aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--admin/configuration.php26
1 files changed, 15 insertions, 11 deletions
diff --git a/admin/configuration.php b/admin/configuration.php
index 5a5f97eee..76a4123a2 100644
--- a/admin/configuration.php
+++ b/admin/configuration.php
@@ -103,8 +103,10 @@ $display_info_checkboxes = array(
);
$order_options = array(
- ' ORDER BY date_available DESC, file ASC, id ASC' => 'date_available DESC, file ASC, id ASC',
- ' ORDER BY file DESC, date_available DESC' => 'file DESC, date_available DESC',
+ ' ORDER BY date_available DESC, file ASC, id ASC' => 'Post date DESC, File name ASC',
+ ' ORDER BY date_available ASC, file ASC, id ASC' => 'Post date ASC, File name ASC',
+ ' ORDER BY file DESC, date_available DESC, id ASC' => 'File name DESC, Post date DESC',
+ ' ORDER BY file ASC, date_available DESC, id ASC' => 'File name ASC, Post date DESC',
'custom' => l10n('Custom'),
);
@@ -117,19 +119,20 @@ if (isset($_POST['submit']))
{
case 'main' :
{
- $order_regex = '#^(( *)(id|file|name|date_available|date_creation|hit|average_rate|comment|author|filesize|width|height|high_filesize|high_width|high_height) (ASC|DESC),{1}){1,}$#';
+ $order_regex = '#^(([ \w\']{2,}) (ASC|DESC),{1}){1,}$#';
// process 'order_by_perso' string
if ($_POST['order_by'] == 'custom' AND !empty($_POST['order_by_perso']))
{
+ $_POST['order_by_perso'] = stripslashes(trim($_POST['order_by_perso']));
$_POST['order_by'] = str_ireplace(
- array('order by ', 'asc', 'desc'),
- array(null, 'ASC', 'DESC'),
- trim($_POST['order_by_perso'])
+ array('order by ', 'asc', 'desc', '"'),
+ array(null, 'ASC', 'DESC', '\''),
+ $_POST['order_by_perso']
);
if (preg_match($order_regex, $_POST['order_by'].','))
{
- $_POST['order_by'] = ' ORDER BY '.$_POST['order_by'];
+ $_POST['order_by'] = ' ORDER BY '.addslashes($_POST['order_by']);
}
else
{
@@ -147,15 +150,16 @@ if (isset($_POST['submit']))
}
else if ($_POST['order_by_inside_category'] == 'custom' AND !empty($_POST['order_by_inside_category_perso']))
{
+ $_POST['order_by_inside_category_perso'] = stripslashes(trim($_POST['order_by_inside_category_perso']));
$_POST['order_by_inside_category'] = str_ireplace(
- array('order by ', 'asc', 'desc'),
- array(null, 'ASC', 'DESC'),
- trim($_POST['order_by_inside_category_perso'])
+ array('order by ', 'asc', 'desc', '"'),
+ array(null, 'ASC', 'DESC', '\''),
+ $_POST['order_by_inside_category_perso']
);
if (preg_match($order_regex, $_POST['order_by_inside_category'].','))
{
- $_POST['order_by_inside_category'] = ' ORDER BY '.$_POST['order_by_inside_category'];
+ $_POST['order_by_inside_category'] = ' ORDER BY '.addslashes($_POST['order_by_inside_category']);
}
else
{