Browse Source

Clean up code for modifying screenshots

spaghetti 3 years ago
parent
commit
a00164cb21
1 changed files with 25 additions and 26 deletions
  1. 25
    26
      sections/torrents/screenshotedit.php

+ 25
- 26
sections/torrents/screenshotedit.php View File

@@ -11,30 +11,27 @@ if (!check_perms('torrents_edit') && !check_perms('screenshots_add') && !check_p
11 11
   $DB->query("
12 12
     SELECT UserID
13 13
     FROM torrents
14
-    WHERE GroupID = $GroupID");
14
+    WHERE GroupID = ?", $GroupID);
15 15
   if (!in_array($LoggedUser['ID'], $DB->collect('UserID'))) {
16 16
     error(403);
17 17
   }
18 18
 }
19 19
 
20
-$Screenshots = isset($_POST['screenshots']) ? $_POST['screenshots'] : [];
20
+$Screenshots = $_POST['screenshots'] ?? [];
21
+$Screenshots = array_map("trim", $Screenshots);
22
+$Screenshots = array_filter($Screenshots, function($s) {
23
+  return preg_match('/^'.IMAGE_REGEX.'$/i', $s);
24
+});
25
+$Screenshots = array_unique($Screenshots);
21 26
 
22 27
 if (count($Screenshots) > 10) {
23
-  error(0);
24
-}
25
-
26
-$ScreenshotsEscaped = [];
27
-
28
-foreach ($Screenshots as $i => $Screenshot) {
29
-  if (!preg_match('/^'.IMAGE_REGEX.'$/i', trim($Screenshot)))
30
-    error(0);
31
-  $Screenshots[$i] = db_string(trim($Screenshot));
28
+  error("You cannot add more than 10 screenshots to a group");
32 29
 }
33 30
 
34 31
 $DB->query("
35 32
   SELECT UserID, Image
36 33
   FROM torrents_screenshots
37
-  WHERE GroupID = $GroupID");
34
+  WHERE GroupID = ?", $GroupID);
38 35
 
39 36
 // $Old is an array of the form URL => UserID where UserID is the ID of the User who originally uploaded that image.
40 37
 $Old = [];
@@ -53,8 +50,6 @@ if (!empty($Old)) {
53 50
 
54 51
 // Deletion
55 52
 if (!empty($Deleted)) {
56
-  $sql = "DELETE FROM torrents_screenshots WHERE Image IN ('";
57
-
58 53
   if (check_perms('screenshots_delete') || check_perms('torrents_edit')) {
59 54
     $DeleteList = $Deleted;
60 55
   } else {
@@ -70,29 +65,33 @@ if (!empty($Deleted)) {
70 65
   }
71 66
 
72 67
   if (!empty($DeleteList)) {
73
-    $sql .= implode("', '", $DeleteList) . "')";
74
-    $DB->query($sql);
75
-  }
68
+    $ScreenDel = '';
69
+    $DB->prepare_query("DELETE FROM torrents_screenshots WHERE Image = ?", $ScreenDel);
70
+    foreach ($DeleteList as $ScreenDel) {
71
+      $DB->exec_prepared_query();
72
+    }
76 73
 
74
+    Torrents::write_group_log($GroupID, 0, $LoggedUser['ID'], "Deleted screenshot(s) ".implode(' , ', $DeleteList), 0);
75
+    Misc::write_log("Screenshots ( ".implode(' , ', $DeleteList)." ) deleted from Torrent Group ".$GroupID." by ".$LoggedUser['Username']);
76
+  }
77 77
 }
78 78
 
79 79
 // New screenshots
80
-foreach ($New as $Screenshot) {
81
-  $DB->query("
80
+if (!empty($New)) {
81
+  $Screenshot = '';
82
+  $DB->prepare_query("
82 83
     INSERT INTO torrents_screenshots
83 84
       (GroupID, UserID, Time, Image)
84 85
     VALUES
85
-      ($GroupID, $LoggedUser[ID], NOW(), '$Screenshot')");
86
-}
86
+      (?, ?, NOW(), ?)",
87
+    $GroupID, $LoggedUser['ID'], $Screenshot);
88
+  foreach ($New as $Screenshot) {
89
+    $DB->exec_prepared_query();
90
+  }
87 91
 
88
-if (!empty($New)) {
89 92
   Torrents::write_group_log($GroupID, 0, $LoggedUser['ID'], "Added screenshot(s) ".implode(' , ', $New), 0);
90 93
   Misc::write_log("Screenshots ( ".implode(' , ', $New)." ) added to Torrent Group ".$GroupID." by ".$LoggedUser['Username']);
91 94
 }
92
-if (!empty($DeleteList)) {
93
-  Torrents::write_group_log($GroupID, 0, $LoggedUser['ID'], "Deleted screenshot(s) ".implode(' , ', $DeleteList), 0);
94
-  Misc::write_log("Screenshots ( ".implode(' , ', $DeleteList)." ) deleted from Torrent Group ".$GroupID." by ".$LoggedUser['Username']);
95
-}
96 95
 
97 96
 $Cache->delete_value("torrents_details_".$GroupID);
98 97
 header("Location: torrents.php?id=$GroupID");

Loading…
Cancel
Save