diff -r 112debff64bd -r 5f1cd51bf1be includes/functions.php --- a/includes/functions.php Sat Dec 15 18:10:14 2007 -0500 +++ b/includes/functions.php Tue Dec 18 23:44:55 2007 -0500 @@ -565,7 +565,7 @@ $q = $db->sql_query('SELECT p.urlname, p.namespace, p.name, p.namespace=\'Category\' AS is_category FROM '.table_prefix.'categories AS c LEFT JOIN '.table_prefix.'pages AS p ON ( p.urlname = c.page_id AND p.namespace = c.namespace ) - WHERE c.category_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' + WHERE c.category_id=\'' . $db->escape($paths->page_id) . '\' ORDER BY is_category DESC, p.name ASC;'); if ( !$q ) { @@ -677,7 +677,7 @@ echo ''; echo '
Categories: '; - $where = '( c.page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND c.namespace=\'' . $db->escape($paths->namespace) . '\' )'; + $where = '( c.page_id=\'' . $db->escape($paths->page_id) . '\' AND c.namespace=\'' . $db->escape($paths->namespace) . '\' )'; $prefix = table_prefix; $sql = <<namespace != 'File') return null; // Prevent unnecessary work - $selfn = $paths->cpage['urlname_nons']; // substr($paths->page, strlen($paths->nslist['File']), strlen($paths->cpage)); - if(substr($paths->cpage['name'], 0, strlen($paths->nslist['File']))==$paths->nslist['File']) $selfn = substr($paths->cpage['urlname_nons'], strlen($paths->nslist['File']), strlen($paths->cpage['urlname_nons'])); + $selfn = $paths->page_id; // substr($paths->page, strlen($paths->nslist['File']), strlen($paths->cpage)); + if(substr($paths->cpage['name'], 0, strlen($paths->nslist['File']))==$paths->nslist['File']) $selfn = substr($paths->page_id, strlen($paths->nslist['File']), strlen($paths->page_id)); $q = $db->sql_query('SELECT mimetype,time_id,size FROM '.table_prefix.'files WHERE page_id=\''.$selfn.'\' ORDER BY time_id DESC;'); if(!$q) $db->_die('The file type could not be fetched.'); - if($db->numrows() < 1) { echo '

Uploaded file

There are no files uploaded with this name yet. Upload a file...


'; return; } + if($db->numrows() < 1) { echo '

Uploaded file

There are no files uploaded with this name yet. Upload a file...


'; return; } $r = $db->fetchrow(); $mimetype = $r['mimetype']; $datestring = date('F d, Y h:i a', (int)$r['time_id']); @@ -2418,7 +2418,6 @@ function sanitize_page_id($page_id) { - // Remove character escapes $page_id = dirtify_page_id($page_id); @@ -2473,11 +2472,17 @@ $page_id = str_replace(' ', '_', $page_id); // Exception for userpages for IP addresses - if ( preg_match('/^' . preg_quote($paths->nslist['User']) . '/', $page_id) ) + if ( isset($paths->nslist['User']) ) { - $ip = preg_replace('/^' . preg_quote($paths->nslist['User']) . '/', '', $page_id); - if ( is_valid_ip($ip) ) - return $page_id; + if ( preg_match('/^' . preg_quote($paths->nslist['User']) . '/', $page_id) ) + { + $ip = preg_replace('/^' . preg_quote($paths->nslist['User']) . '/', '', $page_id); + if ( is_valid_ip($ip) ) + { + die('valid IP'); + return $page_id; + } + } } preg_match_all('/\.[A-Fa-f0-9][A-Fa-f0-9]/', $page_id, $matches);