mirror of
https://github.com/lkddi/nexusphp.git
synced 2026-04-05 07:20:58 +08:00
recover some $_GET & $POST variable keep be integer
This commit is contained in:
xiaomlove
12
comment.php
12
comment.php
@@ -34,7 +34,7 @@ if ($action == "add")
|
||||
}
|
||||
}
|
||||
|
||||
$parent_id = $_POST["pid"] ?? 0;
|
||||
$parent_id = intval($_POST["pid"] ?? 0);
|
||||
int_check($parent_id,true);
|
||||
|
||||
if($type == "torrent")
|
||||
@@ -105,12 +105,12 @@ if ($action == "add")
|
||||
die;
|
||||
}
|
||||
|
||||
$parent_id = $_GET["pid"] ?? 0;
|
||||
$parent_id = intval($_GET["pid"] ?? 0);
|
||||
int_check($parent_id,true);
|
||||
|
||||
if($sub == "quote")
|
||||
{
|
||||
$commentid = $_GET["cid"] ?? 0;
|
||||
$commentid = intval($_GET["cid"] ?? 0);
|
||||
int_check($commentid,true);
|
||||
|
||||
$res2 = sql_query("SELECT comments.text, users.username FROM comments JOIN users ON comments.user = users.id WHERE comments.id=$commentid") or sqlerr(__FILE__, __LINE__);
|
||||
@@ -151,7 +151,7 @@ if ($action == "add")
|
||||
}
|
||||
elseif ($action == "edit")
|
||||
{
|
||||
$commentid = $_GET["cid"] ?? 0;
|
||||
$commentid = intval($_GET["cid"] ?? 0);
|
||||
int_check($commentid,true);
|
||||
|
||||
if($type == "torrent")
|
||||
@@ -211,7 +211,7 @@ elseif ($action == "delete")
|
||||
if (get_user_class() < $commanage_class)
|
||||
stderr($lang_comment['std_error'], $lang_comment['std_permission_denied']);
|
||||
|
||||
$commentid = $_GET["cid"] ?? 0;
|
||||
$commentid = intval($_GET["cid"] ?? 0);
|
||||
$sure = $_GET["sure"];
|
||||
int_check($commentid,true);
|
||||
|
||||
@@ -268,7 +268,7 @@ elseif ($action == "vieworiginal")
|
||||
if (get_user_class() < $commanage_class)
|
||||
stderr($lang_comment['std_error'], $lang_comment['std_permission_denied']);
|
||||
|
||||
$commentid = $_GET["cid"] ?? 0;
|
||||
$commentid = intval($_GET["cid"] ?? 0);
|
||||
int_check($commentid,true);
|
||||
|
||||
if($type == "torrent")
|
||||
|
||||
@@ -3,7 +3,7 @@ require "include/bittorrent.php";
|
||||
dbconn();
|
||||
failedloginscheck ("Re-send",true);
|
||||
|
||||
$langid = $_GET['sitelanguage'] ?? 0;
|
||||
$langid = intval($_GET['sitelanguage'] ?? 0);
|
||||
if ($langid)
|
||||
{
|
||||
$lang_folder = validlang($langid);
|
||||
|
||||
@@ -4,7 +4,7 @@ require_once("include/bittorrent.php");
|
||||
if (!preg_match(':^/(\d{1,10})/([\w]{32})/(.+)$:', $_SERVER["PATH_INFO"], $matches))
|
||||
httperr();
|
||||
|
||||
$id = $matches[1] ?? 0;
|
||||
$id = intval($matches[1] ?? 0);
|
||||
$md5 = $matches[2];
|
||||
$email = urldecode($matches[3]);
|
||||
//print($email);
|
||||
|
||||
@@ -7,7 +7,7 @@ if ($showextinfo['imdb'] == 'yes')
|
||||
require_once("imdb/imdb.class.php");
|
||||
loggedinorreturn();
|
||||
|
||||
$id = $_GET["id"] ?? 0;
|
||||
$id = intval($_GET["id"] ?? 0);
|
||||
|
||||
int_check($id);
|
||||
if (!isset($id) || !$id)
|
||||
|
||||
@@ -20,7 +20,7 @@ else
|
||||
{
|
||||
loggedinorreturn();
|
||||
parked();
|
||||
$letdown = $_GET['letdown'] ?? 0;
|
||||
$letdown = intval($_GET['letdown'] ?? 0);
|
||||
if (!$letdown && $CURUSER['showdlnotice'] == 1)
|
||||
{
|
||||
header("Location: " . get_protocol_prefix() . "$BASEURL/downloadnotice.php?torrentid=".$id."&type=firsttime");
|
||||
@@ -85,7 +85,7 @@ require_once "include/benc.php";
|
||||
|
||||
if (strlen($CURUSER['passkey']) != 32) {
|
||||
$CURUSER['passkey'] = md5($CURUSER['username'].date("Y-m-d H:i:s").$CURUSER['passhash']);
|
||||
sql_query("UPDATE users SET passkey=".sqlesc($CURUSER[passkey])." WHERE id=".sqlesc($CURUSER[id]));
|
||||
sql_query("UPDATE users SET passkey=".sqlesc($CURUSER['passkey'])." WHERE id=".sqlesc($CURUSER['id']));
|
||||
}
|
||||
|
||||
$dict = bdec_file($fn, $max_torrent_size);
|
||||
|
||||
@@ -5,7 +5,7 @@ require_once(get_langfile_path());
|
||||
loggedinorreturn();
