diff --git a/admanage.php b/admanage.php
index fe05af69..d4f526b1 100644
--- a/admanage.php
+++ b/admanage.php
@@ -190,7 +190,7 @@ tr($lang_admanage['row_flash_height']."* ", "Edit Section or Item ");
- $res = sql_query("SELECT * FROM faq WHERE id=".sqlesc($_GET[id])." LIMIT 1");
- while ($arr = mysql_fetch_array($res, MYSQL_BOTH)) {
- $arr[question] = htmlspecialchars($arr[question]);
- $arr[answer] = htmlspecialchars($arr[answer]);
- if ($arr[type] == "item") {
+ $res = sql_query("SELECT * FROM faq WHERE id=".sqlesc($_GET['id'])." LIMIT 1");
+ while ($arr = mysql_fetch_array($res, MYSQLI_BOTH)) {
+ $arr['question'] = htmlspecialchars($arr['question']);
+ $arr['answer'] = htmlspecialchars($arr['answer']);
+ if ($arr['type'] == "item") {
$lang_id = $arr['lang_id'];
print("");
end_main_frame();
@@ -141,7 +141,7 @@ elseif ($_GET[action] == "additem" && $_GET[inid] && $_GET[langid]) {
}
// ACTION: addsection - add a new section
-elseif ($_GET[action] == "addsection") {
+elseif (isset($_GET['action']) && $_GET['action'] == "addsection") {
stdhead("FAQ Management");
begin_main_frame();
print("Add Section ");
@@ -165,13 +165,13 @@ elseif ($_GET[action] == "addsection") {
}
// subACTION: addnewitem - add a new item to the db
-elseif ($_GET[action] == "addnewitem" && $_POST[question] != NULL && $_POST[answer] != NULL) {
- $question = $_POST[question];
- $answer = $_POST[answer];
+elseif (isset($_GET['action']) && $_GET['action'] == "addnewitem" && $_POST['question'] != NULL && $_POST['answer'] != NULL) {
+ $question = $_POST['question'];
+ $answer = $_POST['answer'];
$categ = $_POST[categ] ?? 0;
- $langid = $_POST[langid] ?? 0;
+ $langid = $_POST['langid'] ?? 0;
$res = sql_query("SELECT MAX(`order`) AS maxorder, MAX(`link_id`) AS maxlinkid FROM `faq` WHERE `type`='item' AND `categ`=".sqlesc($categ)." AND lang_id=".sqlesc($langid));
- while ($arr = mysql_fetch_array($res, MYSQL_BOTH))
+ while ($arr = mysql_fetch_array($res, MYSQLI_BOTH))
{
$order = $arr['maxorder'] + 1;
$link_id = $arr['maxlinkid']+1;
@@ -182,12 +182,12 @@ elseif ($_GET[action] == "addnewitem" && $_POST[question] != NULL && $_POST[answ
}
// subACTION: addnewsect - add a new section to the db
-elseif ($_GET['action'] == "addnewsect" && $_POST['title'] != NULL && $_POST['flag'] != NULL) {
+elseif (isset($_GET['action']) && $_GET['action'] == "addnewsect" && $_POST['title'] != NULL && $_POST['flag'] != NULL) {
$title = $_POST['title'];
$language = $_POST['language'] ?? 0;
$res = sql_query("SELECT MAX(`order`) AS maxorder, MAX(`link_id`) AS maxlinkid FROM `faq` WHERE `type`='categ' AND `lang_id` = ".sqlesc($language));
- while ($arr = mysql_fetch_array($res, MYSQL_BOTH)) {$order = $arr['maxorder'] + 1;$link_id = $arr['maxlinkid']+1;}
- sql_query("INSERT INTO `faq` (`link_id`,`type`,`lang_id`, `question`, `answer`, `flag`, `categ`, `order`) VALUES (".sqlesc($link_id).",'categ', ".sqlesc($language).", ".sqlesc($title).", '', ".sqlesc($_POST[flag]).", '0', ".sqlesc($order).")") or sqlerr();
+ while ($arr = mysql_fetch_array($res, MYSQLI_BOTH)) {$order = $arr['maxorder'] + 1;$link_id = $arr['maxlinkid']+1;}
+ sql_query("INSERT INTO `faq` (`link_id`,`type`,`lang_id`, `question`, `answer`, `flag`, `categ`, `order`) VALUES (".sqlesc($link_id).",'categ', ".sqlesc($language).", ".sqlesc($title).", '', ".sqlesc($_POST['flag']).", '0', ".sqlesc($order).")") or sqlerr();
header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php");
