Avatar

Move the first Posting to an answer (Bugs)

by Micha ⌂, Sunday, January 17, 2010, 18:24 (3531 days ago)
edited by Micha, Monday, January 18, 2010, 07:17

Hi Alex,

today, one of my mods moves the first posting to an answer of the same thread and produce an error. I could fix it in the database. Maybe, it is better to check the pid while moving the first posting.

Proposal for solution

posting.inc.php, between line 140/141 (original):

mysql_free_result($move_result);
      @mysql_query("UPDATE ".$db_settings['forum_table']." SET pid=".intval($_POST['move_to']).", tid=".intval($data['tid']).", time=time, last_reply=last_reply, edited=edited WHERE id=".intval($_POST['move_posting']), $connid);

change to

 
if ( intval($o_data['pid']) == 0 && intval($o_data['tid']) == intval($data['tid']) ) {
  $errors[] = 'invalid_posting_to_move';
}
else {
 ...
 

in line 136 the pid must be selected, too.

Regards Micha


full changes:

 
  if(isset($_POST['move_mode']) && $_POST['move_mode']==1 && isset($_POST['move_to']))
   {
    // move posting:
    list($count) = @mysql_fetch_row(mysql_query("SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE id=".intval($_POST['move_to']), $connid));
    if($count!=1 || intval($_POST['move_posting'])==intval($_POST['move_to'])) $errors[] = 'invalid_posting_to_move';
    if(empty($errors))
     {
//PID mit abfragen
      $child_ids = get_child_ids($_POST['move_posting']);
      $move_result = @mysql_query("SELECT tid, pid 
                                   FROM ".$db_settings['forum_table']." 
                                   WHERE id = ".intval($_POST['move_to'])." LIMIT 1", $connid);
      $data = mysql_fetch_array($move_result);
      mysql_free_result($move_result);
// Prüfe, ob 1. Eintrag an eine Antwort des selben Thread verschoben werden soll.   
   if ( intval($o_data['pid']) == 0 && intval($o_data['tid']) == intval($data['tid']) ) {
  $errors[] = 'invalid_posting_to_move';
   }
// Wenn nicht, schieben...
   else
   {
      @mysql_query("UPDATE ".$db_settings['forum_table']." SET pid=".intval($_POST['move_to']).", tid=".intval($data['tid']).", time=time, last_reply=last_reply, edited=edited WHERE id=".intval($_POST['move_posting']), $connid);
      if(is_array($child_ids))
       {
        foreach($child_ids as $id)
         {
          @mysql_query("UPDATE ".$db_settings['forum_table']." SET tid=".intval($data['tid']).", time=time, last_reply=last_reply, edited=edited WHERE id=".intval($id), $connid);
         }
       }
      // set last reply of original thread:
      $last_reply_result = @mysql_query("SELECT time FROM ".$db_settings['forum_table']." WHERE tid = ".intval($o_data['tid'])." ORDER BY time DESC LIMIT 1", $connid);
      $field = mysql_fetch_array($last_reply_result);
      mysql_free_result($last_reply_result);
      @mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, edited=edited, last_reply='".$field['time']."' WHERE tid=".intval($o_data['tid']), $connid);
      // set last reply of new thread:
      $last_reply_result = @mysql_query("SELECT time FROM ".$db_settings['forum_table']." WHERE tid = ".intval($data['tid'])." ORDER BY time DESC LIMIT 1", $connid);
      $field = mysql_fetch_array($last_reply_result);
      mysql_free_result($last_reply_result);
      @mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, edited=edited, last_reply='".$field['time']."' WHERE tid=".intval($data['tid']), $connid);
      // set category of new thread:
      $last_reply_result = @mysql_query("SELECT category FROM ".$db_settings['forum_table']." WHERE id = ".intval($data['tid']), $connid);
      $field = mysql_fetch_array($last_reply_result);
      mysql_free_result($last_reply_result);
      @mysql_query("UPDATE ".$db_settings['forum_table']." SET category=".$field['category'].", time=time, edited=edited, last_reply=last_reply WHERE tid=".intval($data['tid']), $connid);
      if(isset($back) && $back=='thread') header('Location: index.php?mode=thread&id='.intval($_POST['move_posting']));
      else header('Location: index.php?id='.intval($_POST['move_posting']));
      exit;
   }
     } // Neuer ELSE-Zweig
    // statt ELSE nun If, da Fehlermeldungen auch zwischendurch erzeugt werden (können)
    if(!empty($errors))
     {
      $smarty->assign('errors',$errors);
      $action = 'move_posting';
     } 

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

Avatar

Confirmed, thank you!

by Alex ⌂ @, Tuesday, January 19, 2010, 08:07 (3529 days ago) @ Micha

- No text -

Avatar

fixed in 2.1.3

by Alex ⌂ @, Tuesday, January 26, 2010, 21:16 (3521 days ago) @ Micha

Fixed in version 2.1.3.