|
||||
if ($_SERVER["REQUEST_METHOD"] == "POST")
|
||||
{
|
||||
$torrentid = $_POST['id'] ?? 0;
|
||||
$torrentid = intval($_POST['id'] ?? 0);
|
||||
$type = $_POST['type'];
|
||||
$hidenotice = $_POST['hidenotice'];
|
||||
if (!$torrentid || !in_array($type,array('firsttime', 'client', 'ratio')))
|
||||
|
||||
48
forums.php
48
forums.php
@@ -258,7 +258,7 @@ $action = htmlspecialchars(trim($_GET["action"] ?? ''));
|
||||
//-------- Action: New topic
|
||||
if ($action == "newtopic")
|
||||
{
|
||||
$forumid = $_GET["forumid"] ?? 0;
|
||||
$forumid = intval($_GET["forumid"] ?? 0);
|
||||
check_whether_exist($forumid, 'forum');
|
||||
stdhead($lang_forums['head_new_topic']);
|
||||
begin_main_frame();
|
||||
@@ -269,7 +269,7 @@ if ($action == "newtopic")
|
||||
}
|
||||
if ($action == "quotepost")
|
||||
{
|
||||
$postid = $_GET["postid"] ?? 0;
|
||||
$postid = intval($_GET["postid"] ?? 0);
|
||||
check_whether_exist($postid, 'post');
|
||||
stdhead($lang_forums['head_post_reply']);
|
||||
begin_main_frame();
|
||||
@@ -283,7 +283,7 @@ if ($action == "quotepost")
|
||||
|
||||
if ($action == "reply")
|
||||
{
|
||||
$topicid = $_GET["topicid"] ?? 0;
|
||||
$topicid = intval($_GET["topicid"] ?? 0);
|
||||
check_whether_exist($topicid, 'topic');
|
||||
stdhead($lang_forums['head_post_reply']);
|
||||
begin_main_frame();
|
||||
@@ -297,7 +297,7 @@ if ($action == "reply")
|
||||
|
||||
if ($action == "editpost")
|
||||
{
|
||||
$postid = $_GET["postid"] ?? 0;
|
||||
$postid = intval($_GET["postid"] ?? 0);
|
||||
check_whether_exist($postid, 'post');
|
||||
|
||||
$res = sql_query("SELECT userid, topicid FROM posts WHERE id=".sqlesc($postid)) or sqlerr(__FILE__, __LINE__);
|
||||
@@ -383,7 +383,7 @@ if ($action == "post")
|
||||
if ($body == "")
|
||||
stderr($lang_forums['std_error'], $lang_forums['std_no_body_text']);
|
||||
|
||||
$userid = $CURUSER["id"] ?? 0;
|
||||
$userid = intval($CURUSER["id"] ?? 0);
|
||||
$date = date("Y-m-d H:i:s");
|
||||
|
||||
if ($type != 'new'){
|
||||
@@ -472,10 +472,10 @@ if ($action == "viewtopic")
|
||||
{
|
||||
$highlight = htmlspecialchars(trim($_GET["highlight"] ?? ''));
|
||||
|
||||
$topicid = $_GET["topicid"] ?? 0;
|
||||
$topicid = intval($_GET["topicid"] ?? 0);
|
||||
int_check($topicid,true);
|
||||
$page = $_GET["page"] ?? 0;
|
||||
$authorid = $_GET["authorid"] ?? 0;
|
||||
$page = intval($_GET["page"] ?? 0);
|
||||
$authorid = intval($_GET["authorid"] ?? 0);
|
||||
if ($authorid)
|
||||
{
|
||||
$where = "WHERE topicid=".sqlesc($topicid)." AND userid=".sqlesc($authorid);
|
||||
@@ -829,9 +829,9 @@ if ($action == "viewtopic")
|
||||
|
||||
if ($action == "movetopic")
|
||||
{
|
||||
$forumid = $_POST["forumid"] ?? 0;
|
||||
$forumid = intval($_POST["forumid"] ?? 0);
|
||||
|
||||
$topicid = $_GET["topicid"] ?? 0;
|
||||
$topicid = intval($_GET["topicid"] ?? 0);
|
||||
$ismod = is_forum_moderator($topicid,'topic');
|
||||
if (!is_valid_id($forumid) || !is_valid_id($topicid) || (get_user_class() < $postmanage_class && !$ismod))
|
||||
permissiondenied();
|
||||
@@ -885,7 +885,7 @@ if ($action == "movetopic")
|
||||
|
||||
if ($action == "deletetopic")
|
||||
{
|
||||
$topicid = $_GET["topicid"] ?? 0;
|
||||
$topicid = intval($_GET["topicid"] ?? 0);
|
||||
$res1 = sql_query("SELECT forumid, userid FROM topics WHERE id=".sqlesc($topicid)." LIMIT 1") or sqlerr(__FILE__, __LINE__);
|
||||
$row1 = mysql_fetch_array($res1);
|
||||
if (!$row1){
|
||||
@@ -899,7 +899,7 @@ if ($action == "deletetopic")
|
||||
if (!is_valid_id($topicid) || (get_user_class() < $postmanage_class && !$ismod))
|
||||
permissiondenied();
|
||||
|
||||
$sure = $_GET["sure"] ?? 0;
|
||||
$sure = intval($_GET["sure"] ?? 0);
|
||||
if (!$sure)
|
||||
{
|
||||
stderr($lang_forums['std_delete_topic'], $lang_forums['std_delete_topic_note'] .
|
||||
@@ -929,8 +929,8 @@ if ($action == "deletetopic")
|
||||
|
||||
if ($action == "deletepost")
|
||||
{
|
||||
$postid = $_GET["postid"] ?? 0;
|
||||
$sure = $_GET["sure"] ?? 0;
|
||||
$postid = intval($_GET["postid"] ?? 0);
|
||||
$sure = intval($_GET["sure"] ?? 0);
|
||||
|
||||
$ismod = is_forum_moderator($postid, 'post');
|
||||
if ((get_user_class() < $postmanage_class && !$ismod) || !is_valid_id($postid))
|
||||
@@ -988,7 +988,7 @@ if ($action == "deletepost")
|
||||
|
||||
if ($action == "setlocked")
|
||||
{
|
||||
$topicid = $_POST["topicid"] ?? 0;
|
||||
$topicid = intval($_POST["topicid"] ?? 0);
|
||||
$ismod = is_forum_moderator($topicid,'topic');
|
||||
if (!$topicid || (get_user_class() < $postmanage_class && !$ismod))
|
||||
permissiondenied();
|
||||
@@ -1002,7 +1002,7 @@ if ($action == "setlocked")
|
||||
|
||||
if ($action == 'hltopic')
|
||||
{
|
||||
$topicid = $_GET["topicid"] ?? 0;
|
||||
$topicid = intval($_GET["topicid"] ?? 0);
|
||||
$ismod = is_forum_moderator($topicid,'topic');
|
||||
if (!$topicid || (get_user_class() < $postmanage_class && !$ismod))
|
||||
permissiondenied();
|
||||
@@ -1022,7 +1022,7 @@ if ($action == 'hltopic')
|
||||
|
||||
if ($action == "setsticky")
|
||||
{
|
||||
$topicid = $_POST["topicid"] ?? 0;
|
||||
$topicid = intval($_POST["topicid"] ?? 0);
|
||||
$ismod = is_forum_moderator($topicid,'topic');
|
||||
if (!$topicid || (get_user_class() < $postmanage_class && !$ismod))
|
||||
permissiondenied();
|
||||
@@ -1038,9 +1038,9 @@ if ($action == "setsticky")
|
||||
|
||||
if ($action == "viewforum")
|
||||
{
|
||||
$forumid = $_GET["forumid"] ?? 0;
|
||||
$forumid = intval($_GET["forumid"] ?? 0);
|
||||
int_check($forumid,true);
|
||||
$userid = $CURUSER["id"] ?? 0;
|
||||
$userid = intval($CURUSER["id"] ?? 0);
|
||||
//------ Get forum name, moderators
|
||||
$row = get_forum_row($forumid);
|
||||
if (!$row){
|
||||
@@ -1179,8 +1179,8 @@ if ($action == "viewforum")
|
||||
//---- Get userID and date of last post
|
||||
|
||||
$arr = get_post_row($topicarr['lastpost']);
|
||||
$lppostid = $arr["id"] ?? 0;
|
||||
$lpuserid = $arr["userid"] ?? 0;
|
||||
$lppostid = intval($arr["id"] ?? 0);
|
||||
$lpuserid = intval($arr["userid"] ?? 0);
|
||||
$lpusername = get_username($lpuserid);
|
||||
$lpadded = gettime($arr["added"],true,false);
|
||||
$onmouseover = "";
|
||||
@@ -1196,7 +1196,7 @@ if ($action == "viewforum")
|
||||
}
|
||||
|
||||
$arr = get_post_row($topicarr['firstpost']);
|
||||
$fpuserid = $arr["userid"] ?? 0;
|
||||
$fpuserid = intval($arr["userid"] ?? 0);
|
||||
$fpauthor = get_username($arr["userid"]);
|
||||
|
||||
$subject = ($sticky ? "<img class=\"sticky\" src=\"pic/trans.gif\" alt=\"Sticky\" title=\"".$lang_forums['title_sticky']."\" /> " : "") . "<a href=\"".htmlspecialchars("?action=viewtopic&forumid=".$forumid."&topicid=".$topicid)."\" ".$onmouseover.">" .highlight_topic(highlight($search,htmlspecialchars($topicarr["subject"])), $hlcolor) . "</a>".$topicpages;
|
||||
@@ -1263,7 +1263,7 @@ if ($action == "viewunread")
|
||||
{
|
||||
$userid = $CURUSER['id'];
|
||||
|
||||
$beforepostid = $_GET['beforepostid'] ?? 0;
|
||||
$beforepostid = intval($_GET['beforepostid'] ?? 0);
|
||||
$maxresults = 25;
|
||||
$res = sql_query("SELECT id, forumid, subject, lastpost, hlcolor FROM topics WHERE lastpost > ".$CURUSER['last_catchup'].($beforepostid ? " AND lastpost < ".sqlesc($beforepostid) : "")." ORDER BY lastpost DESC LIMIT 100") or sqlerr(__FILE__, __LINE__);
|
||||
|
||||
@@ -1332,7 +1332,7 @@ if ($action == "search")
|
||||
|
||||
$res = sql_query("SELECT COUNT(posts.id) FROM posts LEFT JOIN topics ON posts.topicid = topics.id LEFT JOIN forums ON topics.forumid = forums.id WHERE forums.minclassread <= ".sqlesc(get_user_class())." AND ((topics.subject $extraSql AND posts.id=topics.firstpost) OR posts.body $extraSql)") or sqlerr(__FILE__, __LINE__);
|
||||
$arr = mysql_fetch_row($res);
|
||||
$hits = $arr[0] ?? 0;
|
||||
$hits = intval($arr[0] ?? 0);
|
||||
if ($hits){
|
||||
$error = false;
|
||||
$found = "[<b><font class=\"striking\"> ".$lang_forums['text_found'].$hits.$lang_forums['text_num_posts']." </font></b>]";
|
||||
|
||||
10
fun.php
10
fun.php
@@ -12,7 +12,7 @@ if (!$action)
|
||||
}
|
||||
if ($action == 'delete')
|
||||
{
|
||||
$id = $_GET["id"] ?? 0;
|
||||
$id = intval($_GET["id"] ?? 0);
|
||||
int_check($id,true);
|
||||
$res = sql_query("SELECT userid FROM fun WHERE id=$id") or sqlerr(__FILE__,__LINE__);
|
||||
