Merge branch 'flatpressblog:master' into master

2022-12-29 17:06:58 +01:00 · 2022-12-29 17:06:58 +01:00 · becd7e569a
commit becd7e569a
parent 19c16493a8 88494f5526
17 changed files with 353 additions and 348 deletions
--- a/admin/panels/entry/admin.entry.delete.php
+++ b/admin/panels/entry/admin.entry.delete.php
@ -12,18 +12,20 @@
 * @author NoWhereMan <real_nowhereman at users dot sf dot com>
 *        
 */
 class admin_entry_delete extends AdminPanelAction {
- 	
+	var $events = array(
- 	class admin_entry_delete extends AdminPanelAction {
+		'delete',
-	
+		'cancel'
-		var $events = array('delete', 'cancel');
+	);
 	function main() {
 		global $fpdb;
-			if (isset($_REQUEST['entry'])){
+		if (isset($_REQUEST ['entry'])) {
-				$id = $_REQUEST['entry'];
+			$id = $_REQUEST ['entry'];
-				if ($a = entry_parse($id));
+			if ($a = entry_parse($id))
 				;
 			else
 				$a = draft_parse($id);
@ -36,21 +38,18 @@
 				$this->smarty->assign('entry', $a);
 				$this->smarty->assign('id', $id);
 				return 0;
 			}
 		}
 		return 1;
 	}
 	function ondelete() {
-			$id=$_REQUEST['entry'];
+		$id = $_REQUEST ['entry'];
-			$ok=draft_delete($id) || entry_delete($id);
+		$ok = draft_delete($id) || entry_delete($id);
-			$success = $ok? 2 : -2;
+		$success = $ok ? 2 : -2;
-			$this->smarty->assign('success',$success);
+		$this->smarty->assign('success', $success);
 		return 1;
 	}
@ -58,5 +57,5 @@
 		return 1;
 	}
-	}		
+}
 ?>
--- a/admin/panels/entry/admin.entry.write.php
+++ b/admin/panels/entry/admin.entry.write.php
@ -12,36 +12,47 @@
 * @author NoWhereMan <real_nowhereman at users dot sf dot com>
 *        
 */
- 	
+class admin_entry_write extends AdminPanelActionValidated {
 	class admin_entry_write extends AdminPanelActionValidated {
 	var $validators = array(
-				array('subject', 'subject', 'notEmpty', false, false, 'trim,stripslashes'),
+		array(
-				array('content', 'content', 'notEmpty', false, false, 'stripslashes'),
+			'subject',
 			'subject',
 			'notEmpty',
 			false,
 			false,
 			'trim,stripslashes'
 		),
 		array(
 			'content',
 			'content',
 			'notEmpty',
 			false,
 			false,
 			'stripslashes'
 		)
 	);
 	var $events = array(
 		'save',
 		'preview',
 		'savecontinue'
 	);
 		var $events = array('save', 'preview', 'savecontinue');
 	var $draft = false;
-		function _makePreview($arr, $id=null) {
+	function _makePreview($arr, $id = null) {
 		if (!$id) {
-				$arr['subject'] = apply_filters('title_save_pre', $arr['subject']);
+			$arr ['subject'] = apply_filters('title_save_pre', $arr ['subject']);
-				$arr['content'] = apply_filters('content_save_pre', $arr['content']);
+			$arr ['content'] = apply_filters('content_save_pre', $arr ['content']);
 		}
 		if ($this->draft || $this->draft = draft_exists($this->id)) {
-					if (isset($arr['categories'])
+			if (isset($arr ['categories']) && is_array($arr ['categories']) && !in_array('draft', $arr ['categories'])) {
-						&& is_array($arr['categories']) && !in_array('draft', $arr['categories']) ) {
+				$arr ['categories'] [] = 'draft';
 						$arr['categories'][] = 'draft';
 			} else {
-							$arr['categories'][] = 'draft';
+				$arr ['categories'] [] = 'draft';
 			}
 		}
 		// unfiltered content (for editing)
@ -59,10 +70,7 @@
 	function makePageTitle($title, $sep) {
 		global $lang, $panel;
 		if ($this->draft) {
-					$this->smarty->append(
+			$this->smarty->append('warnings', $lang ['admin'] ['entry'] ['write'] ['msgs'] ['draft']);
 							'warnings', 
 							$lang['admin']['entry']['write']['msgs']['draft']
 					);
 		}
 		return "$title $sep {$lang['admin']['entry']['write']['head']}";
 	}
@ -73,26 +81,21 @@
 	function _getCatsFlags() {
-			//$this->smarty->assign('saved_categories', entry_categories_format());
+		// $this->smarty->assign('saved_categories', entry_categories_format());
 		$this->smarty->assign('saved_flags', entry_flags_get());
 	}
 	function setup() {
-		
+		$this->id = @$_REQUEST ['entry'];
