Exemplo n.º 1
0
function wppa_get_get($index)
{
    static $wppa_get_get_cache;
    // Found this already?
    if (isset($wppa_get_get_cache[$index])) {
        return $wppa_get_get_cache[$index];
    }
    // See if set
    if (isset($_GET['wppa-' . $index])) {
        // New syntax first
        $result = $_GET['wppa-' . $index];
    } elseif (isset($_GET[$index])) {
        // Old syntax
        $result = $_GET[$index];
    } else {
        return false;
    }
    // Not set
    if ($result == 'nil') {
        return false;
    }
    // Nil simulates not set
    if (!strlen($result)) {
        $result = '1';
    }
    // Set but no value
    // Sanitize
    $result = strip_tags($result);
    if (strpos($result, '<?') !== false) {
        die('Security check failure #191');
    }
    if (strpos($result, '?>') !== false) {
        die('Security check failure #192');
    }
    // Post processing needed?
    if ($index == 'photo' && !wppa_is_int($result)) {
        // Encrypted?
        $result = wppa_decrypt_photo($result);
        // By name?
        $result = wppa_get_photo_id_by_name($result, wppa_get_album_id_by_name(wppa_get_get('album')));
        if (!$result) {
            return false;
        }
        // Non existing photo, treat as not set
    }
    if ($index == 'album') {
        // Encrypted?
        $result = wppa_decrypt_album($result);
        if (!wppa_is_int($result)) {
            $temp = wppa_get_album_id_by_name($result);
            if (wppa_is_int($temp) && $temp > '0') {
                $result = $temp;
            } elseif (!wppa_series_to_array($result)) {
                $result = false;
            }
        }
    }
    // Save in cache
    $wppa_get_get_cache[$index] = $result;
    return $result;
}
function wppa_get_photo_id_by_name($xname, $album = '0')
{
    global $wpdb;
    global $allphotos;
    if (wppa_is_int($xname)) {
        return $xname;
        // Already nemeric
    }
    $name = wppa_decode_uri_component($xname);
    $name = str_replace('\'', '%', $name);
    // A trick for single quotes
    $name = str_replace('"', '%', $name);
    // A trick for double quotes
    $name = stripslashes($name);
    if (wppa_is_int($album)) {
        $alb = $album;
    } else {
        $albums = wppa_series_to_array($album);
        if (is_array($albums)) {
            $alb = implode(" OR `album` = ", $albums);
        } else {
            $alb = wppa_get_album_id_by_name($album);
        }
    }
    if ($alb) {
        $pid = $wpdb->get_var("SELECT `id` FROM `" . WPPA_PHOTOS . "` WHERE `name` LIKE '%" . $name . "%' AND ( `album` = " . $alb . " ) LIMIT 1");
    } else {
        $pid = $wpdb->get_var("SELECT `id` FROM `" . WPPA_PHOTOS . "` WHERE `name` LIKE '%" . $name . "%' LIMIT 1");
    }
    if ($pid) {
        wppa_dbg_msg('Pid ' . $pid . ' found for ' . $name);
    } else {
        wppa_dbg_msg('No pid found for ' . $name);
    }
    return $pid;
}