Mercurial > hg > fapweb

changeset 296:bbdf1b9c5a07

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Check compo_id in compo entry addition.
author Matti Hamalainen <ccr@tnsp.org>
date Mon, 25 Nov 2013 18:43:31 +0200
parents e387d717cf46
children fdcd78675d1c
files admajax.php
diffstat 1 files changed, 12 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/admajax.php	Mon Nov 25 15:40:21 2013 +0200
+++ b/admajax.php	Mon Nov 25 18:43:31 2013 +0200
@@ -554,11 +554,18 @@
     else
     if ($type == "entry" && stValidateRequestEntryData($fake))
     {
-      $sql = stPrepareSQL(
-        "INSERT INTO entries (name,author,compo_id,filename,info) VALUES (%S,%S,%D,%S,%S)",
-        "name", "author", "compo_id", "filename", "info");
+      if (stFetchSQLColumn(stPrepareSQL("SELECT id FROM compos WHERE id=%D", "compo_id")) === FALSE)
+      {
+        stError("No such compo ID.");
+      }
+      else
+      {
+        $sql = stPrepareSQL(
+          "INSERT INTO entries (name,author,compo_id,filename,info) VALUES (%S,%S,%D,%S,%Q)",
+          "name", "author", "compo_id", "filename", "info");
 
-      stExecSQLCond($sql, "OK, entry added.");
+        stExecSQLCond($sql, "OK, entry added.");
+      }
     }
     break;
 
@@ -633,7 +640,7 @@
               "name" => "S",
               "author" => "S",
               "filename" => "S",
-              "info" => "S",
+              "info" => "Q",
               "compo_id" => "D",
             ));