lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-14 12:30:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

recover some $_GET & $POST variable keep be integer

Browse Source
This commit is contained in:
xiaomlove
2021-01-06 00:56:13 +08:00
parent 47ba5397a3
commit a968b5855c
24 changed files with 102 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
comment.php
View File

@@ -34,7 +34,7 @@ if ($action == "add")
} }
} }
$parent_id = $_POST["pid"] ?? 0; $parent_id = intval($_POST["pid"] ?? 0);
int_check($parent_id,true); int_check($parent_id,true);
if($type == "torrent") if($type == "torrent")
@@ -105,12 +105,12 @@ if ($action == "add")
die; die;
} }
$parent_id = $_GET["pid"] ?? 0; $parent_id = intval($_GET["pid"] ?? 0);
int_check($parent_id,true); int_check($parent_id,true);
if($sub == "quote") if($sub == "quote")
{ {
$commentid = $_GET["cid"] ?? 0; $commentid = intval($_GET["cid"] ?? 0);
int_check($commentid,true); int_check($commentid,true);
$res2 = sql_query("SELECT comments.text, users.username FROM comments JOIN users ON comments.user = users.id WHERE comments.id=$commentid") or sqlerr(__FILE__, __LINE__); $res2 = sql_query("SELECT comments.text, users.username FROM comments JOIN users ON comments.user = users.id WHERE comments.id=$commentid") or sqlerr(__FILE__, __LINE__);
@@ -151,7 +151,7 @@ if ($action == "add")
} }
elseif ($action == "edit") elseif ($action == "edit")
{ {
$commentid = $_GET["cid"] ?? 0; $commentid = intval($_GET["cid"] ?? 0);
int_check($commentid,true); int_check($commentid,true);
if($type == "torrent") if($type == "torrent")
@@ -211,7 +211,7 @@ elseif ($action == "delete")
if (get_user_class() < $commanage_class) if (get_user_class() < $commanage_class)
stderr($lang_comment['std_error'], $lang_comment['std_permission_denied']); stderr($lang_comment['std_error'], $lang_comment['std_permission_denied']);
$commentid = $_GET["cid"] ?? 0; $commentid = intval($_GET["cid"] ?? 0);
$sure = $_GET["sure"]; $sure = $_GET["sure"];
int_check($commentid,true); int_check($commentid,true);
@@ -268,7 +268,7 @@ elseif ($action == "vieworiginal")
if (get_user_class() < $commanage_class) if (get_user_class() < $commanage_class)
stderr($lang_comment['std_error'], $lang_comment['std_permission_denied']); stderr($lang_comment['std_error'], $lang_comment['std_permission_denied']);
$commentid = $_GET["cid"] ?? 0; $commentid = intval($_GET["cid"] ?? 0);
int_check($commentid,true); int_check($commentid,true);
if($type == "torrent") if($type == "torrent")

2
confirm_resend.php
View File

@@ -3,7 +3,7 @@ require "include/bittorrent.php";
dbconn(); dbconn();
failedloginscheck ("Re-send",true); failedloginscheck ("Re-send",true);
$langid = $_GET['sitelanguage'] ?? 0; $langid = intval($_GET['sitelanguage'] ?? 0);
if ($langid) if ($langid)
{ {
$lang_folder = validlang($langid); $lang_folder = validlang($langid);

2
confirmemail.php
View File

@@ -4,7 +4,7 @@ require_once("include/bittorrent.php");
if (!preg_match(':^/(\d{1,10})/([\w]{32})/(.+)$:', $_SERVER["PATH_INFO"], $matches)) if (!preg_match(':^/(\d{1,10})/([\w]{32})/(.+)$:', $_SERVER["PATH_INFO"], $matches))
httperr(); httperr();
$id = $matches[1] ?? 0; $id = intval($matches[1] ?? 0);
$md5 = $matches[2]; $md5 = $matches[2];
$email = urldecode($matches[3]); $email = urldecode($matches[3]);
//print($email); //print($email);

2
details.php
View File

@@ -7,7 +7,7 @@ if ($showextinfo['imdb'] == 'yes')
require_once("imdb/imdb.class.php"); require_once("imdb/imdb.class.php");
loggedinorreturn(); loggedinorreturn();
$id = $_GET["id"] ?? 0; $id = intval($_GET["id"] ?? 0);
int_check($id); int_check($id);
if (!isset($id) || !$id) if (!isset($id) || !$id)

4
download.php
View File

@@ -20,7 +20,7 @@ else
{ {
loggedinorreturn(); loggedinorreturn();
parked(); parked();
$letdown = $_GET['letdown'] ?? 0; $letdown = intval($_GET['letdown'] ?? 0);
if (!$letdown && $CURUSER['showdlnotice'] == 1) if (!$letdown && $CURUSER['showdlnotice'] == 1)
{ {
header("Location: " . get_protocol_prefix() . "$BASEURL/downloadnotice.php?torrentid=".$id."&type=firsttime"); header("Location: " . get_protocol_prefix() . "$BASEURL/downloadnotice.php?torrentid=".$id."&type=firsttime");
@@ -85,7 +85,7 @@ require_once "include/benc.php";
if (strlen($CURUSER['passkey']) != 32) { if (strlen($CURUSER['passkey']) != 32) {
$CURUSER['passkey'] = md5($CURUSER['username'].date("Y-m-d H:i:s").$CURUSER['passhash']); $CURUSER['passkey'] = md5($CURUSER['username'].date("Y-m-d H:i:s").$CURUSER['passhash']);
sql_query("UPDATE users SET passkey=".sqlesc($CURUSER[passkey])." WHERE id=".sqlesc($CURUSER[id])); sql_query("UPDATE users SET passkey=".sqlesc($CURUSER['passkey'])." WHERE id=".sqlesc($CURUSER['id']));
} }
$dict = bdec_file($fn, $max_torrent_size); $dict = bdec_file($fn, $max_torrent_size);

2
downloadnotice.php
View File

@@ -5,7 +5,7 @@ require_once(get_langfile_path());
loggedinorreturn(); loggedinorreturn();
if ($_SERVER["REQUEST_METHOD"] == "POST") if ($_SERVER["REQUEST_METHOD"] == "POST")
{ {
$torrentid = $_POST['id'] ?? 0; $torrentid = intval($_POST['id'] ?? 0);
$type = $_POST['type']; $type = $_POST['type'];
$hidenotice = $_POST['hidenotice']; $hidenotice = $_POST['hidenotice'];
if (!$torrentid || !in_array($type,array('firsttime', 'client', 'ratio'))) if (!$torrentid || !in_array($type,array('firsttime', 'client', 'ratio')))

