From 8bd8d33ab03e11f95fda041b629128122ddd8a71 Mon Sep 17 00:00:00 2001
From: e107steved <steved@e107.org>
Date: Fri, 6 Jun 2008 19:14:20 +0000
Subject: [PATCH] Extra checking

---
 e107_admin/download.php | 20 +++++++++++++-------
 e107_admin/links.php    | 26 +++++++++++++++++---------
 e107_admin/users.php    |  6 +++---
 3 files changed, 33 insertions(+), 19 deletions(-)

diff --git a/e107_admin/download.php b/e107_admin/download.php
index 975fac530..f1a600576 100644
--- a/e107_admin/download.php
+++ b/e107_admin/download.php
@@ -11,8 +11,8 @@
 |     GNU General Public License (http://gnu.org).
 |
 |     $Source: /cvs_backup/e107_0.8/e107_admin/download.php,v $
-|     $Revision: 1.11 $
-|     $Date: 2008-05-25 16:10:46 $
+|     $Revision: 1.12 $
+|     $Date: 2008-06-06 19:14:20 $
 |     $Author: e107steved $
 +----------------------------------------------------------------------------+
 */
@@ -1512,15 +1512,21 @@ class download
 		$download_category_name = $tp->toDB($_POST['download_category_name']);
 		$download_category_description = $tp->toDB($_POST['download_category_description']);
 	  	$download_category_icon = $tp->toDB($_POST['download_category_icon']);
+		$download_category_class = $tp->toDB($_POST['download_category_class']);
+		$download_categoory_parent = intval($_POST['download_category_parent']);
 
-		if(isset($_POST['download_category_icon_empty']) && $_POST['download_category_icon_empty'] != ""){
+		if(isset($_POST['download_category_icon_empty']) && $_POST['download_category_icon_empty'] != "")
+		{
 			$download_category_icon .= trim(chr(1).$tp->toDB($_POST['download_category_icon_empty']));
 		}
 
-		if ($id) {
-			admin_update($sql->db_Update("download_category", "download_category_name='$download_category_name', download_category_description='$download_category_description', download_category_icon ='$download_category_icon', download_category_parent= '".intval($_POST['download_category_parent'])."', download_category_class='".$_POST['download_category_class']."' WHERE download_category_id='$id'"), 'update', DOWLAN_48);
-		} else {
-			admin_update($sql->db_Insert("download_category", "0, '$download_category_name', '$download_category_description', '$download_category_icon', '".intval($_POST['download_category_parent'])."', '".$_POST['download_category_class']."', 0 "), 'insert', DOWLAN_47);
+		if ($id) 
+		{
+		  admin_update($sql->db_Update("download_category", "download_category_name='{$download_category_name}', download_category_description='{$download_category_description}', download_category_icon ='{$download_category_icon}', download_category_parent= '{$download_categoory_parent}', download_category_class='{$download_category_class}' WHERE download_category_id='{$id}'"), 'update', DOWLAN_48);
+		} 
+		else 
+		{
+		  admin_update($sql->db_Insert("download_category", "0, '{$download_category_name}', '{$download_category_description}', '{$download_category_icon}', '{$download_categoory_parent}', '{$download_category_class}', 0 "), 'insert', DOWLAN_47);
 		}
 		if ($sub_action == "sn") {
 			$sql->db_Delete("tmp", "tmp_time='$id' ");
diff --git a/e107_admin/links.php b/e107_admin/links.php
index 5f37f0955..96f0d489e 100644
--- a/e107_admin/links.php
+++ b/e107_admin/links.php
@@ -11,8 +11,8 @@
 |     GNU General Public License (http://gnu.org).
 |
 |     $Source: /cvs_backup/e107_0.8/e107_admin/links.php,v $
-|     $Revision: 1.9 $
-|     $Date: 2008-03-09 20:33:04 $
+|     $Revision: 1.10 $
+|     $Date: 2008-06-06 19:14:20 $
 |     $Author: e107steved $
 |
 | links.php?debug shows stored data for each link after name (before constant conversion)
@@ -554,12 +554,15 @@ class links
 	}
 