 				$this->id = @$_REQUEST['entry'];		
 		$this->smarty->assign('id', $this->id);
 	}
 	function main() {
 		global $lang;
 		$id = $this->id;
-			if (isset($_REQUEST['entry'])) {
+		if (isset($_REQUEST ['entry'])) {
 			$arr = draft_parse($id);
@ -105,58 +108,58 @@
 			if ($arr) {
 				$this->_makePreview($arr, $id);
 			}
 		}
 		$this->_getCatsFlags();
-			add_filter('wp_title', array(&$this, 'makePageTitle'), 10, 2);
+		add_filter('wp_title', array(
-			if ($this->draft) add_filter('admin_body_class', array(&$this, 'draft_class'));
+			&$this,
-				
+			'makePageTitle'
 		), 10, 2);
 		if ($this->draft)
 			add_filter('admin_body_class', array(
 				&$this,
 				'draft_class'
 			));
 	}
 	function _getposteddata() {
-
+		$arr ['version'] = system_ver();
-			$arr['version'] = system_ver();
+		$arr ['subject'] = ($_POST ['subject']);
-			$arr['subject'] = ($_POST['subject']);
+		$arr ['content'] = ($_POST ['content']);
 			$arr['content'] = ($_POST['content']);
 		$author = user_get();
-			$arr['author'] = $author['userid'];
+		$arr ['author'] = $author ['userid'];
-			$arr['date'] = !empty($_POST['timestamp'])?$_POST['timestamp']:date_time();
+		$arr ['date'] = !empty($_POST ['timestamp']) ? $_POST ['timestamp'] : date_time();
-			
+		$cats = !empty($_POST ['cats']) ? $_POST ['cats'] : array();
-			$cats = !empty($_POST['cats'])?$_POST['cats']:array();
+		$flags = !empty($_POST ['flags']) ? $_POST ['flags'] : array();
 			$flags = !empty($_POST['flags'])?$_POST['flags']:array();
 		$catids = array_merge(array_keys($flags), array_keys($cats));
-			$this->draft = isset($flags['draft']);
+		$this->draft = isset($flags ['draft']);
 		if ($catids)
-				$arr['categories'] = $catids;
+			$arr ['categories'] = $catids;
 		return $arr;
 	}
 	function onsave($do_preview = false) {
 		$id = $this->id;
 		$data = $this->_getposteddata();
 		if ($this->draft) {
-				$success=draft_save($data, $id, true);
+			$success = draft_save($data, $id, true);
-				$this->smarty->assign('success', $success? 1 : -1 );
+			$this->smarty->assign('success', $success ? 1 : -1);
 		} else {
-				$success=entry_save($data, $id);
+			$success = entry_save($data, $id);
-				$this->smarty->assign('success', is_numeric($success)? $success : 1 );
+			$this->smarty->assign('success', is_numeric($success) ? $success : 1);
 		}
 		// if ($success) sess_remove('entry');
 		if ($do_preview)
 			$this->_makePreview($data);
-			if ($success<0) {
+		if ($success < 0) {
 			$this->main();
 			return PANEL_NOREDIRECT;
 		}
@ -164,21 +167,24 @@
 		return 1;
 	}
 	function onpreview() {
 		global $lang;
 		$this->_makePreview($this->_getposteddata());
 		$this->_getCatsFlags();
-			add_filter('wp_title', array(&$this, 'makePageTitle'), 10, 2);
+		add_filter('wp_title', array(
-			if ($this->draft) add_filter('admin_body_class', array(&$this, 'draft_class'));
+			&$this,
 			'makePageTitle'
 		), 10, 2);
 		if ($this->draft)
 			add_filter('admin_body_class', array(
 				&$this,
 				'draft_class'
 			));
 		return 0;
 	}
 	function onsavecontinue() {
@ -187,16 +193,22 @@
 		$this->_getCatsFlags();
-			add_filter('wp_title', array(&$this, 'makePageTitle'), 10, 2);
+		add_filter('wp_title', array(
-			if ($this->draft) add_filter('admin_body_class', array(&$this, 'draft_class'));
+			&$this,
 			'makePageTitle'
 		), 10, 2);
 		if ($this->draft)
 			add_filter('admin_body_class', array(
 				&$this,
 				'draft_class'
 			));
 	}
 	function onerror() {
 		$this->main();
 		return 0;
 	}
-	}
+}
 ?>
--- a/fp-includes/core/core.users.php
+++ b/fp-includes/core/core.users.php
@ -49,7 +49,8 @@ function user_login($userid, $pwd, $params = null) {
 	if (password_verify($userid . $pwd, $user ['password'])) {
 		$loggedin = true;
 	} //
-	  // for FP instances updated from 1.1 to 1.2: check password the old-fashioned way (with wp_hash() which uses md5)
+	  // If this didn't work, the passwords may have been created with FlatPress 1.1 or earlier.
