diff --git a/classes/class_mysql.php b/classes/class_mysql.php index 43405628..e93457dc 100644 --- a/classes/class_mysql.php +++ b/classes/class_mysql.php @@ -115,12 +115,13 @@ //Handles escaping function db_string($String,$DisableWildcards=false) { global $DB; + //Escape + $String = $DB->escape_str($String); //Remove user input wildcards if ($DisableWildcards) { - $String = str_replace(array('%','_'), '', $String); + $String = str_replace(array('%','_'), array('\%','\_'), $String); } - //Escape and return - return $DB->escape_str($String); + return $String; } function db_array($Array, $DontEscape = array(), $Quote = false) { diff --git a/classes/script_start.php b/classes/script_start.php index 862ee44b..01702b4f 100644 --- a/classes/script_start.php +++ b/classes/script_start.php @@ -489,7 +489,13 @@ function get_cc($IP) { ++$ID; return 'Resolving CC...'; } - + +function display_ip($IP) { + $Line = display_str($IP).' ('.get_cc($IP).') '; + $Line .= '[S]'; + + return $Line; +} function logout() { global $SessionID, $LoggedUser, $DB, $Cache; @@ -783,6 +789,21 @@ function get_size($Size, $Levels = 2) { return number_format($Size,$Levels).$Units[$Steps]; } +function get_bytes($Size) { + list($Value,$Unit) = sscanf($Size, "%f%s"); + $Unit = ltrim($Unit); + if(empty($Unit)) { + return $Value ? round($Value) : 0; + } + switch(strtolower($Unit[0])) { + case 'k': return round($Value * 1024); + case 'm': return round($Value * 1048576); + case 'g': return round($Value * 1073741824); + case 't': return round($Value * 1099511627776); + default: return 0; + } +} + function human_format($Number) { $Steps = 0; while($Number>=1000) { diff --git a/sections/artist/rename.php b/sections/artist/rename.php index f74d775f..fc4668da 100644 --- a/sections/artist/rename.php +++ b/sections/artist/rename.php @@ -38,7 +38,7 @@ list($OldAliasID) = $DB->next_record(MYSQLI_NUM, false); if(!$OldAliasID) { error('Could not find old alias ID'); } -$DB->query("SELECT AliasID, ArtistID FROM artists_alias WHERE name LIKE '".db_string($NewName)."'"); +$DB->query("SELECT AliasID, ArtistID FROM artists_alias WHERE name LIKE '".db_string($NewName, true)."'"); list($TargetAliasID, $TargetArtistID) = $DB->next_record(MYSQLI_NUM, false); if(!$TargetAliasID || $TargetAliasID==$OldAliasID) { diff --git a/sections/better/better.php b/sections/better/better.php index 9bc106db..6cad4848 100644 --- a/sections/better/better.php +++ b/sections/better/better.php @@ -64,7 +64,7 @@ - Tags + Tags Torrents that have been marked as having 'Very bad tags' or 'No tags at all'. diff --git a/sections/collages/edit_handle.php b/sections/collages/edit_handle.php index 9e37cd36..78ebccbd 100644 --- a/sections/collages/edit_handle.php +++ b/sections/collages/edit_handle.php @@ -8,7 +8,15 @@ list($UserID, $CategoryID) = $DB->next_record(); if($CategoryID == 0 && $UserID!=$LoggedUser['ID'] && !check_perms('site_collages_delete')) { error(403); } - +$DB->query("SELECT ID,Deleted FROM collages WHERE Name='".db_string($_POST['name'])."' AND ID!='$CollageID' LIMIT 1"); +if($DB->record_count()) { + list($ID, $Deleted) = $DB->next_record(); + if($Deleted) { + $Err = 'A collage with that name already exists but needs to be recovered, please contact the staff team!'; + } else { + $Err = "A collage with that name already exists: $ID."; + } +} $TagList = explode(',',$_POST['tags']); foreach($TagList as $ID=>$Tag) { diff --git a/sections/requests/requests.php b/sections/requests/requests.php index dc85e0f5..7472410b 100644 --- a/sections/requests/requests.php +++ b/sections/requests/requests.php @@ -38,7 +38,7 @@ $Title = "Requests I've voted on"; $SS->set_filter('voter', array($LoggedUser['ID'])); } - if(empty($_GET['show_filled'])) { + if(empty($_GET['show_filled']) && $Submitted) { $SS->set_filter('torrentid', array(0)); } break; diff --git a/sections/requests/takeunfill.php b/sections/requests/takeunfill.php index 359fea96..a7461b53 100644 --- a/sections/requests/takeunfill.php +++ b/sections/requests/takeunfill.php @@ -77,6 +77,7 @@ write_log("Request $RequestID ($FullName), with a ".get_size($RequestVotes['TotalBounty'])." bounty, was un-filled by user ".$LoggedUser['ID']." (".$LoggedUser['Username'].") for the reason: ".$_POST['reason']); $Cache->delete_value('request_'.$RequestID); +$Cache->delete_value('request_artists_'.