<No commit messages entered>

This commit is contained in:
What.CD 2011-04-29 13:49:03 +00:00
parent dcbc1b1af7
commit dedc15976d
15 changed files with 93 additions and 31 deletions

View File

@ -115,12 +115,13 @@
//Handles escaping //Handles escaping
function db_string($String,$DisableWildcards=false) { function db_string($String,$DisableWildcards=false) {
global $DB; global $DB;
//Escape
$String = $DB->escape_str($String);
//Remove user input wildcards //Remove user input wildcards
if ($DisableWildcards) { if ($DisableWildcards) {
$String = str_replace(array('%','_'), '', $String); $String = str_replace(array('%','_'), array('\%','\_'), $String);
} }
//Escape and return return $String;
return $DB->escape_str($String);
} }
function db_array($Array, $DontEscape = array(), $Quote = false) { function db_array($Array, $DontEscape = array(), $Quote = false) {

View File

@ -489,7 +489,13 @@ function get_cc($IP) {
++$ID; ++$ID;
return '<span id="cc_'.$ID.'">Resolving CC...<script type="text/javascript">ajax.get(\'tools.php?action=get_cc&ip='.$IP.'\',function(cc){$(\'#cc_'.$ID.'\').raw().innerHTML=cc;});</script></span>'; return '<span id="cc_'.$ID.'">Resolving CC...<script type="text/javascript">ajax.get(\'tools.php?action=get_cc&ip='.$IP.'\',function(cc){$(\'#cc_'.$ID.'\').raw().innerHTML=cc;});</script></span>';
} }
function display_ip($IP) {
$Line = display_str($IP).' ('.get_cc($IP).') ';
$Line .= '[<a href="user.php?action=search&amp;ip_history=on&amp;ip='.display_str($IP).'&matchtype=strict" title="Search">S</a>]';
return $Line;
}
function logout() { function logout() {
global $SessionID, $LoggedUser, $DB, $Cache; global $SessionID, $LoggedUser, $DB, $Cache;
@ -783,6 +789,21 @@ function get_size($Size, $Levels = 2) {
return number_format($Size,$Levels).$Units[$Steps]; return number_format($Size,$Levels).$Units[$Steps];
} }
function get_bytes($Size) {
list($Value,$Unit) = sscanf($Size, "%f%s");
$Unit = ltrim($Unit);
if(empty($Unit)) {
return $Value ? round($Value) : 0;
}
switch(strtolower($Unit[0])) {
case 'k': return round($Value * 1024);
case 'm': return round($Value * 1048576);
case 'g': return round($Value * 1073741824);
case 't': return round($Value * 1099511627776);
default: return 0;
}
}
function human_format($Number) { function human_format($Number) {
$Steps = 0; $Steps = 0;
while($Number>=1000) { while($Number>=1000) {

View File

@ -38,7 +38,7 @@
list($OldAliasID) = $DB->next_record(MYSQLI_NUM, false); list($OldAliasID) = $DB->next_record(MYSQLI_NUM, false);
if(!$OldAliasID) { error('Could not find old alias ID'); } if(!$OldAliasID) { error('Could not find old alias ID'); }
$DB->query("SELECT AliasID, ArtistID FROM artists_alias WHERE name LIKE '".db_string($NewName)."'"); $DB->query("SELECT AliasID, ArtistID FROM artists_alias WHERE name LIKE '".db_string($NewName, true)."'");
list($TargetAliasID, $TargetArtistID) = $DB->next_record(MYSQLI_NUM, false); list($TargetAliasID, $TargetArtistID) = $DB->next_record(MYSQLI_NUM, false);
if(!$TargetAliasID || $TargetAliasID==$OldAliasID) { if(!$TargetAliasID || $TargetAliasID==$OldAliasID) {

View File

@ -64,7 +64,7 @@
</tr> </tr>
<tr class="rowb"> <tr class="rowb">
<td class="nobr"> <td class="nobr">
<a href="better.php?method=tags">Tags</a> <a href="better.php?method=tags&amp;filter=all">Tags</a>
</td> </td>
<td class="nobr"> <td class="nobr">
Torrents that have been marked as having 'Very bad tags' or 'No tags at all'. Torrents that have been marked as having 'Very bad tags' or 'No tags at all'.