$arr = mysql_fetch_array($res);
|
||||
@@ -20,7 +20,7 @@ if ($action == 'delete')
|
||||
stderr($lang_fun['std_error'], $lang_fun['std_invalid_id']);
|
||||
if (get_user_class() < $funmanage_class)
|
||||
permissiondenied();
|
||||
$sure = $_GET["sure"] ?? 0;
|
||||
$sure = intval($_GET["sure"] ?? 0);
|
||||
$returnto = $_GET["returnto"] ? htmlspecialchars($_GET["returnto"]) : htmlspecialchars($_SERVER["HTTP_REFERER"]);
|
||||
if (!$sure)
|
||||
stderr($lang_fun['std_delete_fun'],$lang_fun['text_please_click'] ."<a class=altlink href=?action=delete&id=$id&returnto=$returnto&sure=1>".$lang_fun['text_here_if_sure'],false);
|
||||
@@ -123,7 +123,7 @@ if ($row){
|
||||
print("</body></html>");
|
||||
}
|
||||
if ($action == 'edit'){
|
||||
$id = $_GET["id"] ?? 0;
|
||||
$id = intval($_GET["id"] ?? 0);
|
||||
int_check($id,true);
|
||||
$res = sql_query("SELECT * FROM fun WHERE id=$id") or sqlerr(__FILE__,__LINE__);
|
||||
$arr = mysql_fetch_array($res);
|
||||
@@ -165,7 +165,7 @@ if ($action == 'ban')
|
||||
{
|
||||
if (get_user_class() < $funmanage_class)
|
||||
permissiondenied();
|
||||
$id = $_GET["id"] ?? 0;
|
||||
$id = intval($_GET["id"] ?? 0);
|
||||
int_check($id,true);
|
||||
$res = sql_query("SELECT * FROM fun WHERE id=$id") or sqlerr(__FILE__,__LINE__);
|
||||
$arr = mysql_fetch_array($res);
|
||||
@@ -210,7 +210,7 @@ function funreward($funvote, $totalvote, $title, $posterid, $bonus)
|
||||
|
||||
if ($action == 'vote')
|
||||
{
|
||||
$id = $_GET["id"] ?? 0;
|
||||
$id = intval($_GET["id"] ?? 0);
|
||||
int_check($id,true);
|
||||
$res = sql_query("SELECT * FROM fun WHERE id=$id") or sqlerr(__FILE__,__LINE__);
|
||||
$arr = mysql_fetch_array($res);
|
||||
|
||||
@@ -147,7 +147,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
|
||||
{
|
||||
$query[] = "search=".rawurlencode($searchstr);
|
||||
if ($_POST["search_mode"]){
|
||||
$search_mode = $_POST["search_mode"] ?? 0;
|
||||
$search_mode = intval($_POST["search_mode"] ?? 0);
|
||||
if (!in_array($search_mode,array(0,1,2)))
|
||||
{
|
||||
$search_mode = 0;
|
||||
@@ -155,7 +155,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
|
||||
$query[] = "search_mode=".$search_mode;
|
||||
}
|
||||
}
|
||||
$inclbookmarked=$_POST['inclbookmarked'] ?? 0;
|
||||
$inclbookmarked=intval($_POST['inclbookmarked'] ?? 0);
|
||||
if($inclbookmarked)
|
||||
{
|
||||
if (!in_array($inclbookmarked,array(0,1)))
|
||||
|
||||
@@ -1037,7 +1037,7 @@ function insert_suggest($keyword, $userid, $pre_escaped = true)
|
||||
{
|
||||
if(mb_strlen($keyword,"UTF-8") >= 2)
|
||||
{
|
||||
$userid = $userid ?? 0;
|
||||
$userid = intval($userid ?? 0);
|
||||
if($userid)
|
||||
sql_query("INSERT INTO suggest(keywords, userid, adddate) VALUES (" . ($pre_escaped == true ? "'" . $keyword . "'" : sqlesc($keyword)) . "," . sqlesc($userid) . ", NOW())") or sqlerr(__FILE__,__LINE__);
|
||||
}
|
||||
@@ -1053,7 +1053,7 @@ function get_external_tr($imdb_url = "")
|
||||
|
||||
function get_torrent_extinfo_identifier($torrentid)
|
||||
{
|
||||
$torrentid = $torrentid ?? 0;
|
||||
$torrentid = intval($torrentid ?? 0);
|
||||
|
||||
$result = array('imdb_id');
|
||||
unset($result);
|
||||
@@ -1358,6 +1358,7 @@ function sent_mail($to,$fromname,$fromemail,$subject,$body,$type = "confirmation
|
||||
elseif ($smtptype == 'advanced') {
|
||||
$mid = md5(getip() . $fromname);
|
||||
$name = $_SERVER["SERVER_NAME"];
|
||||
$headers = '';
|
||||
$headers .= "From: $fromname <$fromemail>".$eol;
|
||||
$headers .= "Reply-To: $fromname <$fromemail>".$eol;
|
||||
$headers .= "Return-Path: $fromname <$fromemail>".$eol;
|
||||
@@ -1796,7 +1797,7 @@ function userlogin() {
|
||||
//return;
|
||||
}
|
||||
$b_id = base64($_COOKIE["c_secure_uid"],false);
|
||||
$id = $b_id ?? 0;
|
||||
$id = intval($b_id ?? 0);
|
||||
if (!$id || !is_valid_id($id) || strlen($_COOKIE["c_secure_pass"]) != 32)
|
||||
return;
|
||||
|
||||
@@ -2036,7 +2037,7 @@ function validemail($email) {
|
||||
|
||||
function validlang($langid) {
|
||||
global $deflang;
|
||||
$langid = $langid ?? 0;
|
||||
$langid = intval($langid ?? 0);
|
||||
$res = sql_query("SELECT * FROM language WHERE site_lang = 1 AND id = " . sqlesc($langid)) or sqlerr(__FILE__, __LINE__);
|
||||
if(mysql_num_rows($res) == 1)
|
||||
{
|
||||
@@ -2731,7 +2732,7 @@ function pager($rpp, $count, $href, $opts = array(), $pagename = "page") {
|
||||
}
|
||||
|
||||
if (isset($_GET[$pagename])) {
|
||||
$page = $_GET[$pagename] ?? 0;
|
||||
$page = intval($_GET[$pagename] ?? 0);
|
