[geeklog-devel] links plugin in CVS
Dirk Haun
dirk at haun-online.de
Mon Dec 24 04:37:05 EST 2007
Joe Mucchiello wrote:
>This is in CVS. The links plugin's functions.inc. It has 3 bugs:
I can see another 3, actually.
$_REQUEST['topic'] and $_REQUEST['story'] are being used unfiltered in
SQL requests. And $_REQUEST['story'] may not be set when 'url_rewrite'
is on so the idea of getting the topic ID for the current story won't work.
> if (isset($_REQUEST['topic'])) {
> return $_REQUEST['topic'];
> } elseif (isset($_REQUEST['topic'])) { // unreachable code
> return DB_getItem($_TABLES['topics'],
>'tid', "topic='{$_REQUEST['topic']}'");
lib-common.php already establishes a global variable $topic (by similar
means), so this piece of code may not be necessary at all. COM_siteHeader
() also handles the case of the topic ID of the current story and
updates the global $topic properly. So if you can make sure you're after
a call to COM_siteHeader() you don't even need the entire function.
Good catch. That function is well below our usual code quality :-/
bye, Dirk
--
http://www.haun-online.de/
http://geeklog.info/
More information about the geeklog-devel
mailing list