From 8aa5d4716f3280e737c3b7603751853ba2450042 Mon Sep 17 00:00:00 2001 From: garvinhicking Date: Thu, 3 Aug 2006 11:26:40 +0000 Subject: [PATCH] Better use of variable references [hopefully] --- docs/NEWS | 4 + include/functions_config.inc.php | 319 +++++++++++++++++++++--------- include/functions_entries.inc.php | 51 ++--- 3 files changed, 253 insertions(+), 121 deletions(-) diff --git a/docs/NEWS b/docs/NEWS index 3be3170..dfce7e2 100644 --- a/docs/NEWS +++ b/docs/NEWS @@ -3,6 +3,10 @@ Version 1.1-alpha7() ------------------------------------------------------------------------ + * Better use of "return by references" in some vital areas. + Improves performance. Might introduce glitches. Keep an eye on this! + (garvinhicking) + * Add new template 'comments_by_author' which show comments made by authors. New permalink structure: "/comments/[AUTHORNAME]/comments|trackbacks|comments_and_trackbacks/P[PAGENUMBER]/FROM [YYYY-MM-DD]/TO [YYYY-MM-DD]" diff --git a/include/functions_config.inc.php b/include/functions_config.inc.php index 23687bc..2408335 100644 --- a/include/functions_config.inc.php +++ b/include/functions_config.inc.php @@ -2,6 +2,11 @@ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details +if (defined('S9Y_FRAMEWORK_CONFIG')) { + return; +} +@define('S9Y_FRAMEWORK_CONFIG', true); + /** * Adds a new author account * @@ -142,6 +147,8 @@ function serendipity_get_user_config_var($name, $authorid, $default = '') { $author_sql = ''; if (!empty($authorid)) { $author_sql = "authorid = " . (int)$authorid . " AND "; + } elseif (isset($serendipity[$name])) { + return $serendipity[$name]; } $r = serendipity_db_query("SELECT value FROM {$serendipity['dbPrefix']}config WHERE $author_sql name = '" . $name . "' LIMIT 1", true); @@ -252,16 +259,21 @@ function serendipity_getTemplateFile($file, $key = 'serendipityHTTPPath') { if (isset($serendipity['template_engine']) && (stristr($file, 'admin/') === false || $serendipity['template_engine'] != 'default')) { $directories[] = $serendipity['template_engine'] . '/'; } + $directories[] = $serendipity['defaultTemplate'] .'/'; $directories[] = 'default/'; foreach ($directories as $directory) { $templateFile = $serendipity['templatePath'] . $directory . $file; - if (file_exists($serendipity['serendipityPath'] . $templateFile)) { return $serendipity[$key] . $templateFile; } } + + if (preg_match('@\.(tpl|css|php)@i', $file) && !stristr($file, 'plugin')) { + return $file; + } + return false; } @@ -277,15 +289,20 @@ function serendipity_getTemplateFile($file, $key = 'serendipityHTTPPath') { */ function serendipity_load_configuration($author = null) { global $serendipity; + static $config_loaded = array(); + + if (isset($config_loaded[$author])) { + return true; + } if (!empty($author)) { // Replace default configuration directives with user-relevant data - $rows = serendipity_db_query("SELECT name,value + $rows =& serendipity_db_query("SELECT name,value FROM {$serendipity['dbPrefix']}config WHERE authorid = '". (int)$author ."'"); } else { // Only get default variables, user-independent (frontend) - $rows = serendipity_db_query("SELECT name, value + $rows =& serendipity_db_query("SELECT name, value FROM {$serendipity['dbPrefix']}config WHERE authorid = 0"); } @@ -296,6 +313,7 @@ function serendipity_load_configuration($author = null) { $serendipity[$row['name']] = serendipity_get_bool($row['value']); } } + $config_loaded[$author] = true; } /** @@ -332,25 +350,151 @@ function serendipity_login($use_external = true) { if (serendipity_authenticate_author($serendipity['POST']['user'], $serendipity['POST']['pass'], false, $use_external)) { if (empty($serendipity['POST']['auto'])) { serendipity_deleteCookie('author_information'); + serendipity_deleteCookie('author_information_iv'); return false; } else { - $package = serialize(array('username' => $serendipity['POST']['user'], - 'password' => $serendipity['POST']['pass'])); - serendipity_setCookie('author_information', base64_encode($package)); + serendipity_issueAutologin( + array('username' => $serendipity['POST']['user'], + 'password' => $serendipity['POST']['pass'] + ) + ); return true; } // Now try login via COOKIE data - } elseif ( isset($serendipity['COOKIE']['author_information']) ) { - $cookie = unserialize(base64_decode($serendipity['COOKIE']['author_information'])); - if (serendipity_authenticate_author($cookie['username'], $cookie['password'], false, $use_external)) { + } elseif (isset($serendipity['COOKIE']['author_information'])) { + $cookie = serendipity_checkAutologin($serendipity['COOKIE']['author_information'], $serendipity['COOKIE']['author_information_iv']); + + if (is_array($cookie) && serendipity_authenticate_author($cookie['username'], $cookie['password'], false, $use_external)) { return true; } else { serendipity_deleteCookie('author_information'); + serendipity_deleteCookie('author_information_iv'); return false; } } } +/** + * Issue a new auto login cookie + * @param array The input data + */ +function serendipity_issueAutologin($array) { + global $serendipity; + + $package = serialize($array); + + if (function_exists('mcrypt_encrypt')) { + // Secure the package data when being stored inside the Database + $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_CBC), MCRYPT_RAND); + $key = base64_encode($iv); + $package = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $package, MCRYPT_MODE_CBC, $iv); + serendipity_setCookie('author_information_iv', $key); + } + $package = base64_encode($package); + + $rnd = md5(time() . $_SERVER['REMOTE_ADDR']); + + // Delete possible current cookie + serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}options WHERE okey = '" . serendipity_db_escape_string($serendipity['COOKIE']['author_information']) . "'"); + + // Issue new autologin cookie + serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}options (name, value, okey) VALUES ('" . time() . "', '" . serendipity_db_escape_string($package) . "', '" . $rnd . "')"); + serendipity_setCookie('author_information', $rnd); +} + +/** + * Checks a new auto login cookie + * @param array The input data + */ +function serendipity_checkAutologin($ident, $iv) { + global $serendipity; + + // Fetch login data from DB + $autologin =& serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}options WHERE okey = '" . serendipity_db_escape_string($ident) . "' LIMIT 1", true, 'assoc'); + if (!is_array($autologin)) { + return false; + } + + if (function_exists('mcrypt_decrypt') && !empty($iv)) { + $key = $iv; + $iv = base64_decode($iv); + $cookie = unserialize(mcrypt_decrypt(MCRYPT_BLOWFISH, $key, base64_decode($autologin['value']), MCRYPT_MODE_CBC, $iv)); + } else { + $cookie = unserialize(base64_decode($autologin['value'])); + } + + if ($autologin['name'] < (time()-86400)) { + // Issued autologin cookie has been issued more than 1 day ago. Re-Issue new cookie, invalidate old one to prevent abuse + serendipity_header('X-ReIssue-Cookie: +' . (time() - $autologin['name']) . 's'); + serendipity_issueAutologin($cookie); + } + + return $cookie; +} + +/** + * Perform user authentication routine + * + * If a user is already authenticated via session data, this bypasses some routines. + * After a user has ben authenticated, several SESSION variables ar set. + * If the authentication fails, the session is destroyed. + * + * @access public + * @param string The username to check + * @param string The password to check (may contain plaintext or MD5 hash) + * @param boolean Indicates whether the input password is already in MD5 format (TRUE) or not (FALSE). + * @param boolean Indicates whether to query external plugins for authentication + * @return boolean True on