Home Explore Help
Register Sign In
NSHkD
/
Gazelle
forked from Oppaitime/Gazelle
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Clean up code for modifying screenshots

spaghetti 7 years ago
parent
c9b6bcf0be
commit
a00164cb21
1 changed files with 25 additions and 26 deletions
Split View Show Diff Stats
  1. 25
    26
      sections/torrents/screenshotedit.php

+ 25
- 26
sections/torrents/screenshotedit.php View File 

@@ -11,30 +11,27 @@ if (!check_perms('torrents_edit') && !check_perms('screenshots_add') && !check_p
11 11 
   $DB->query("
12 12 
     SELECT UserID
13 13 
     FROM torrents
14 
-    WHERE GroupID = $GroupID");
14 
+    WHERE GroupID = ?", $GroupID);
15 15 
   if (!in_array($LoggedUser['ID'], $DB->collect('UserID'))) {
16 16 
     error(403);
17 17 
   }
18 18 
 }
19 19
20 
-$Screenshots = isset($_POST['screenshots']) ? $_POST['screenshots'] : [];
20 
+$Screenshots = $_POST['screenshots'] ?? [];
21 
+$Screenshots = array_map("trim", $Screenshots);
22 
+$Screenshots = array_filter($Screenshots, function($s) {
23 
+  return preg_match('/^'.IMAGE_REGEX.'$/i', $s);
24 
+});
25 
+$Screenshots = array_unique($Screenshots);
21 26
22 27 
 if (count($Screenshots) > 10) {
23 
-  error(0);
24 
-}
25 
-
26 
-$ScreenshotsEscaped = [];
27 
-
28 
-foreach ($Screenshots as $i => $Screenshot) {
29 
-  if (!preg_match('/^'.IMAGE_REGEX.'$/i', trim($Screenshot)))
30 
-    error(0);
31 
-  $Screenshots[$i] = db_string(trim($Screenshot));
28 
+  error("You cannot add more than 10 screenshots to a group");
32 29 
 }
33 30
34 31 
 $DB->query("
35 32 
   SELECT UserID, Image
36 33 
   FROM torrents_screenshots
37 
-  WHERE GroupID = $GroupID");
34 
+  WHERE GroupID = ?", $GroupID);
38 35
39 36 
 // $Old is an array of the form URL => UserID where UserID is the ID of the User who originally uploaded that image.
40 37 
 $Old = [];
 
@@ -53,8 +50,6 @@ if (!empty($Old)) {
53 50
54 51 
 // Deletion
55 52 
 if (!empty($Deleted)) {
56 
-  $sql = "DELETE FROM torrents_screenshots WHERE Image IN ('";
57 
-
58 53 
   if (check_perms('screenshots_delete') || check_perms('torrents_edit')) {
59 54 
     $DeleteList = $Deleted;
60 55 
   } else {
 
@@ -70,29 +65,33 @@ if (!empty($Deleted)) {
70 65 
   }
71 66
72 67 
   if (!empty($DeleteList)) {
73 
-    $sql .= implode("', '", $DeleteList) . "')";
74 
-    $DB->query($sql);
75 
-  }
68 
+    $ScreenDel = '';
69 
+    $DB->prepare_query("DELETE FROM torrents_screenshots WHERE Image = ?", $ScreenDel);
70 
+    foreach ($DeleteList as $ScreenDel) {
71 
+      $DB->exec_prepared_query();
72 
+    }
76 73
74 
+    Torrents::write_group_log($GroupID, 0, $LoggedUser['ID'], "Deleted screenshot(s) ".implode(' , ', $DeleteList), 0);
75 
+    Misc::write_log("Screenshots ( ".implode(' , ', $DeleteList)." ) deleted from Torrent Group ".$GroupID." by ".$LoggedUser['Username']);
76 
+  }
77 77 
 }
78 78
79 79 
 // New screenshots
80 
-foreach ($New as $Screenshot) {
81 
-  $DB->query("
80 
+if (!empty($New)) {
81 
+  $Screenshot = '';
82 
+  $DB->prepare_query("
82 83 
     INSERT INTO torrents_screenshots
83 84 
       (GroupID, UserID, Time, Image)
84 85 
     VALUES
85 
-      ($GroupID, $LoggedUser[ID], NOW(), '$Screenshot')");
86 
-}
86 
+      (?, ?, NOW(), ?)",
87 
+    $GroupID, $LoggedUser['ID'], $Screenshot);
88 
+  foreach ($New as $Screenshot) {
89 
+    $DB->exec_prepared_query();
90 
+  }
87 91
88 
-if (!empty($New)) {
89 92 
   Torrents::write_group_log($GroupID, 0, $LoggedUser['ID'], "Added screenshot(s) ".implode(' , ', $New), 0);
90 93 
   Misc::write_log("Screenshots ( ".implode(' , ', $New)." ) added to Torrent Group ".$GroupID." by ".$LoggedUser['Username']);
91 94 
 }
92 
-if (!empty($DeleteList)) {
93 
-  Torrents::write_group_log($GroupID, 0, $LoggedUser['ID'], "Deleted screenshot(s) ".implode(' , ', $DeleteList), 0);
94 
-  Misc::write_log("Screenshots ( ".implode(' , ', $DeleteList)." ) deleted from Torrent Group ".$GroupID." by ".$LoggedUser['Username']);
95 
-}
96 95
97 96 
 $Cache->delete_value("torrents_details_".$GroupID);
98 97 
 header("Location: torrents.php?id=$GroupID");

Write Preview
Loading…
Cancel
Save