php
View File

@@ -11,7 +11,7 @@ if (!isset($CURUSER))
stdhead($lang_subtitles['head_subtitles']);
$in_detail = $_POST['in_detail'] ?? '';
$detail_torrent_id = $_POST['detail_torrent_id'] ?? 0;
$detail_torrent_id = intval($_POST['detail_torrent_id'] ?? 0);
$torrent_name = $_POST['torrent_name'] ?? '';
function isInteger($n)
@@ -23,7 +23,7 @@ function isInteger($n)
return true;
}
$act = $_GET["act"] ?? 0;
$act = intval($_GET["act"] ?? 0);
$search = trim($_GET['search'] ?? '');
$letter = trim($_GET["letter"] ?? '');
if (strlen($letter) > 1)
@@ -31,7 +31,7 @@ if (strlen($letter) > 1)
if ($letter == "" || strpos("abcdefghijklmnopqrstuvwxyz", $letter) === false)
$letter = "";
$lang_id = $_GET['lang_id'] ?? 0;
$lang_id = intval($_GET['lang_id'] ?? 0);
if (!is_valid_id($lang_id))
$lang_id = '';
@@ -197,7 +197,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["action"]) && $_POST["a
if (get_user_class() >= $delownsub_class)
{
$delete = $_GET["delete"] ?? 0;
$delete = intval($_GET["delete"] ?? 0);
if (is_valid_id($delete))
{
$r = sql_query("SELECT id,torrent_id,ext,lang_id,title,filename,uppedby,anonymous FROM subs WHERE id=".sqlesc($delete)) or sqlerr(__FILE__, __LINE__);
@@ -206,7 +206,7 @@ if (get_user_class() >= $delownsub_class)
$a = mysql_fetch_assoc($r);
if (get_user_class() >= $submanage_class || $a["uppedby"] == $CURUSER["id"])
{
$sure = $_GET["sure"] ?? 0;
$sure = intval($_GET["sure"] ?? 0);
if ($sure == 1)
{
$reason = $_POST["reason"];

2
takeconfirm.php
View File

@@ -2,7 +2,7 @@
require_once("include/bittorrent.php");
dbconn();
require_once(get_langfile_path());
$id = isset($_POST['id']) ? $_POST['id'] : (isset($_GET['id']) ? $_GET['id'] : die());
$id = isset($_POST['id']) ? intval($_POST['id']) : (isset($_GET['id']) ? intval($_GET['id']) : die());
int_check($id,true);
$email = unesc(htmlspecialchars(trim($_POST["email"])));
if(isset($_POST[conusr]))

18
takeupload.php
View File

@@ -67,14 +67,14 @@ $descr = unesc($_POST["descr"]);
if (!$descr)
bark($lang_takeupload['std_blank_description']);
$catid = ($_POST["type"] ?? 0);
$sourceid = ($_POST["source_sel"] ?? 0);
$mediumid = ($_POST["medium_sel"] ?? 0);
$codecid = ($_POST["codec_sel"] ?? 0);
$standardid = ($_POST["standard_sel"] ?? 0);
$processingid = ($_POST["processing_sel"] ?? 0);
$teamid = ($_POST["team_sel"] ?? 0);
$audiocodecid = ($_POST["audiocodec_sel"] ?? 0);
$catid = intval($_POST["type"] ?? 0);
$sourceid = intval($_POST["source_sel"] ?? 0);
$mediumid = intval($_POST["medium_sel"] ?? 0);
$codecid = intval($_POST["codec_sel"] ?? 0);
$standardid = intval($_POST["standard_sel"] ?? 0);
$processingid = intval($_POST["processing_sel"] ?? 0);
$teamid = intval($_POST["team_sel"] ?? 0);
$audiocodecid = intval($_POST["audiocodec_sel"] ?? 0);
if (!is_valid_id($catid))
bark($lang_takeupload['std_category_unselected']);
@@ -214,7 +214,7 @@ $allowtorrents = user_can_upload("torrents");
$allowspecial = user_can_upload("music");
$catmod = get_single_value("categories","mode","WHERE id=".sqlesc($catid));
$offerid = $_POST['offer'] ?? 0;
$offerid = intval($_POST['offer'] ?? 0);
$is_offer=false;
if ($browsecatmode != $specialcatmode && $catmod == $specialcatmode){//upload to special section
if (!$allowspecial)

2
torrents.php
View File

@@ -92,7 +92,7 @@ if ($showsubcat){
}
//----------------- start whether show torrents from all sections---------------------//
if ($_GET)
$allsec = $_GET["allsec"] ?? 0;
$allsec = intval($_GET["allsec"] ?? 0);
else $allsec = 0;
if ($allsec == 1) //show torrents from all sections
{

2
userdetails.php
View File

@@ -14,7 +14,7 @@ function bark($msg)
exit;
}
$id = $_GET["id"] ?? 0;
$id = intval($_GET["id"] ?? 0);
int_check($id,true);
if ($id != $CURUSER['id']){