OSDN > Find Software > Communications > Nucleus日本語版 > SCM > git > nucleus-plugins > Commit

Nucleus日本語版
Fork
nucleus-next
nucleus-jp-ancient
nucleus-plugins

R/O
HTTP
SSH
HTTPS

nucleus-plugins: Commit

Nucleus CMS日本語版用プラグインのうち、日本語版開発者がサポートしているもの

Commit MetaInfo

Revision	0fc5988748083128a86cbf36afafba564075f9ad (tree)
Time	2006-11-26 02:27:12
Author	satona <satona@1ca2...>
Commiter	satona

Log Message

再チェック

git-svn-id: https://svn.sourceforge.jp/svnroot/nucleus-jp/plugin@491 1ca29b6e-896d-4ea0-84a5-967f57386b96

Change Summary

modified: trunk/NP_MultipleCategories/NP_MultipleCategories.php (diff)

Incremental Difference

--- a/trunk/NP_MultipleCategories/NP_MultipleCategories.php

+++ b/trunk/NP_MultipleCategories/NP_MultipleCategories.php

		@@ -95,7 +95,7 @@ ADD `ordid` INT( 11 ) DEFAULT '100' NOT NULL AFTER `parentid` ;
95	95	}
96	96	if (!in_array("subcategories",$names)) {
97	97	sql_query ('ALTER TABLE '.sql_table('plug_multiple_categories').' ADD subcategories varchar(255) not null');
98		- sql_query('ALTER TABLE ' . sql_table('plug_multiple_categories'). ' MODIFY categories varchar(255) not null');
	98	+ sql_query('ALTER TABLE ' .sql_table('plug_multiple_categories').' MODIFY categories varchar(255) not null');
99	99	}
100	100	$query = 'CREATE TABLE IF NOT EXISTS '. sql_table('plug_multiple_categories_sub'). '('
101	101	. 'scatid int(11) not null auto_increment,'

		@@ -172,13 +172,13 @@ ADD `ordid` INT( 11 ) DEFAULT '100' NOT NULL AFTER `parentid` ;
172	172	$subcatid = intRequestVar($this->getRequestName());
173	173	}
174	174	if ($subcatid && !$catid) {
175		- $catid = intval($this->_getParentCatID($subcatid));
	175	+ $catid = intval($this->_getParentCatID($subcatid));//Intval is not needed. ($subcatid) <sato(na)0.5j />
176	176	if (!$catid) {
177	177	$subcatid = null;
178	178	$catid = null;
179	179	}
180	180	} elseif ($subcatid) {
181		- $pcatid = intval($this->_getParentCatID($subcatid));
	181	+ $pcatid = intval($this->_getParentCatID($subcatid));//Intval is not needed. ($subcatid) <sato(na)0.5j />
182	182	if ($pcatid != $catid) $subcatid = null;
183	183	}
184	184

		@@ -223,7 +223,7 @@ ADD `ordid` INT( 11 ) DEFAULT '100' NOT NULL AFTER `parentid` ;
223	223	$query = 'SELECT scatid FROM '.sql_table('plug_multiple_categories_sub').' WHERE catid=' . intval($id);
224	224	$res = sql_query($query);
225	225	while ($row = mysql_fetch_row($res)){
226		- $aResult[] = $row[0];
	226	+ $aResult[] = intval($row[0]); //<sato(na)0.5j />ultrarich
227	227	}
228	228	return $aResult;
229	229	}

		@@ -286,11 +286,11 @@ ADD `ordid` INT( 11 ) DEFAULT '100' NOT NULL AFTER `parentid` ;
286	286	return explode(",", $subOrderString);
287	287	}
288	288	function _getSubOrder($pid){
289		- $sql_str = 'SELECT scatid FROM '.sql_table('plug_multiple_categories_sub').' WHERE parentid='.$pid.' ORDER BY ordid';
	289	+ $sql_str = 'SELECT scatid FROM '.sql_table('plug_multiple_categories_sub').' WHERE parentid='.intval($pid).' ORDER BY ordid'; //<sato(na)0.5j />
290	290	$qid_scat = mysql_query($sql_str);
291	291	if ($qid_scat === FALSE) return ''; //<sato(na)0.403j />
292	292	$scat_str = '';
293		- while ($row_scat = mysql_fetch_object($qid_scat)) $scat_str .= ',' . $row_scat->scatid . $this->_getSubOrder($row_scat->scatid);
	293	+ while ($row_scat = mysql_fetch_object($qid_scat)) $scat_str .= ',' . intval($row_scat->scatid) . $this->_getSubOrder($row_scat->scatid); //<sato(na)0.5j />
294	294	return $scat_str;
295	295	}
296	296	function permuteSubcategories($subcategories){

		@@ -313,11 +313,11 @@ function orderKey(key, sequence) {
313	313	while($row = mysql_fetch_array($res)) {
314	314	//<sato(na)0.5j>
315	315	echo 'scatDat['.($i++).'] = new setScatDat('.
316		- $row['scatid'].
	316	+ intval($row['scatid']).
317	317	' , "'.
318		- addslashes($row['sname']).
	318	+ htmlspecialchars($row['sname'], ENT_QUOTES).
319	319	'", "'.
320		- addslashes($row['sdesc']).
	320	+ htmlspecialchars($row['sdesc'], ENT_QUOTES).
321	321	'");'."\n";
322	322	//</sato(na)0.5j>
323	323	}

		@@ -335,7 +335,7 @@ function orderKey(key, sequence) {
335	335	}
336	336	}
337	337
338		- function event_AddItemFormExtras($data) {
	338	+ function event_AddItemFormExtras($data) {
339	339	$aCategories = $this->_getCategories($data['blog']->blogid);
340	340	if(count($aCategories) > 1) {
341	341	$this->showForm($aCategories,$data['itemid']);

		@@ -358,20 +358,20 @@ function orderKey(key, sequence) {
358	358	if (!count($aDefinedScats)) return;
359	359
360	360	$itemScats = array();
361		- if($subcatlist = $this->_getSubCategories($itemid))
	361	+ if($subcatlist = $this->_getSubCategories($itemid))//Intval is not needed. ($itemid) <sato(na)0.5j />
362	362	$itemScats = explode(",",$subcatlist);
363	363
364	364	//<sato(na)>$snum = 0;</sato(na)>
365	365	echo '<h3>Multiple Categories</h3>';
366	366	echo "<fieldset><legend>Sub Categories</legend>";
367	367	//<sato(na)>
368		- $sql_str = 'SELECT * FROM '.sql_table('plug_multiple_categories_sub').' WHERE catid='.$aCategories[0]['catid'].' AND parentid=0';
	368	+ $sql_str = 'SELECT * FROM '.sql_table('plug_multiple_categories_sub').' WHERE catid='.intval($aCategories[0]['catid']).' AND parentid=0'; //<sato(na)0.5j />
369	369	$qid = sql_query($sql_str);
370	370	while ($aSub = mysql_fetch_assoc($qid)) {
371	371	$schecked = (in_array($aSub['scatid'], $itemScats)) ? " checked=checked" : "";
372	372	echo '<input type="checkbox" id="npmc_scat'.$aSub['scatid'].'" name="npmc_scat['.$aSub['scatid'].']"'.$schecked.' value="'.$aSub['scatid'].'" />';
373		- echo '<label for="npmc_scat'.$aSub['scatid'].'">'.htmlspecialchars($aSub['sname']).'</label><br />';
374		- echo $this->showFormHierarchical($aSub['scatid'], $itemScats);
	373	+ echo '<label for="npmc_scat'.$aSub['scatid'].'">'.htmlspecialchars($aSub['sname'], ENT_QUOTES).'</label><br />'; //<sato(na)0.5j />
	374	+ $this->showFormHierarchical($aSub['scatid'], $itemScats); //<sato(na)0.5j />
375	375	}
376	376	//</sato(na)>
377	377	echo "</fieldset>";