$RequestID); update_sphinx_requests($RequestID); diff --git a/sections/tools/tools.php b/sections/tools/tools.php index c47887b7..50640254 100644 --- a/sections/tools/tools.php +++ b/sections/tools/tools.php @@ -25,6 +25,7 @@ Vanity House additions Email Blacklist + diff --git a/sections/torrents/add_alias.php b/sections/torrents/add_alias.php index e8a00a6f..c8f54f27 100644 --- a/sections/torrents/add_alias.php +++ b/sections/torrents/add_alias.php @@ -16,7 +16,7 @@ $Changed = false; for($i = 0; $i < count($AliasNames); $i++) { - $AliasName = trim(db_string($AliasNames[$i])); + $AliasName = trim($AliasNames[$i]); $Importance = $Importances[$i]; if($Importance!='1' && $Importance!='2' && $Importance!='3') { @@ -24,8 +24,9 @@ } if(strlen($AliasName) > 0) { - $DB->query("SELECT AliasID, ArtistID, Redirect, Name FROM artists_alias WHERE Name LIKE '$AliasName'"); + $DB->query("SELECT AliasID, ArtistID, Redirect, Name FROM artists_alias WHERE Name LIKE '".db_string($AliasName,true)."'"); if($DB->record_count() == 0) { + $AliasName = db_string($AliasName); $DB->query("INSERT INTO artists_group (Name) VALUES ('$AliasName')"); $ArtistID = $DB->inserted_id(); $DB->query("INSERT INTO artists_alias (ArtistID, Name) VALUES ('$ArtistID', '$AliasName')"); @@ -79,6 +80,5 @@ update_hash($GroupID); } - header('Location: '.$_SERVER['HTTP_REFERER']); ?> diff --git a/sections/torrents/index.php b/sections/torrents/index.php index f5339fd2..b8c086ff 100644 --- a/sections/torrents/index.php +++ b/sections/torrents/index.php @@ -323,11 +323,11 @@ function js_pages($Action, $TorrentID, $NumResults, $CurrentPage) { $ThisCatalogue = floor((POSTS_PER_PAGE*$Page-POSTS_PER_PAGE)/THREAD_CATALOGUE); $LastCatalogue = floor((POSTS_PER_PAGE*$Pages-POSTS_PER_PAGE)/THREAD_CATALOGUE); for($i=$ThisCatalogue;$i<=$LastCatalogue;$i++) { - $Cache->delete('thread_'.$TopicID.'_catalogue_'.$i); + $Cache->delete('torrent_comments_'.$GroupID.'_catalogue_'.$i); } // Delete thread info cache (eg. number of pages) - $Cache->delete('torrentcomments_count_'.$GroupID); + $Cache->delete('torrent_comments_'.$GroupID); break; case 'regen_filelist' : if(check_perms('users_mod') && !empty($_GET['torrentid']) && is_number($_GET['torrentid'])) { diff --git a/sections/upload/upload.php b/sections/upload/upload.php index 0fd0d71e..2925e582 100644 --- a/sections/upload/upload.php +++ b/sections/upload/upload.php @@ -12,7 +12,7 @@ ini_set('max_file_uploads','100'); show_header('Upload','upload'); -if(!empty($_GET['groupid']) && is_number($_GET['groupid'])) { +if(empty($Properties) && !empty($_GET['groupid']) && is_number($_GET['groupid'])) { $DB->query("SELECT tg.ID as GroupID, tg.CategoryID, @@ -41,7 +41,7 @@ list($Properties['TagList']) = $DB->next_record(); } -if(!empty($_GET['requestid']) && is_number($_GET['requestid'])) { +if(empty($Properties) && !empty($_GET['requestid']) && is_number($_GET['requestid'])) { include(SERVER_ROOT.'/sections/requests/functions.php'); $DB->query("SELECT r.ID AS RequestID, diff --git a/sections/user/edit.php b/sections/user/edit.php index a8f8cf39..2b97e13f 100644 --- a/sections/user/edit.php +++ b/sections/user/edit.php @@ -138,16 +138,42 @@ function checked($Checked) { Hide release types - $Val) { - if(!empty($SiteOptions['HideTypes']) && in_array($Key, $SiteOptions['HideTypes'])) { - $Checked = 'checked="checked"'; - } else { - $Checked=''; + + + + + + - /> - - + + + + + +
+ +
diff --git a/sections/user/takemoderate.php b/sections/user/takemoderate.php index 8dd0cc3f..93323fa6 100644 --- a/sections/user/takemoderate.php +++ b/sections/user/takemoderate.php @@ -31,14 +31,16 @@ $Warned = (isset($_POST['Warned']))? 1 : 0; $Logs095 = (int)$_POST['095logs']; if(isset($_POST['Uploaded']) && isset($_POST['Downloaded'])) { - $Uploaded = ($_POST['Uploaded'] == "" ? 0 : $_POST['Uploaded']); - if(!is_number($Uploaded)) { - error(0); + $Uploaded = ($_POST['Uploaded'] == "" ? 0 : $_POST['Uploaded']); + if($Arithmetic = strpbrk($Uploaded, '+-')) { + $Uploaded += max(-$Uploaded, get_bytes($Arithmetic)); } - $Downloaded = ($_POST['Downloaded'] == "" ? 0 : $_POST['Downloaded']); - if(!is_number($Downloaded)) { - error(0); + if($Arithmetic = strpbrk($Downloaded, '+-')) { + $Downloaded += max(-$Downloaded, get_bytes($Arithmetic)); + } + if(!is_number($Uploaded) || !is_number($Downloaded)) { + error(0); } } diff --git a/sections/user/user.php b/sections/user/user.php index 4f9a1b5b..8d03bac5 100644 --- a/sections/user/user.php +++ b/sections/user/user.php @@ -315,7 +315,9 @@ function check_paranoia_here($Setting) { if (check_perms('users_view_ips',$Class)) { ?>
  • IPs: [View] [View Users]
    • +
  • Tracker IPs: [View]
    • + -
  • IP: () [S]
    • +
  • IP:
  • Host: