зеркало из https://github.com/mozilla/gecko-dev.git
Add Form Keys to Forms, patch by Chris Thomas, r=Wolf. Fix Preview Manager to have a max-size limit on images. Fix category manager to stop ignoring the app variable and showing all items.
This commit is contained in:
Родитель
11356de8db
Коммит
d36f674d20
|
@ -27,13 +27,15 @@ if (!$function) {
|
|||
?>
|
||||
<?php
|
||||
if ($_POST["submit"]=="Create Category") {
|
||||
if ($_POST[cattype]=="other") {$_POST["cattype"]=$_POST["othertype"];}
|
||||
$catname = $_POST["catname"];
|
||||
$catdesc = $_POST["catdesc"];
|
||||
$cattype = $_POST["cattype"];
|
||||
$catapp = $_POST["catapp"];
|
||||
$sql = "INSERT INTO `t_categories` (`CatName`, `CatDesc`, `CatType`, `CatApp`) VALUES ('$catname', '$catdesc', '$cattype', '$catapp');";
|
||||
if ($_POST[cattype]=="other") $_POST["cattype"]=$_POST["othertype"];
|
||||
$catname = $_POST["catname"];
|
||||
$catdesc = $_POST["catdesc"];
|
||||
$cattype = $_POST["cattype"];
|
||||
$catapp = $_POST["catapp"];
|
||||
if (checkFormKey()) {
|
||||
$sql = "INSERT INTO `t_categories` (`CatName`, `CatDesc`, `CatType`, `CatApp`) VALUES ('$catname', '$catdesc', '$cattype', '$catapp');";
|
||||
$result = mysql_query($sql) or trigger_error("<div class=\"error\">MySQL Error ".mysql_errno().": ".mysql_error()."</div>", E_USER_NOTICE);
|
||||
}
|
||||
}
|
||||
?>
|
||||
<h1>Manage Category List</h1>
|
||||
|
@ -70,7 +72,7 @@ $typenames = array("E"=>"Extensions", "T"=>"Themes","P"=>"Plugins");
|
|||
|
||||
<?php
|
||||
$i=0;
|
||||
$sql = "SELECT * FROM `t_categories` WHERE `CatType` LIKE '$type' ORDER BY `CatType`,`CatName`";
|
||||
$sql = "SELECT * FROM `t_categories` WHERE `CatType` LIKE '$type' AND `CatApp`='$application' ORDER BY `CatType`,`CatName`";
|
||||
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
|
||||
while ($row = mysql_fetch_array($sql_result)) {
|
||||
$categoryid = $row["CategoryID"];
|
||||
|
@ -86,13 +88,13 @@ $typenames = array("E"=>"Extensions", "T"=>"Themes","P"=>"Plugins");
|
|||
echo"</tr>\n";
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
?>
|
||||
</table>
|
||||
<h2>New Category for <?php echo ucwords($application); ?><BR></h2>
|
||||
<div style="font-size: 10pt; font-weight: bold">
|
||||
<form name="addapplication" method="post" action="?function=&action=addnewcategory">
|
||||
<?writeFormKey();?>
|
||||
<input name="catapp" type="hidden" value="<?php echo strtolower($application); ?>">
|
||||
Name: <input name="catname" type="text" value="" size="30" maxlength="100"><BR>
|
||||
Description: <input name="catdesc" type="text" value="" size="50" maxlength="100"><BR>
|
||||
|
@ -124,17 +126,20 @@ if ($_POST["submit"] == "Update") {
|
|||
$catname = $_POST["catname"];
|
||||
$catdesc = $_POST["catdesc"];
|
||||
$cattype = $_POST["cattype"];
|
||||
if (checkFormKey()) {
|
||||
$sql = "UPDATE `t_categories` SET `CatName`='$catname', `CatDesc`='$catdesc', `CatType`='$cattype' WHERE `CategoryID`='$categoryid'";
|
||||
$sql_result = mysql_query($sql, $connection) or trigger_error("<div class=\"error\">MySQL Error ".mysql_errno().": ".mysql_error()."</div>", E_USER_NOTICE);
|
||||
|
||||
echo"Your update to $catname, has been submitted successfully...<br>";
|
||||
echo"Your update to $catname, has been submitted successfully...<br>";
|
||||
}
|
||||
|
||||
} else if ($_POST["submit"] == "Delete Category") {