48
forums.php
View File

@@ -258,7 +258,7 @@ $action = htmlspecialchars(trim($_GET["action"] ?? ''));
//-------- Action: New topic //-------- Action: New topic
if ($action == "newtopic") if ($action == "newtopic")
{ {
$forumid = $_GET["forumid"] ?? 0; $forumid = intval($_GET["forumid"] ?? 0);
check_whether_exist($forumid, 'forum'); check_whether_exist($forumid, 'forum');
stdhead($lang_forums['head_new_topic']); stdhead($lang_forums['head_new_topic']);
begin_main_frame(); begin_main_frame();
@@ -269,7 +269,7 @@ if ($action == "newtopic")
} }
if ($action == "quotepost") if ($action == "quotepost")
{ {
$postid = $_GET["postid"] ?? 0; $postid = intval($_GET["postid"] ?? 0);
check_whether_exist($postid, 'post'); check_whether_exist($postid, 'post');
stdhead($lang_forums['head_post_reply']); stdhead($lang_forums['head_post_reply']);
begin_main_frame(); begin_main_frame();
@@ -283,7 +283,7 @@ if ($action == "quotepost")
if ($action == "reply") if ($action == "reply")
{ {
$topicid = $_GET["topicid"] ?? 0; $topicid = intval($_GET["topicid"] ?? 0);
check_whether_exist($topicid, 'topic'); check_whether_exist($topicid, 'topic');
stdhead($lang_forums['head_post_reply']); stdhead($lang_forums['head_post_reply']);
begin_main_frame(); begin_main_frame();
@@ -297,7 +297,7 @@ if ($action == "reply")
if ($action == "editpost") if ($action == "editpost")
{ {
$postid = $_GET["postid"] ?? 0; $postid = intval($_GET["postid"] ?? 0);
check_whether_exist($postid, 'post'); check_whether_exist($postid, 'post');
$res = sql_query("SELECT userid, topicid FROM posts WHERE id=".sqlesc($postid)) or sqlerr(__FILE__, __LINE__); $res = sql_query("SELECT userid, topicid FROM posts WHERE id=".sqlesc($postid)) or sqlerr(__FILE__, __LINE__);
@@ -383,7 +383,7 @@ if ($action == "post")
if ($body == "") if ($body == "")
stderr($lang_forums['std_error'], $lang_forums['std_no_body_text']); stderr($lang_forums['std_error'], $lang_forums['std_no_body_text']);
$userid = $CURUSER["id"] ?? 0; $userid = intval($CURUSER["id"] ?? 0);
$date = date("Y-m-d H:i:s"); $date = date("Y-m-d H:i:s");
if ($type != 'new'){ if ($type != 'new'){
@@ -472,10 +472,10 @@ if ($action == "viewtopic")
{ {
$highlight = htmlspecialchars(trim($_GET["highlight"] ?? '')); $highlight = htmlspecialchars(trim($_GET["highlight"] ?? ''));
$topicid = $_GET["topicid"] ?? 0; $topicid = intval($_GET["topicid"] ?? 0);
int_check($topicid,true); int_check($topicid,true);
$page = $_GET["page"] ?? 0; $page = intval($_GET["page"] ?? 0);
$authorid = $_GET["authorid"] ?? 0; $authorid = intval($_GET["authorid"] ?? 0);
if ($authorid) if ($authorid)
{ {
$where = "WHERE topicid=".sqlesc($topicid)." AND userid=".sqlesc($authorid); $where = "WHERE topicid=".sqlesc($topicid)." AND userid=".sqlesc($authorid);
@@ -829,9 +829,9 @@ if ($action == "viewtopic")
if ($action == "movetopic") if ($action == "movetopic")
{ {
$forumid = $_POST["forumid"] ?? 0; $forumid = intval($_POST["forumid"] ?? 0);
$topicid = $_GET["topicid"] ?? 0; $topicid = intval($_GET["topicid"] ?? 0);
$ismod = is_forum_moderator($topicid,'topic'); $ismod = is_forum_moderator($topicid,'topic');
if (!is_valid_id($forumid) || !is_valid_id($topicid) || (get_user_class() < $postmanage_class && !$ismod)) if (!is_valid_id($forumid) || !is_valid_id($topicid) || (get_user_class() < $postmanage_class && !$ismod))
permissiondenied(); permissiondenied();
@@ -885,7 +885,7 @@ if ($action == "movetopic")
if ($action == "deletetopic") if ($action == "deletetopic")
{ {
$topicid = $_GET["topicid"] ?? 0; $topicid = intval($_GET["topicid"] ?? 0);
$res1 = sql_query("SELECT forumid, userid FROM topics WHERE id=".sqlesc($topicid)." LIMIT 1") or sqlerr(__FILE__, __LINE__); $res1 = sql_query("SELECT forumid, userid FROM topics WHERE id=".sqlesc($topicid)." LIMIT 1") or sqlerr(__FILE__, __LINE__);
$row1 = mysql_fetch_array($res1); $row1 = mysql_fetch_array($res1);
if (!$row1){ if (!$row1){
@@ -899,7 +899,7 @@ if ($action == "deletetopic")
if (!is_valid_id($topicid) || (get_user_class() < $postmanage_class && !$ismod)) if (!is_valid_id($topicid) || (get_user_class() < $postmanage_class && !$ismod))
permissiondenied(); permissiondenied();
$sure = $_GET["sure"] ?? 0; $sure = intval($_GET["sure"] ?? 0);
if (!$sure) if (!$sure)
{ {
stderr($lang_forums['std_delete_topic'], $lang_forums['std_delete_topic_note'] . stderr($lang_forums['std_delete_topic'], $lang_forums['std_delete_topic_note'] .
@@ -929,8 +929,8 @@ if ($action == "deletetopic")
if ($action == "deletepost") if ($action == "deletepost")
{ {
$postid = $_GET["postid"] ?? 0; $postid = intval($_GET["postid"] ?? 0);
$sure = $_GET["sure"] ?? 0; $sure = intval($_GET["sure"] ?? 0);
$ismod = is_forum_moderator($postid, 'post'); $ismod = is_forum_moderator($postid, 'post');
if ((get_user_class() < $postmanage_class && !$ismod) || !is_valid_id($postid)) if ((get_user_class() < $postmanage_class && !$ismod) || !is_valid_id($postid))
@@ -988,7 +988,7 @@ if ($action == "deletepost")
if ($action == "setlocked") if ($action == "setlocked")
{ {
$topicid = $_POST["topicid"] ?? 0; $topicid = intval($_POST["topicid"] ?? 0);
