Home Explore Help
Register Sign In
biotorrents
/
Gazelle
forked from Oppaitime/Gazelle
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
Browse Source

You need the exact DOI or it fails

pjc 5 years ago
parent
f102122729
commit
1e4f6ff49a
2 changed files with 16 additions and 16 deletions
Unified View Show Diff Stats
  1. 14
    15
      classes/mysql.class.php
  2. 2
    1
      sections/upload/upload_handle.php

+ 14
- 15
classes/mysql.class.php View File

1 
 <?
 1 
 <?
2 
+
2 
 //-----------------------------------------------------------------------------------
 3 
 //-----------------------------------------------------------------------------------
3 
 /////////////////////////////////////////////////////////////////////////////////////
 4 
 /////////////////////////////////////////////////////////////////////////////////////
4 
 /*//-- MySQL wrapper class ----------------------------------------------------------
 5 
 /*//-- MySQL wrapper class ----------------------------------------------------------
46 
   USE THIS FUNCTION EVERY TIME YOU USE AN UNVALIDATED USER-SUPPLIED VALUE IN
 47 
   USE THIS FUNCTION EVERY TIME YOU USE AN UNVALIDATED USER-SUPPLIED VALUE IN
47 
   A DATABASE QUERY!
 48 
   A DATABASE QUERY!
48
49
49 
-
50 
 //--------- Advanced usage ---------------------------------------------------------
 50 
 //--------- Advanced usage ---------------------------------------------------------
51
51
52 
 * The conventional way of retrieving a row from a result set is as follows:
 52 
 * The conventional way of retrieving a row from a result set is as follows:
111
111
112 
   Of course, this example is contrived, but you get the point.
 112 
   Of course, this example is contrived, but you get the point.
113
113
114 
-
115 
 -------------------------------------------------------------------------------------
 114 
 -------------------------------------------------------------------------------------
116 
 *///---------------------------------------------------------------------------------
 115 
 *///---------------------------------------------------------------------------------
117
116
119 
   die('Mysqli Extension not loaded.');
 118 
   die('Mysqli Extension not loaded.');
120 
 }
 119 
 }
121
120
122 
-//Handles escaping
121 
+// Handles escaping
123 
 function db_string($String, $DisableWildcards = false) {
 122 
 function db_string($String, $DisableWildcards = false) {
124 
   global $DB;
 123 
   global $DB;
125 
-  //Escape
124 
+  // Escape
126 
   $String = $DB->escape_str($String);
 125 
   $String = $DB->escape_str($String);
127 
-  //Remove user input wildcards
126 
+  // Remove user input wildcards
128 
   if ($DisableWildcards) {
 127 
   if ($DisableWildcards) {
129 
     $String = str_replace(array('%','_'), array('\%','\_'), $String);
 128 
     $String = str_replace(array('%','_'), array('\%','\_'), $String);
130 
   }
 129 
   }
144 
   return $Array;
 143 
   return $Array;
145 
 }
 144 
 }
146
145
147 
-//TODO: revisit access levels once Drone is replaced by ZeRobot
146 
+// @todo Revisit access levels once Drone is replaced by ZeRobot
148 
 class DB_MYSQL {
 147 
 class DB_MYSQL {
149 
   public $LinkID = false;
 148 
   public $LinkID = false;
150 
   protected $QueryID = false;
 149 
   protected $QueryID = false;
262 
       $this->QueryID = mysqli_stmt_get_result($this->StatementID);
 261 
       $this->QueryID = mysqli_stmt_get_result($this->StatementID);
263
262
264 
       if (DEBUG_MODE) {
 263 
       if (DEBUG_MODE) {
265 
-        // in DEBUG_MODE, return the full trace on a SQL error (super useful
266 
-        // for debugging). do not attempt to retry to query
264 
+        // In DEBUG_MODE, return the full trace on a SQL error (super useful
265 
+        // For debugging). do not attempt to retry to query
267 
         if (!$this->QueryID) {
 266 
         if (!$this->QueryID) {
268 
           echo '<pre>' . mysqli_error($this->LinkID) . '<br><br>';
 267 
           echo '<pre>' . mysqli_error($this->LinkID) . '<br><br>';
269 
           debug_print_backtrace();
 268 
           debug_print_backtrace();
329 
   }
 328 
   }
330
329
331 
   /*
 330 
   /*
332 
-   * returns an integer with the number of rows found
333 
-   * returns a string if the number of rows found exceeds MAXINT
331 
+   * Returns an integer with the number of rows found
332 
+   * Returns a string if the number of rows found exceeds MAXINT
334 
    */
 333 
    */
335 
   function record_count() {
 334 
   function record_count() {
336 
     if ($this->QueryID) {
 335 
     if ($this->QueryID) {
339 
   }
 338 
   }
340
339
341 
   /*
 340 
   /*
342 
-   * returns true if the query exists and there were records found
343 
-   * returns false if the query does not exist or if there were 0 records returned
341 
+   * Returns true if the query exists and there were records found
342 
+   * Returns false if the query does not exist or if there were 0 records returned
344 
    */
 343 
    */
345 
   function has_results() {
 344 
   function has_results() {
346 
     return ($this->QueryID && $this->record_count() !== 0);
 345 
     return ($this->QueryID && $this->record_count() !== 0);
356 
     return mysqli_get_host_info($this->LinkID);
 355 
     return mysqli_get_host_info($this->LinkID);
357 
   }
 356 
   }
358
357
359 
-  // You should use db_string() instead.
358 
+  // You should use db_string() instead
360 
   function escape_str($Str) {
 359 
   function escape_str($Str) {
361 
     $this->connect(0);
 360 
     $this->connect(0);
362 
     if (is_array($Str)) {
 361 
     if (is_array($Str)) {
428
427
429 
   /**
 428 
   /**
430 
    * This function determines whether the last query caused warning messages
 429 
    * This function determines whether the last query caused warning messages
431 
-   * and stores them in $this->Queries.
430 
+   * and stores them in $this->Queries
432 
    */
 431 
    */
433 
   function warnings() {
 432 
   function warnings() {
434 
     $Warnings = [];
 433 
     $Warnings = [];
436 
       $e = mysqli_get_warnings($this->LinkID);
 435 
       $e = mysqli_get_warnings($this->LinkID);
437 
       do {
 436 
       do {
438 
         if ($e->errno == 1592) {
 437 
         if ($e->errno == 1592) {
439 
-          // 1592: Unsafe statement written to the binary log using statement format since BINLOG_FORMAT = STATEMENT.
438 
+          // 1592: Unsafe statement written to the binary log using statement format since BINLOG_FORMAT = STATEMENT
440 
           continue;
 439 
           continue;
441 
         }
 440 
         }
442 
         $Warnings[] = 'Code ' . $e->errno . ': ' . display_str($e->message);
 441 
         $Warnings[] = 'Code ' . $e->errno . ': ' . display_str($e->message);

