Petites sécurités blgo & wiki

models/d.blog.php

@@ -103,6 +103,8 @@ class BlogArticle
 		$con = pg_connect("host=".$config['SQL_host']." dbname=".$config['SQL_db']." user=".$config['SQL_user']." password=".$config['SQL_pass'])
 			or die ("Could not connect to server\n");
 
+		pg_query($con, "BEGIN");
+
 		$query = "UPDATE content_versions SET is_archive = TRUE WHERE locale_id = $1";
 
 		pg_prepare($con, "prepare1", $query) 
@@ -136,6 +138,8 @@ class BlogArticle
 		pg_execute($con, "prepare4", array($this->is_commentable ? 't' : 'f', $this->content_id))
 			or die ("Cannot prepare statement\n");
 
+		pg_query($con, "COMMIT");
+
 		pg_close($con);
 
 		error_log(
@@ -204,6 +208,8 @@ class BlogArticle
 		$con = pg_connect("host=".$config['SQL_host']." dbname=".$config['SQL_db']." user=".$config['SQL_user']." password=".$config['SQL_pass'])
 			or die ("Could not connect to server\n");
 
+		pg_query($con, "BEGIN");
+
 		$query = "INSERT INTO contents (permalink, creation_date, is_public, is_commentable, type) VALUES
 			($1, $2, TRUE, $3, 'blog') RETURNING id";
 
@@ -244,6 +250,8 @@ class BlogArticle
 		$result = pg_execute($con, "prepare4", array($this->locale_id, $user->id))
 			or die ("Cannot execute statement\n");
 
+		pg_query($con, "COMMIT");
+
 		pg_close($con);
 
 		error_log(

models/d.wiki.php

@@ -102,6 +102,8 @@ class WikiPage
 		$con = pg_connect("host=".$config['SQL_host']." dbname=".$config['SQL_db']." user=".$config['SQL_user']." password=".$config['SQL_pass'])
 			or die ("Could not connect to server\n");
 
+		pg_query($con, "BEGIN");
+
 		$query = "UPDATE content_versions SET is_archive = TRUE WHERE locale_id = $1";
 
 		pg_prepare($con, "prepare1", $query) 
@@ -129,6 +131,8 @@ class WikiPage
 		$result = pg_execute($con, "prepare3", array($this->locale_id, $user->id))
 			or die ("Cannot execute statement\n");
 
+		pg_query($con, "COMMIT");
+
 		pg_close($con);
 
 		error_log(
@@ -197,6 +201,8 @@ class WikiPage
 		$con = pg_connect("host=".$config['SQL_host']." dbname=".$config['SQL_db']." user=".$config['SQL_user']." password=".$config['SQL_pass'])
 			or die ("Could not connect to server\n");
 
+		pg_query($con, "BEGIN");
+
 		$query = "INSERT INTO contents (permalink, creation_date, is_public, is_commentable, type) VALUES
 			($1, $2, TRUE, FALSE, 'wiki') RETURNING id";
 
@@ -237,6 +243,8 @@ class WikiPage
 		$result = pg_execute($con, "prepare4", array($this->locale_id, $user->id))
 			or die ("Cannot execute statement\n");
 
+		pg_query($con, "COMMIT");
+
 		pg_close($con);
 
 		error_log(

views/d.blog.edit.html

@@ -33,7 +33,7 @@
 				<? if(isset($new) AND $new==1) { ?>
 					<div id="permalink_container">
 						<label id="permalink_label" for="permalink"><?=$config['web_root_folder']?>blog/</label>
-						<input type="text" name="permalink" id="permalink" placeholder="URL">
+						<input type="text" name="permalink" id="permalink" placeholder="URL" required>
 					</div>
 				<? } ?>