$ismod = is_forum_moderator($topicid,'topic'); $ismod = is_forum_moderator($topicid,'topic');
if (!$topicid || (get_user_class() < $postmanage_class && !$ismod)) if (!$topicid || (get_user_class() < $postmanage_class && !$ismod))
permissiondenied(); permissiondenied();
@@ -1002,7 +1002,7 @@ if ($action == "setlocked")
if ($action == 'hltopic') if ($action == 'hltopic')
{ {
$topicid = $_GET["topicid"] ?? 0; $topicid = intval($_GET["topicid"] ?? 0);
$ismod = is_forum_moderator($topicid,'topic'); $ismod = is_forum_moderator($topicid,'topic');
if (!$topicid || (get_user_class() < $postmanage_class && !$ismod)) if (!$topicid || (get_user_class() < $postmanage_class && !$ismod))
permissiondenied(); permissiondenied();
@@ -1022,7 +1022,7 @@ if ($action == 'hltopic')
if ($action == "setsticky") if ($action == "setsticky")
{ {
$topicid = $_POST["topicid"] ?? 0; $topicid = intval($_POST["topicid"] ?? 0);
$ismod = is_forum_moderator($topicid,'topic'); $ismod = is_forum_moderator($topicid,'topic');
if (!$topicid || (get_user_class() < $postmanage_class && !$ismod)) if (!$topicid || (get_user_class() < $postmanage_class && !$ismod))
permissiondenied(); permissiondenied();
@@ -1038,9 +1038,9 @@ if ($action == "setsticky")
if ($action == "viewforum") if ($action == "viewforum")
{ {
$forumid = $_GET["forumid"] ?? 0; $forumid = intval($_GET["forumid"] ?? 0);
int_check($forumid,true); int_check($forumid,true);
$userid = $CURUSER["id"] ?? 0; $userid = intval($CURUSER["id"] ?? 0);
//------ Get forum name, moderators //------ Get forum name, moderators
$row = get_forum_row($forumid); $row = get_forum_row($forumid);
if (!$row){ if (!$row){
@@ -1179,8 +1179,8 @@ if ($action == "viewforum")
//---- Get userID and date of last post //---- Get userID and date of last post
$arr = get_post_row($topicarr['lastpost']); $arr = get_post_row($topicarr['lastpost']);
$lppostid = $arr["id"] ?? 0; $lppostid = intval($arr["id"] ?? 0);
$lpuserid = $arr["userid"] ?? 0; $lpuserid = intval($arr["userid"] ?? 0);
$lpusername = get_username($lpuserid); $lpusername = get_username($lpuserid);
$lpadded = gettime($arr["added"],true,false); $lpadded = gettime($arr["added"],true,false);
$onmouseover = ""; $onmouseover = "";
@@ -1196,7 +1196,7 @@ if ($action == "viewforum")
} }
$arr = get_post_row($topicarr['firstpost']); $arr = get_post_row($topicarr['firstpost']);
$fpuserid = $arr["userid"] ?? 0; $fpuserid = intval($arr["userid"] ?? 0);
$fpauthor = get_username($arr["userid"]); $fpauthor = get_username($arr["userid"]);
$subject = ($sticky ? "<img class=\"sticky\" src=\"pic/trans.gif\" alt=\"Sticky\" title=\"".$lang_forums['title_sticky']."\" />&nbsp;&nbsp;" : "") . "<a href=\"".htmlspecialchars("?action=viewtopic&forumid=".$forumid."&topicid=".$topicid)."\" ".$onmouseover.">" .highlight_topic(highlight($search,htmlspecialchars($topicarr["subject"])), $hlcolor) . "</a>".$topicpages; $subject = ($sticky ? "<img class=\"sticky\" src=\"pic/trans.gif\" alt=\"Sticky\" title=\"".$lang_forums['title_sticky']."\" />&nbsp;&nbsp;" : "") . "<a href=\"".htmlspecialchars("?action=viewtopic&forumid=".$forumid."&topicid=".$topicid)."\" ".$onmouseover.">" .highlight_topic(highlight($search,htmlspecialchars($topicarr["subject"])), $hlcolor) . "</a>".$topicpages;
@@ -1263,7 +1263,7 @@ if ($action == "viewunread")
{ {
$userid = $CURUSER['id']; $userid = $CURUSER['id'];
$beforepostid = $_GET['beforepostid'] ?? 0; $beforepostid = intval($_GET['beforepostid'] ?? 0);
$maxresults = 25; $maxresults = 25;
$res = sql_query("SELECT id, forumid, subject, lastpost, hlcolor FROM topics WHERE lastpost > ".$CURUSER['last_catchup'].($beforepostid ? " AND lastpost < ".sqlesc($beforepostid) : "")." ORDER BY lastpost DESC LIMIT 100") or sqlerr(__FILE__, __LINE__); $res = sql_query("SELECT id, forumid, subject, lastpost, hlcolor FROM topics WHERE lastpost > ".$CURUSER['last_catchup'].($beforepostid ? " AND lastpost < ".sqlesc($beforepostid) : "")." ORDER BY lastpost DESC LIMIT 100") or sqlerr(__FILE__, __LINE__);
@@ -1332,7 +1332,7 @@ if ($action == "search")
$res = sql_query("SELECT COUNT(posts.id) FROM posts LEFT JOIN topics ON posts.topicid = topics.id LEFT JOIN forums ON topics.forumid = forums.id WHERE forums.minclassread <= ".sqlesc(get_user_class())." AND ((topics.subject $extraSql AND posts.id=topics.firstpost) OR posts.body $extraSql)") or sqlerr(__FILE__, __LINE__); $res = sql_query("SELECT COUNT(posts.id) FROM posts LEFT JOIN topics ON posts.topicid = topics.id LEFT JOIN forums ON topics.forumid = forums.id WHERE forums.minclassread <= ".sqlesc(get_user_class())." AND ((topics.subject $extraSql AND posts.id=topics.firstpost) OR posts.body $extraSql)") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res); $arr = mysql_fetch_row($res);
$hits = $arr[0] ?? 0; $hits = intval($arr[0] ?? 0);
if ($hits){ if ($hits){
$error = false; $error = false;
$found = "[<b><font class=\"striking\"> ".$lang_forums['text_found'].$hits.$lang_forums['text_num_posts']." </font></b>]"; $found = "[<b><font class=\"striking\"> ".$lang_forums['text_found'].$hits.$lang_forums['text_num_posts']." </font></b>]";

