function wppa_get_get($index) { static $wppa_get_get_cache; // Found this already? if (isset($wppa_get_get_cache[$index])) { return $wppa_get_get_cache[$index]; } // See if set if (isset($_GET['wppa-' . $index])) { // New syntax first $result = $_GET['wppa-' . $index]; } elseif (isset($_GET[$index])) { // Old syntax $result = $_GET[$index]; } else { return false; } // Not set if ($result == 'nil') { return false; } // Nil simulates not set if (!strlen($result)) { $result = '1'; } // Set but no value // Sanitize $result = strip_tags($result); if (strpos($result, '<?') !== false) { die('Security check failure #191'); } if (strpos($result, '?>') !== false) { die('Security check failure #192'); } // Post processing needed? if ($index == 'photo' && !wppa_is_int($result)) { // Encrypted? $result = wppa_decrypt_photo($result); // By name? $result = wppa_get_photo_id_by_name($result, wppa_get_album_id_by_name(wppa_get_get('album'))); if (!$result) { return false; } // Non existing photo, treat as not set } if ($index == 'album') { // Encrypted? $result = wppa_decrypt_album($result); if (!wppa_is_int($result)) { $temp = wppa_get_album_id_by_name($result); if (wppa_is_int($temp) && $temp > '0') { $result = $temp; } elseif (!wppa_series_to_array($result)) { $result = false; } } } // Save in cache $wppa_get_get_cache[$index] = $result; return $result; }
function wppa_get_photo_id_by_name($xname, $album = '0') { global $wpdb; global $allphotos; if (wppa_is_int($xname)) { return $xname; // Already nemeric } $name = wppa_decode_uri_component($xname); $name = str_replace('\'', '%', $name); // A trick for single quotes $name = str_replace('"', '%', $name); // A trick for double quotes $name = stripslashes($name); if (wppa_is_int($album)) { $alb = $album; } else { $albums = wppa_series_to_array($album); if (is_array($albums)) { $alb = implode(" OR `album` = ", $albums); } else { $alb = wppa_get_album_id_by_name($album); } } if ($alb) { $pid = $wpdb->get_var("SELECT `id` FROM `" . WPPA_PHOTOS . "` WHERE `name` LIKE '%" . $name . "%' AND ( `album` = " . $alb . " ) LIMIT 1"); } else { $pid = $wpdb->get_var("SELECT `id` FROM `" . WPPA_PHOTOS . "` WHERE `name` LIKE '%" . $name . "%' LIMIT 1"); } if ($pid) { wppa_dbg_msg('Pid ' . $pid . ' found for ' . $name); } else { wppa_dbg_msg('No pid found for ' . $name); } return $pid; }