		@@ -380,9 +380,9 @@ function orderKey(key, sequence) {
380	380	function showForm($aCategories,$itemid) {
381	381	$itemcats = array();
382	382	$itemScats = array();
383		- if($multicatlist = $this->_getMultiCategories($itemid))
	383	+ if($multicatlist = $this->_getMultiCategories($itemid))//Intval is not needed. ($itemid) <sato(na)0.5j />
384	384	$itemcats = explode(",",$multicatlist);
385		- if($subcatlist = $this->_getSubCategories($itemid))
	385	+ if($subcatlist = $this->_getSubCategories($itemid))//Intval is not needed. ($itemid) <sato(na)0.5j />
386	386	$itemScats = explode(",",$subcatlist);
387	387
388	388	echo '<h3 style="margin-bottom:0px;">Multiple Categories</h3>';

		@@ -396,20 +396,20 @@ function orderKey(key, sequence) {
396	396	if(in_array($aCategory['catid'],$itemcats)) $checked = " checked=checked";
397	397	echo '<tr><td>';
398	398	echo '<input type="checkbox" id="npmc_cat'.$num.'" name="npmc_cat['.$num.']"'.$checked.' value="'.$aCategory['catid'].'" />';
399		- echo '<label for="npmc_cat'.$num.'">'.htmlspecialchars($aCategory['name']);
400		- if ($aCategory['cdesc']) echo "(".$aCategory['cdesc'].")";
	399	+ echo '<label for="npmc_cat'.$num.'">'.htmlspecialchars($aCategory['name'], ENT_QUOTES); //<sato(na)0.5j />
	400	+ if ($aCategory['cdesc']) echo "(".htmlspecialchars($aCategory['cdesc'], ENT_QUOTES).")"; //<sato(na)0.5j />
401	401	echo '</label>';
402	402	$num ++;
403	403	//<sato(na)>
404		- $sql_str = 'SELECT * FROM '.sql_table('plug_multiple_categories_sub').' WHERE catid='.$aCategory['catid'].' AND parentid=0';
	404	+ $sql_str = 'SELECT * FROM '.sql_table('plug_multiple_categories_sub').' WHERE catid='.intval($aCategory['catid']).' AND parentid=0'; //<sato(na)0.5j />
405	405	$qid = sql_query($sql_str);
406	406	if (mysql_num_rows($qid)) {
407	407	echo "<fieldset style=\"margin-left:1.5em;border:none\">";
408	408	while ($aSub = mysql_fetch_assoc($qid)) {
409	409	$schecked = (in_array($aSub['scatid'], $itemScats)) ? " checked=checked" : "";
410	410	echo '<input type="checkbox" id="npmc_scat'.$aSub['scatid'].'" name="npmc_scat['.$aSub['scatid'].']"'.$schecked.' value="'.$aSub['scatid'].'" />';
411		- echo '<label for="npmc_scat'.$aSub['scatid'].'">'.htmlspecialchars($aSub['sname']).'</label><br />';
412		- echo $this->showFormHierarchical($aSub['scatid'], $itemScats);
	411	+ echo '<label for="npmc_scat'.$aSub['scatid'].'">'.htmlspecialchars($aSub['sname'], ENT_QUOTES).'</label><br />'; //<sato(na)0.5j />
	412	+ $this->showFormHierarchical($aSub['scatid'], $itemScats); //<sato(na)0.5j />
413	413	}
414	414	echo "</fieldset>";
415	415	}

		@@ -426,8 +426,8 @@ function orderKey(key, sequence) {
426	426	while ($aSub = mysql_fetch_assoc($qid)) {
427	427	$schecked = (in_array($aSub['scatid'], $itemScats)) ? " checked=checked" : "";
428	428	echo '<input type="checkbox" id="npmc_scat'.$aSub['scatid'].'" name="npmc_scat['.$aSub['scatid'].']"'.$schecked.' value="'.$aSub['scatid'].'" />';
429		- echo '<label for="npmc_scat'.$aSub['scatid'].'">'.htmlspecialchars($aSub['sname']).'</label><br />';
430		- echo $this->showFormHierarchical($aSub['scatid'], $itemScats);
	429	+ echo '<label for="npmc_scat'.$aSub['scatid'].'">'.htmlspecialchars($aSub['sname'], ENT_QUOTES).'</label><br />'; //<sato(na)0.5j />
	430	+ $this->showFormHierarchical($aSub['scatid'], $itemScats); //<sato(na)0.5j />
431	431	}
432	432	echo "</div>";
433	433	}

