Minor torrent editing bug fixes

classes/torrents.class.php

@@ -646,7 +646,7 @@ class Torrents
           g.`subject`,
           g.`object`,
           g.`tag_list`,
-          g.`published`,
+          g.`year`,
           g.`identifier`,
           g.`category_id`,
           UNIX_TIMESTAMP(t.`Time`),

sections/schedule/daily/top10_daily.php

@@ -17,7 +17,7 @@ if ($Top10 === false) {
       g.`picture`,
       g.`tag_list`,
       t.`Media`,
-      g.`published`,
+      g.`year`,
       t.`Snatched`,
       t.`Seeders`,
       t.`Leechers`,

sections/schedule/weekly/top10_weekly.php

@@ -17,7 +17,7 @@ if ($Top10 === false) {
       g.`picture`,
       g.`tag_list`,
       t.`Media`,
-      g.`published`,
+      g.`year`,
       t.`Snatched`,
       t.`Seeders`,
       t.`Leechers`,

sections/top10/torrents.php

@@ -175,7 +175,7 @@ SELECT
   g.`picture`,
   g.`tag_list`,
   t.`Media`,
-  g.`published`,
+  g.`year`,
   g.`workgroup`,
   t.`Snatched`,
   t.`Seeders`,

sections/torrents/edit.php

@@ -36,7 +36,7 @@ SELECT
   tg.`title` AS title,
   tg.`subject` AS subject,
   tg.`object` AS object,
-  tg.`published`,
+  tg.`year`,
   tg.`workgroup`,
   tg.`location`,
   tg.`identifier`,

sections/torrents/editgroup.php

@@ -8,8 +8,8 @@ declare(strict_types = 1);
  * and clears the cache for the torrent group page.
  */
 
-$GroupID = (int) $_GET['groupid'];
-Security::checkInt($GroupID);
+$group_id = (int) $_GET['groupid'];
+Security::checkInt($group_id);
 
 // Get the torrent group name and the body of the last revision
 $DB->prepare_query("
@@ -21,7 +21,7 @@ SELECT
   wt.`Body`,
   tg.`picture`,
   tg.`description`,
-  tg.`published`,
+  tg.`year`,
   tg.`workgroup`,
   tg.`location`,
   tg.`identifier`,
@@ -32,7 +32,7 @@ LEFT JOIN `wiki_torrents` AS wt
 ON
   wt.`RevisionID` = tg.`revision_id`
 WHERE
-  tg.`id` = '$GroupID'
+  tg.`id` = '$group_id'
 ");
 $DB->exec_prepared_query();
 
@@ -50,7 +50,7 @@ SELECT
 FROM
   `torrents_doi`
 WHERE
-  `TorrentID` = '$GroupID'
+  `TorrentID` = '$group_id'
 ");
 $DB->exec_prepared_query();
 
@@ -61,7 +61,7 @@ if ($DB->has_results()) {
     }
 }
 
-$Artists = Artists::get_artists(array($GroupID))[$GroupID];
+$Artists = Artists::get_artists(array($group_id))[$group_id];
 
 if (!$Body) {
     $Body = $description;
@@ -76,7 +76,7 @@ View::show_header(
 
 <h2 class="header">
   Edit
-  <a href="torrents.php?id=<?=$GroupID?>"><?=($title ? $title : ($subject ? $subject : $object))?></a>
+  <a href="torrents.php?id=<?=$group_id?>"><?=($title ? $title : ($subject ? $subject : $object))?></a>
 </h2>
 
 <div class="box pad">
@@ -86,7 +86,7 @@ View::show_header(
     <input type="hidden" name="auth"
       value="<?=$LoggedUser['AuthKey']?>" />
 
-    <input type="hidden" name="groupid" value="<?=$GroupID?>" />
+    <input type="hidden" name="groupid" value="<?=$group_id?>" />
 
     <h3>
       Picture
@@ -112,7 +112,7 @@ new TEXTAREA_PREVIEW(
   FROM
     `torrents`
   WHERE
-    `GroupID` = '$GroupID'
+    `GroupID` = '$group_id'
   ");
   $Contributed = in_array($LoggedUser['ID'], $DB->collect('UserID'));
 ?>
@@ -146,7 +146,7 @@ new TEXTAREA_PREVIEW(
     <input type="hidden" name="auth"
       value="<?=$LoggedUser['AuthKey']?>" />
 
-    <input type="hidden" name="groupid" value="<?=$GroupID?>" />
+    <input type="hidden" name="groupid" value="<?=$group_id?>" />
 
     <table cellpadding="3" cellspacing="1" border="0" class="layout" width="100%">
       <tr>
@@ -184,7 +184,7 @@ new TEXTAREA_PREVIEW(
     <input type="hidden" name="auth"
       value="<?=$LoggedUser['AuthKey']?>" />
 
