Ignore:
Timestamp:
Oct 2, 2024, 10:31:47 PM (7 weeks ago)
Author:
chronos
Message:
  • Fixed: More integer URL parameters checking.
  • Modified: More explicit function types.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/Modules/News/News.php

    r893 r901  
    9797    $Output .= '<div class="shoutbox">';
    9898    $DbResult = $this->System->Database->query('SELECT `News`.`Time`, `News`.`Text`, `News`.`Title`, `News`.`Id`, '.
    99         '`User`.`Name` AS `User` FROM `News` JOIN `User` ON `User`.`Id`=`News`.`User` ORDER BY `News`.`Time` DESC '.$PageList['SQLLimit']);
     99      '`User`.`Name` AS `User` FROM `News` JOIN `User` ON `User`.`Id`=`News`.`User` ORDER BY `News`.`Time` DESC '.$PageList['SQLLimit']);
    100100    while ($Line = $DbResult->fetch_assoc())
    101101    {
     
    108108  function ShowItem()
    109109  {
    110     if (array_key_exists('i', $_GET))
     110    $Id = 0;
     111    if (TryGetUrlParameterInt('i', $Id))
    111112    {
    112113      $Output = '<h3>'.T('News').'</h3>';
    113114      $DbResult = $this->System->Database->query('SELECT `News`.`Time`, `News`.`Text`, `News`.`Title`, `News`.`Id`, '.
    114         '`User`.`Name` AS `User` FROM `News` JOIN `User` ON `User`.`Id`=`News`.`User` WHERE `News`.`Id` = '.($_GET['i'] * 1));
     115        '`User`.`Name` AS `User` FROM `News` JOIN `User` ON `User`.`Id`=`News`.`User` WHERE `News`.`Id` = '.$Id);
    115116      if ($DbResult->num_rows == 1)
    116117      {
     
    118119        $Output .= '<h4>'.$Line['Title'].' ('.HumanDate($Line['Time']).')</h4><div>'.$Line['Text'].' ('.$Line['User'].')</div>';
    119120      } else $Output = ShowMessage(T('Item not found'), MESSAGE_CRITICAL);
    120     } else $Output = ShowMessage(T('Item not found'), MESSAGE_CRITICAL);
     121    } else $Output = ShowMessage(T('Id not valid'), MESSAGE_CRITICAL);
    121122    $Output .= '<br/><a href="'.$this->System->Link('/news/').'">'.T('All news').'</a>';
    122123    return $Output;
Note: See TracChangeset for help on using the changeset viewer.