||||
if ($page < 0)
|
||||
$page = $pagedefault;
|
||||
}
|
||||
|
||||
@@ -82,7 +82,7 @@ GROUP BY u.id
|
||||
}
|
||||
|
||||
$order = $_GET['order'] ?? '';
|
||||
$page = $_GET["page"] ?? 0;
|
||||
$page = intval($_GET["page"] ?? 0);
|
||||
$perpage = 20;
|
||||
|
||||
list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, "$_SERVER[PHP_SELF]?ip=$ip&mask=$mask&order=$order&");
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
require_once("include/bittorrent.php");
|
||||
dbconn();
|
||||
|
||||
$langid = $_GET['sitelanguage'] ?? 0;
|
||||
$langid = intval($_GET['sitelanguage'] ?? 0);
|
||||
if ($langid)
|
||||
{
|
||||
$lang_folder = validlang($langid);
|
||||
|
||||
@@ -7,7 +7,7 @@ if (get_user_class() < $pollmanage_class)
|
||||
permissiondenied();
|
||||
|
||||
$action = $_GET["action"] ?? '';
|
||||
$pollid = $_GET["pollid"] ?? 0;
|
||||
$pollid = intval($_GET["pollid"] ?? 0);
|
||||
$poll = [];
|
||||
|
||||
if ($action == "edit")
|
||||
@@ -21,7 +21,7 @@ if ($action == "edit")
|
||||
|
||||
if ($_SERVER["REQUEST_METHOD"] == "POST")
|
||||
{
|
||||
$pollid = $_POST["pollid"] ?? 0;
|
||||
$pollid = intval($_POST["pollid"] ?? 0);
|
||||
$question = htmlspecialchars($_POST["question"]);
|
||||
$option0 = htmlspecialchars($_POST["option0"]);
|
||||
$option1 = htmlspecialchars($_POST["option1"]);
|
||||
|
||||
@@ -26,12 +26,12 @@ if ($action == "confirmuser")
|
||||
if ($action == "edituser")
|
||||
{
|
||||
$userid = $_POST["userid"];
|
||||
$class = $_POST["class"] ?? 0;
|
||||
$class = intval($_POST["class"] ?? 0);
|
||||
$vip_added = ($_POST["vip_added"] == 'yes' ? 'yes' : 'no');
|
||||
$vip_until = ($_POST["vip_until"] ? $_POST["vip_until"] : '0000-00-00 00:00:00');
|
||||
|
||||
$warned = $_POST["warned"];
|
||||
$warnlength = $_POST["warnlength"] ?? 0;
|
||||
$warnlength = intval($_POST["warnlength"] ?? 0);
|
||||
$warnpm = $_POST["warnpm"];
|
||||
$title = $_POST["title"];
|
||||
$avatar = $_POST["avatar"];
|
||||
|
||||
@@ -384,7 +384,7 @@ if ($action == "exchange") {
|
||||
}
|
||||
elseif($art == 'gift_2') // charity giving
|
||||
{
|
||||
$points = $_POST["bonuscharity"] ?? 0;
|
||||
$points = intval($_POST["bonuscharity"] ?? 0);
|
||||
if ($points < 1000 || $points > 50000){
|
||||
stdmsg($lang_mybonus['text_error'], $lang_mybonus['bonus_amount_not_allowed_two'], 0);
|
||||
stdfoot();
|
||||
|
||||
54
offers.php
54
offers.php
@@ -22,7 +22,7 @@ if (isset($_GET['category']) && $_GET["category"]){
|
||||
}
|
||||
|
||||
if (isset($_GET['id']) && $_GET["id"]){
|
||||
$id = htmlspecialchars($_GET["id"] ?? 0);
|
||||
$id = htmlspecialchars(intval($_GET["id"] ?? 0));
|
||||
if (preg_match('/^[0-9]+$/', !$id))
|
||||
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
|
||||
}
|
||||
@@ -31,7 +31,7 @@ if (isset($_GET['id']) && $_GET["id"]){
|
||||
if (isset($_GET['add_offer']) && $_GET["add_offer"]){
|
||||
if (get_user_class() < $addoffer_class)
|
||||
permissiondenied();
|
||||
$add_offer = $_GET["add_offer"] ?? 0;
|
||||
$add_offer = intval($_GET["add_offer"] ?? 0);
|
||||
if($add_offer != '1')
|
||||
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
|
||||
|
||||
@@ -63,11 +63,11 @@ if (isset($_GET['add_offer']) && $_GET["add_offer"]){
|
||||
if (isset($_GET['new_offer']) && $_GET["new_offer"]){
|
||||
if (get_user_class() < $addoffer_class)
|
||||
permissiondenied();
|
||||
$new_offer = $_GET["new_offer"] ?? 0;
|
||||
$new_offer = intval($_GET["new_offer"] ?? 0);
|
||||
if($new_offer != '1')
|
||||
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
|
||||
|
||||
$userid = $CURUSER["id"] ?? 0;
|
||||
$userid = intval($CURUSER["id"] ?? 0);
|
||||
if (preg_match("/^[0-9]+$/", !$userid))
|
||||
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
|
||||
|
||||
@@ -75,7 +75,7 @@ if (isset($_GET['new_offer']) && $_GET["new_offer"]){
|
||||
if ($name == "")
|
||||
bark($lang_offers['std_must_enter_name']);
|
||||
|
||||
$cat = ($_POST["type"] ?? 0);
|
||||
$cat = intval($_POST["type"] ?? 0);
|
||||
if (!is_valid_id($cat))
|
||||
bark($lang_offers['std_must_select_category']);
|
||||
|
||||
@@ -101,7 +101,7 @@ if (isset($_GET['new_offer']) && $_GET["new_offer"]){
|
||||
//===end
|
||||
|
||||
$ret = sql_query("INSERT INTO offers (userid, name, descr, category, added) VALUES (" .
|
||||
implode(",", array_map("sqlesc", array($CURUSER["id"], $name, $descr, $_POST["type"] ?? 0))) .
|
||||
implode(",", array_map("sqlesc", array($CURUSER["id"], $name, $descr, intval($_POST["type"] ?? 0)))) .