|
||||
echo"<h2>Processing Delete Request, please wait...</h2>\n";
|
||||
$categoryid = $_POST["categoryid"];
|
||||
$sql = "DELETE FROM `t_categories` WHERE `CategoryID`='$categoryid'";
|
||||
$sql_result = mysql_query($sql, $connection) or trigger_error("<div class=\"error\">MySQL Error ".mysql_errno().": ".mysql_error()."</div>", E_USER_NOTICE);
|
||||
|
||||
if (checkFormKey()) {
|
||||
$sql = "DELETE FROM `t_categories` WHERE `CategoryID`='$categoryid'";
|
||||
$sql_result = mysql_query($sql, $connection) or trigger_error("<div class=\"error\">MySQL Error ".mysql_errno().": ".mysql_error()."</div>", E_USER_NOTICE);
|
||||
}
|
||||
echo"You've successfully deleted the category '$catname'...<br>";
|
||||
}
|
||||
|
||||
|
@ -153,6 +158,7 @@ if (!$categoryid) { $categoryid = $_POST["categoryid"]; }
|
|||
<div class="editbox">
|
||||
<h3>Edit Category <?php echo"$catname for ".ucwords($catapp); ?>:</h3>
|
||||
<form name="editcategory" method="post" action="?function=editcategory">
|
||||
<?writeFormKey();?>
|
||||
<?php
|
||||
echo"Name: <input name=\"catname\" type=\"text\" value=\"$catname\" size=\"30\" maxlength=\"100\"><br>\n";
|
||||
echo"Description: <input name=\"catdesc\" type=\"text\" value=\"$catdesc\" size=\"50\" maxlength=\"100\"><br>\n";
|
||||
|
@ -166,6 +172,7 @@ if (!$categoryid) { $categoryid = $_POST["categoryid"]; }
|
|||
<A HREF="?function=">«« Return to Category Manager</A>
|
||||
</div>
|
||||
<?php
|
||||
|
||||
} else {}
|
||||
?>
|
||||
|
||||
|
|
|
@ -67,7 +67,7 @@ if (!$function) {
|
|||
|
||||
<h2><a href="?function=addentry">New FAQ Entry</A></h2>
|
||||
<form name="addapplication" method="post" action="?function=addentry">
|
||||
|
||||
<?writeFormKey();?>
|
||||
Title: <input name="title" type="text" size="30" maxlength="150" value="">
|
||||
<input name="submit" type="submit" value="Next »»"></SPAN>
|
||||
</form>
|
||||
|
@ -85,23 +85,27 @@ if (!$function) {
|
|||
$text = $_POST["text"];
|
||||
$active = $_POST["active"];
|
||||
$id = $_POST["id"];
|
||||
$sql = "UPDATE `t_faq` SET `title`='$title', `index`='$index', `alias`='$alias', `text`='$text', `active`='$active' WHERE `id`='$id'";
|
||||
$sql_result = mysql_query($sql, $connection) or trigger_error("<div class=\"error\">MySQL Error ".mysql_errno().": ".mysql_error()."</div>", E_USER_NOTICE);
|
||||
if ($sql_result) {
|
||||
echo"Your update to '$title', has been successful.<br>";
|
||||
if (checkFormKey()) {
|
||||
$sql = "UPDATE `t_faq` SET `title`='$title', `index`='$index', `alias`='$alias', `text`='$text', `active`='$active' WHERE `id`='$id'";
|
||||
$sql_result = mysql_query($sql, $connection) or trigger_error("<div class=\"error\">MySQL Error ".mysql_errno().": ".mysql_error()."</div>", E_USER_NOTICE);
|
||||
if ($sql_result) {
|
||||
echo"Your update to '$title', has been successful.<br>";
|
||||
}
|
||||
}
|
||||
|
||||
} else if ($_POST["submit"] == "Delete Entry") {
|
||||
echo"<h2>Processing, please wait...</h2>\n";
|
||||
$id = $_POST["id"];
|
||||
$title = $_POST["title"];
|
||||
$sql = "DELETE FROM `t_faq` WHERE `id`='$id'";
|
||||
$sql_result = mysql_query($sql, $connection) or trigger_error("<div class=\"error\">MySQL Error ".mysql_errno().": ".mysql_error()."</div>", E_USER_NOTICE);
|
||||
if ($sql_result) {
|
||||
echo"You've successfully deleted the FAQ Entry '$title'.";
|
||||