10
fun.php
View File

@@ -12,7 +12,7 @@ if (!$action)
} }
if ($action == 'delete') if ($action == 'delete')
{ {
$id = $_GET["id"] ?? 0; $id = intval($_GET["id"] ?? 0);
int_check($id,true); int_check($id,true);
$res = sql_query("SELECT userid FROM fun WHERE id=$id") or sqlerr(__FILE__,__LINE__); $res = sql_query("SELECT userid FROM fun WHERE id=$id") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res); $arr = mysql_fetch_array($res);
@@ -20,7 +20,7 @@ if ($action == 'delete')
stderr($lang_fun['std_error'], $lang_fun['std_invalid_id']); stderr($lang_fun['std_error'], $lang_fun['std_invalid_id']);
if (get_user_class() < $funmanage_class) if (get_user_class() < $funmanage_class)
permissiondenied(); permissiondenied();
$sure = $_GET["sure"] ?? 0; $sure = intval($_GET["sure"] ?? 0);
$returnto = $_GET["returnto"] ? htmlspecialchars($_GET["returnto"]) : htmlspecialchars($_SERVER["HTTP_REFERER"]); $returnto = $_GET["returnto"] ? htmlspecialchars($_GET["returnto"]) : htmlspecialchars($_SERVER["HTTP_REFERER"]);
if (!$sure) if (!$sure)
stderr($lang_fun['std_delete_fun'],$lang_fun['text_please_click'] ."<a class=altlink href=?action=delete&id=$id&returnto=$returnto&sure=1>".$lang_fun['text_here_if_sure'],false); stderr($lang_fun['std_delete_fun'],$lang_fun['text_please_click'] ."<a class=altlink href=?action=delete&id=$id&returnto=$returnto&sure=1>".$lang_fun['text_here_if_sure'],false);
@@ -123,7 +123,7 @@ if ($row){
print("</body></html>"); print("</body></html>");
} }
if ($action == 'edit'){ if ($action == 'edit'){
$id = $_GET["id"] ?? 0; $id = intval($_GET["id"] ?? 0);
int_check($id,true); int_check($id,true);
$res = sql_query("SELECT * FROM fun WHERE id=$id") or sqlerr(__FILE__,__LINE__); $res = sql_query("SELECT * FROM fun WHERE id=$id") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res); $arr = mysql_fetch_array($res);
@@ -165,7 +165,7 @@ if ($action == 'ban')
{ {
if (get_user_class() < $funmanage_class) if (get_user_class() < $funmanage_class)
permissiondenied(); permissiondenied();
$id = $_GET["id"] ?? 0; $id = intval($_GET["id"] ?? 0);
int_check($id,true); int_check($id,true);
$res = sql_query("SELECT * FROM fun WHERE id=$id") or sqlerr(__FILE__,__LINE__); $res = sql_query("SELECT * FROM fun WHERE id=$id") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res); $arr = mysql_fetch_array($res);
@@ -210,7 +210,7 @@ function funreward($funvote, $totalvote, $title, $posterid, $bonus)
if ($action == 'vote') if ($action == 'vote')
{ {
$id = $_GET["id"] ?? 0; $id = intval($_GET["id"] ?? 0);
int_check($id,true); int_check($id,true);
$res = sql_query("SELECT * FROM fun WHERE id=$id") or sqlerr(__FILE__,__LINE__); $res = sql_query("SELECT * FROM fun WHERE id=$id") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res); $arr = mysql_fetch_array($res);

4
getrss.php
View File

@@ -147,7 +147,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
{ {
$query[] = "search=".rawurlencode($searchstr); $query[] = "search=".rawurlencode($searchstr);
if ($_POST["search_mode"]){ if ($_POST["search_mode"]){
$search_mode = $_POST["search_mode"] ?? 0; $search_mode = intval($_POST["search_mode"] ?? 0);
if (!in_array($search_mode,array(0,1,2))) if (!in_array($search_mode,array(0,1,2)))
{ {
$search_mode = 0; $search_mode = 0;
@@ -155,7 +155,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$query[] = "search_mode=".$search_mode; $query[] = "search_mode=".$search_mode;
} }
} }
$inclbookmarked=$_POST['inclbookmarked'] ?? 0; $inclbookmarked=intval($_POST['inclbookmarked'] ?? 0);
if($inclbookmarked) if($inclbookmarked)
{ {
if (!in_array($inclbookmarked,array(0,1))) if (!in_array($inclbookmarked,array(0,1)))

11
include/functions.php
View File

@@ -1037,7 +1037,7 @@ function insert_suggest($keyword, $userid, $pre_escaped = true)
{ {
if(mb_strlen($keyword,"UTF-8") >= 2) if(mb_strlen($keyword,"UTF-8") >= 2)
{ {
$userid = $userid ?? 0; $userid = intval($userid ?? 0);
if($userid) if($userid)
sql_query("INSERT INTO suggest(keywords, userid, adddate) VALUES (" . ($pre_escaped == true ? "'" . $keyword . "'" : sqlesc($keyword)) . "," . sqlesc($userid) . ", NOW())") or sqlerr(__FILE__,__LINE__); sql_query("INSERT INTO suggest(keywords, userid, adddate) VALUES (" . ($pre_escaped == true ? "'" . $keyword . "'" : sqlesc($keyword)) . "," . sqlesc($userid) . ", NOW())") or sqlerr(__FILE__,__LINE__);
} }
@@ -1053,7 +1053,7 @@ function get_external_tr($imdb_url = "")
function get_torrent_extinfo_identifier($torrentid) function get_torrent_extinfo_identifier($torrentid)
{ {
$torrentid = $torrentid ?? 0; $torrentid = intval($torrentid ?? 0);
$result = array('imdb_id'); $result = array('imdb_id');
unset($result); unset($result);
@@ -1358,6 +1358,7 @@ function sent_mail($to,$fromname,$fromemail,$subject,$body,$type = "confirmation
elseif ($smtptype == 'advanced') { elseif ($smtptype == 'advanced') {
$mid = md5(getip() . $fromname); $mid = md5(getip() . $fromname);
$name = $_SERVER["SERVER_NAME"]; $name = $_SERVER["SERVER_NAME"];
$headers = '';
$headers .= "From: $fromname <$fromemail>".$eol; $headers .= "From: $fromname <$fromemail>".$eol;
$headers .= "Reply-To: $fromname <$fromemail>".$eol; $headers .= "Reply-To: $fromname <$fromemail>".$eol;
$headers .= "Return-Path: $fromname <$fromemail>".$eol; $headers .= "Return-Path: $fromname <$fromemail>".$eol;
@@ -1796,7 +1797,7 @@ function userlogin() {
//return; //return;
} }
$b_id = base64($_COOKIE["c_secure_uid"],false); $b_id = base64($_COOKIE["c_secure_uid"],false);
$id = $b_id ?? 0; $id = intval($b_id ?? 0);
if (!$id || !is_valid_id($id) || strlen($_COOKIE["c_secure_pass"]) != 32) if (!$id || !is_valid_id($id) || strlen($_COOKIE["c_secure_pass"]) != 32)
return; return;
@@ -2036,7 +2037,7 @@ function validemail($email) {
function validlang($langid) { function validlang($langid) {
global $deflang; global $deflang;
$langid = $langid ?? 0; $langid = intval($langid ?? 0);
$res = sql_query("SELECT * FROM language WHERE site_lang = 1 AND id = " . sqlesc($langid)) or sqlerr(__FILE__, __LINE__); $res = sql_query("SELECT * FROM language WHERE site_lang = 1 AND id = " . sqlesc($langid)) or sqlerr(__FILE__, __LINE__);
if(mysql_num_rows($res) == 1) if(mysql_num_rows($res) == 1)
{ {
@@ -2731,7 +2732,7 @@ function pager($rpp, $count, $href, $opts = array(), $pagename = "page") {
} }
if (isset($_GET[$pagename])) { if (isset($_GET[$pagename])) {
$page = $_GET[$pagename] ?? 0; $page = intval($_GET[$pagename] ?? 0);
if ($page < 0) if ($page < 0)
$page = $pagedefault; $page = $pagedefault;
} }