|
||||
", '" . date("Y-m-d H:i:s") . "')");
|
||||
if (!$ret) {
|
||||
if (mysql_errno() == 1062)
|
||||
@@ -127,11 +127,11 @@ if (isset($_GET['new_offer']) && $_GET["new_offer"]){
|
||||
//=== offer details
|
||||
if (isset($_GET['off_details']) && $_GET["off_details"]){
|
||||
|
||||
$off_details = $_GET["off_details"] ?? 0;
|
||||
$off_details = intval($_GET["off_details"] ?? 0);
|
||||
if($off_details != '1')
|
||||
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
|
||||
|
||||
$id = $_GET["id"] ?? 0;
|
||||
$id = intval($_GET["id"] ?? 0);
|
||||
if(!$id)
|
||||
die();
|
||||
//stderr("Error", "I smell a rat!");
|
||||
@@ -238,13 +238,13 @@ if (isset($_GET["allow_offer"]) && $_GET["allow_offer"]) {
|
||||
if (get_user_class() < $offermanage_class)
|
||||
stderr($lang_offers['std_access_denied'], $lang_offers['std_mans_job']);
|
||||
|
||||
$allow_offer = $_GET["allow_offer"] ?? 0;
|
||||
$allow_offer = intval($_GET["allow_offer"] ?? 0);
|
||||
if($allow_offer != '1')
|
||||
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
|
||||
|
||||
//=== to allow the offer credit to S4NE for this next bit :)
|
||||
//if ($_POST["offerid"]){
|
||||
$offid = $_POST["offerid"] ?? 0;
|
||||
$offid = intval($_POST["offerid"] ?? 0);
|
||||
if(!is_valid_id($offid))
|
||||
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
|
||||
|
||||
@@ -273,11 +273,11 @@ if (isset($_GET["finish_offer"]) && $_GET["finish_offer"]) {
|
||||
if (get_user_class() < $offermanage_class)
|
||||
stderr($lang_offers['std_access_denied'], $lang_offers['std_have_no_permission']);
|
||||
|
||||
$finish_offer = $_GET["finish_offer"] ?? 0;
|
||||
$finish_offer = intval($_GET["finish_offer"] ?? 0);
|
||||
if($finish_offer != '1')
|
||||
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
|
||||
|
||||
$offid = $_POST["finish"] ?? 0;
|
||||
$offid = intval($_POST["finish"] ?? 0);
|
||||
if(!is_valid_id($offid))
|
||||
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
|
||||
|
||||
@@ -323,11 +323,11 @@ if (isset($_GET["finish_offer"]) && $_GET["finish_offer"]) {
|
||||
|
||||
if (isset($_GET["edit_offer"]) && $_GET["edit_offer"]) {
|
||||
|
||||
$edit_offer = $_GET["edit_offer"] ?? 0;
|
||||
$edit_offer = intval($_GET["edit_offer"] ?? 0);
|
||||
if($edit_offer != '1')
|
||||
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
|
||||
|
||||
$id = $_GET["id"] ?? 0;
|
||||
$id = intval($_GET["id"] ?? 0);
|
||||
|
||||
$res = sql_query("SELECT * FROM offers WHERE id = $id") or sqlerr(__FILE__, __LINE__);
|
||||
$num = mysql_fetch_array($res);
|
||||
@@ -369,11 +369,11 @@ if (isset($_GET["edit_offer"]) && $_GET["edit_offer"]) {
|
||||
//==== take offer edit
|
||||
if (isset($_GET["take_off_edit"]) && $_GET["take_off_edit"]){
|
||||
|
||||
$take_off_edit = $_GET["take_off_edit"] ?? 0;
|
||||
$take_off_edit = intval($_GET["take_off_edit"] ?? 0);
|
||||
if($take_off_edit != '1')
|
||||
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
|
||||
|
||||
$id = $_GET["id"] ?? 0;
|
||||
$id = intval($_GET["id"] ?? 0);
|
||||
|
||||
$res = sql_query("SELECT userid FROM offers WHERE id = $id") or sqlerr(__FILE__, __LINE__);
|
||||
$num = mysql_fetch_array($res);
|
||||
@@ -395,7 +395,7 @@ if (isset($_GET["take_off_edit"]) && $_GET["take_off_edit"]){
|
||||
bark($lang_offers['std_must_enter_name']);
|
||||
if (!$descr)
|
||||
bark($lang_offers['std_must_enter_description']);
|
||||
$cat = ($_POST["category"] ?? 0);
|
||||
$cat = intval($_POST["category"] ?? 0);
|
||||
if (!is_valid_id($cat))
|
||||
bark($lang_offers['std_must_select_category']);
|
||||
|
||||
@@ -412,11 +412,11 @@ if (isset($_GET["take_off_edit"]) && $_GET["take_off_edit"]){
|
||||
//=== offer votes list
|
||||
if (isset($_GET["offer_vote"]) && $_GET["offer_vote"]){
|
||||
|
||||
$offer_vote = $_GET["offer_vote"] ?? 0;
|
||||
$offer_vote = intval($_GET["offer_vote"] ?? 0);
|
||||
if($offer_vote != '1')
|
||||
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
|
||||
|
||||
$offerid = htmlspecialchars($_GET['id'] ?? 0);
|
||||
$offerid = htmlspecialchars(intval($_GET['id'] ?? 0));
|
||||
|
||||
$res2 = sql_query("SELECT COUNT(*) FROM offervotes WHERE offerid = ".sqlesc($offerid)) or sqlerr(__FILE__, __LINE__);
|
||||
$row = mysql_fetch_array($res2);
|
||||
@@ -459,13 +459,13 @@ if (isset($_GET["offer_vote"]) && $_GET["offer_vote"]){
|
||||
|
||||
//=== offer votes
|
||||
if (isset($_GET["vote"]) && $_GET["vote"]){
|
||||
