Scotty13 Posted February 23, 2012 Share Posted February 23, 2012 I’m a newbie… Here’s my php script: search_rules.php(Line 33 - marked below)<?php*/function inc_exc_str($is_included){return $is_included ? l10n('included') : l10n('excluded');}// +-----------------------------------------------------------------------+// | initialization |// +-----------------------------------------------------------------------+define('PHPWG_ROOT_PATH','./');include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );check_status(ACCESS_FREE);include_once( PHPWG_ROOT_PATH.'include/functions_search.inc.php' );$page['body_id'] = 'thePopuphelpPage';$title = l10n('Piwigo Help');$page['page_banner'] = '';$page['meta_robots']=array('noindex'=>1, 'nofollow'=>1);include(PHPWG_ROOT_PATH.'include/page_header.php');$template->set_filenames(array('search_rules' => 'search_rules.tpl'));// +-----------------------------------------------------------------------+// | Textual rules creation |// +-----------------------------------------------------------------------+// Rules are stored in database, serialized in an array. This array must be// transformed into a list of textual rules. Line 33: $search = get_search_array($_GET['search_id']); if (isset($search['q'])){$template->append('search_words', $search['q']);}else{$template->assign(array('INTRODUCTION'=> 'OR' == $search['mode']? l10n('At least one listed rule must be satisfied.'): l10n('Each listed rule must be satisfied.'),));}if (isset($search['fields']['allwords'])){$template->append( 'search_words',sprintf(l10n('searched words : %s'),join(', ', $search['fields']['allwords']['words'])));}if (isset($search['fields']['tags'])){$template->assign('SEARCH_TAGS_MODE', $search['fields']['tags']['mode']); $query = 'SELECT nameFROM '.TAGS_TABLE.'WHERE id IN ('.implode(',', $search['fields']['tags']['words']).');';$template->assign('search_tags',array_from_query($query, 'name'));}if (isset($search['fields']['author'])){$template->append('search_words',sprintf(l10n('author(s) : %s'),join(', ', $search['fields']['author']['words'])));}if (isset($search['fields']['cat'])){if ($search['fields']['cat']['sub_inc']){// searching all the categories id of sub-categories$cat_ids = get_subcat_ids($search['fields']['cat']['words']);}else{$cat_ids = $search['fields']['cat']['words'];}$query = 'SELECT id, uppercats, global_rankFROM '.CATEGORIES_TABLE.'WHERE id IN ('.implode(',', $cat_ids).');';$result = pwg_query($query);$categories = array();if (!empty($result)){while ($row = pwg_db_fetch_assoc($result)){array_push($categories, $row);}}usort($categories, 'global_rank_compare');foreach ($categories as $category){$template->append('search_categories',get_cat_display_name_cache($category['uppercats'],null, // no url on category namesfalse // no blank replacement));}}foreach (array('date_available', 'date_creation') as $datefield){if ('date_available' == $datefield){$lang_items = array('date' => l10n('posted on %s'),'period' => l10n('posted between %s (%s) and %s (%s)'),'after' => l10n('posted after %s (%s)'),'before' => l10n('posted before %s (%s)'),);}elseif ('date_creation' == $datefield){$lang_items = array('date' => l10n('created on %s'),'period' => l10n('created between %s (%s) and %s (%s)'),'after' => l10n('created after %s (%s)'),'before' => l10n('created before %s (%s)'),);}$keys = array('date' => $datefield,'after' => $datefield.'-after','before' => $datefield.'-before',);if (isset($search['fields'][ $keys['date'] ])){$template->assign(strtoupper($datefield),sprintf($lang_items['date'],format_date($search['fields'][ $keys['date'] ])));}elseif (isset($search['fields'][ $keys['before'] ])and isset($search['fields'][ $keys['after'] ])){$template->assign(strtoupper($datefield),sprintf($lang_items['period'],format_date($search['fields'][ $keys['after'] ]['date']),inc_exc_str($search['fields'][ $keys['after'] ]['inc']),format_date($search['fields'][ $keys['before'] ]['date']),inc_exc_str($search['fields'][ $keys['before'] ]['inc'])));}elseif (isset($search['fields'][ $keys['before'] ])){$template->assign(strtoupper($datefield),sprintf($lang_items['before'],format_date($search['fields'][ $keys['before'] ]['date']),inc_exc_str($search['fields'][ $keys['before'] ]['inc'])));}elseif (isset($search['fields'][ $keys['after'] ])){$template->assign(strtoupper($datefield),sprintf($lang_items['after'],format_date($search['fields'][ $keys['after'] ]['date']),inc_exc_str($search['fields'][ $keys['after'] ]['inc'])));}}// +-----------------------------------------------------------------------+// | html code display |// +-----------------------------------------------------------------------+$template->pparse('search_rules');include(PHPWG_ROOT_PATH.'include/page_tail.php');?>Thanks in advance,Scotty13 Link to comment Share on other sites More sharing options...
Ingolme Posted February 23, 2012 Share Posted February 23, 2012 It might be testing for the data type and the data type of elements in the $_GET array are strings. Cast it to an integer like this: intval($_GET['search_id']) Link to comment Share on other sites More sharing options...