Avatar

fixed in 2.1.3

by Micha ⌂, Tuesday, January 26, 2010, 21:37 (3521 days ago) @ Alex

Hi,

oh, thank you for this information!

Today, I found an another problem (at my local installation in a script outside the forum-software). The function:

 
function do_magic_quotes_gpc_if_not_enabled() 
 {
  if(!get_magic_quotes_gpc())
   {
    foreach (array('POST', 'GET', 'REQUEST', 'COOKIE') as $gpc)
    $GLOBALS["_$gpc"] = array_map('recursive_addslashes', $GLOBALS["_$gpc"]);
   }
 }

produced a notice called "Undefined index: _REQUEST" and a "Warning: array_map() [function.array-map]: Argument #2 should be an array"

Now, I am using:

 
function do_magic_quotes_gpc_if_not_enabled() 
 {
  if(!get_magic_quotes_gpc())
   {
    foreach (array('POST', 'GET', 'REQUEST', 'COOKIE') as $gpc)
       if (isset($GLOBALS["_$gpc"]))
         $GLOBALS["_$gpc"] = array_map('recursive_addslashes', $GLOBALS["_$gpc"]);
   }
 }

Is it possible, that "REQUEST" is not contained in the global array?

Best regards
Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

Avatar

magic_quotes_gpc

by Alex ⌂ @, Wednesday, January 27, 2010, 07:45 (3521 days ago) @ Micha

Is it possible, that "REQUEST" is not contained in the global array?

Hm... no idea! IMHO the better way is to do it the other way round: strip slashes if magic_quotes_gpc is enabled (which shouldn't be the case anymore).

// stripslashes on GPC if magic_quotes_gpc is enabled: 
if(get_magic_quotes_gpc()) 
 {
  function stripslashes_deep($value)
   {
    $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
    return $value;
   }
  $_POST = array_map('stripslashes_deep', $_POST);
  $_GET = array_map('stripslashes_deep', $_GET);
  $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
  $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
 }

Alex

Avatar

magic_quotes_gpc

by Auge ⌂ @, Wednesday, January 27, 2010, 10:24 (3521 days ago) @ Alex

Hello

Is it possible, that "REQUEST" is not contained in the global array?

In most cases the superglobal array REQUEST is present. Maybe your hoster disabled it, because it contains only the merged data of other superglobal arrays (GET, POST, COOKIE, SESSION, FILE ..., SERVER(?)).

Hm... no idea! IMHO the better way is to do it the other way round: strip slashes if magic_quotes_gpc is enabled (which shouldn't be the case anymore).

Additional information: with PHP 6 the magic quotes are not existent anymore.

// stripslashes on GPC if magic_quotes_gpc is enabled: 
if(get_magic_quotes_gpc()) 
{
function stripslashes_deep($value)
{
$value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
return $value;
}
$_POST = array_map('stripslashes_deep', $_POST);
$_GET = array_map('stripslashes_deep', $_GET);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}

Be aware that all (old) postings can contain added backslashes. New postings havent but wanted backslashes (i.e. in code examples) in new postings will be deleted (dynamically) when the posting is displayed. This is because the script handles the backslashes the old way (add and strip) but new postings have only wanted backslashes.

Old behaviour:
"\n"->request (input)->'"\\n" via magic_quotes [b]or[/b] addslashes()'->'"\\n" in DB'->request (output)->stripslashes()->"\n"
New behaviour:
"\n"->request (input)->'stripslashes() in case of magic_quotes'->'"\n" in DB'->request (output)->stripslashes()->"n"

Tschö, Auge

--
Trenne niemals Müll, denn er hat nur eine Silbe!

fixed in 2.1.3

by D-Grund Nyheder ⌂ @, Denmark, Tuesday, November 30, 2010, 17:26 (3214 days ago) @ Micha

why not only use $_request it contains ( $_get , $_post , $_cookies ) in one function?

RSS Feed of thread
powered by my little forum