+ 2
- 1
sections/upload/upload_handle.php View File

449 
     $Cache->increment('stats_group_count');
 449 
     $Cache->increment('stats_group_count');
450
450
451 
     // Add screenshots
 451 
     // Add screenshots
452 
+    // @todo Clear DB_MYSQL::exec_prepared_query() errors
452 
     $Screenshots = explode("\n", $T['Screenshots']);
 453 
     $Screenshots = explode("\n", $T['Screenshots']);
453 
     $Screenshots = array_map('trim', $Screenshots);
 454 
     $Screenshots = array_map('trim', $Screenshots);
454
455
455 
     $Screenshots = array_filter($Screenshots, function ($s) {
 456 
     $Screenshots = array_filter($Screenshots, function ($s) {
456 
         return preg_match('/^'.DOI_REGEX.'$/i', $s);
 457 
         return preg_match('/^'.DOI_REGEX.'$/i', $s);
457 
-        #return preg_match('/^'.IMAGE_REGEX.'$/i', $s);
458 
     });
 458 
     });
459
459
460 
     $Screenshots = array_unique($Screenshots);
 460 
     $Screenshots = array_unique($Screenshots);
467 
         (GroupID, UserID, Time, Image)
 467 
         (GroupID, UserID, Time, Image)
468 
       VALUES (?, ?, NOW(), ?)", $GroupID, $LoggedUser['ID'], $Screenshot);
 468 
       VALUES (?, ?, NOW(), ?)", $GroupID, $LoggedUser['ID'], $Screenshot);
469 
         foreach ($Screenshots as $Screenshot) {
 469 
         foreach ($Screenshots as $Screenshot) {
470 
+            $DB->db_string($Screenshot); # Maybe unnecessary
470 
             $DB->exec_prepared_query();
 471 
             $DB->exec_prepared_query();
471 
         }
 472 
         }
472 
     }
 473 
     }

Write Preview
Loading…
Cancel
Save