onokazu
onoka****@users*****
2005年 9月 5日 (月) 05:46:09 JST
Index: xoops2jp/html/kernel/tplfile.php diff -u xoops2jp/html/kernel/tplfile.php:1.2 xoops2jp/html/kernel/tplfile.php:1.3 --- xoops2jp/html/kernel/tplfile.php:1.2 Fri Mar 18 21:52:14 2005 +++ xoops2jp/html/kernel/tplfile.php Mon Sep 5 05:46:09 2005 @@ -1,5 +1,5 @@ <?php -// $Id: tplfile.php,v 1.2 2005/03/18 12:52:14 onokazu Exp $ +// $Id: tplfile.php,v 1.3 2005/09/04 20:46:09 onokazu Exp $ // ------------------------------------------------------------------------ // // XOOPS - PHP Content Management System // // Copyright (c) 2000 XOOPS.org // @@ -258,7 +258,7 @@ function getModuleTplCount($tplset) { $ret = array(); - $sql = "SELECT tpl_module, COUNT(tpl_id) AS count FROM ".$this->db->prefix('tplfile')." WHERE tpl_tplset='".$tplset."' GROUP BY tpl_module"; + $sql = "SELECT tpl_module, COUNT(tpl_id) AS count FROM ".$this->db->prefix('tplfile')." WHERE tpl_tplset=".$this->db->quoteString($tplset)." GROUP BY tpl_module"; $result = $this->db->query($sql); if (!$result) { return $ret; @@ -275,7 +275,7 @@ { $criteria = new CriteriaCompo(); if (isset($tplset)) { - $criteria->add(new Criteria('tpl_tplset', $tplset)); + $criteria->add(new Criteria('tpl_tplset', addslashes(trim($tplset)))); } if (isset($module)) { $criteria->add(new Criteria('tpl_module', $module)); @@ -303,7 +303,7 @@ function templateExists($tplname, $tplset_name) { $criteria = new CriteriaCompo(new Criteria('tpl_file', trim($tplname))); - $criteria->add(new Criteria('tpl_tplset', trim($tplset_name))); + $criteria->add(new Criteria('tpl_tplset', addslashes(trim($tplset_name)))); if ($this->getCount($criteria) > 0) { return true; }