diff options
Diffstat (limited to 'web')
| -rw-r--r-- | web/html/index.php | 2 | ||||
| -rw-r--r-- | web/html/voters.php | 4 | ||||
| -rw-r--r-- | web/lib/pkgfuncs.inc.php | 11 | ||||
| -rw-r--r-- | web/template/pkg_details.php | 2 |
4 files changed, 10 insertions, 9 deletions
diff --git a/web/html/index.php b/web/html/index.php index ccc94d23..542d594c 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -56,7 +56,7 @@ if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) { include('pkgmerge.php'); return; case "voters": - $_GET['ID'] = pkgid_from_name($tokens[2]); + $_GET['N'] = $tokens[2]; include('voters.php'); return; default: diff --git a/web/html/voters.php b/web/html/voters.php index 42fe2b58..9a0bdd32 100644 --- a/web/html/voters.php +++ b/web/html/voters.php @@ -4,8 +4,8 @@ include_once('aur.inc.php'); include_once('pkgfuncs.inc.php'); $SID = $_COOKIE['AURSID']; -$pkgname = pkgname_from_id(intval($_GET['ID']); -$votes = getvotes($pkgid); +$pkgname = htmlspecialchars($_GET['N']); +$votes = votes_for_pkgname($pkgname); $atype = account_from_sid($SID); html_header(__("Voters")); diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index a4deee6d..c1a64f76 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -1075,16 +1075,17 @@ function pkg_vote ($atype, $ids, $action=true) { /** * Get all usernames and IDs that voted for a specific package * - * @param string $pkgid The package ID to get all votes for + * @param string $pkgname The name of the package to retrieve votes for * * @return array User IDs and usernames that voted for a specific package */ -function getvotes($pkgid) { +function votes_for_pkgname($pkgname) { $dbh = DB::connect(); - $q = "SELECT UsersID,Username FROM PackageVotes "; - $q.= "LEFT JOIN Users on (UsersID = ID) "; - $q.= "WHERE PackageID = ". $dbh->quote($pkgid) . " "; + $q = "SELECT UsersID,Username,Name FROM PackageVotes "; + $q.= "LEFT JOIN Users on (UsersID = Users.ID) "; + $q.= "LEFT JOIN Packages on (PackageID = Packages.ID) "; + $q.= "WHERE Name = ". $dbh->quote($pkgname) . " "; $q.= "ORDER BY Username"; $result = $dbh->query($q); diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php index bc20a220..bd08282c 100644 --- a/web/template/pkg_details.php +++ b/web/template/pkg_details.php @@ -194,7 +194,7 @@ if ($row["MaintainerUID"]): <?php if ($USE_VIRTUAL_URLS): ?> <td><a href="<?= get_pkg_uri($row['Name']); ?>voters/"><?= $votes ?></a></td> <?php else: ?> - <td><a href="<?= get_uri('/voters/'); ?>?ID=<?= $pkgid ?>"><?= $votes ?></a></td> + <td><a href="<?= get_uri('/voters/'); ?>?N=<?= htmlspecialchars($row['Name'], ENT_QUOTES) ?>"><?= $votes ?></a></td> <?php endif; ?> <?php else: ?> <td><?= $votes ?></td> |