2
ipsearch.php
View File

@@ -82,7 +82,7 @@ GROUP BY u.id
} }
$order = $_GET['order'] ?? ''; $order = $_GET['order'] ?? '';
$page = $_GET["page"] ?? 0; $page = intval($_GET["page"] ?? 0);
$perpage = 20; $perpage = 20;
list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, "$_SERVER[PHP_SELF]?ip=$ip&mask=$mask&order=$order&"); list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, "$_SERVER[PHP_SELF]?ip=$ip&mask=$mask&order=$order&");

2
login.php
View File

@@ -2,7 +2,7 @@
require_once("include/bittorrent.php"); require_once("include/bittorrent.php");
dbconn(); dbconn();
$langid = $_GET['sitelanguage'] ?? 0; $langid = intval($_GET['sitelanguage'] ?? 0);
if ($langid) if ($langid)
{ {
$lang_folder = validlang($langid); $lang_folder = validlang($langid);

4
makepoll.php
View File

@@ -7,7 +7,7 @@ if (get_user_class() < $pollmanage_class)
permissiondenied(); permissiondenied();
$action = $_GET["action"] ?? ''; $action = $_GET["action"] ?? '';
$pollid = $_GET["pollid"] ?? 0; $pollid = intval($_GET["pollid"] ?? 0);
$poll = []; $poll = [];
if ($action == "edit") if ($action == "edit")
@@ -21,7 +21,7 @@ if ($action == "edit")
if ($_SERVER["REQUEST_METHOD"] == "POST") if ($_SERVER["REQUEST_METHOD"] == "POST")
{ {
$pollid = $_POST["pollid"] ?? 0; $pollid = intval($_POST["pollid"] ?? 0);
$question = htmlspecialchars($_POST["question"]); $question = htmlspecialchars($_POST["question"]);
$option0 = htmlspecialchars($_POST["option0"]); $option0 = htmlspecialchars($_POST["option0"]);
$option1 = htmlspecialchars($_POST["option1"]); $option1 = htmlspecialchars($_POST["option1"]);

4
modtask.php
View File

@@ -26,12 +26,12 @@ if ($action == "confirmuser")
if ($action == "edituser") if ($action == "edituser")
{ {
$userid = $_POST["userid"]; $userid = $_POST["userid"];
$class = $_POST["class"] ?? 0; $class = intval($_POST["class"] ?? 0);
$vip_added = ($_POST["vip_added"] == 'yes' ? 'yes' : 'no'); $vip_added = ($_POST["vip_added"] == 'yes' ? 'yes' : 'no');
$vip_until = ($_POST["vip_until"] ? $_POST["vip_until"] : '0000-00-00 00:00:00'); $vip_until = ($_POST["vip_until"] ? $_POST["vip_until"] : '0000-00-00 00:00:00');
$warned = $_POST["warned"]; $warned = $_POST["warned"];
$warnlength = $_POST["warnlength"] ?? 0; $warnlength = intval($_POST["warnlength"] ?? 0);
$warnpm = $_POST["warnpm"]; $warnpm = $_POST["warnpm"];
$title = $_POST["title"]; $title = $_POST["title"];
$avatar = $_POST["avatar"]; $avatar = $_POST["avatar"];

2
mybonus.php
View File

@@ -384,7 +384,7 @@ if ($action == "exchange") {
} }
elseif($art == 'gift_2') // charity giving elseif($art == 'gift_2') // charity giving
{ {
$points = $_POST["bonuscharity"] ?? 0; $points = intval($_POST["bonuscharity"] ?? 0);
if ($points < 1000 || $points > 50000){ if ($points < 1000 || $points > 50000){
stdmsg($lang_mybonus['text_error'], $lang_mybonus['bonus_amount_not_allowed_two'], 0); stdmsg($lang_mybonus['text_error'], $lang_mybonus['bonus_amount_not_allowed_two'], 0);
stdfoot(); stdfoot();

