diff options
| author | nobody <nobody@localhost> | 2004-06-27 00:05:32 +0000 |
|---|---|---|
| committer | nobody <nobody@localhost> | 2004-06-27 00:05:32 +0000 |
| commit | 0c1d741ff4792d486258b390cf50cf3f9e229511 (patch) | |
| tree | 55961c46b433ade0739763bee2ba3c4843d13751 /includes/SpecialUndelete.php | |
| parent | d5c8171a3157337557bc54ecb730d7dd35778ca3 (diff) | |
| parent | 1aaed5fd7c7f4d7ea7abbfc7915bab5954d60a30 (diff) | |
| download | mediawikicore-1.3.0beta4a.tar.gz mediawikicore-1.3.0beta4a.zip | |
This commit was manufactured by cvs2svn to create tag1.3.0beta4a
'REL1_3_0beta4a'.
Diffstat (limited to 'includes/SpecialUndelete.php')
| -rw-r--r-- | includes/SpecialUndelete.php | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/includes/SpecialUndelete.php b/includes/SpecialUndelete.php index 9f2f8e2963e6..e504b31a9edc 100644 --- a/includes/SpecialUndelete.php +++ b/includes/SpecialUndelete.php @@ -79,7 +79,8 @@ class UndeleteForm { if(!preg_match("/[0-9]{14}/",$timestamp)) return 0; $sql = "SELECT ar_text,ar_flags FROM archive ". - "WHERE ar_namespace={$namespace} AND ar_title=\"{$title}\" AND ar_timestamp={$timestamp}"; + "WHERE ar_namespace={$namespace} AND ar_title='" . + wfStrencode( $title ) . "' AND ar_timestamp='" . wfStrencode( $timestamp ) ."'"; $ret = wfQuery( $sql, DB_READ, $fname ); $row = wfFetchObject( $ret ); @@ -97,8 +98,8 @@ class UndeleteForm { $wgOut->setPagetitle( wfMsg( "undeletepage" ) ); # Get text of first revision - $sql = "SELECT ar_text FROM archive WHERE ar_namespace={$namespace} AND ar_title=\"{$title}\" - ORDER BY ar_timestamp DESC LIMIT 1"; + $sql = "SELECT ar_text FROM archive WHERE ar_namespace={$namespace} AND ar_title='" . + wfStrencode( $title ) . "' ORDER BY ar_timestamp DESC LIMIT 1"; $ret = wfQuery( $sql, DB_READ ); if( wfNumRows( $ret ) == 0 ) { @@ -110,8 +111,8 @@ class UndeleteForm { # Get remaining revisions $sql = "SELECT ar_minor_edit,ar_timestamp,ar_user,ar_user_text,ar_comment - FROM archive WHERE ar_namespace={$namespace} AND ar_title=\"{$title}\" - ORDER BY ar_timestamp DESC"; + FROM archive WHERE ar_namespace={$namespace} AND ar_title='" . wfStrencode( $title ) . + "' ORDER BY ar_timestamp DESC"; $ret = wfQuery( $sql, DB_READ ); # Ditch first row $row = wfFetchObject( $ret ); @@ -126,7 +127,8 @@ class UndeleteForm { <input type=submit name=\"restore\" value=\"".wfMsg("undeletebtn")."\"> </form>"); - $log = wfGetSQL("cur", "cur_text", "cur_namespace=4 AND cur_title=\"".wfMsg("dellogpage")."\"" ); + $log = wfGetSQL("cur", "cur_text", "cur_namespace=4 AND cur_title='". + wfStrencode( wfMsg("dellogpage") ) . "'" ); if(preg_match("/^(.*". preg_quote( ($namespace ? ($wgLang->getNsText($namespace) . ":") : "") . str_replace("_", " ", $title), "/" ).".*)$/m", $log, $m)) { @@ -140,7 +142,7 @@ class UndeleteForm { $sk->makeKnownLink( $wgLang->specialPage( "Undelete" ), $wgLang->timeanddate( $row->ar_timestamp, true ), "target=" . urlencode($this->mTarget) . "×tamp={$row->ar_timestamp}" ) . " " . - ". . {$row->ar_user_text}" . + ". . " . htmlspecialchars( $row->ar_user_text ) . " <i>(" . htmlspecialchars($row->ar_comment) . "</i>)\n"); } @@ -160,7 +162,7 @@ class UndeleteForm { $wgOut->fatalError( wfMsg( "cannotundelete" ) ); return; } - $t = addslashes($title); + $t = wfStrencode($title); # Move article and history from the "archive" table $sql = "SELECT COUNT(*) AS count FROM cur WHERE cur_namespace={$namespace} AND cur_title='{$t}'"; |