success, False on error + */ +function serendipity_authenticate_author($username = '', $password = '', $is_md5 = false, $use_external = true) { + global $serendipity; + + if (isset($_SESSION['serendipityUser']) && isset($_SESSION['serendipityPassword']) && isset($_SESSION['serendipityAuthedUser']) && $_SESSION['serendipityAuthedUser'] == true) { + $username = $_SESSION['serendipityUser']; + $password = $_SESSION['serendipityPassword']; + // For safety reasons when multiple blogs are installed on the same host, we need to check the current author each time to not let him log into a different blog with the same sessiondata + $is_md5 = true; + } + + if ($username != '') { + if ($use_external) { + serendipity_plugin_api::hook_event('backend_auth', $is_md5, array('username' => $username, 'password' => $password)); + } + + if ($is_md5 === false && !empty($password)) { + $password = md5($password); + } + + $query = "SELECT DISTINCT + email, realname, authorid, userlevel, right_publish + FROM + {$serendipity['dbPrefix']}authors + WHERE + username = '" . serendipity_db_escape_string($username) . "' + AND password = '" . serendipity_db_escape_string($password) . "'"; + $row =& serendipity_db_query($query, true, 'assoc'); + + if (is_array($row)) { + serendipity_setCookie('old_session', session_id()); + $_SESSION['serendipityUser'] = $serendipity['serendipityUser'] = $username; + $_SESSION['serendipityRealname'] = $serendipity['serendipityRealname'] = $$row['realname']; + $_SESSION['serendipityPassword'] = $serendipity['serendipityPassword'] = $password; + $_SESSION['serendipityEmail'] = $serendipity['serendipityEmail'] = $row['email']; + $_SESSION['serendipityAuthorid'] = $serendipity['authorid'] = $row['authorid']; + $_SESSION['serendipityUserlevel'] = $serendipity['serendipityUserlevel'] = $row['userlevel']; + $_SESSION['serendipityAuthedUser'] = $serendipity['serendipityAuthedUser'] = true; + $_SESSION['serendipityRightPublish']= $serendipity['serendipityRightPublish'] = $row['right_publish']; + serendipity_load_configuration($serendipity['authorid']); + return true; + } else { + $_SESSION['serendipityAuthedUser'] = false; + @session_destroy(); + } + } + + return false; +} + /** * Check if a user is logged in * @@ -437,68 +581,6 @@ function serendipity_deleteCookie($name) { unset($serendipity['COOKIE'][$name]); } -/** - * Perform user authentication routine - * - * If a user is already authenticated via session data, this bypasses some routines. - * After a user has ben authenticated, several SESSION variables ar set. - * If the authentication fails, the session is destroyed. - * - * @access public - * @param string The username to check - * @param string The password to check (may contain plaintext or MD5 hash) - * @param boolean Indicates whether the input password is already in MD5 format (TRUE) or not (FALSE). - * @param boolean Indicates whether to query external plugins for authentication - * @return boolean True on success, False on error - */ -function serendipity_authenticate_author($username = '', $password = '', $is_md5 = false, $use_external = true) { - global $serendipity; - - if (isset($_SESSION['serendipityUser']) && isset($_SESSION['serendipityPassword']) && isset($_SESSION['serendipityAuthedUser']) && $_SESSION['serendipityAuthedUser'] == true) { - $username = $_SESSION['serendipityUser']; - $password = $_SESSION['serendipityPassword']; - // For safety reasons when multiple blogs are installed on the same host, we need to check the current author each time to not let him log into a different blog with the same sessiondata - $is_md5 = true; - } - - if ($username != '') { - if ($use_external) { - serendipity_plugin_api::hook_event('backend_auth', $is_md5, array('username' => $username, 'password' => $password)); - } - - if ($is_md5 === false && !empty($password)) { - $password = md5($password); - } - - $query = "SELECT DISTINCT - email, authorid, userlevel, right_publish - FROM - {$serendipity['dbPrefix']}authors - WHERE - username = '" . serendipity_db_escape_string($username) . "' - AND password = '" . serendipity_db_escape_string($password) . "'"; - $row = serendipity_db_query($query, true, 'assoc'); - - if (is_array($row)) { - serendipity_setCookie('old_session', session_id()); - $_SESSION['serendipityUser'] = $serendipity['serendipityUser'] = $username; - $_SESSION['serendipityPassword'] = $serendipity['serendipityPassword'] = $password; - $_SESSION['serendipityEmail'] = $serendipity['serendipityEmail'] = $row['email']; - $_SESSION['serendipityAuthorid'] = $serendipity['authorid'] = $row['authorid']; - $_SESSION['serendipityUserlevel'] = $serendipity['serendipityUserlevel'] = $row['userlevel']; - $_SESSION['serendipityAuthedUser'] = $serendipity['serendipityAuthedUser'] = true; - $_SESSION['serendipityRightPublish']= $serendipity['serendipityRightPublish'] = $row['right_publish']; - serendipity_load_configuration($serendipity['authorid']); - return true; - } else { - $_SESSION['serendipityAuthedUser'] = false; - @session_destroy(); - } - } - - return false; -} - /** * Performs a check whether an iframe for the admin section shall be emitted * @@ -571,7 +653,8 @@ function serendipity_iframe(&$entry, $mode = null, $use_smarty = true) { // it needs to be stored with the new ID. echo ''; } - echo '
' . ENTRY_SAVED . '
'; + $entrylink = serendipity_archiveURL($res, $entry['title'], 'serendipityHTTPPath', true, array('timestamp' => $entry['timestamp'])); + echo '
' . ENTRY_SAVED . ' (' . VIEW . ')
'; } echo '
'; @@ -590,7 +673,7 @@ function serendipity_iframe(&$entry, $mode = null, $use_smarty = true) { if ($use_smarty) { $preview = ob_get_contents(); ob_end_clean(); - $serendipity['smarty']->assign('preview', $preview); + $serendipity['smarty']->assign_by_ref('preview', $preview); $serendipity['smarty']->display(serendipity_getTemplateFile('preview_iframe.tpl', 'serendipityPath')); } @@ -761,7 +844,7 @@ function &serendipity_getPermissions($authorid) { global $serendipity; // Get group information - $groups = serendipity_db_query("SELECT ag.groupid, g.name, gc.property, gc.value + $groups =& serendipity_db_query("SELECT ag.groupid, g.name, gc.property, gc.value FROM {$serendipity['dbPrefix']}authorgroups AS ag LEFT OUTER JOIN {$serendipity['dbPrefix']}groups AS g ON ag.groupid = g.id @@ -1026,8 +1109,11 @@ function &serendipity_fetchGroup($groupid) { LEFT OUTER JOIN {$serendipity['dbPrefix']}groupconfig AS gc ON g.id = gc.id WHERE g.id = " . (int)$groupid, false, 'assoc'); - foreach($groups AS $group) { - $conf[$group['property']] = $group['value']; + + if (is_array($groups)) { + foreach($groups AS $group) { + $conf[$group['property']] = $group['value']; + } } // The following are unique @@ -1050,7 +1136,7 @@ function &serendipity_fetchGroup($groupid) { function &serendipity_getGroups($authorid, $sequence = false) { global $serendipity; - $groups =& serendipity_db_query("SELECT g.id AS confkey, + $_groups =& serendipity_db_query("SELECT g.id AS confkey, g.name AS confvalue, g.id AS id, g.name AS name @@ -1058,8 +1144,10 @@ function &serendipity_getGroups($authorid, $sequence = false) { LEFT OUTER JOIN {$serendipity['dbPrefix']}groups AS g ON g.id = ag.groupid WHERE ag.authorid = " . (int)$authorid, false, 'assoc'); - if (!is_array($groups)) { + if (!is_array($_groups)) { $groups = array(); + } else { + $groups =& $_groups; } if ($sequence) { @@ -1233,9 +1321,10 @@ function serendipity_intersectGroup($checkuser = null, $myself = null) { * @param int The ID of the group to update * @param array The associative array of permission names * @param array The associative array of new values for the permissions. Needs the same associative keys like the $perms array. + * @param bool Indicates if an all new privilege should be inserted (true) or if an existing privilege is going to be checked * @return true */ -function serendipity_updateGroupConfig($groupid, &$perms, &$values) { +function serendipity_updateGroupConfig($groupid, &$perms, &$values, $isNewPriv = false) { global $serendipity; if (!serendipity_checkPermission('adminUsersGroups')) { @@ -1264,7 +1353,7 @@ function serendipity_updateGroupConfig($groupid, &$perms, &$values) { $value = 'false'; } - if (!serendipity_checkPermission($perm)) { + if ($isNewPriv == false && !serendipity_checkPermission($perm)) { if (!isset($storage[$perm])) { $value = 'false'; } else { @@ -1351,9 +1440,10 @@ function serendipity_addDefaultGroup($name, $level) { * @param string The type of an artifact (category|entry) * @param string The type of access to grant (read|write) * @param array The ID of the group to grant access to + * @param string A variable option for an artifact * @return boolean True if ACL was applied, false if not. */ -function serendipity_ACLGrant($artifact_id, $artifact_type, $artifact_mode, $groups) { +function serendipity_ACLGrant($artifact_id, $artifact_type, $artifact_mode, $groups, $artifact_index = '') { global $serendipity; if (empty($groups) || !is_array($groups)) { @@ -1362,15 +1452,16 @@ function serendipity_ACLGrant($artifact_id, $artifact_type, $artifact_mode, $gro // Delete all old existing relations. serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}access - WHERE artifact_id = " . (int)$artifact_id . " - AND artifact_type = '" . serendipity_db_escape_string($artifact_type) . "' - AND artifact_mode = '" . serendipity_db_escape_string($artifact_mode) . "'"); + WHERE artifact_id = " . (int)$artifact_id . " + AND artifact_type = '" . serendipity_db_escape_string($artifact_type) . "' + AND artifact_mode = '" . serendipity_db_escape_string($artifact_mode) . "' + AND artifact_index = '" . serendipity_db_escape_string($artifact_index) . "'"); $data = array( 'artifact_id' => (int)$artifact_id, 'artifact_type' => $artifact_type, 'artifact_mode' => $artifact_mode, - 'artifact_index' => '' + 'artifact_index' => $artifact_index ); if (count($data) < 1) { @@ -1398,16 +1489,18 @@ function serendipity_ACLGrant($artifact_id, $artifact_type, $artifact_mode, $gro * @param int The ID of the artifact to set the access * @param string The type of an artifact (category|entry) * @param string The type of access to check for (read|write) + * @param string A variable option for an artifact * @return array Returns an array of all groups that are allowed for this kind of access. You can then check if you are the member of any of the groups returned here. */ -function serendipity_ACLGet($artifact_id, $artifact_type, $artifact_mode) { +function serendipity_ACLGet($artifact_id, $artifact_type, $artifact_mode, $artifact_index = '') { global $serendipity; $sql = "SELECT groupid, artifact_index FROM {$serendipity['dbPrefix']}access - WHERE artifact_type = '" . serendipity_db_escape_string($artifact_type) . "' - AND artifact_id = '" . (int)$artifact_id . "' - AND artifact_mode = '" . serendipity_db_escape_string($artifact_mode) . "'"; - $rows = serendipity_db_query($sql, false, 'assoc'); + WHERE artifact_type = '" . serendipity_db_escape_string($artifact_type) . "' + AND artifact_id = '" . (int)$artifact_id . "' + AND artifact_mode = '" . serendipity_db_escape_string($artifact_mode) . "' + AND artifact_index = '" . serendipity_db_escape_string($artifact_index) . "'"; + $rows =& serendipity_db_query($sql, false, 'assoc'); if (!is_array($rows)) { return false; @@ -1468,7 +1561,7 @@ function serendipity_ACLCheck($authorid, $artifact_id, $artifact_type, $artifact AND ( {$artifact_sql['where']} ) GROUP BY result"; - $res = serendipity_db_query($sql, true, 'assoc'); + $res =& serendipity_db_query($sql, true, 'assoc'); if (is_array($res) && !empty($res['result'])) { return true; } @@ -1491,9 +1584,11 @@ function serendipity_ACLCheck($authorid, $artifact_id, $artifact_type, $artifact * @access private * @param array Associative array that holds the SQL part array to be used in other functions like serendipity_fetchEntries() * @param boolean Some queries do not need to joins categories. When ACLs need to be applied, this column is required, so if $append_category is set to true it will perform this missing JOIN. + * @param string The ACL type ('category', 'directory') + * @param string ACL mode * @return true True if ACLs were applied, false if not. */ -function serendipity_ACL_SQL(&$cond, $append_category = false) { +function serendipity_ACL_SQL(&$cond, $append_category = false, $type = 'category', $mode = 'read') { global $serendipity; // A global configuration item controls whether the blog should apply ACLs or not! @@ -1519,12 +1614,25 @@ function serendipity_ACL_SQL(&$cond, $append_category = false) { ON ec.categoryid = c.categoryid"; } + switch($type) { + case 'directory': + $sql_artifact_column = 'i.path IS NULL OR + acl_acc.groupid IS NULL'; + $sql_artifact = 'AND acl_acc.artifact_index = i.path'; + break; + + case 'category': + $sql_artifact_column = 'c.categoryid IS NULL'; + $sql_artifact = 'AND acl_acc.artifact_id = c.categoryid'; + break; + } + $cond['joins'] .= " LEFT JOIN {$serendipity['dbPrefix']}authorgroups AS acl_a ON acl_a.authorid = " . $read_id . " LEFT JOIN {$serendipity['dbPrefix']}access AS acl_acc - ON ( acl_acc.artifact_mode = 'read' - AND acl_acc.artifact_type = 'category' - AND acl_acc.artifact_id = c.categoryid + ON ( acl_acc.artifact_mode = '" . $mode . "' + AND acl_acc.artifact_type = '" . $type . "' + " . $sql_artifact . " )"; if (empty($cond['and'])) { @@ -1535,7 +1643,7 @@ function serendipity_ACL_SQL(&$cond, $append_category = false) { // When in Admin-Mode, apply readership permissions. $cond['and'] .= " ( - c.categoryid IS NULL + " . $sql_artifact_column . " OR ( acl_acc.groupid = " . $read_id_sql . ") OR ( acl_acc.artifact_id IS NULL " . (isset($serendipity['GET']['adminModule']) && @@ -1669,7 +1777,6 @@ function serendipity_checkFormToken() { return true; } -/** /** * Prevent XSRF attacks by setting a form token within HTTP Forms * @@ -1699,4 +1806,22 @@ function serendipity_setFormToken($type = 'form') { } } +function &serendipity_loadThemeOptions(&$template_config) { + global $serendipity; + $_template_vars =& serendipity_db_query("SELECT name, value FROM {$serendipity['dbPrefix']}options + WHERE okey = 't_" . serendipity_db_escape_string($serendipity['template']) . "'", false, 'assoc', false, 'name', 'value'); + if (!is_array($_template_vars)) { + $template_vars = array(); + } else { + $template_vars =& $_template_vars; + } + + foreach($template_config AS $key => $item) { + if (!isset($template_vars[$item['var']])) { + $template_vars[$item['var']] = $item['default']; + } + } + + return $template_vars; +} /* vim: set sts=4 ts=4 expandtab : */ diff --git a/include/functions_entries.inc.php b/include/functions_entries.inc.php index 7e13738..f02031f 100644 --- a/include/functions_entries.inc.php +++ b/include/functions_entries.inc.php @@ -37,7 +37,7 @@ function serendipity_deleteCategory($category_range, $admin_category) { function serendipity_fetchCategoryRange($categoryid) { global $serendipity; - $res = serendipity_db_query("SELECT category_left, category_right FROM {$serendipity['dbPrefix']}category WHERE categoryid='". (int)$categoryid ."'"); + $res =& serendipity_db_query("SELECT category_left, category_right FROM {$serendipity['dbPrefix']}category WHERE categoryid='". (int)$categoryid ."'"); if (!is_array($res) || !isset($res[0]['category_left']) || !isset($res[0]['category_right'])) { $res = array(array('category_left' => 