View File

@ -8,7 +8,15 @@
list($UserID, $CategoryID) = $DB->next_record(); list($UserID, $CategoryID) = $DB->next_record();
if($CategoryID == 0 && $UserID!=$LoggedUser['ID'] && !check_perms('site_collages_delete')) { error(403); } if($CategoryID == 0 && $UserID!=$LoggedUser['ID'] && !check_perms('site_collages_delete')) { error(403); }
$DB->query("SELECT ID,Deleted FROM collages WHERE Name='".db_string($_POST['name'])."' AND ID!='$CollageID' LIMIT 1");
if($DB->record_count()) {
list($ID, $Deleted) = $DB->next_record();
if($Deleted) {
$Err = 'A collage with that name already exists but needs to be recovered, please <a href="staffpm.php">contact</a> the staff team!';
} else {
$Err = "A collage with that name already exists: <a href=\"/collages.php?id=$ID\">$ID</a>.";
}
}
$TagList = explode(',',$_POST['tags']); $TagList = explode(',',$_POST['tags']);
foreach($TagList as $ID=>$Tag) { foreach($TagList as $ID=>$Tag) {

View File

@ -38,7 +38,7 @@
$Title = "Requests I've voted on"; $Title = "Requests I've voted on";
$SS->set_filter('voter', array($LoggedUser['ID'])); $SS->set_filter('voter', array($LoggedUser['ID']));
} }
if(empty($_GET['show_filled'])) { if(empty($_GET['show_filled']) && $Submitted) {
$SS->set_filter('torrentid', array(0)); $SS->set_filter('torrentid', array(0));
} }
break; break;

View File

@ -77,6 +77,7 @@
write_log("Request $RequestID ($FullName), with a ".get_size($RequestVotes['TotalBounty'])." bounty, was un-filled by user ".$LoggedUser['ID']." (".$LoggedUser['Username'].") for the reason: ".$_POST['reason']); write_log("Request $RequestID ($FullName), with a ".get_size($RequestVotes['TotalBounty'])." bounty, was un-filled by user ".$LoggedUser['ID']." (".$LoggedUser['Username'].") for the reason: ".$_POST['reason']);
$Cache->delete_value('request_'.$RequestID); $Cache->delete_value('request_'.$RequestID);
$Cache->delete_value('request_artists_'.$RequestID);
update_sphinx_requests($RequestID); update_sphinx_requests($RequestID);

View File

@ -25,6 +25,7 @@
<tr><td><a href="tools.php?action=recommend">Vanity House additions</a></td></tr> <tr><td><a href="tools.php?action=recommend">Vanity House additions</a></td></tr>
<? } if (check_perms('users_mod')) { ?> <? } if (check_perms('users_mod')) { ?>
<tr><td><a href="tools.php?action=email_blacklist">Email Blacklist</a></td></tr> <tr><td><a href="tools.php?action=email_blacklist">Email Blacklist</a></td></tr>
<? } ?> <? } ?>
</table> </table>
</div> </div>

View File

@ -16,7 +16,7 @@
$Changed = false; $Changed = false;
for($i = 0; $i < count($AliasNames); $i++) { for($i = 0; $i < count($AliasNames); $i++) {
$AliasName = trim(db_string($AliasNames[$i])); $AliasName = trim($AliasNames[$i]);
$Importance = $Importances[$i]; $Importance = $Importances[$i];
if($Importance!='1' && $Importance!='2' && $Importance!='3') { if($Importance!='1' && $Importance!='2' && $Importance!='3') {
@ -24,8 +24,9 @@
} }
if(strlen($AliasName) > 0) { if(strlen($AliasName) > 0) {
$DB->query("SELECT AliasID, ArtistID, Redirect, Name FROM artists_alias WHERE Name LIKE '$AliasName'"); $DB->query("SELECT AliasID, ArtistID, Redirect, Name FROM artists_alias WHERE Name LIKE '".db_string($AliasName,true)."'");
if($DB->record_count() == 0) { if($DB->record_count() == 0) {
$AliasName = db_string($AliasName);
$DB->query("INSERT INTO artists_group (Name) VALUES ('$AliasName')"); $DB->query("INSERT INTO artists_group (Name) VALUES ('$AliasName')");
$ArtistID = $DB->inserted_id(); $ArtistID = $DB->inserted_id();
$DB->query("INSERT INTO artists_alias (ArtistID, Name) VALUES ('$ArtistID', '$AliasName')"); $DB->query("INSERT INTO artists_alias (ArtistID, Name) VALUES ('$ArtistID', '$AliasName')");
@ -79,6 +80,5 @@
update_hash($GroupID); update_hash($GroupID);
} }
header('Location: '.$_SERVER['HTTP_REFERER']); header('Location: '.$_SERVER['HTTP_REFERER']);
?> ?>

