summaryrefslogtreecommitdiff
path: root/lib/notes
diff options
context:
space:
mode:
Diffstat (limited to 'lib/notes')
-rw-r--r--lib/notes/delete.php2
-rw-r--r--lib/notes/edit.php11
-rw-r--r--lib/notes/move.php8
-rw-r--r--lib/notes/new.php11
-rw-r--r--lib/notes/source.php6
-rw-r--r--lib/notes/user.php10
-rw-r--r--lib/notes/view.php6
7 files changed, 28 insertions, 26 deletions
diff --git a/lib/notes/delete.php b/lib/notes/delete.php
index 43dbf44..179f788 100644
--- a/lib/notes/delete.php
+++ b/lib/notes/delete.php
@@ -3,7 +3,7 @@
assert_redir(count($args) >= 3, 'notes');
$noteid = intval($args[2]);
-$note = mysql_fetch_assoc(sql("SELECT owner FROM notes WHERE id = $noteid"));
+$note = sql("SELECT owner FROM notes WHERE id = $noteid")->fetch();
assert_error($note && ($note['owner'] == $user['id'] || $user['priv'] >= $priv_admin),
"This note does not exist, or you are not allowed to delete it.");
diff --git a/lib/notes/edit.php b/lib/notes/edit.php
index ec479b0..cecbb2d 100644
--- a/lib/notes/edit.php
+++ b/lib/notes/edit.php
@@ -5,12 +5,12 @@ require("lib/markdown.php");
assert_redir(count($args) == 3, 'notes');
$noteid = intval($args[2]);
-$note = mysql_fetch_assoc(sql(
+$note = sql(
"SELECT na.id AS id, na.title AS title, na.text AS text, na.public AS public, na.owner AS owner, ".
"nb.title AS parent_title, nb.id AS parent_id, account.login AS ownername FROM notes na ".
"LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ".
"WHERE na.id = $noteid"
-));
+)->fetch();
assert_error($note && ($note['owner'] == $user['id'] || $user['priv'] >= $priv_admin),
"This note does not exist, or you are not allowed to edit it.");
@@ -29,9 +29,10 @@ if (isset($_POST['title']) && isset($_POST['text'])) {
$preview = $note_html;
$message = "Your preview is below the edit form.";
} else {
- sql("UPDATE notes SET title = '" . escs($note_title) . "', text = '" . escs($note_text) .
- "', text_html = '" . escs($note_html) . "', public = " . ($note_public?'1':'0') .
- " WHERE id = $noteid");
+ sql("UPDATE notes SET title = ?, text = ?, text_html = ?, ".
+ " public = " . ($note_public?'1':'0') .
+ " WHERE id = $noteid",
+ escs($note_title), escs($note_text), escs($note_html));
header("Location: view-notes-" . $noteid);
die();
}
diff --git a/lib/notes/move.php b/lib/notes/move.php
index d51b4ad..2f6375a 100644
--- a/lib/notes/move.php
+++ b/lib/notes/move.php
@@ -3,12 +3,12 @@
assert_redir(count($args) >= 3, 'notes');
$noteid = intval($args[2]);
-$note = mysql_fetch_assoc(sql(
+$note = sql(
"SELECT na.id AS id, na.title AS title, na.text AS text, na.public AS public, na.owner AS owner, ".
"nb.title AS parent_title, nb.id AS parent_id, account.login AS ownername FROM notes na ".
"LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ".
"WHERE na.id = $noteid"
-));
+)->fetch();
assert_error($note && ($note['owner'] == $user['id'] || $user['priv'] >= $priv_admin),
"This note does not exist, or you are not allowed to move it.");
@@ -16,7 +16,7 @@ if (count($args) == 4) {
$newparent = intval($args[3]);
// SHOULD CHECK FOR TREE CONSISTENCY, SKIP FOR NOW.
if ($newparent != 0) {
- $p = mysql_fetch_assoc(sql("SELECT id, owner FROM notes WHERE id = $newparent"));
+ $p = sql("SELECT id, owner FROM notes WHERE id = $newparent")->fetch();
}
if ($newparent != 0 && !$p) {
$error = "Selected parent does not exist.";
@@ -32,7 +32,7 @@ if (count($args) == 4) {
$notes_tree = array();
$n = sql("SELECT id, parent, title FROM notes ".
"WHERE owner = " . $user['id'] . " AND id != $noteid AND parent != $noteid ORDER BY title ASC");
-while ($nn = mysql_fetch_assoc($n)) {
+while ($nn = $n->fetch()) {
if (isset($notes_tree[$nn['parent']])) {
$notes_tree[$nn['parent']][] = $nn;
} else {
diff --git a/lib/notes/new.php b/lib/notes/new.php
index 1213b94..adad015 100644
--- a/lib/notes/new.php
+++ b/lib/notes/new.php
@@ -6,12 +6,12 @@ assert_redir(count($args) == 3, 'notes');
$parentid = intval($args[2]);
if ($parentid != 0) {
- $parent = mysql_fetch_assoc(sql(
+ $parent = sql(
"SELECT na.id AS id, na.title AS title, na.text_html AS html, na.public AS public, na.owner AS owner, ".