Scotty13 Posted February 23, 2012 Author Share Posted February 23, 2012 You’re a Godsend. Thank you! My headache is gone now! Do you mind helping with one more thing? I have one more page that’s giving me trouble… action.php Error: HTTP 400 Bad Request / webpage cannot be found (highlighted in red) <?phpdefine('PHPWG_ROOT_PATH','./');include_once(PHPWG_ROOT_PATH.'include/common.inc.php');// Check Access and exit when user status is not okcheck_status(ACCESS_GUEST);function guess_mime_type($ext){switch ( strtolower($ext) ){case "jpe": case "jpeg":case "jpg": $ctype="image/jpeg"; break;case "png": $ctype="image/png"; break;case "gif": $ctype="image/gif"; break;case "tiff":case "tif": $ctype="image/tiff"; break;case "txt": $ctype="text/plain"; break;case "html":case "htm": $ctype="text/html"; break;case "xml": $ctype="text/xml"; break;case "pdf": $ctype="application/pdf"; break;case "zip": $ctype="application/zip"; break;case "ogg": $ctype="application/ogg"; break;default: $ctype="application/octet-stream";}return $ctype;}function do_error( $code, $str ){set_status_header( $code );echo $str ;exit();} if (!isset($_GET['id'])or !is_numeric($_GET['id'])or !isset($_GET['part'])or !in_array($_GET['part'], array('t','e','i','h') ) ){do_error(400, 'Invalid request - id/part');}$query = 'SELECT * FROM '. IMAGES_TABLE.'WHERE id='.$_GET['id'].';';$result = pwg_query($query);$element_info = pwg_db_fetch_assoc($result);if ( empty($element_info) ){do_error(404, 'Requested id not found');}// $filter['visible_categories'] and $filter['visible_images']// are not used because it's not necessary (filter <> restriction)$query='SELECT idFROM '.CATEGORIES_TABLE.'INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON category_id = idWHERE image_id = '.$_GET['id'].''.get_sql_condition_FandF(array('forbidden_categories' => 'category_id','forbidden_images' => 'image_id',),' AND').'LIMIT 1;';if ( pwg_db_num_rows(pwg_query($query))<1 ){do_error(401, 'Access denied');}include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');$file='';switch ($_GET['part']){case 't':$file = get_thumbnail_path($element_info);break;case 'e':$file = get_element_path($element_info);break;case 'i':$file = get_image_path($element_info);break;case 'h':if ( $user['enabled_high']!='true' ){do_error(401, 'Access denied h');}$file = get_high_path($element_info);break;}if ( empty($file) ){do_error(404, 'Requested file not found');}if ($_GET['part'] == 'h') {pwg_log($_GET['id'], 'high');}else if ($_GET['part'] == 'e'){pwg_log($_GET['id'], 'other');}$http_headers = array();$ctype = null;if (!url_is_remote($file)){if ( !@is_readable($file) ){do_error(404, "Requested file not found - $file");}$http_headers[] = 'Content-Length: '.@filesize($file);if ( function_exists('mime_content_type') ){$ctype = mime_content_type($file);}$gmt_mtime = gmdate('D, d M Y H:i:s', filemtime($file)).' GMT';$http_headers[] = 'Last-Modified: '.$gmt_mtime;// following lines would indicate how the client should handle the cache/* $max_age=300;$http_headers[] = 'Expires: '.gmdate('D, d M Y H:i:s', time()+$max_age).' GMT';// HTTP/1.1 only$http_headers[] = 'Cache-Control: private, must-revalidate, max-age='.$max_age;*/if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ){set_status_header(304);foreach ($http_headers as $header){header( $header );}exit();}}if (!isset($ctype)){ // give it a guess$ctype = guess_mime_type( get_extension($file) );}$http_headers[] = 'Content-Type: '.$ctype;if (!isset($_GET['view'])){$http_headers[] = 'Content-Disposition: attachment; filename="'.$element_info['file'].'";';$http_headers[] = 'Content-Transfer-Encoding: binary';}else{$http_headers[] = 'Content-Disposition: inline; filename="'.basename($file).'";';}foreach ($http_headers as $header){header( $header );}// Looking at the safe_mode configuration for execution timeif (ini_get('safe_mode') == 0){@set_time_limit(0);}@readfile($file);?> Link to comment Share on other sites More sharing options...
Scotty13 Posted February 23, 2012 Author Share Posted February 23, 2012 Oh NO! I just notice on my page located on the top / center of my browser page. It says... home/******/public_html/root/******/search_rules.php on line 60Line 60:Line 61: $search = intval($_GET['search_id']); Link to comment Share on other sites More sharing options...
justsomeguy Posted February 23, 2012 Share Posted February 23, 2012 This code: if (!isset($_GET['id'])or !is_numeric($_GET['id'])or !isset($_GET['part'])or !in_array($_GET['part'], array('t','e','i','h') ) ){ do_error(400, 'Invalid request - id/part');} sends that error if any one of those 4 conditions is true. So it will show the error if the URL does not contain an "id" value, or if the ID is not numeric, or if the URL does not contain a "part" value, or if the part is not one of the 4 letters listed. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.