54
offers.php
View File

@@ -22,7 +22,7 @@ if (isset($_GET['category']) && $_GET["category"]){
} }
if (isset($_GET['id']) && $_GET["id"]){ if (isset($_GET['id']) && $_GET["id"]){
$id = htmlspecialchars($_GET["id"] ?? 0); $id = htmlspecialchars(intval($_GET["id"] ?? 0));
if (preg_match('/^[0-9]+$/', !$id)) if (preg_match('/^[0-9]+$/', !$id))
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
} }
@@ -31,7 +31,7 @@ if (isset($_GET['id']) && $_GET["id"]){
if (isset($_GET['add_offer']) && $_GET["add_offer"]){ if (isset($_GET['add_offer']) && $_GET["add_offer"]){
if (get_user_class() < $addoffer_class) if (get_user_class() < $addoffer_class)
permissiondenied(); permissiondenied();
$add_offer = $_GET["add_offer"] ?? 0; $add_offer = intval($_GET["add_offer"] ?? 0);
if($add_offer != '1') if($add_offer != '1')
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
@@ -63,11 +63,11 @@ if (isset($_GET['add_offer']) && $_GET["add_offer"]){
if (isset($_GET['new_offer']) && $_GET["new_offer"]){ if (isset($_GET['new_offer']) && $_GET["new_offer"]){
if (get_user_class() < $addoffer_class) if (get_user_class() < $addoffer_class)
permissiondenied(); permissiondenied();
$new_offer = $_GET["new_offer"] ?? 0; $new_offer = intval($_GET["new_offer"] ?? 0);
if($new_offer != '1') if($new_offer != '1')
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
$userid = $CURUSER["id"] ?? 0; $userid = intval($CURUSER["id"] ?? 0);
if (preg_match("/^[0-9]+$/", !$userid)) if (preg_match("/^[0-9]+$/", !$userid))
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
@@ -75,7 +75,7 @@ if (isset($_GET['new_offer']) && $_GET["new_offer"]){
if ($name == "") if ($name == "")
bark($lang_offers['std_must_enter_name']); bark($lang_offers['std_must_enter_name']);
$cat = ($_POST["type"] ?? 0); $cat = intval($_POST["type"] ?? 0);
if (!is_valid_id($cat)) if (!is_valid_id($cat))
bark($lang_offers['std_must_select_category']); bark($lang_offers['std_must_select_category']);
@@ -101,7 +101,7 @@ if (isset($_GET['new_offer']) && $_GET["new_offer"]){
//===end //===end
$ret = sql_query("INSERT INTO offers (userid, name, descr, category, added) VALUES (" . $ret = sql_query("INSERT INTO offers (userid, name, descr, category, added) VALUES (" .
implode(",", array_map("sqlesc", array($CURUSER["id"], $name, $descr, $_POST["type"] ?? 0))) . implode(",", array_map("sqlesc", array($CURUSER["id"], $name, $descr, intval($_POST["type"] ?? 0)))) .
", '" . date("Y-m-d H:i:s") . "')"); ", '" . date("Y-m-d H:i:s") . "')");
if (!$ret) { if (!$ret) {
if (mysql_errno() == 1062) if (mysql_errno() == 1062)
@@ -127,11 +127,11 @@ if (isset($_GET['new_offer']) && $_GET["new_offer"]){
//=== offer details //=== offer details
if (isset($_GET['off_details']) && $_GET["off_details"]){ if (isset($_GET['off_details']) && $_GET["off_details"]){
$off_details = $_GET["off_details"] ?? 0; $off_details = intval($_GET["off_details"] ?? 0);
if($off_details != '1') if($off_details != '1')
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
$id = $_GET["id"] ?? 0; $id = intval($_GET["id"] ?? 0);
if(!$id) if(!$id)
die(); die();
//stderr("Error", "I smell a rat!"); //stderr("Error", "I smell a rat!");
@@ -238,13 +238,13 @@ if (isset($_GET["allow_offer"]) && $_GET["allow_offer"]) {
if (get_user_class() < $offermanage_class) if (get_user_class() < $offermanage_class)
stderr($lang_offers['std_access_denied'], $lang_offers['std_mans_job']); stderr($lang_offers['std_access_denied'], $lang_offers['std_mans_job']);
$allow_offer = $_GET["allow_offer"] ?? 0; $allow_offer = intval($_GET["allow_offer"] ?? 0);
if($allow_offer != '1') if($allow_offer != '1')
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
//=== to allow the offer credit to S4NE for this next bit :) //=== to allow the offer credit to S4NE for this next bit :)
//if ($_POST["offerid"]){ //if ($_POST["offerid"]){
$offid = $_POST["offerid"] ?? 0; $offid = intval($_POST["offerid"] ?? 0);
if(!is_valid_id($offid)) if(!is_valid_id($offid))
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
@@ -273,11 +273,11 @@ if (isset($_GET["finish_offer"]) && $_GET["finish_offer"]) {
if (get_user_class() < $offermanage_class) if (get_user_class() < $offermanage_class)
stderr($lang_offers['std_access_denied'], $lang_offers['std_have_no_permission']); stderr($lang_offers['std_access_denied'], $lang_offers['std_have_no_permission']);
$finish_offer = $_GET["finish_offer"] ?? 0; $finish_offer = intval($_GET["finish_offer"] ?? 0);
if($finish_offer != '1') if($finish_offer != '1')
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
$offid = $_POST["finish"] ?? 0; $offid = intval($_POST["finish"] ?? 0);
if(!is_valid_id($offid)) if(!is_valid_id($offid))
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
@@ -323,11 +323,11 @@ if (isset($_GET["finish_offer"]) && $_GET["finish_offer"]) {
if (isset($_GET["edit_offer"]) && $_GET["edit_offer"]) { if (isset($_GET["edit_offer"]) && $_GET["edit_offer"]) {
$edit_offer = $_GET["edit_offer"] ?? 0; $edit_offer = intval($_GET["edit_offer"] ?? 0);
if($edit_offer != '1') if($edit_offer != '1')
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
$id = $_GET["id"] ?? 0; $id = intval($_GET["id"] ?? 0);
$res = sql_query("SELECT * FROM offers WHERE id = $id") or sqlerr(__FILE__, __LINE__); $res = sql_query("SELECT * FROM offers WHERE id = $id") or sqlerr(__FILE__, __LINE__);
$num = mysql_fetch_array($res); $num = mysql_fetch_array($res);
@@ -369,11 +369,11 @@ if (isset($_GET["edit_offer"]) && $_GET["edit_offer"]) {
//==== take offer edit //==== take offer edit
if (isset($_GET["take_off_edit"]) && $_GET["take_off_edit"]){ if (isset($_GET["take_off_edit"]) && $_GET["take_off_edit"]){
$take_off_edit = $_GET["take_off_edit"] ?? 0; $take_off_edit = intval($_GET["take_off_edit"] ?? 0);
if($take_off_edit != '1') if($take_off_edit != '1')
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
$id = $_GET["id"] ?? 0; $id = intval($_GET["id"] ?? 0);
$res = sql_query("SELECT userid FROM offers WHERE id = $id") or sqlerr(__FILE__, __LINE__); $res = sql_query("SELECT userid FROM offers WHERE id = $id") or sqlerr(__FILE__, __LINE__);
$num = mysql_fetch_array($res); $num = mysql_fetch_array($res);
@@ -395,7 +395,7 @@ if (isset($_GET["take_off_edit"]) && $_GET["take_off_edit"]){
bark($lang_offers['std_must_enter_name']); bark($lang_offers['std_must_enter_name']);
if (!$descr) if (!$descr)
bark($lang_offers['std_must_enter_description']); bark($lang_offers['std_must_enter_description']);
$cat = ($_POST["category"] ?? 0); $cat = intval($_POST["category"] ?? 0);
if (!is_valid_id($cat)) if (!is_valid_id($cat))
bark($lang_offers['std_must_select_category']); bark($lang_offers['std_must_select_category']);
@@ -412,11 +412,11 @@ if (isset($_GET["take_off_edit"]) && $_GET["take_off_edit"]){
//=== offer votes list //=== offer votes list
if (isset($_GET["offer_vote"]) && $_GET["offer_vote"]){ if (isset($_GET["offer_vote"]) && $_GET["offer_vote"]){
$offer_vote = $_GET["offer_vote"] ?? 0; $offer_vote = intval($_GET["offer_vote"] ?? 0);
if($offer_vote != '1') if($offer_vote != '1')
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
$offerid = htmlspecialchars($_GET['id'] ?? 0); $offerid = htmlspecialchars(intval($_GET['id'] ?? 0));
$res2 = sql_query("SELECT COUNT(*) FROM offervotes WHERE offerid = ".sqlesc($offerid)) or sqlerr(__FILE__, __LINE__); $res2 = sql_query("SELECT COUNT(*) FROM offervotes WHERE offerid = ".sqlesc($offerid)) or sqlerr(__FILE__, __LINE__);
$row = mysql_fetch_array($res2); $row = mysql_fetch_array($res2);
@@ -459,13 +459,13 @@ if (isset($_GET["offer_vote"]) && $_GET["offer_vote"]){
//=== offer votes //=== offer votes
if (isset($_GET["vote"]) && $_GET["vote"]){ if (isset($_GET["vote"]) && $_GET["vote"]){
$offerid = htmlspecialchars($_GET["id"] ?? 0); $offerid = htmlspecialchars(intval($_GET["id"] ?? 0));
$vote = htmlspecialchars($_GET["vote"]); $vote = htmlspecialchars($_GET["vote"]);
if ($vote == 'against' && get_user_class() < $againstoffer_class) if ($vote == 'against' && get_user_class() < $againstoffer_class)
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
if ($vote =='yeah' || $vote =='against') if ($vote =='yeah' || $vote =='against')
{ {
$userid = $CURUSER["id"] ?? 0; $userid = intval($CURUSER["id"] ?? 0);
$res = sql_query("SELECT * FROM offervotes WHERE offerid=".sqlesc($offerid)." AND userid=".sqlesc($userid)) or sqlerr(__FILE__,__LINE__); $res = sql_query("SELECT * FROM offervotes WHERE offerid=".sqlesc($offerid)." AND userid=".sqlesc($userid)) or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_assoc($res); $arr = mysql_fetch_assoc($res);
$voted = $arr; $voted = $arr;
@@ -532,13 +532,13 @@ if (isset($_GET["vote"]) && $_GET["vote"]){
//=== delete offer //=== delete offer
if (isset($_GET["del_offer"]) && $_GET["del_offer"]){ if (isset($_GET["del_offer"]) && $_GET["del_offer"]){
$del_offer = $_GET["del_offer"] ?? 0; $del_offer = intval($_GET["del_offer"] ?? 0);
if($del_offer != '1') if($del_offer != '1')
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
$offer = $_GET["id"] ?? 0; $offer = intval($_GET["id"] ?? 0);
$userid = $CURUSER["id"] ?? 0; $userid = intval($CURUSER["id"] ?? 0);
if (!is_valid_id($userid)) if (!is_valid_id($userid))
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
@@ -554,7 +554,7 @@ if (isset($_GET["del_offer"]) && $_GET["del_offer"]){
{ {
$sure = $_GET["sure"]; $sure = $_GET["sure"];
if($sure == '0' || $sure == '1') if($sure == '0' || $sure == '1')
$sure = $_GET["sure"] ?? 0; $sure = intval($_GET["sure"] ?? 0);
else else
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
} }
@@ -601,10 +601,10 @@ if (isset($_GET["sort"]) && $_GET["sort"])
} }
//=== end of prolly not needed, but what the hell :P //=== end of prolly not needed, but what the hell :P
$categ = $_GET["category"] ?? 0; $categ = intval($_GET["category"] ?? 0);
$offerorid = 0; $offerorid = 0;
if (isset($_GET["offerorid"]) && $_GET["offerorid"]){ if (isset($_GET["offerorid"]) && $_GET["offerorid"]){
$offerorid = htmlspecialchars($_GET["offerorid"] ?? 0); $offerorid = htmlspecialchars(intval($_GET["offerorid"] ?? 0));
if (preg_match("/^[0-9]+$/", !$offerorid)) if (preg_match("/^[0-9]+$/", !$offerorid))
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
} }