 
-	function submit_link($sub_action, $id) {
+	function submit_link($sub_action, $id) 
+	{
 		global $sql, $e107cache, $tp;
-		if(!is_object($tp)) {
+		if(!is_object($tp)) 
+		{
 			$tp=new e_parse;
 		}
 
+		$id = intval($id);
 		$parent_id = ($_POST['link_parent']) ? intval($_POST['link_parent']) : 0;
 
 		$link_name = $tp->toDB($_POST['link_name']);
@@ -568,17 +571,22 @@ class links
 
 		$link_description = $tp->toDB($_POST['link_description']);
 		$link_button = $tp->toDB($_POST['link_button']);
+		$link_render = intval($_POST['linkrender']);
+		$link_open = intval($_POST['linkopentype']);
+		$link_class = $tp->toDB($_POST['link_class']);
 
 		$link_t = $sql->db_Count("links", "(*)");
-		if ($id) {
-			$sql->db_Update("links", "link_parent='$parent_id', link_name='$link_name', link_url='$link_url', link_description='$link_description', link_button= '$link_button', link_category='".$_POST['linkrender']."', link_open='".$_POST['linkopentype']."', link_class='".$_POST['link_class']."' WHERE link_id='$id'");
+		if ($id) 
+		{
+		  $sql->db_Update("links", "link_parent='{$parent_id}', link_name='{$link_name}', link_url='{$link_url}', link_description='{$link_description}', link_button= '{$link_button}', link_category='{$link_render}', link_open='{$link_open}', link_class='{$link_class}' WHERE link_id='{$id}'");
 			//rename all sublinks to eliminate old embedded 'submenu' etc hierarchy.
 		    // this is for upgrade compatibility only. Current hierarchy uses link_parent.
-
 			$e107cache->clear("sitelinks");
 			$this->show_message(LCLAN_3);
-		} else {
-			$sql->db_Insert("links", "0, '$link_name', '$link_url', '$link_description', '$link_button', ".$_POST['linkrender'].", ".($link_t+1).", ".$parent_id.", ".$_POST['linkopentype'].", ".$_POST['link_class']);
+		} 
+		else 
+		{
+		  $sql->db_Insert("links", "0, '$link_name', '$link_url', '$link_description', '$link_button', ".$link_render.", ".($link_t+1).", ".$parent_id.", ".$link_open.", ".$link_class);
 			$e107cache->clear("sitelinks");
 			$this->show_message(LCLAN_2);
 		}
diff --git a/e107_admin/users.php b/e107_admin/users.php
index a2afd6a6c..2b3b28ab0 100644
--- a/e107_admin/users.php
+++ b/e107_admin/users.php
@@ -11,8 +11,8 @@
 |     GNU General Public License (http://gnu.org).
 |
 |     $Source: /cvs_backup/e107_0.8/e107_admin/users.php,v $
-|     $Revision: 1.14 $
-|     $Date: 2008-04-08 21:29:34 $
+|     $Revision: 1.15 $
+|     $Date: 2008-06-06 19:14:20 $
 |     $Author: e107steved $
 +----------------------------------------------------------------------------+
 */
@@ -639,7 +639,7 @@ class users
 
 		if (isset($_POST['searchquery']) && $_POST['searchquery'] != "")
 		{
-			$_POST['searchquery'] = trim($_POST['searchquery']);
+			$_POST['searchquery'] = $tp->toDB(trim($_POST['searchquery']));
       $query = "WHERE ".
 			$query .= (strpos($_POST['searchquery'], "@") !== FALSE) ? "user_email REGEXP('".$_POST['searchquery']."') OR ": "";
 			$query .= (strpos($_POST['searchquery'], ".") !== FALSE) ? "user_ip REGEXP('".$_POST['searchquery']."') OR ": "";