-    <input type="hidden" name="groupid" value="<?=$GroupID?>" />
+    <input type="hidden" name="groupid" value="<?=$group_id?>" />
 
     <table cellpadding="3" cellspacing="1" border="0" class="layout" width="100%">
       <tr>
@@ -211,7 +211,7 @@ new TEXTAREA_PREVIEW(
 
         <td>
           <input type="text" id="studio" name="studio" size="60"
-            value="<?=$Studio?>" />
+            value="<?=$workgroup?>" />
         </td>
       </tr>
 
@@ -222,7 +222,7 @@ new TEXTAREA_PREVIEW(
 
         <td>
           <input type="text" id="series" name="series" size="60"
-            value="<?=$Series?>" />
+            value="<?=$location?>" />
         </td>
       </tr>
 
@@ -233,7 +233,7 @@ new TEXTAREA_PREVIEW(
 
         <td>
           <input type="text" name="year" size="10"
-            value="<?=$Year?>" />
+            value="<?=$year?>" />
         </td>
       </tr>
 
@@ -244,7 +244,7 @@ new TEXTAREA_PREVIEW(
 
         <td>
           <input type="text" name="catalogue" size="40"
-            value="<?=$CatalogueNumber?>" />
+            value="<?=$identifier?>" />
         </td>
       </tr>
 
@@ -299,7 +299,7 @@ new TEXTAREA_PREVIEW(
       <input type="hidden" name="auth"
         value="<?=$LoggedUser['AuthKey']?>" />
 
-      <input type="hidden" name="groupid" value="<?=$GroupID?>" />
+      <input type="hidden" name="groupid" value="<?=$group_id?>" />
 
       <tr>
         <td class="label">
@@ -355,7 +355,7 @@ new TEXTAREA_PREVIEW(
     <input type="hidden" name="auth"
       value="<?=$LoggedUser['AuthKey']?>" />
 
-    <input type="hidden" name="groupid" value="<?=$GroupID?>" />
+    <input type="hidden" name="groupid" value="<?=$group_id?>" />
 
     <h3>
       Target torrent group ID

sections/torrents/functions.php

@@ -27,7 +27,7 @@ function get_group_info($GroupID, $Return = true, $RevisionID = 0, $PersonalProp
           g.`title`,
           g.`subject`,
           g.`object`,
-          g.`published`,
+          g.`year`,
           g.`workgroup`,
           g.`location`,
           g.`identifier`,

sections/torrents/nonwikiedit.php

@@ -3,29 +3,31 @@ declare(strict_types=1);
 
 authorize();
 
-$GroupID = (int) $_GET['groupid'];
-Security::checkInt($GroupID);
+$group_id = (int) $_REQUEST['groupid'];
+Security::checkInt($group_id);
 
 // Usual perm checks
 if (!check_perms('torrents_edit')) {
-    $DB->query("
+    $DB->prepare_query("
     SELECT
       `UserID`
     FROM
       `torrents`
     WHERE
-      `GroupID` = '$group_id'
+      `GroupID` = '$GroupID'
     ");
+    $DB->exec_prepared_query();
 
     if (!in_array($LoggedUser['ID'], $DB->collect('UserID'))) {
         error(403);
     }
 }
 
+# ?
 if (check_perms('torrents_freeleech')
-  && (isset($_POST['freeleech'])
-  xor isset($_POST['neutralleech'])
-  xor isset($_POST['unfreeleech']))) {
+    && (isset($_POST['freeleech'])
+        xor isset($_POST['neutralleech'])
+        xor isset($_POST['unfreeleech']))) {
     if (isset($_POST['freeleech'])) {
         $Free = 1;
     } elseif (isset($_POST['neutralleech'])) {
@@ -48,36 +50,38 @@ $Artists = $_POST['idols'];
 // Escape fields
 $workgroup = db_string($_POST['studio']);
 $location = db_string($_POST['series']);
-$published = db_string((int)$_POST['year']);
+$year = db_string((int)$_POST['year']);
 $identifier = db_string($_POST['catalogue']);
 
 // Get some info for the group log
-$DB->query("
+$DB->prepare_query("
 SELECT
-  `published`
+  `year`
 FROM
   `torrents_group`
 WHERE
   `id` = '$group_id'
 ");
+$DB->exec_prepared_query();
 list($OldYear) = $DB->next_record();
 
-$DB->query("
+$DB->prepare_query("
 UPDATE
   `torrents_group`
 SET
-  `published` = '$published',
+  `year` = '$year',
   `identifier` = '$identifier',
   `workgroup` = '$workgroup',
   `location` = '$location'
 WHERE
   `id` = '$group_id'
 ");
+$DB->exec_prepared_query();
 