		@@ -494,7 +494,7 @@ function orderKey(key, sequence) {
494	494	$value .= ', ""';
495	495	}
496	496
497		- $query = 'REPLACE INTO '.sql_table('plug_multiple_categories').' (item_id,categories,subcategories) VALUES('.intval($itemid).$value.');';
	497	+ $query = 'REPLACE INTO '.sql_table('plug_multiple_categories').' (item_id,categories,subcategories) VALUES('.intval($itemid).$value.');'; //$value : addslashes
498	498	sql_query($query);
499	499	}
500	500

		@@ -522,11 +522,12 @@ function orderKey(key, sequence) {
522	522	$o->categories = preg_replace("/^(?:(.),)?$catid(?:,(.))?$/","$1,$2",$o->categories);
523	523	$o->subcategories = preg_replace("/^(?:(.),)?$catid(?:,(.))?$/","$1,$2",$o->subcategories);
524	524	if ((!$o->categories \|\| $o->categories == ',') && (!$o->subcategories \|\| $o->subcategories == ',')) {
525		- $del[] = $o->item_id;
	525	+ $del[] = intval($o->item_id); //<sato(na)0.5j />ultrarich
526	526	} else {
527	527	$o->categories = preg_replace("/(^,+\|(?<=,),+\|,+$)/","",$o->categories);
528	528	$o->subcategories = preg_replace("/(^,+\|(?<=,),+\|,+$)/","",$o->subcategories);
529		- $up[] = "UPDATE ". sql_table("plug_multiple_categories") ." SET categories='".addslashes($o->categories)."', subcategories='".addslashes($o->subcategories)."' WHERE item_id=".$o->item_id;
	529	+ $up[] = "UPDATE ". sql_table("plug_multiple_categories") ." SET categories='".addslashes($o->categories).
	530	+ "', subcategories='".addslashes($o->subcategories)."' WHERE item_id=".intval($o->item_id); //<sato(na)0.5j />ultrarich
530	531	}
531	532	}
532	533

		@@ -546,7 +547,7 @@ function orderKey(key, sequence) {
546	547	$params = func_get_args();
547	548	// item skin
548	549	if ($params[0] == 'item' && $params[1] != "1") {
549		- if ($itemid) $this->_parseItem($params[1], $itemid);
	550	+ if ($itemid) $this->_parseItem($params[1], intval($itemid));//<sato(na)0.5j />
550	551	return;
551	552	}
552	553

		@@ -554,17 +555,17 @@ function orderKey(key, sequence) {
554	555	switch ($params[2]) {
555	556	case 'id':
556	557	if (!$subcatid \|\| !$catid) return;
557		- echo $subcatid;
	558	+ echo intval($subcatid);//<sato(na)0.5j />
558	559	return;
559	560	break;
560	561	case 'desc':
561	562	if (!$subcatid \|\| !$catid) return;
562		- echo htmlspecialchars($this->_getScatDescFromID($subcatid));
	563	+ echo htmlspecialchars($this->_getScatDescFromID($subcatid), ENT_QUOTES);//Intval is not needed. ($subcatid) <sato(na)0.5j />
563	564	return;
564	565	break;
565	566	case 'name':
566	567	if (!$subcatid \|\| !$catid) return;
567		- echo htmlspecialchars($this->_getScatNameFromID($subcatid));
	568	+ echo htmlspecialchars($this->_getScatNameFromID($subcatid), ENT_QUOTES);//Intval is not needed. ($subcatid) <sato(na)0.5j />
568	569	return;
569	570	break;
570	571	case 'url':