2
polloverview.php
View File

@@ -7,7 +7,7 @@ loggedinorreturn();
if (get_user_class() < $pollmanage_class) if (get_user_class() < $pollmanage_class)
permissiondenied(); permissiondenied();
$pollid = $_GET['id'] ?? 0; $pollid = intval($_GET['id'] ?? 0);
if ($pollid) if ($pollid)
{ {

7
recover.php
View File

@@ -2,9 +2,8 @@
require "include/bittorrent.php"; require "include/bittorrent.php";
dbconn(); dbconn();
failedloginscheck ("Recover",true); failedloginscheck ("Recover",true);
$take_recover = !isset($_GET['sitelanguage']); $take_recover = !isset($_GET['sitelanguage']);
$langid = $_GET['sitelanguage'] ?? 0; $langid = intval($_GET['sitelanguage'] ?? 0);
if ($langid) if ($langid)
{ {
$lang_folder = validlang($langid); $lang_folder = validlang($langid);
@@ -60,9 +59,8 @@ EOD;
} }
elseif($_SERVER["REQUEST_METHOD"] == "GET" && $take_recover && isset($_GET["id"]) && isset($_GET["secret"])) elseif($_SERVER["REQUEST_METHOD"] == "GET" && $take_recover && isset($_GET["id"]) && isset($_GET["secret"]))
{ {
$id = $_GET["id"] ?? 0; $id = intval($_GET["id"] ?? 0);
$md5 = $_GET["secret"]; $md5 = $_GET["secret"];
if (!$id) if (!$id)
httperr(); httperr();
@@ -70,7 +68,6 @@ elseif($_SERVER["REQUEST_METHOD"] == "GET" && $take_recover && isset($_GET["id"]
$arr = mysql_fetch_array($res) or httperr(); $arr = mysql_fetch_array($res) or httperr();
$email = $arr["email"]; $email = $arr["email"];
$sec = hash_pad($arr["editsecret"]); $sec = hash_pad($arr["editsecret"]);
if (preg_match('/^ *$/s', $sec)) if (preg_match('/^ *$/s', $sec))
httperr(); httperr();

2
signup.php
View File

@@ -2,7 +2,7 @@
require_once("include/bittorrent.php"); require_once("include/bittorrent.php");
dbconn(); dbconn();
$langid = $_GET['sitelanguage'] ?? 0; $langid = intval($_GET['sitelanguage'] ?? 0);
if ($langid) if ($langid)
{ {
$lang_folder = validlang($langid); $lang_folder = validlang($langid);

2
takeflush.php
View File

@@ -11,7 +11,7 @@ function bark($msg)
exit; exit;
} }
$id = $_GET['id'] ?? 0; $id = intval($_GET['id'] ?? 0);
int_check($id,true); int_check($id,true);
if (get_user_class() >= UC_MODERATOR || $CURUSER[id] == "$id") if (get_user_class() >= UC_MODERATOR || $CURUSER[id] == "$id")

4
takemessage.php
View File

@@ -8,7 +8,7 @@ loggedinorreturn();
if ($_SERVER["REQUEST_METHOD"] != "POST") if ($_SERVER["REQUEST_METHOD"] != "POST")
stderr($lang_takemessage['std_error'], $lang_takemessage['std_permission_denied']); stderr($lang_takemessage['std_error'], $lang_takemessage['std_permission_denied']);
$origmsg = $_POST["origmsg"] ?? 0; $origmsg = intval($_POST["origmsg"] ?? 0);
$msg = trim($_POST["body"]); $msg = trim($_POST["body"]);
if ($_POST['forward'] == 1) //this is forwarding if ($_POST['forward'] == 1) //this is forwarding
{ {
@@ -35,7 +35,7 @@ if ($_SERVER["REQUEST_METHOD"] != "POST")
} }
else else
{ {
$receiver = $_POST["receiver"] ?? 0; $receiver = intval($_POST["receiver"] ?? 0);
if (!is_valid_id($receiver) || ($origmsg && !is_valid_id($origmsg))) if (!is_valid_id($receiver) || ($origmsg && !is_valid_id($origmsg)))
stderr($lang_takemessage['std_error'],$lang_takemessage['std_invalid_id']); stderr($lang_takemessage['std_error'],$lang_takemessage['std_invalid_id']);
$bodyadd = ""; $bodyadd = "";