-if ($OldYear !== $published) {
-    $Message = db_string("Year changed from $OldYear to $published");
+if ($OldYear !== $year) {
+    $Message = db_string("Year changed from $OldYear to $year");
 
-    $DB->query("
+    $DB->prepare_query("
     INSERT INTO `group_log`(`GroupID`, `UserID`, `Time`, `Info`)
     VALUES(
       '$group_id',
@@ -85,9 +89,10 @@ if ($OldYear !== $published) {
       NOW(),
       '$Message')
     ");
+    $DB->exec_prepared_query();
 }
 
-$DB->query("
+$DB->prepare_query("
 SELECT
   ag.`Name`
 FROM
@@ -98,6 +103,7 @@ ON
 WHERE
   ta.`GroupID` = '$group_id'
 ");
+$DB->exec_prepared_query();
 
 while ($r = $DB->next_record(MYSQLI_ASSOC, true)) {
     $CurrArtists[] = $r['Name'];
@@ -106,7 +112,7 @@ while ($r = $DB->next_record(MYSQLI_ASSOC, true)) {
 foreach ($Artists as $Artist) {
     if (!in_array($Artist, $CurrArtists)) {
         $Artist = db_string($Artist);
-        $DB->query("
+        $DB->prepare_query("
         SELECT
           `ArtistID`
         FROM
@@ -114,18 +120,20 @@ foreach ($Artists as $Artist) {
         WHERE
           `Name` = '$Artist'
         ");
+        $DB->exec_prepared_query();
 
         if ($DB->has_results()) {
             list($ArtistID) = $DB->next_record();
         } else {
-            $DB->query("
+            $DB->prepare_query("
             INSERT INTO `artists_group`(`Name`)
             VALUES('$Artist')
             ");
+            $DB->exec_prepared_query();
             $ArtistID = $DB->inserted_id();
         }
 
-        $DB->query("
+        $DB->prepare_query("
         INSERT INTO `torrents_artists`(`GroupID`, `ArtistID`, `UserID`)
         VALUES(
           '$group_id',
@@ -136,6 +144,7 @@ foreach ($Artists as $Artist) {
         UPDATE
           `UserID` = '$LoggedUser[ID]'
         "); // Why does this even happen
+        $DB->exec_prepared_query();
         $Cache->delete_value('artist_groups_'.$ArtistID);
     }
 }
@@ -144,7 +153,7 @@ foreach ($CurrArtists as $CurrArtist) {
     if (!in_array($CurrArtist, $Artists)) {
         $CurrArtist = db_string($CurrArtist);
 
-        $DB->query("
+        $DB->prepare_query("
         SELECT
           `ArtistID`
         FROM
@@ -152,11 +161,12 @@ foreach ($CurrArtists as $CurrArtist) {
         WHERE
           `Name` = '$CurrArtist'
         ");
+        $DB->exec_prepared_query();
 
         if ($DB->has_results()) {
             list($ArtistID) = $DB->next_record();
 
-            $DB->query("
+            $DB->prepare_query("
             DELETE
             FROM
               `torrents_artists`
@@ -164,8 +174,9 @@ foreach ($CurrArtists as $CurrArtist) {
               `ArtistID` = '$ArtistID'
               AND `GroupID` = '$group_id'
             ");
+            $DB->exec_prepared_query();
 
-            $DB->query("
+            $DB->prepare_query("
             SELECT
               `GroupID`
             FROM
@@ -173,11 +184,12 @@ foreach ($CurrArtists as $CurrArtist) {
             WHERE
               `ArtistID` = '$ArtistID'
             ");
+            $DB->exec_prepared_query();
 
             $Cache->delete_value('artist_groups_'.$ArtistID);
 
             if (!$DB->has_results()) {
-                $DB->query("
+                $DB->prepare_query("
                 SELECT
                   `RequestID`
                 FROM
@@ -186,6 +198,7 @@ foreach ($CurrArtists as $CurrArtist) {
                   `ArtistID` = '$ArtistID'
                   AND `ArtistID` != 0
                 ");
+                $DB->exec_prepared_query();
 
                 if (!$DB->has_results()) {
                     Artists::delete_artist($ArtistID);
@@ -195,7 +208,7 @@ foreach ($CurrArtists as $CurrArtist) {
     }
 }
 
-$DB->query("
+$DB->prepare_query("
 SELECT
   `ID`
 FROM
@@ -203,6 +216,7 @@ FROM
 WHERE
   `GroupID` = '$group_id'
 ");
+$DB->exec_prepared_query();
 
 while (list($TorrentID) = $DB->next_record()) {
     $Cache->delete_value("torrent_download_$TorrentID");