		@@ -575,18 +576,19 @@ function orderKey(key, sequence) {
575	576	$b =& $manager->getBlog($CONF['DefaultBlog']);
576	577	}
577	578	$this->_setCommonData($b->getID());
578		- $sparams = array_merge($this->param,array($this->getRequestName() => $subcatid));
579		- $url = createCategoryLink($catid, $sparams);
	579	+ $sparams = array_merge($this->param, array($this->getRequestName() => intval($subcatid)));//<sato(na)0.5j />
	580	+ $url = createCategoryLink(intval($catid), $sparams);//<sato(na)0.5j />
580	581	if ($CONF['URLMode'] != 'pathinfo') {
581	582	list(,$temp_param) = explode("?",$url);
582	583	$url = $this->url. "?" . $temp_param;
583	584	}
584		- echo $url;
	585	+ $url = preg_replace(array("/</", "/>/"), array("<", ">"), $url); //<sato(na)0.5j />
	586	+ echo $url; //$sparams escape OK <sato(na)0.5j />
585	587	return;
586	588	break;
587	589	case 'link':
588	590	if ($params[0] != 'item') return;
589		- $item = $this->_getItemObject($itemid);
	591	+ $item = $this->_getItemObject(intval($itemid));//<sato(na)0.5j />
590	592	if ($item) {
591	593	$this->doTemplateVar(&$item);
592	594	}

		@@ -601,17 +603,18 @@ function orderKey(key, sequence) {
601	603	$bid = $b->getID();
602	604	$this->_setCommonData($bid);
603	605	$cur_params = array();
604		- if ($catid) $cur_params['catid'] = $catid;
	606	+ if ($catid) $cur_params['catid'] = intval($catid);//<sato(na)0.5j />
605	607	if ($subcatid) {
606	608	$rname = $this->getRequestName();
607		- $cur_params[$rname] = $subcatid;
	609	+ $cur_params[$rname] = intval($subcatid);//<sato(na)0.5j />
608	610	}
609	611	$url = createArchiveListLink($bid, $cur_params);
610	612	if ($CONF['URLMode'] != 'pathinfo') {
611	613	list(,$temp_param) = explode("?",$url);
612	614	$url = $this->url. "?" . $temp_param;
613	615	}
614		- echo $url;
	616	+ $url = preg_replace(array("/</", "/>/"), array("<", ">"), $url); //<sato(na)0.5j />
	617	+ echo $url; //$cur_params escape OK <sato(na)0.5j />
615	618	return;
616	619	break;
617	620	case 'categorylist':

		@@ -639,13 +642,12 @@ function orderKey(key, sequence) {
639	642	$b =& $manager->getBlog($CONF['DefaultBlog']);
640	643	}
641	644
642		- $mycatid = 0;
643		- if ($catid) $mycatid = $catid;
644		- $mysubcatid = 0;
645		- if ($subcatid) $mysubcatid = $subcatid;
	645	+ $mycatid = ($catid) ? intval($catid) : 0;//<sato(na)0.5j />
	646	+ $mysubcatid = ($subcatid) ? intval($subcatid) : 0;//<sato(na)0.5j />
646	647	$templateName = $params[1];
647	648	$amountEntries = 0;
648	649	$offset = 0;
	650	+ $startpos = intval($startpos);//<sato(na)0.5j />
649	651	if (isset($params[2])) {
650	652	list($amountEntries, $offset) = sscanf($params[2], '%d(%d)');
651	653	if ($offset) {

		@@ -675,7 +677,7 @@ function orderKey(key, sequence) {
675	677	}
676	678
677	679	$query .= ' WHERE i.iauthor=m.mnumber'
678		- . ' and i.iblog='.$b->getID()
	680	+ . ' and i.iblog='.intval($b->getID()) //<sato(na)0.5j />
679	681	. ' and i.icat=c.catid'
680	682	. ' and i.idraft=0';
681	683	if ($params[0] == 'archive' && $archive) {

		@@ -726,9 +728,9 @@ function orderKey(key, sequence) {
726	728	if ($what == 'itemlink') {
727	729	$sparams = array();
728	730	if ($catid) {
729		- $sparams['catid'] = $catid;
	731	+ $sparams['catid'] = intval($catid);//<sato(na)0.5j />
730	732	if ($subcatid) {
731		- $sparams[$this->getRequestName()] = $subcatid;
	733	+ $sparams[$this->getRequestName()] = intval($subcatid);//<sato(na)0.5j />
732	734	}
733	735	}
734	736	$url = createItemLink($item->itemid, $sparams);