2
takereseed.php
View File

@@ -7,7 +7,7 @@ loggedinorreturn();
if (get_user_class() < $askreseed_class) if (get_user_class() < $askreseed_class)
permissiondenied(); permissiondenied();
$reseedid = $_GET["reseedid"] ?? 0; $reseedid = intval($_GET["reseedid"] ?? 0);
$res = sql_query("SELECT seeders, last_reseed FROM torrents WHERE id=".sqlesc($reseedid)." LIMIT 1") or sqlerr(__FILE__, __LINE__); $res = sql_query("SELECT seeders, last_reseed FROM torrents WHERE id=".sqlesc($reseedid)." LIMIT 1") or sqlerr(__FILE__, __LINE__);
$row = mysql_fetch_array($res); $row = mysql_fetch_array($res);
if ($row['seeders'] > 0) if ($row['seeders'] > 0)

8
torrentrss.php
View File

@@ -16,7 +16,7 @@ if ($passkey){
die("account disabed or parked"); die("account disabed or parked");
elseif ($_GET['linktype'] == 'dl') elseif ($_GET['linktype'] == 'dl')
$dllink = true; $dllink = true;
$inclbookmarked=$_GET['inclbookmarked'] ?? 0; $inclbookmarked=intval($_GET['inclbookmarked'] ?? 0);
if($inclbookmarked == 1) if($inclbookmarked == 1)
{ {
$bookmarkarray = return_torrent_bookmark_array($user['id']); $bookmarkarray = return_torrent_bookmark_array($user['id']);
@@ -30,7 +30,7 @@ $searchstr = mysql_real_escape_string(trim($_GET["search"] ?? ''));
if (empty($searchstr)) if (empty($searchstr))
unset($searchstr); unset($searchstr);
if (isset($searchstr)){ if (isset($searchstr)){
$search_mode = $_GET["search_mode"] ?? 0; $search_mode = intval($_GET["search_mode"] ?? 0);
if (!in_array($search_mode,array(0,1,2))) if (!in_array($search_mode,array(0,1,2)))
{ {
$search_mode = 0; $search_mode = 0;
@@ -66,10 +66,10 @@ if (isset($searchstr)){
} }
$limit = ""; $limit = "";
$startindex = $_GET['startindex'] ?? 0; $startindex = intval($_GET['startindex'] ?? 0);
if ($startindex) if ($startindex)
$limit .= $startindex.", "; $limit .= $startindex.", ";
$showrows = $_GET['rows'] ?? 0; $showrows = intval($_GET['rows'] ?? 0);
if($showrows < 1 || $showrows > 50) if($showrows < 1 || $showrows > 50)
$showrows = 10; $showrows = 10;
$limit .= $showrows; $limit .= $showrows;

14
usercp.php
View File

@@ -280,7 +280,7 @@ tr($lang_usercp['row_school'], "<select name=school>$schools</select>", 1);
$updateset[] = "lang = " . sqlesc($sitelanguage); $updateset[] = "lang = " . sqlesc($sitelanguage);
} }
$updateset[] = "torrentsperpage = " . min(100, $_POST["torrentsperpage"] ?? 0); $updateset[] = "torrentsperpage = " . min(100, intval($_POST["torrentsperpage"] ?? 0));
if ($showmovies['hot'] == "yes"){ if ($showmovies['hot'] == "yes"){
$showhot = $_POST["show_hot"]; $showhot = $_POST["show_hot"];
$updateset[] = "showhot = " . sqlesc($showhot); $updateset[] = "showhot = " . sqlesc($showhot);
@@ -323,9 +323,9 @@ tr($lang_usercp['row_school'], "<select name=school>$schools</select>", 1);
$updateset[] = "pmnum = " . $pmnum; $updateset[] = "pmnum = " . $pmnum;
if ($showfunbox_main == 'yes'){$showfb = ($_POST["showfb"] == 'yes' ? "yes" : "no"); if ($showfunbox_main == 'yes'){$showfb = ($_POST["showfb"] == 'yes' ? "yes" : "no");
$updateset[] = "showfb = " . sqlesc($showfb);} $updateset[] = "showfb = " . sqlesc($showfb);}
$sbnum = ($_POST["sbnum"] ? max(10, min(500, $_POST["sbnum"] ?? 0)) : 70); $sbnum = ($_POST["sbnum"] ? max(10, min(500, intval($_POST["sbnum"] ?? 0))) : 70);
$updateset[] = "sbnum = " . $sbnum; $updateset[] = "sbnum = " . $sbnum;
$sbrefresh = ($_POST["sbrefresh"] ? max(10, min(3600, $_POST["sbrefresh"] ?? 0)) : 120); $sbrefresh = ($_POST["sbrefresh"] ? max(10, min(3600, intval($_POST["sbrefresh"] ?? 0))) : 120);
$updateset[] = "sbrefresh = " . $sbrefresh; $updateset[] = "sbrefresh = " . $sbrefresh;
if ($_POST["hidehb"] == 'yes') if ($_POST["hidehb"] == 'yes')
@@ -616,8 +616,8 @@ tr_small($lang_usercp['row_funbox'],"<input type=checkbox name=showfb".($CURUSER
$signatures = ($_POST["signatures"] != "" ? "yes" : "no"); $signatures = ($_POST["signatures"] != "" ? "yes" : "no");
$signature = htmlspecialchars( trim($_POST["signature"]) ); $signature = htmlspecialchars( trim($_POST["signature"]) );
$updateset[] = "topicsperpage = " . min(100, $_POST["topicsperpage"] ?? 0); $updateset[] = "topicsperpage = " . min(100, intval($_POST["topicsperpage"] ?? 0));
$updateset[] = "postsperpage = " . min(100, $_POST["postsperpage"] ?? 0); $updateset[] = "postsperpage = " . min(100, intval($_POST["postsperpage"] ?? 0));
$updateset[] = "avatars = " . sqlesc($avatars); $updateset[] = "avatars = " . sqlesc($avatars);
if ($showtooltipsetting) if ($showtooltipsetting)
$updateset[] = "showlastpost = " . sqlesc($ttlastpost); $updateset[] = "showlastpost = " . sqlesc($ttlastpost);
@@ -916,8 +916,8 @@ while ($topicarr = mysql_fetch_assoc($res_topics))
/// GETTING USERID AND DATE OF LAST POST /// /// GETTING USERID AND DATE OF LAST POST ///
$arr = get_post_row($topicarr['lastpost']); $arr = get_post_row($topicarr['lastpost']);
$postid = $arr["id"] ?? 0; $postid = intval($arr["id"] ?? 0);
$userid = $arr["userid"] ?? 0; $userid = intval($arr["userid"] ?? 0);
$added = gettime($arr['added'],true,false); $added = gettime($arr['added'],true,false);
/// GET NAME OF LAST POSTER /// /// GET NAME OF LAST POSTER ///