die;
} else {
diff --git a/faqmanage.php b/faqmanage.php
index 9dfd9e69..3f8b6f98 100644
--- a/faqmanage.php
+++ b/faqmanage.php
@@ -14,19 +14,19 @@ print("FAQ Management ");
// make the array that has all the faq in a nice structured
$res = sql_query("SELECT faq.id, faq.link_id, faq.lang_id, lang_name, faq.question, faq.flag, faq.order FROM faq LEFT JOIN language on faq.lang_id = language.id WHERE type='categ' ORDER BY lang_name, `order` ASC");
-while ($arr = mysql_fetch_array($res, MYSQL_BOTH)) {
- $faq_categ[$arr[lang_id]][$arr[link_id]][title] = $arr[question];
- $faq_categ[$arr[lang_id]][$arr[link_id]][flag] = $arr[flag];
- $faq_categ[$arr[lang_id]][$arr[link_id]][order] = $arr[order];
- $faq_categ[$arr[lang_id]][$arr[link_id]][id] = $arr[id];
- $faq_categ[$arr[lang_id]][$arr[link_id]][lang_name] = $arr[lang_name];
+while ($arr = mysql_fetch_array($res, MYSQLI_BOTH)) {
+ $faq_categ[$arr['lang_id']][$arr['link_id']]['title'] = $arr['question'];
+ $faq_categ[$arr['lang_id']][$arr['link_id']]['flag'] = $arr['flag'];
+ $faq_categ[$arr['lang_id']][$arr['link_id']]['order'] = $arr['order'];
+ $faq_categ[$arr['lang_id']][$arr['link_id']]['id'] = $arr['id'];
+ $faq_categ[$arr['lang_id']][$arr['link_id']]['lang_name'] = $arr['lang_name'];
}
$res = sql_query("SELECT faq.id, faq.question, faq.lang_id, faq.flag, faq.categ, faq.order FROM faq WHERE type='item' ORDER BY `order` ASC");
while ($arr = mysql_fetch_array($res)) {
- $faq_categ[$arr[lang_id]][$arr[categ]][items][$arr[id]][question] = $arr[question];
- $faq_categ[$arr[lang_id]][$arr[categ]][items][$arr[id]][flag] = $arr[flag];
- $faq_categ[$arr[lang_id]][$arr[categ]][items][$arr[id]][order] = $arr[order];
+ $faq_categ[$arr['lang_id']][$arr['categ']]['items'][$arr['id']]['question'] = $arr['question'];
+ $faq_categ[$arr['lang_id']][$arr['categ']]['items'][$arr['id']]['flag'] = $arr['flag'];
+ $faq_categ[$arr['lang_id']][$arr['categ']]['items'][$arr['id']]['order'] = $arr['order'];
}
if (isset($faq_categ))
@@ -37,10 +37,10 @@ if (isset($faq_categ))
{
if (!array_key_exists("title", $temp2[$id]))
{
- foreach ($temp2[$id][items] as $id2 => $temp)
+ foreach ($temp2[$id]['items'] as $id2 => $temp)
{
- $faq_orphaned[$lang][$id2][question] = $temp2[$id][items][$id2][question];
- $faq_orphaned[$lang][$id2][flag] = $temp2[$id][items][$id2][flag];
+ $faq_orphaned[$lang][$id2]['question'] = $temp2[$id]['items'][$id2]['question'];
+ $faq_orphaned[$lang][$id2]['flag'] = $temp2[$id]['items'][$id2]['flag'];
unset($temp2[$id]);
}
}
@@ -59,27 +59,27 @@ if (isset($faq_categ))
print("");
for ($n=1; $n <= count($temp2); $n++)
{
- $sel = ($n == $temp2[$id][order]) ? " selected=\"selected\"" : "";
+ $sel = ($n == $temp2[$id]['order']) ? " selected=\"selected\"" : "";
print("". $n ." ");
}
- $status = ($temp2[$id][flag] == "0") ? "Hidden " : "Normal";
- print(" ". $temp2[$id][title] ." ". $temp2[$id][lang_name] ." ". $status ." Edit Delete Hidden " : "Normal";
+ print(" ". $temp2[$id]['title'] ." ". $temp2[$id]['lang_name'] ." ". $status ." Edit Delete ");
- for ($n=1; $n <= count($temp2[$id][items]); $n++)
+ for ($n=1; $n <= count($temp2[$id]['items']); $n++)
{
- $sel = ($n == $temp2[$id][items][$id2][order]) ? " selected=\"selected\"" : "";
+ $sel = ($n == $temp2[$id]['items'][$id2]['order']) ? " selected=\"selected\"" : "";
print("". $n ." ");
}
- if ($temp2[$id][items][$id2][flag] == "0") $status = "Hidden ";
- elseif ($temp2[$id][items][$id2][flag] == "2") $status = "Hidden ";
+ elseif ($temp2[$id]['items'][$id2]['flag'] == "2") $status = " ". $temp2[$id][items][$id2][question] ." ". $status ." Edit Delete ". $temp2[$id]['items'][$id2]['question'] ." ". $status ." Edit Delete Hidden ";
- elseif ($temp2[$id][flag] == "2") $status = "Updated ";
- elseif ($temp2[$id][flag] == "3") $status = "New ";
+ if ($temp2[$id]['flag'] == "0") $status = "Hidden ";
+ elseif ($temp2[$id]['flag'] == "2") $status = "Updated ";
+ elseif ($temp2[$id]['flag'] == "3") $status = "New ";
else $status = "Normal";
- print("". $temp2[$id][question] ." ". $status ." edit delete ". $temp2[$id]['question'] ." ". $status ." edit delete When the position numbers don't reflect the position in the table, it means the order id is bigger than the total number of sections/items and you should check all the order id's in the table and click \"reorder\"
");
-echo $pagerbottom;
+echo $pagerbottom ?? '';
end_main_frame();
stdfoot();
diff --git a/forummanage.php b/forummanage.php
index 5d87f118..0b4ffed6 100644
--- a/forummanage.php
+++ b/forummanage.php
@@ -13,7 +13,7 @@ if (get_user_class() < $forummanage_class)
// DELETE FORUM ACTION
if (isset($_GET['action']) && $_GET['action'] == "del") {
- $id = $_GET['id'] ?? 0;
+ $id = intval($_GET['id'] ?? 0);
if (!$id) {
header("Location: forummanage.php");
die();
@@ -80,7 +80,7 @@ stdhead($lang_forummanage['head_forum_management']);
begin_main_frame();
if (isset($_GET['action']) && $_GET['action'] == "editforum") {
//EDIT PAGE FOR THE FORUMS
- $id = ($_GET["id"] ?? 0);
+ $id = intval($_GET["id"] ?? 0);
$result = sql_query ("SELECT * FROM forums where id = ".sqlesc($id));
if ($row = mysql_fetch_array($result)) {
do {
diff --git a/invite.php b/invite.php
index 6fd5305b..f26f199a 100644
--- a/invite.php
+++ b/invite.php
@@ -4,7 +4,7 @@ dbconn();
require_once(get_langfile_path());
loggedinorreturn();
parked();
-$id = $_GET["id"] ?? 0;
+$id = intval($_GET["id"] ?? 0);
$type = unesc($_GET["type"] ?? '');
registration_check('invitesystem',true,false);
diff --git a/linksmanage.php b/linksmanage.php
index 1c7e43bc..af021d7e 100644
--- a/linksmanage.php
+++ b/linksmanage.php
@@ -81,7 +81,7 @@ elseif (get_user_class() < $linkmanage_class)
permissiondenied();
else{
if ($_GET['action'] == "del") {
-$id = $_GET['id'] ?? 0;
+$id = intval($_GET['id'] ?? 0);
if (!$id) { header("Location: linksmanage.php"); die();}
$result = sql_query ("SELECT * FROM links where id = '".$id."'");
if ($row = mysql_fetch_array($result))
diff --git a/location.php b/location.php
index 714e12ae..1d0939e0 100644
--- a/location.php
+++ b/location.php
@@ -32,7 +32,7 @@ if($delid > 0) {
$edited = $_GET['edited'];
if($edited == 1) {
- $id = $_GET['id'] ?? 0;
+ $id = intval($_GET['id'] ?? 0);
$name = $_GET['name'];
$flagpic = $_GET['flagpic'];
$location_main = $_GET['location_main'];
diff --git a/moforums.php b/moforums.php
index 7368f94f..508fd2f0 100644
--- a/moforums.php
+++ b/moforums.php
@@ -8,7 +8,7 @@ if (get_user_class() < $forummanage_class)
//Presets
$act = $_GET['action'] ?? '';
-$id = $_GET['id'] ?? 0;
+$id = intval($_GET['id'] ?? 0);
$PHP_SELF = $_SERVER['PHP_SELF'];
$user = $CURUSER;
$prefix = '';
diff --git a/retriver.php b/retriver.php
index 66c6d652..949a7392 100644
--- a/retriver.php
+++ b/retriver.php
@@ -6,9 +6,9 @@ loggedinorreturn();
if (get_user_class() < $updateextinfo_class) {