$offerid = htmlspecialchars($_GET["id"] ?? 0);
|
||||
$offerid = htmlspecialchars(intval($_GET["id"] ?? 0));
|
||||
$vote = htmlspecialchars($_GET["vote"]);
|
||||
if ($vote == 'against' && get_user_class() < $againstoffer_class)
|
||||
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
|
||||
if ($vote =='yeah' || $vote =='against')
|
||||
{
|
||||
$userid = $CURUSER["id"] ?? 0;
|
||||
$userid = intval($CURUSER["id"] ?? 0);
|
||||
$res = sql_query("SELECT * FROM offervotes WHERE offerid=".sqlesc($offerid)." AND userid=".sqlesc($userid)) or sqlerr(__FILE__,__LINE__);
|
||||
$arr = mysql_fetch_assoc($res);
|
||||
$voted = $arr;
|
||||
@@ -532,13 +532,13 @@ if (isset($_GET["vote"]) && $_GET["vote"]){
|
||||
//=== delete offer
|
||||
if (isset($_GET["del_offer"]) && $_GET["del_offer"]){
|
||||
|
||||
$del_offer = $_GET["del_offer"] ?? 0;
|
||||
$del_offer = intval($_GET["del_offer"] ?? 0);
|
||||
if($del_offer != '1')
|
||||
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
|
||||
|
||||
$offer = $_GET["id"] ?? 0;
|
||||
$offer = intval($_GET["id"] ?? 0);
|
||||
|
||||
$userid = $CURUSER["id"] ?? 0;
|
||||
$userid = intval($CURUSER["id"] ?? 0);
|
||||
if (!is_valid_id($userid))
|
||||
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
|
||||
|
||||
@@ -554,7 +554,7 @@ if (isset($_GET["del_offer"]) && $_GET["del_offer"]){
|
||||
{
|
||||
$sure = $_GET["sure"];
|
||||
if($sure == '0' || $sure == '1')
|
||||
$sure = $_GET["sure"] ?? 0;
|
||||
$sure = intval($_GET["sure"] ?? 0);
|
||||
else
|
||||
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
|
||||
}
|
||||
@@ -601,10 +601,10 @@ if (isset($_GET["sort"]) && $_GET["sort"])
|
||||
}
|
||||
//=== end of prolly not needed, but what the hell :P
|
||||
|
||||
$categ = $_GET["category"] ?? 0;
|
||||
$categ = intval($_GET["category"] ?? 0);
|
||||
$offerorid = 0;
|
||||
if (isset($_GET["offerorid"]) && $_GET["offerorid"]){
|
||||
$offerorid = htmlspecialchars($_GET["offerorid"] ?? 0);
|
||||
$offerorid = htmlspecialchars(intval($_GET["offerorid"] ?? 0));
|
||||
if (preg_match("/^[0-9]+$/", !$offerorid))
|
||||
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
|
||||
}
|
||||
|
||||
@@ -7,7 +7,7 @@ loggedinorreturn();
|
||||
if (get_user_class() < $pollmanage_class)
|
||||
permissiondenied();
|
||||
|
||||
$pollid = $_GET['id'] ?? 0;
|
||||
$pollid = intval($_GET['id'] ?? 0);
|
||||
|
||||
if ($pollid)
|
||||
{
|
||||
|
||||
@@ -2,9 +2,8 @@
|
||||
require "include/bittorrent.php";
|
||||
dbconn();
|
||||
failedloginscheck ("Recover",true);
|
||||
|
||||
$take_recover = !isset($_GET['sitelanguage']);
|
||||
$langid = $_GET['sitelanguage'] ?? 0;
|
||||
$langid = intval($_GET['sitelanguage'] ?? 0);
|
||||
if ($langid)
|
||||
{
|
||||
$lang_folder = validlang($langid);
|
||||
@@ -60,9 +59,8 @@ EOD;
|
||||
}
|
||||
elseif($_SERVER["REQUEST_METHOD"] == "GET" && $take_recover && isset($_GET["id"]) && isset($_GET["secret"]))
|
||||
{
|
||||
$id = $_GET["id"] ?? 0;
|
||||
$id = intval($_GET["id"] ?? 0);
|
||||
$md5 = $_GET["secret"];
|
||||
|
||||
if (!$id)
|
||||
httperr();
|
||||
|
||||
@@ -70,7 +68,6 @@ elseif($_SERVER["REQUEST_METHOD"] == "GET" && $take_recover && isset($_GET["id"]
|
||||
$arr = mysql_fetch_array($res) or httperr();
|
||||
|
||||
$email = $arr["email"];
|
||||
|
||||
$sec = hash_pad($arr["editsecret"]);
|
||||
if (preg_match('/^ *$/s', $sec))
|
||||
httperr();
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
require_once("include/bittorrent.php");
|
||||
dbconn();
|
||||
|
||||
$langid = $_GET['sitelanguage'] ?? 0;
|
||||
$langid = intval($_GET['sitelanguage'] ?? 0);
|
||||
if ($langid)
|
||||
{
|
||||
$lang_folder = validlang($langid);
|
||||
|
||||
@@ -11,7 +11,7 @@ function bark($msg)
|
||||
exit;
|
||||
}
|
||||
|
||||
$id = $_GET['id'] ?? 0;
|
||||
$id = intval($_GET['id'] ?? 0);
|
||||
int_check($id,true);
|
||||
|
||||
if (get_user_class() >= UC_MODERATOR || $CURUSER[id] == "$id")
|
||||
|
||||
@@ -8,7 +8,7 @@ loggedinorreturn();
|
||||
if ($_SERVER["REQUEST_METHOD"] != "POST")
|
||||
stderr($lang_takemessage['std_error'], $lang_takemessage['std_permission_denied']);
|
||||
|
||||
$origmsg = $_POST["origmsg"] ?? 0;
|
||||
$origmsg = intval($_POST["origmsg"] ?? 0);
|
||||
$msg = trim($_POST["body"]);
|
||||
if ($_POST['forward'] == 1) //this is forwarding
|
||||
{
|
||||
@@ -35,7 +35,7 @@ if ($_SERVER["REQUEST_METHOD"] != "POST")
|
||||
}
|
||||
else
|
||||
{
|
||||
