Esempio n. 1
0
}
$UserID = $LoggedUser['ID'];
$GroupID = db_string($_POST['groupid']);
$Summaries = $_POST['summary'];
$Images = $_POST['image'];
$Time = sqltime();
if (!is_number($GroupID) || !$GroupID) {
    error(0);
}
if (count($Images) != count($Summaries)) {
    error('Missing an image or a summary');
}
$Changed = false;
for ($i = 0; $i < count($Images); $i++) {
    $Image = $Images[$i];
    $Summary = $Summaries[$i];
    if (ImageTools::blacklisted($Image, true) || !preg_match("/^" . IMAGE_REGEX . "\$/i", $Image)) {
        continue;
    }
    // sanitize inputs
    $Image = db_string($Image);
    $Summary = db_string($Summary);
    $DB->query("\n\t\tINSERT IGNORE INTO cover_art\n\t\t\t(GroupID, Image, Summary, UserID, Time)\n\t\tVALUES\n\t\t\t('{$GroupID}', '{$Image}', '{$Summary}', '{$UserID}', '{$Time}')");
    if ($DB->affected_rows()) {
        $Changed = true;
    }
}
if ($Changed) {
    $Cache->delete_value("torrents_cover_art_{$GroupID}");
}
header('Location: ' . $_SERVER['HTTP_REFERER']);
Esempio n. 2
0
if (check_perms('artist_edit_vanityhouse')) {
    $VanityHouse = isset($_POST['vanity_house']) ? 1 : 0;
}
if ($_GET['action'] === 'revert') {
    // if we're reverting to a previous revision
    authorize();
    $RevisionID = $_GET['revisionid'];
    if (!is_number($RevisionID)) {
        error(0);
    }
} else {
    // with edit, the variables are passed with POST
    $Body = db_string($_POST['body']);
    $Summary = db_string($_POST['summary']);
    $Image = db_string($_POST['image']);
    ImageTools::blacklisted($Image);
    // Trickery
    if (!preg_match("/^" . IMAGE_REGEX . "\$/i", $Image)) {
        $Image = '';
    }
}
// Insert revision
if (!$RevisionID) {
    // edit
    $DB->query("\n\t\tINSERT INTO wiki_artists\n\t\t\t(PageID, Body, Image, UserID, Summary, Time)\n\t\tVALUES\n\t\t\t('{$ArtistID}', '{$Body}', '{$Image}', '{$UserID}', '{$Summary}', '" . sqltime() . "')");
} else {
    // revert
    $DB->query("\n\t\tINSERT INTO wiki_artists (PageID, Body, Image, UserID, Summary, Time)\n\t\tSELECT '{$ArtistID}', Body, Image, '{$UserID}', 'Reverted to revision {$RevisionID}', '" . sqltime() . "'\n\t\tFROM wiki_artists\n\t\tWHERE RevisionID = '{$RevisionID}'");
}
$RevisionID = $DB->inserted_id();
// Update artists table (technically, we don't need the RevisionID column, but we can use it for a join which is nice and fast)
Esempio n. 3
0
// Validate the form
if ($Properties['Remastered'] && !$Properties['RemasterYear']) {
    //Unknown Edit!
    if ($LoggedUser['ID'] == $UserID || check_perms('edit_unknowns')) {
        //Fine!
    } else {
        $Err = "You may not edit someone else's upload to unknown release.";
    }
}
// Strip out Amazon's padding
$AmazonReg = '/(http:\\/\\/ecx.images-amazon.com\\/images\\/.+)(\\._.*_\\.jpg)/i';
$Matches = array();
if (preg_match($RegX, $Properties['Image'], $Matches)) {
    $Properties['Image'] = $Matches[1] . '.jpg';
}
ImageTools::blacklisted($Properties['Image']);
if ($Err) {
    // Show the upload form, with the data the user entered
    if (check_perms('site_debug')) {
        die($Err);
    }
    error($Err);
}
//******************************************************************************//
//--------------- Make variables ready for database input ----------------------//
// Shorten and escape $Properties for database input
$T = array();
foreach ($Properties as $Key => $Value) {
    $T[$Key] = "'" . db_string(trim($Value)) . "'";
    if (!$T[$Key]) {
        $T[$Key] = null;
Esempio n. 4
0
        $Err = 'You forgot to enter any bounty!';
    } else {
        $Bounty = trim($_POST['amount']);
        if (!is_number($Bounty)) {
            $Err = 'Your entered bounty is not a number';
        } elseif ($Bounty < 100 * 1024 * 1024) {
            $Err = 'Minimum bounty is 100 MB.';
        }
        $Bytes = $Bounty;
        //From MB to B
    }
}
if (empty($_POST['image'])) {
    $Image = '';
} else {
    ImageTools::blacklisted($_POST['image']);
    if (preg_match('/' . IMAGE_REGEX . '/', trim($_POST['image'])) > 0) {
        $Image = trim($_POST['image']);
    } else {
        $Err = display_str($_POST['image']) . ' does not appear to be a valid link to an image.';
    }
}
if (empty($_POST['description'])) {
    $Err = 'You forgot to enter a description.';
} else {
    $Description = trim($_POST['description']);
}
if ($CategoryName === 'Music') {
    if (empty($_POST['artists'])) {
        $Err = 'You did not enter any artists.';
    } else {