View File

@ -323,11 +323,11 @@ function js_pages($Action, $TorrentID, $NumResults, $CurrentPage) {
$ThisCatalogue = floor((POSTS_PER_PAGE*$Page-POSTS_PER_PAGE)/THREAD_CATALOGUE); $ThisCatalogue = floor((POSTS_PER_PAGE*$Page-POSTS_PER_PAGE)/THREAD_CATALOGUE);
$LastCatalogue = floor((POSTS_PER_PAGE*$Pages-POSTS_PER_PAGE)/THREAD_CATALOGUE); $LastCatalogue = floor((POSTS_PER_PAGE*$Pages-POSTS_PER_PAGE)/THREAD_CATALOGUE);
for($i=$ThisCatalogue;$i<=$LastCatalogue;$i++) { for($i=$ThisCatalogue;$i<=$LastCatalogue;$i++) {
$Cache->delete('thread_'.$TopicID.'_catalogue_'.$i); $Cache->delete('torrent_comments_'.$GroupID.'_catalogue_'.$i);
} }
// Delete thread info cache (eg. number of pages) // Delete thread info cache (eg. number of pages)
$Cache->delete('torrentcomments_count_'.$GroupID); $Cache->delete('torrent_comments_'.$GroupID);
break; break;
case 'regen_filelist' : case 'regen_filelist' :
if(check_perms('users_mod') && !empty($_GET['torrentid']) && is_number($_GET['torrentid'])) { if(check_perms('users_mod') && !empty($_GET['torrentid']) && is_number($_GET['torrentid'])) {

View File

@ -12,7 +12,7 @@
ini_set('max_file_uploads','100'); ini_set('max_file_uploads','100');
show_header('Upload','upload'); show_header('Upload','upload');
if(!empty($_GET['groupid']) && is_number($_GET['groupid'])) { if(empty($Properties) && !empty($_GET['groupid']) && is_number($_GET['groupid'])) {
$DB->query("SELECT $DB->query("SELECT
tg.ID as GroupID, tg.ID as GroupID,
tg.CategoryID, tg.CategoryID,
@ -41,7 +41,7 @@
list($Properties['TagList']) = $DB->next_record(); list($Properties['TagList']) = $DB->next_record();
} }
if(!empty($_GET['requestid']) && is_number($_GET['requestid'])) { if(empty($Properties) && !empty($_GET['requestid']) && is_number($_GET['requestid'])) {
include(SERVER_ROOT.'/sections/requests/functions.php'); include(SERVER_ROOT.'/sections/requests/functions.php');
$DB->query("SELECT $DB->query("SELECT
r.ID AS RequestID, r.ID AS RequestID,

View File

@ -138,16 +138,42 @@ function checked($Checked) {
<tr> <tr>
<td class="label"><strong>Hide release types</strong></td> <td class="label"><strong>Hide release types</strong></td>
<td> <td>
<? foreach ($ReleaseTypes as $Key => $Val) { <table style="border:none;">
if(!empty($SiteOptions['HideTypes']) && in_array($Key, $SiteOptions['HideTypes'])) { <?
$Checked = 'checked="checked"'; $ReleaseTypes[1024] = "Guest Appearance";
} else { $ReleaseTypes[1023] = "Remixed By";
$Checked=''; for($i = 0; list($Key,$Val) = each($ReleaseTypes); $i++) {
if(!($i % 7)) {
if($i) {
?>
</tr>
<?
}
?>
<tr style="border:none;">
<?
}
if(!empty($SiteOptions['HideTypes']) && in_array($Key, $SiteOptions['HideTypes'])) {
$Checked = 'checked="checked" ';
} else {
$Checked='';
} }
?> ?>
<input type="checkbox" id="hide_type_<?=$Key?>" name="hidetypes[]=" value="<?=$Key?>" <?=$Checked?> /> <td style="border:none;">
<label for="hide_type_<?=$Key?>"><?=$Val?></label> <label><input type="checkbox" id="hide_type_<?=$Key?>" name="hidetypes[]=" value="<?=$Key?>" <?=$Checked?>/>
<? }?> <?=$Val?></label>
</td>
<?
}
if($i % 7) {
?>
<td style="border:none;" colspan="<?=7 - ($i % 7)?>"></td>
<?
}
unset($ReleaseTypes[1023], $ReleaseTypes[1024]);
?>
</tr>
</table>
</td> </td>
</tr> </tr>
<tr> <tr>