		@@ -736,7 +738,8 @@ function orderKey(key, sequence) {
736	738	list(,$temp_param) = explode("?",$url);
737	739	$url = $this->url. "?" . $temp_param;
738	740	}
739		- echo $url;
	741	+ $url = preg_replace(array("/</", "/>/"), array("<", ">"), $url); //<sato(na)0.5j />
	742	+ echo $url; //$cur_params escape OK <sato(na)0.5j />
740	743	return;
741	744	}
742	745

		@@ -745,7 +748,7 @@ function orderKey(key, sequence) {
745	748	list(,$temp_param) = explode("?",$url);
746	749	$url = $this->url. "?" . $temp_param;
747	750	}
748		- $mcat_string = '<a href="'.$url.'">'.htmlspecialchars($this->_getCatNameFromID($item->catid)).'</a>';
	751	+ $mcat_string = '<a href="'.$this->cnvHtmlUrlAttribute($url).'">'.htmlspecialchars($this->_getCatNameFromID($item->catid), ENT_QUOTES).'</a>'; //<sato(na)0.5j />
749	752
750	753	$itemScats = array();
751	754	if ($itemscatstr = $this->_getSubCategories($item->itemid)) {

		@@ -761,7 +764,7 @@ function orderKey(key, sequence) {
761	764	} else {
762	765	$surl = addLinkParams($url,array($this->getRequestName() => $id));
763	766	}
764		- $extra_scat_string[] = '<a href="'.$surl.'">'.htmlspecialchars($name).'</a>';
	767	+ $extra_scat_string[] = '<a href="'.$this->cnvHtmlUrlAttribute($surl).'">'.htmlspecialchars($name, ENT_QUOTES).'</a>'; //<sato(na)0.5j />
765	768	}
766	769	$scat_string = implode($this->ssep,$extra_scat_string);
767	770	$cat_string = str_replace(array("<%category%>","<%subcategory%>"), array($mcat_string,$scat_string), $this->sform);

		@@ -779,7 +782,7 @@ function orderKey(key, sequence) {
779	782	list(,$temp_param) = explode("?",$url);
780	783	$url = $this->url. "?" . $temp_param;
781	784	}
782		- $mcat_string = '<a href="'.$url.'">'.htmlspecialchars($this->_getCatNameFromID($icat)).'</a>';
	785	+ $mcat_string = '<a href="'.$this->cnvHtmlUrlAttribute($url).'">'.htmlspecialchars($this->_getCatNameFromID($icat), ENT_QUOTES).'</a>'; //<sato(na)0.5j />
783	786
784	787	if (count($itemScats) > 0 && array_key_exists($icat,$scatMaps)) {
785	788	$extra_scat_string = array();

		@@ -790,7 +793,7 @@ function orderKey(key, sequence) {
790	793	} else {
791	794	$surl = addLinkParams($url,array($this->getRequestName() => $id));
792	795	}
793		- $extra_scat_string[] = '<a href="'.$surl.'">'.htmlspecialchars($name).'</a>';
	796	+ $extra_scat_string[] = '<a href="'.$this->cnvHtmlUrlAttribute($surl).'">'.htmlspecialchars($name, ENT_QUOTES).'</a>'; //<sato(na)0.5j />
794	797	}
795	798	$scat_string = implode($this->ssep,$extra_scat_string);
796	799	$extra_cat_string[] = str_replace(array("<%category%>","<%subcategory%>"), array($mcat_string,$scat_string), $this->sform);

		@@ -800,11 +803,23 @@ function orderKey(key, sequence) {
800	803	}
801	804	}
802	805	if (count($extra_cat_string) > 0) {
803		- $cat_string .= $this->msep . join($this->ssep,$extra_cat_string);
	806	+ $cat_string .= $this->msep . implode($this->ssep,$extra_cat_string);
804	807	}
805	808	}
806		- echo $cat_string;
	809	+ echo $cat_string;//$mcat_string, $scat_string escape OK <sato(na)0.5j />
807	810	}
	811	+ //<sato(na)0.5j>
	812	+ function cnvHtmlUrlAttribute($forHtmlAtt__str)
	813	+ {
	814	+ //onEvent
	815	+ $forHtmlAtt__str = preg_replace('/[\'"]/', '', $forHtmlAtt__str);
	816	+
	817	+ //href="javascript:"
	818	+ $forHtmlAtt__str = preg_replace('/javascript/i', '', preg_replace('/[\x00-\x20\x22\x27]/', '', $forHtmlAtt__str));
	819	+
	820	+ return $forHtmlAtt__str;
	821	+ }
	822	+ //</sato(na)0.5j>
808	823
809	824	function _setCommonData($bid) {
810	825	global $CONF;

