Changeset 901 for trunk/Modules/News/News.php

Timestamp:

Oct 2, 2024, 10:31:47 PM (2 days ago)

Author:

chronos

Message:

• Fixed: More integer URL parameters checking.
• Modified: More explicit function types.

File:

• trunk/Modules/News/News.php (modified) (3 diffs)

trunk/Modules/News/News.php

@@ -97 +97 @@
     $Output .= '<div class="shoutbox">';
     $DbResult = $this->System->Database->query('SELECT `News`.`Time`, `News`.`Text`, `News`.`Title`, `News`.`Id`, '.
-        '`User`.`Name` AS `User` FROM `News` JOIN `User` ON `User`.`Id`=`News`.`User` ORDER BY `News`.`Time` DESC '.$PageList['SQLLimit']);
+      '`User`.`Name` AS `User` FROM `News` JOIN `User` ON `User`.`Id`=`News`.`User` ORDER BY `News`.`Time` DESC '.$PageList['SQLLimit']);
     while ($Line = $DbResult->fetch_assoc())
     {
@@ -108 +108 @@
   function ShowItem()
   {
-    if (array_key_exists('i', $_GET))
+    $Id = 0;
+    if (TryGetUrlParameterInt('i', $Id))
     {
       $Output = '<h3>'.T('News').'</h3>';
       $DbResult = $this->System->Database->query('SELECT `News`.`Time`, `News`.`Text`, `News`.`Title`, `News`.`Id`, '.
-        '`User`.`Name` AS `User` FROM `News` JOIN `User` ON `User`.`Id`=`News`.`User` WHERE `News`.`Id` = '.($_GET['i'] * 1));
+        '`User`.`Name` AS `User` FROM `News` JOIN `User` ON `User`.`Id`=`News`.`User` WHERE `News`.`Id` = '.$Id);
       if ($DbResult->num_rows == 1)
       {
@@ -118 +119 @@
         $Output .= '<h4>'.$Line['Title'].' ('.HumanDate($Line['Time']).')</h4><div>'.$Line['Text'].' ('.$Line['User'].')</div>';
       } else $Output = ShowMessage(T('Item not found'), MESSAGE_CRITICAL);
-    } else $Output = ShowMessage(T('Item not found'), MESSAGE_CRITICAL);
+    } else $Output = ShowMessage(T('Id not valid'), MESSAGE_CRITICAL);
     $Output .= '<br/><a href="'.$this->System->Link('/news/').'">'.T('All news').'</a>';
     return $Output;