include"$page_footer";
|
||||
echo"</body>\n</html>\n";
|
||||
exit;
|
||||
if (checkFormKey()) {
|
||||
$sql = "DELETE FROM `t_faq` WHERE `id`='$id'";
|
||||
$sql_result = mysql_query($sql, $connection) or trigger_error("<div class=\"error\">MySQL Error ".mysql_errno().": ".mysql_error()."</div>", E_USER_NOTICE);
|
||||
if ($sql_result) {
|
||||
echo"You've successfully deleted the FAQ Entry '$title'.";
|
||||
include"$page_footer";
|
||||
echo"</body>\n</html>\n";
|
||||
exit;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -113,6 +117,7 @@ if (!$function) {
|
|||
|
||||
<h3>Edit FAQ Entry:</h3>
|
||||
<form name="editfaq" method="post" action="?function=edit">
|
||||
<?writeFormKey();?>
|
||||
<?php
|
||||
echo"<input name=\"id\" type=\"hidden\" value=\"".$row["id"]."\" />\n";
|
||||
echo"Title: <input name=\"title\" type=\"text\" size=\"40\" maxlength=\"150\" value=\"".$row["title"]."\"> ";
|
||||
|
@ -164,16 +169,19 @@ if ($active=="YES") {
|
|||
$text = $_POST["text"];
|
||||
$active = $_POST["active"];
|
||||
$id = $_POST["id"];
|
||||
$sql = "INSERT INTO `t_faq` (`title`,`index`,`alias`, `text`, `active`) VALUES ('$title','$index','$alias', '$text', '$active')";
|
||||
$sql_result = mysql_query($sql, $connection) or trigger_error("<div class=\"error\">MySQL Error ".mysql_errno().": ".mysql_error()."</div>", E_USER_NOTICE);
|
||||
if ($sql_result) {
|
||||
if (checkFormKey()) {
|
||||
$sql = "INSERT INTO `t_faq` (`title`,`index`,`alias`, `text`, `active`) VALUES ('$title','$index','$alias', '$text', '$active')";
|
||||
$sql_result = mysql_query($sql, $connection) or trigger_error("<div class=\"error\">MySQL Error ".mysql_errno().": ".mysql_error()."</div>", E_USER_NOTICE);
|
||||
if ($sql_result) {
|
||||
echo"The entry '$title' has been successfully added.<br>\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
<h2>Add FAQ Entry:</h2>
|
||||
<form name="addfaq" method="post" action="?function=addentry">
|
||||
<?writeFormKey();?>
|
||||
<?php
|
||||
$title = $_POST["title"];
|
||||
|
||||
|
|
|
@ -3,7 +3,8 @@ require"../core/config.php";
|
|||
require"core/sessionconfig.php";
|
||||
|
||||
$password = md5($_POST[password]);
|
||||
$sql = "SELECT DISTINCT `UserID`, `UserEmail`,`UserName`,`UserMode`,`UserTrusted` FROM `t_userprofiles` WHERE `UserEmail` = '$_POST[email]' && `UserPass` = '$password' LIMIT 1";
|
||||
$email = $_POST["email"];
|
||||
$sql = "SELECT DISTINCT `UserID`, `UserEmail`,`UserName`,`UserMode`,`UserTrusted` FROM `t_userprofiles` WHERE `UserEmail` = '$email' && `UserPass` = '$password' LIMIT 1";
|
||||
$sql_result = mysql_query($sql, $connection) or trigger_error("<FONT COLOR=\"#FF0000\"><B>MySQL Error ".mysql_errno().": ".mysql_error()."</B></FONT>", E_USER_NOTICE);
|
||||
$num = mysql_num_rows($sql_result);
|
||||
|
||||
|
|
|
@ -191,6 +191,11 @@ if ($type=="2" or $type=="3") {
|
|||
|
||||
//Destination Properties for the Display Image
|
||||
//Output Image Dimensions
|
||||
|
||||
//Limit Max.
|
||||
if ($width > "690") {$width="690";}
|
||||
if ($width > "520") {$width="520";}
|
||||
|
||||
$dest_width="$width"; // Destination Width /$tn_size_width
|
||||
$dest_height_fixed="$height"; // Destination Height / $tn_size_height (Fixed)
|
||||
$dest_height= ($src_height * $dest_width) / $src_width; // (Aspect Ratio Variable Height
|
||||
|
|
Загрузка…
Ссылка в новой задаче