		@@ -814,7 +829,7 @@ function orderKey(key, sequence) {
814	829	$this->addindex = ($this->getOption('addindex') == 'yes');
815	830	$this->addbiddef = ($this->getOption('addblogid_def') == 'yes');
816	831	$this->addbid = ($this->getOption('addblogid') == 'yes');
817		- $this->defurl = quickQuery("SELECT burl as result from ".sql_table('blog')." WHERE bnumber=".$CONF['DefaultBlog']);
	832	+ $this->defurl = quickQuery("SELECT burl as result from ".sql_table('blog')." WHERE bnumber=".addslashes($CONF['DefaultBlog'])); //<sato(na)0.5j />
818	833	if (!$this->defurl) $this->defurl = $CONF['Self'];
819	834	$this->_setBlogData($bid);
820	835	}

		@@ -833,16 +848,16 @@ function orderKey(key, sequence) {
833	848	$this->url .= "index.php";
834	849	}
835	850	if ($this->bid == $CONF['DefaultBlog'] && $this->addbiddef) {
836		- $this->param['blogid'] = $this->bid;
	851	+ $this->param['blogid'] = $this->bid; //$this->bid intval OK
837	852	} elseif ($this->bid != $CONF['DefaultBlog'] && ($this->url == $this->defurl \|\| $this->addbid)){
838		- $this->param['blogid'] = $this->bid;
	853	+ $this->param['blogid'] = $this->bid; //$this->bid intval OK
839	854	}
840	855	}
841	856
842	857	function _parseItem($template, $itemid) {
843	858	global $manager;
844	859
845		- $b =& $manager->getBlog(getBlogIDFromItemID($itemid));
	860	+ $b =& $manager->getBlog(getBlogIDFromItemID($itemid));//Intval is not needed. ($itemid) <sato(na)0.5j />
846	861
847	862	$query = 'SELECT i.inumber as itemid, i.ititle as title, i.ibody as body, m.mname as author, m.mrealname as authorname, i.itime, i.imore as more, m.mnumber as authorid, m.memail as authormail, m.murl as authorurl, c.cname as category, i.icat as catid, i.iclosed as closed';
848	863

		@@ -850,7 +865,7 @@ function orderKey(key, sequence) {
850	865	//$query .= ' FROM '.sql_table('item').' as i, '.sql_table('member').' as m, '.sql_table('category').' as c'
851	866	$query .= ' FROM '.sql_table('category').' as c, '.sql_table('member').' as m, '.sql_table('item').' as i'
852	867	//</sato(na)0.5j>
853		- . ' WHERE i.iblog='.$b->getID()
	868	+ . ' WHERE i.iblog='.intval($b->getID()) //<sato(na)0.5j />
854	869	. ' and i.iauthor=m.mnumber'
855	870	. ' and i.icat=c.catid'
856	871	. ' and i.idraft=0' // exclude drafts

		@@ -867,12 +882,26 @@ function orderKey(key, sequence) {
867	882	global $CONF, $manager, $blog, $catid, $subcatid;
868	883	global $archive, $archivelist;
869	884
	885	+ //<sato(na)0.5j>
	886	+ if ($archive) {
	887	+ sscanf ($archive,'%d-%d-%d', $y, $m, $d);
	888	+ if ($d) {
	889	+ $archive = sprintf ('%04d-%02d-%02d', $y, $m, $d);
	890	+ } else {
	891	+ $archive = sprintf ('%4d-%2d', $y, $m);
	892	+ }
	893	+ }
	894	+ // check archivelist
	895	+ if (! is_numeric($archivelist)) $archivelist = getBlogIDFromName($archivelist);
	896	+ //</sato(na)0.5j>
	897	+
870	898	if ($blog) {
871	899	$b =& $blog;
872	900	} else {
873	901	$b =& $manager->getBlog($CONF['DefaultBlog']);
874	902	}
875	903	$blogid = $b->getID();
	904	+ $blogid = (is_numeric($blogid)) ? intval($blogid) : getBlogIDFromName($blogid); //<sato(na)0.5j />
876	905
877	906	if (!isset($this->defurl)) $this->_setCommonData($blogid);
878	907