"nb.title AS parent_title, nb.id AS parent_id, account.login AS ownername FROM notes na ".
"LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ".
"WHERE na.id = $parentid"
- ));
+ )->fetch();
assert_error($parent && $parent['owner'] == $user['id'],
"The selected parent does not exist, or you cannot create children for it.");
}
@@ -28,9 +28,10 @@ if (isset($_POST['title']) && isset($_POST['text'])) {
$error = "You must enter a title for your note";
} else {
sql("INSERT INTO notes(owner, parent, title, text, text_html, public) ".
- "VALUES(" . $user['id'] . ", $parentid, '" . escs($note_title) . "', '" .
- escs($note_text) . "', '" . escs($note_html) . "', ". ($note_public?'1':'0') . ")");
- header("Location: view-notes-" . mysql_insert_id());
+ "VALUES(?, ?, ?, ?, ?, ". ($note_public?'1':'0') . ")",
+ $user['id'], $parentid, escs($note_title),
+ escs($note_text), escs($note_html));
+ header("Location: view-notes-" . $sql_conn->lastInsertId());
die();
}
}
diff --git a/lib/notes/source.php b/lib/notes/source.php
index d032d33..091ab8c 100644
--- a/lib/notes/source.php
+++ b/lib/notes/source.php
@@ -3,7 +3,7 @@
assert_redir(count($args) == 3, 'notes');
$noteid = intval($args[2]);
-$note = mysql_fetch_assoc(sql("SELECT id, title, text, public, owner FROM notes WHERE id = $noteid"));
+$note = sql("SELECT id, title, text, public, owner FROM notes WHERE id = $noteid")->fetch();
assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id']),
"This note does not exist, or you are not allowed to see it.");
@@ -15,8 +15,8 @@ assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id']),
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
-<pre><? echo htmlspecialchars($note['text']); ?></pre>
+<pre><?php echo htmlspecialchars($note['text']); ?></pre>
</body>
</html>
-<?
+<?php
die();
diff --git a/lib/notes/user.php b/lib/notes/user.php
index e420946..a2982be 100644
--- a/lib/notes/user.php
+++ b/lib/notes/user.php
@@ -6,7 +6,7 @@ $userid = intval($args[2]);
if ($userid == $user['id']) {
$note_owner = $user;
} else {
- $note_owner = mysql_fetch_assoc(sql("SELECT login AS name, id FROM account WHERE id = $userid"));
+ $note_owner = sql("SELECT login AS name, id FROM account WHERE id = $userid")->fetch();
assert_error($note_owner, "That user id does not exist.", "no such user");
}
@@ -15,14 +15,14 @@ $n = sql("SELECT account.id AS id, login AS name, COUNT(notes.id) AS nbNotes FRO
"LEFT JOIN notes ON notes.owner = account.id ".
"WHERE notes.public != 0 AND notes.id != 0 ".
"GROUP BY account.id ORDER BY nbNotes DESC");
-while ($nn = mysql_fetch_assoc($n)) $users[] = $nn;
+while ($nn =$n->fetch()) $users[] = $nn;
$notes_tree = array();
$n = sql("SELECT id, parent, title FROM notes ".
- "WHERE owner = $userid ".
+ "WHERE owner = ? ".
($userid == $user['id'] ? "" : "AND public != 0 ").
- "ORDER BY title ASC");
-while ($nn = mysql_fetch_assoc($n)) {
+ "ORDER BY title ASC", $userid);
+while ($nn = $n->fetch()) {
if (isset($notes_tree[$nn['parent']])) {
$notes_tree[$nn['parent']][] = $nn;
} else {
diff --git a/lib/notes/view.php b/lib/notes/view.php
index a6a014c..d29732d 100644
--- a/lib/notes/view.php
+++ b/lib/notes/view.php
@@ -3,12 +3,12 @@
assert_redir(count($args) == 3, 'notes');
$noteid = intval($args[2]);
-$note = mysql_fetch_assoc(sql(
+$note = sql(
"SELECT na.id AS id, na.title AS title, na.text_html AS html, na.public AS public, na.owner AS owner, ".
"nb.title AS parent_title, nb.id AS parent_id, account.login AS ownername FROM notes na ".
"LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ".
- "WHERE na.id = $noteid"
-));
+ "WHERE na.id = ?", $noteid
+)->fetch();
assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id'] || $user['priv'] >= $priv_admin),
"This note does not exist, or you are not allowed to see it.");
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-25 20:39:31 +0000