View File

@ -31,14 +31,16 @@
$Warned = (isset($_POST['Warned']))? 1 : 0; $Warned = (isset($_POST['Warned']))? 1 : 0;
$Logs095 = (int)$_POST['095logs']; $Logs095 = (int)$_POST['095logs'];
if(isset($_POST['Uploaded']) && isset($_POST['Downloaded'])) { if(isset($_POST['Uploaded']) && isset($_POST['Downloaded'])) {
$Uploaded = ($_POST['Uploaded'] == "" ? 0 : $_POST['Uploaded']); $Uploaded = ($_POST['Uploaded'] == "" ? 0 : $_POST['Uploaded']);
if(!is_number($Uploaded)) { if($Arithmetic = strpbrk($Uploaded, '+-')) {
error(0); $Uploaded += max(-$Uploaded, get_bytes($Arithmetic));
} }
$Downloaded = ($_POST['Downloaded'] == "" ? 0 : $_POST['Downloaded']); $Downloaded = ($_POST['Downloaded'] == "" ? 0 : $_POST['Downloaded']);
if(!is_number($Downloaded)) { if($Arithmetic = strpbrk($Downloaded, '+-')) {
error(0); $Downloaded += max(-$Downloaded, get_bytes($Arithmetic));
}
if(!is_number($Uploaded) || !is_number($Downloaded)) {
error(0);
} }
} }

View File

@ -315,7 +315,9 @@ function check_paranoia_here($Setting) {
if (check_perms('users_view_ips',$Class)) { if (check_perms('users_view_ips',$Class)) {
?> ?>
<li>IPs: <?=number_format($IPChanges)?> [<a href="userhistory.php?action=ips&amp;userid=<?=$UserID?>">View</a>]&nbsp;[<a href="userhistory.php?action=ips&amp;userid=<?=$UserID?>&amp;usersonly=1">View Users</a>]</li> <li>IPs: <?=number_format($IPChanges)?> [<a href="userhistory.php?action=ips&amp;userid=<?=$UserID?>">View</a>]&nbsp;[<a href="userhistory.php?action=ips&amp;userid=<?=$UserID?>&amp;usersonly=1">View Users</a>]</li>
<? if (check_perms('users_view_ips',$Class) && check_perms('users_mod',$Class)) { ?>
<li>Tracker IPs: <?=number_format($TrackerIPs)?> [<a href="userhistory.php?action=tracker_ips&amp;userid=<?=$UserID?>">View</a>]</li> <li>Tracker IPs: <?=number_format($TrackerIPs)?> [<a href="userhistory.php?action=tracker_ips&amp;userid=<?=$UserID?>">View</a>]</li>
<? } ?>
<? <?
} }
if (check_perms('users_view_keys',$Class)) { if (check_perms('users_view_keys',$Class)) {
@ -363,7 +365,7 @@ function check_paranoia_here($Setting) {
if (check_perms('users_view_ips',$Class)) { if (check_perms('users_view_ips',$Class)) {
?> ?>
<li>IP: <?=display_str($IP)?> (<?=get_cc($IP)?>) [<a href="user.php?action=search&amp;ip_history=on&amp;ip=<?=display_str($IP)?>&matchtype=strict" title="Search">S</a>]</li> <li>IP: <?=display_ip($IP)?></li>
<li>Host: <?=get_host($IP)?></li> <li>Host: <?=get_host($IP)?></li>
<? <?
} }

View File

@ -12,7 +12,7 @@
define('IPS_PER_PAGE', 25); define('IPS_PER_PAGE', 25);
if(!check_perms('users_view_ips')) { error(403); } if(!check_perms('users_view_ips') || !check_perms('users_mod')) { error(403); }
$UserID = $_GET['userid']; $UserID = $_GET['userid'];
if (!is_number($UserID)) { error(404); } if (!is_number($UserID)) { error(404); }