$receiver = $_POST["receiver"] ?? 0;
|
||||
$receiver = intval($_POST["receiver"] ?? 0);
|
||||
if (!is_valid_id($receiver) || ($origmsg && !is_valid_id($origmsg)))
|
||||
stderr($lang_takemessage['std_error'],$lang_takemessage['std_invalid_id']);
|
||||
$bodyadd = "";
|
||||
|
||||
@@ -7,7 +7,7 @@ loggedinorreturn();
|
||||
if (get_user_class() < $askreseed_class)
|
||||
permissiondenied();
|
||||
|
||||
$reseedid = $_GET["reseedid"] ?? 0;
|
||||
$reseedid = intval($_GET["reseedid"] ?? 0);
|
||||
$res = sql_query("SELECT seeders, last_reseed FROM torrents WHERE id=".sqlesc($reseedid)." LIMIT 1") or sqlerr(__FILE__, __LINE__);
|
||||
$row = mysql_fetch_array($res);
|
||||
if ($row['seeders'] > 0)
|
||||
|
||||
@@ -16,7 +16,7 @@ if ($passkey){
|
||||
die("account disabed or parked");
|
||||
elseif ($_GET['linktype'] == 'dl')
|
||||
$dllink = true;
|
||||
$inclbookmarked=$_GET['inclbookmarked'] ?? 0;
|
||||
$inclbookmarked=intval($_GET['inclbookmarked'] ?? 0);
|
||||
if($inclbookmarked == 1)
|
||||
{
|
||||
$bookmarkarray = return_torrent_bookmark_array($user['id']);
|
||||
@@ -30,7 +30,7 @@ $searchstr = mysql_real_escape_string(trim($_GET["search"] ?? ''));
|
||||
if (empty($searchstr))
|
||||
unset($searchstr);
|
||||
if (isset($searchstr)){
|
||||
$search_mode = $_GET["search_mode"] ?? 0;
|
||||
$search_mode = intval($_GET["search_mode"] ?? 0);
|
||||
if (!in_array($search_mode,array(0,1,2)))
|
||||
{
|
||||
$search_mode = 0;
|
||||
@@ -66,10 +66,10 @@ if (isset($searchstr)){
|
||||
}
|
||||
|
||||
$limit = "";
|
||||
$startindex = $_GET['startindex'] ?? 0;
|
||||
$startindex = intval($_GET['startindex'] ?? 0);
|
||||
if ($startindex)
|
||||
$limit .= $startindex.", ";
|
||||
$showrows = $_GET['rows'] ?? 0;
|
||||
$showrows = intval($_GET['rows'] ?? 0);
|
||||
if($showrows < 1 || $showrows > 50)
|
||||
$showrows = 10;
|
||||
$limit .= $showrows;
|
||||
|
||||
14
usercp.php
14
usercp.php
@@ -280,7 +280,7 @@ tr($lang_usercp['row_school'], "<select name=school>$schools</select>", 1);
|
||||
$updateset[] = "lang = " . sqlesc($sitelanguage);
|
||||
}
|
||||
|
||||
$updateset[] = "torrentsperpage = " . min(100, $_POST["torrentsperpage"] ?? 0);
|
||||
$updateset[] = "torrentsperpage = " . min(100, intval($_POST["torrentsperpage"] ?? 0));
|
||||
if ($showmovies['hot'] == "yes"){
|
||||
$showhot = $_POST["show_hot"];
|
||||
$updateset[] = "showhot = " . sqlesc($showhot);
|
||||
@@ -323,9 +323,9 @@ tr($lang_usercp['row_school'], "<select name=school>$schools</select>", 1);
|
||||
$updateset[] = "pmnum = " . $pmnum;
|
||||
if ($showfunbox_main == 'yes'){$showfb = ($_POST["showfb"] == 'yes' ? "yes" : "no");
|
||||
$updateset[] = "showfb = " . sqlesc($showfb);}
|
||||
$sbnum = ($_POST["sbnum"] ? max(10, min(500, $_POST["sbnum"] ?? 0)) : 70);
|
||||
$sbnum = ($_POST["sbnum"] ? max(10, min(500, intval($_POST["sbnum"] ?? 0))) : 70);
|
||||
$updateset[] = "sbnum = " . $sbnum;
|
||||
$sbrefresh = ($_POST["sbrefresh"] ? max(10, min(3600, $_POST["sbrefresh"] ?? 0)) : 120);
|
||||
$sbrefresh = ($_POST["sbrefresh"] ? max(10, min(3600, intval($_POST["sbrefresh"] ?? 0))) : 120);
|
||||
$updateset[] = "sbrefresh = " . $sbrefresh;
|
||||
|
||||
if ($_POST["hidehb"] == 'yes')
|
||||
@@ -616,8 +616,8 @@ tr_small($lang_usercp['row_funbox'],"<input type=checkbox name=showfb".($CURUSER
|
||||
$signatures = ($_POST["signatures"] != "" ? "yes" : "no");
|
||||
$signature = htmlspecialchars( trim($_POST["signature"]) );
|
||||
|
||||
$updateset[] = "topicsperpage = " . min(100, $_POST["topicsperpage"] ?? 0);
|
||||
$updateset[] = "postsperpage = " . min(100, $_POST["postsperpage"] ?? 0);
|
||||
$updateset[] = "topicsperpage = " . min(100, intval($_POST["topicsperpage"] ?? 0));
|
||||
$updateset[] = "postsperpage = " . min(100, intval($_POST["postsperpage"] ?? 0));
|
||||
$updateset[] = "avatars = " . sqlesc($avatars);
|
||||
if ($showtooltipsetting)
|
||||
$updateset[] = "showlastpost = " . sqlesc($ttlastpost);
|
||||
@@ -916,8 +916,8 @@ while ($topicarr = mysql_fetch_assoc($res_topics))
|
||||
|
||||
/// GETTING USERID AND DATE OF LAST POST ///
|
||||
$arr = get_post_row($topicarr['lastpost']);
|
||||
$postid = $arr["id"] ?? 0;
|
||||
$userid = $arr["userid"] ?? 0;
|
||||
$postid = intval($arr["id"] ?? 0);
|
||||
$userid = intval($arr["userid"] ?? 0);
|
||||
$added = gettime($arr['added'],true,false);
|
||||
|
||||
/// GET NAME OF LAST POSTER ///
|
||||
|
||||
Reference in New Issue
Block a user