0, 'category_right' => 0)); } @@ -94,7 +94,7 @@ function serendipity_fetchCategoryInfo($categoryid, $categoryname = '') { FROM {$serendipity['dbPrefix']}category AS c WHERE category_name = '" . serendipity_db_escape_string($categoryname) . "'"; - $ret = serendipity_db_query($query); + $ret =& serendipity_db_query($query); return $ret[0]; } else { $query = "SELECT @@ -107,7 +107,7 @@ function serendipity_fetchCategoryInfo($categoryid, $categoryname = '') { FROM {$serendipity['dbPrefix']}category AS c WHERE categoryid = " . (int)$categoryid; - $ret = serendipity_db_query($query); + $ret =& serendipity_db_query($query); return $ret[0]; } } @@ -119,7 +119,7 @@ function serendipity_fetchCategoryInfo($categoryid, $categoryname = '') { * @param int The ID of the entry * @return array The array of associated categories to that entry */ -function serendipity_fetchEntryCategories($entryid) { +function &serendipity_fetchEntryCategories($entryid) { global $serendipity; if (is_numeric($entryid)) { @@ -134,9 +134,10 @@ function serendipity_fetchEntryCategories($entryid) { ON ec.categoryid = c.categoryid WHERE ec.entryid = {$entryid}"; - $cat = serendipity_db_query($query); + $cat =& serendipity_db_query($query); if (!is_array($cat)) { - return array(); + $arr = array(); + return $arr; } else { return $cat; } @@ -189,7 +190,7 @@ function serendipity_fetchEntryCategories($entryid) { * @param string If set to "array", the array of entries will be returned. "flat-array" will only return the articles without their entryproperties. "single" will only return a 1-dimensional array. "query" will only return the used SQL. * @return array Holds the super-array of all entries with all additional information */ -function serendipity_fetchEntries($range = null, $full = true, $limit = '', $fetchDrafts = false, $modified_since = false, $orderby = 'timestamp DESC', $filter_sql = '', $noCache = false, $noSticky = false, $select_key = null, $group_by = null, $returncode = 'array') { +function &serendipity_fetchEntries($range = null, $full = true, $limit = '', $fetchDrafts = false, $modified_since = false, $orderby = 'timestamp DESC', $filter_sql = '', $noCache = false, $noSticky = false, $select_key = null, $group_by = null, $returncode = 'array') { global $serendipity; $cond = array(); @@ -382,7 +383,7 @@ function serendipity_fetchEntries($range = null, $full = true, $limit = '', $fet return $query; } - $ret = serendipity_db_query($query, $fetch_single, 'assoc'); + $ret =& serendipity_db_query($query, $fetch_single, 'assoc'); if (is_string($ret)) { die("Query failed: $ret"); @@ -438,7 +439,7 @@ function serendipity_fetchEntryData(&$ret) { ON ec.categoryid = c.categoryid WHERE " . serendipity_db_in_sql('ec.entryid', $search_ids); - $search_ret = serendipity_db_query($query, false, 'assoc'); + $search_ret =& serendipity_db_query($query, false, 'assoc'); if (is_array($search_ret)) { foreach($search_ret AS $i => $entry) { @@ -457,7 +458,7 @@ function serendipity_fetchEntryData(&$ret) { * @param string Indicates whether drafts should be fetched * @return */ -function serendipity_fetchEntry($key, $val, $full = true, $fetchDrafts = 'false') { +function &serendipity_fetchEntry($key, $val, $full = true, $fetchDrafts = 'false') { global $serendipity; $cond = array(); @@ -501,11 +502,11 @@ function serendipity_fetchEntry($key, $val, $full = true, $fetchDrafts = 'false' {$cond['and']} LIMIT 1"; - $ret = serendipity_db_query($querystring, true, 'assoc'); + $ret =& serendipity_db_query($querystring, true, 'assoc'); if (is_array($ret)) { - $ret['categories'] = serendipity_fetchEntryCategories($ret['id']); - $ret['properties'] = serendipity_fetchEntryProperties($ret['id']); + $ret['categories'] =& serendipity_fetchEntryCategories($ret['id']); + $ret['properties'] =& serendipity_fetchEntryProperties($ret['id']); } return $ret; @@ -518,20 +519,22 @@ function serendipity_fetchEntry($key, $val, $full = true, $fetchDrafts = 'false' * @param int The ID of the entry to fetch additonal data for * @return array The array of given properties to an entry */ -function serendipity_fetchEntryProperties($id) { +function &serendipity_fetchEntryProperties($id) { global $serendipity; $parts = array(); serendipity_plugin_api::hook_event('frontend_entryproperties_query', $parts); - $properties = serendipity_db_query("SELECT property, value FROM {$serendipity['dbPrefix']}entryproperties WHERE entryid = " . (int)$id . " " . $parts['and']); - if (!is_array($properties)) { + $_properties =& serendipity_db_query("SELECT property, value FROM {$serendipity['dbPrefix']}entryproperties WHERE entryid = " . (int)$id . " " . $parts['and']); + if (!is_array($_properties)) { $properties = array(); + } else { + $properties =& $_properties; } $property = array(); foreach($properties AS $idx => $row) { - $property[$row['property']] = $row['value']; + $property[$row['property']] =& $row['value']; } return $property; @@ -547,7 +550,7 @@ function serendipity_fetchEntryProperties($id) { * @param string The ACL artifact condition. If set to "write" only categories will be shown that the author can write to. If set to "read", only categories will be show that the author can read or write to. * @return array Returns the array of categories */ -function serendipity_fetchCategories($authorid = null, $name = null, $order = null, $artifact_mode = 'write') { +function &serendipity_fetchCategories($authorid = null, $name = null, $order = null, $artifact_mode = 'write') { global $serendipity; if ($name === null) { @@ -631,7 +634,7 @@ function serendipity_fetchCategories($authorid = null, $name = null, $order = nu $querystring .= "\n ORDER BY $order"; } - $ret = serendipity_db_query($querystring); + $ret =& serendipity_db_query($querystring); if (is_string($ret)) { echo "Query failed: $ret"; } @@ -673,7 +676,7 @@ function serendipity_rebuildCategoryTree($parent = 0, $left = 0) { * @param int Restrict the number of results [also uses $serendipity['GET']['page'] for pagination] * @return array Returns the superarray of entries found */ -function serendipity_searchEntries($term, $limit = '') { +function &serendipity_searchEntries($term, $limit = '') { global $serendipity; if ($limit == '') { @@ -746,7 +749,7 @@ function serendipity_searchEntries($term, $limit = '') { ORDER BY timestamp DESC $limit"; - $search = serendipity_db_query($querystring); + $search =& serendipity_db_query($querystring); if (is_array($search)) { serendipity_fetchEntryData($search); @@ -823,7 +826,7 @@ function serendipity_getTotalEntries() { $querystring = "SELECT count(distinct e.id) {$serendipity['fullCountQuery']}"; } - $query = serendipity_db_query($querystring); + $query =& serendipity_db_query($querystring); if (is_array($query) && isset($query[0])) { if ($serendipity['dbType'] == 'sqlite') { @@ -873,6 +876,7 @@ function serendipity_printEntries($entries, $extended = 0, $preview = false, $sm } } + // We shouldn't return here, because we want Smarty to handle the output if (!is_array($entries) || $entries[0] == false || !isset($entries[0]['timestamp'])) { $entries = array(); @@ -1013,7 +1017,6 @@ function serendipity_printEntries($entries, $extended = 0, $preview = false, $sm ); $serendipity['smarty']->assign($comment_add_data); - serendipity_displayCommentForm( $entry['id'], $serendipity['serendipityHTTPPath'] . $serendipity['indexFile'] . '?url=' . $entry['commURL'], @@ -1434,7 +1437,7 @@ function serendipity_printArchives() { break; } - $entries = serendipity_db_query("SELECT count(id) + $entries =& serendipity_db_query("SELECT count(id) FROM {$serendipity['dbPrefix']}entries e LEFT JOIN {$serendipity['dbPrefix']}entrycat ec ON e.id = ec.entryid -- 2.39.5