permissiondenied();
}
-$id = $_GET["id"] ?? 0;
-$type = $_GET["type"] ?? 0;
-$siteid = $_GET["siteid"] ?? 0; // 1 for IMDb
+$id = intval($_GET["id"] ?? 0);
+$type = intval($_GET["type"] ?? 0);
+$siteid = intval($_GET["siteid"] ?? 0); // 1 for IMDb
if (!isset($id) || !$id || !is_numeric($id) || !isset($type) || !$type || !is_numeric($type) || !isset($siteid) || !$siteid || !is_numeric($siteid))
die();
diff --git a/takeedit.php b/takeedit.php
index 1a226318..92111549 100644
--- a/takeedit.php
+++ b/takeedit.php
@@ -14,7 +14,7 @@ if (!mkglobal("id:name:descr:type")){
bark($lang_takeedit['std_missing_form_data']);
}
-$id = $id ?? 0;
+$id = intval($id ?? 0);
if (!$id)
die();
@@ -57,7 +57,7 @@ elseif ($nfoaction == "remove"){
}
}
-$catid = ($type ?? 0);
+$catid = intval($type ?? 0);
if (!is_valid_id($catid))
bark($lang_takeedit['std_missing_form_data']);
if (!$name || !$descr)
@@ -75,13 +75,13 @@ $updateset[] = "url = " . sqlesc($url);
$updateset[] = "small_descr = " . sqlesc($_POST["small_descr"]);
//$updateset[] = "ori_descr = " . sqlesc($descr);
$updateset[] = "category = " . sqlesc($catid);
-$updateset[] = "source = " . sqlesc($_POST["source_sel"] ?? 0);
-$updateset[] = "medium = " . sqlesc($_POST["medium_sel"] ?? 0);
-$updateset[] = "codec = " . sqlesc($_POST["codec_sel"] ?? 0);
-$updateset[] = "standard = " . sqlesc($_POST["standard_sel"] ?? 0);
-$updateset[] = "processing = " . sqlesc($_POST["processing_sel"] ?? 0);
-$updateset[] = "team = " . sqlesc($_POST["team_sel"] ?? 0);
-$updateset[] = "audiocodec = " . sqlesc($_POST["audiocodec_sel"] ?? 0);
+$updateset[] = "source = " . sqlesc(intval($_POST["source_sel"] ?? 0));
+$updateset[] = "medium = " . sqlesc(intval($_POST["medium_sel"] ?? 0));
+$updateset[] = "codec = " . sqlesc(intval($_POST["codec_sel"] ?? 0));
+$updateset[] = "standard = " . sqlesc(intval($_POST["standard_sel"] ?? 0));
+$updateset[] = "processing = " . sqlesc(intval($_POST["processing_sel"] ?? 0));
+$updateset[] = "team = " . sqlesc(intval($_POST["team_sel"] ?? 0));
+$updateset[] = "audiocodec = " . sqlesc(intval($_POST["audiocodec_sel"] ?? 0));
if (get_user_class() >= $torrentmanage_class) {
if (!empty($_POST["banned"])) {
diff --git a/uploaders.php b/uploaders.php
index 6aee0590..8bbf25d4 100644
--- a/uploaders.php
+++ b/uploaders.php
@@ -7,10 +7,10 @@ loggedinorreturn();
if (get_user_class() < UC_UPLOADER)
permissiondenied();
-$year=$_GET['year'] ?? 0;
+$year=intval($_GET['year'] ?? 0);
if (!$year || $year < 2000)
$year=date('Y');
-$month=$_GET['month'] ?? 0;
+$month=intval($_GET['month'] ?? 0);
if (!$month || $month<=0 || $month>12)
$month=date('m');
$order=$_GET['order'];
diff --git a/viewfilelist.php b/viewfilelist.php
index 6763d142..e5c32eb2 100644
--- a/viewfilelist.php
+++ b/viewfilelist.php
@@ -10,7 +10,7 @@ header("Cache-Control: no-cache, must-revalidate" );
header("Pragma: no-cache" );
header("Content-Type: text/xml; charset=utf-8");
-$id = $_GET['id'] ?? 0;
+$id = intval($_GET['id'] ?? 0);
if(isset($CURUSER))
{
$s = "\n";
diff --git a/viewpeerlist.php b/viewpeerlist.php
index 508bb132..a883be2e 100644
--- a/viewpeerlist.php
+++ b/viewpeerlist.php
@@ -9,7 +9,7 @@ header("Cache-Control: no-cache, must-revalidate" );
header("Pragma: no-cache" );
header("Content-Type: text/xml; charset=utf-8");
-$id = $_GET['id'] ?? 0;
+$id = intval($_GET['id'] ?? 0);
if(isset($CURUSER))
{
function dltable($name, $arr, $torrent)