		@@ -905,7 +934,8 @@ function orderKey(key, sequence) {
905	934	'self' => $CONF['Self']
906	935	));
907	936
908		- $query = 'SELECT c.catid, c.cdesc as catdesc, c.cname as catname FROM '.sql_table('category').' as c WHERE c.cblog=' . $blogid . ' GROUP BY c.cname ORDER BY c.cname ASC';
	937	+ $query = 'SELECT c.catid, c.cdesc as catdesc, c.cname as catname FROM '.sql_table('category').
	938	+ ' as c WHERE c.cblog=' . intval($blogid) . ' GROUP BY c.cname ORDER BY c.cname ASC'; //<sato(na)0.5j />
909	939	$res = sql_query($query);
910	940
911	941	$tp = array();

		@@ -919,6 +949,7 @@ function orderKey(key, sequence) {
919	949	}
920	950
921	951	while ($data = mysql_fetch_assoc($res)) {
	952	+ $data['catid'] = intval($data['catid']); //<sato(na)0.5j />ultrarich
922	953	$data['blogid'] = $blogid;
923	954	$data['blogurl'] = $blogurl;
924	955	$data['catlink'] = createCategoryLink($data['catid'], $linkparams);

		@@ -927,7 +958,7 @@ function orderKey(key, sequence) {
927	958	$data['catlink'] = $this->url. "?" . $temp_param;
928	959	}
929	960	$data['self'] = $CONF['Self'];
930		- if ($data['catid'] == $catid) {
	961	+ if ($data['catid'] == intval($catid)) { //<sato(na)0.5j />
931	962	$data['catflag'] = $this->getOption('catflag');
932	963	}
933	964	$cq = 'SELECT count(*) as result FROM '.sql_table('item').' as i';

		@@ -946,6 +977,7 @@ function orderKey(key, sequence) {
946	977	$subliststr = "";
947	978
948	979	while ($sdata = mysql_fetch_assoc($sres)) {
	980	+ $sdata['subcatid'] = intval($sdata['subcatid']); //<sato(na)0.5j />ultrarich
949	981	$ares = sql_query(
950	982	'SELECT count(i.inumber) FROM '
951	983	. sql_table('item').' as i, '

		@@ -1004,8 +1036,8 @@ function orderKey(key, sequence) {
1004	1036	$b =& $manager->getBlog($CONF['DefaultBlog']);
1005	1037	}
1006	1038
1007		- if ($catid) $linkparams = array('catid' => $catid);
1008		- if ($subcatid) $linkparams['subcatid'] = $subcatid;
	1039	+ if ($catid) $linkparams = array('catid' => intval($catid)); //<sato(na)0.5j />
	1040	+ if ($subcatid) $linkparams['subcatid'] = intval($subcatid); //<sato(na)0.5j />
1009	1041	if ($lc = $this->getOption('locale')) {
1010	1042	setlocale(LC_TIME,$lc);
1011	1043	}

		@@ -1020,7 +1052,7 @@ function orderKey(key, sequence) {
1020	1052	if ($catid) {
1021	1053	$query .= ' LEFT JOIN '.sql_table('plug_multiple_categories').' as p ON i.inumber=p.item_id';
1022	1054	}
1023		- $query .= ' WHERE i.iblog=' . $b->getID()
	1055	+ $query .= ' WHERE i.iblog=' . intval($b->getID()) //<sato(na)0.5j />
1024	1056	. ' and i.itime <=' . mysqldate($b->getCorrectTime()) // don't show future items!
1025	1057	. ' and i.idraft=0'; // don't show draft items
1026	1058

Show on old repository browser