 	  // So we check the password the old-fashioned way (with wp_hash() which uses md5):
 	elseif (wp_hash($userid . $pwd) == $user ['password']) {
 		$loggedin = true;
@ -110,6 +111,13 @@ function user_loggedin() {
 	return false;
 }
 /**
 * Returns the user information as associative array
 *
 * @param string $userid
 *        	optional: The ID (shortname) of a specific user
 * @return array the user information array
 */
 function user_get($userid = null) {
 	if ($userid == null && ($user = user_loggedin())) {
 		return $user;
--- a/fp-includes/core/core.wp-functions.php
+++ b/fp-includes/core/core.wp-functions.php
@ -1,70 +1,85 @@
 <?php
 /**
 * Returns the given action URL with the current nonce.
 *
 * @param string $actionurl
 *        	the URL
 * @param unknown $action
 * @return string the URL with the nonce
 */
 function wp_nonce_url($actionurl, $action = -1) {
-        return wp_specialchars( $actionurl . '&_wpnonce=' . wp_create_nonce($action) );
+	return wp_specialchars($actionurl . '&_wpnonce=' . wp_create_nonce($action));
 }
 /**
 * Echoes a hidden input field containing the Nonce
 *
 * @param int $action
 */
 function wp_nonce_field($action = -1) {
 	echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
 	wp_referer_field();
 }
 /**
 * Echoes a hidden input field containing the referrer
 */
 function wp_referer_field() {
-        $ref = wp_specialchars($_SERVER['REQUEST_URI']);
+	$ref = wp_specialchars($_SERVER ['REQUEST_URI']);
-        echo '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />';
+	echo '<input type="hidden" name="_wp_http_referer" value="' . $ref . '" />';
-        if ( wp_get_original_referer() ) {
+	if (wp_get_original_referer()) {
 		$original_ref = wp_specialchars(stripslashes(wp_get_original_referer()));
-                echo '<input type="hidden" name="_wp_original_http_referer" value="'. $original_ref . '" />';
+		echo '<input type="hidden" name="_wp_original_http_referer" value="' . $original_ref . '" />';
 	}
 }
 function wp_original_referer_field() {
-        echo '<input type="hidden" name="_wp_original_http_referer" value="' . wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
+	echo '<input type="hidden" name="_wp_original_http_referer" value="' . wp_specialchars(stripslashes($_SERVER ['REQUEST_URI'])) . '" />';
 }
 function wp_get_referer() {
-        foreach ( array(@$_REQUEST['_wp_http_referer'],@$_SERVER['HTTP_REFERER']) as $ref )
+	foreach (array(
-                if ( !empty($ref) )
+		@$_REQUEST ['_wp_http_referer'],
 		@$_SERVER ['HTTP_REFERER']
 	) as $ref)
 		if (!empty($ref))
 			return $ref;
 	return false;
 }
 function wp_get_original_referer() {
-        if ( !empty($_REQUEST['_wp_original_http_referer']) )
+	if (!empty($_REQUEST ['_wp_original_http_referer']))
-                return $_REQUEST['_wp_original_http_referer'];
+		return $_REQUEST ['_wp_original_http_referer'];
 	return false;
 }
 function add_magic_quotes($array) {
 	foreach ($array as $k => $v) {
 		if (is_array($v)) {
-			$array[$k] = add_magic_quotes($v);
+			$array [$k] = add_magic_quotes($v);
 		} else {
-			$array[$k] = addslashes($v);
+			$array [$k] = addslashes($v);
 		}
 	}
 	return $array;
 }
-function wp_remote_fopen( $uri ) {
+function wp_remote_fopen($uri) {
-	if ( ini_get('allow_url_fopen') ) {
+	if (ini_get('allow_url_fopen')) {
-		$fp = fopen( $uri, 'r' );
+		$fp = fopen($uri, 'r');
-		if ( !$fp )
+		if (!$fp)
 			return false;
 		$linea = '';
-		while( $remote_read = fread($fp, 4096) )
+		while ($remote_read = fread($fp, 4096))
 			$linea .= $remote_read;
 		fclose($fp);
 		return $linea;
-	} else if ( function_exists('curl_init') ) {
+	} else if (function_exists('curl_init')) {
 		$handle = curl_init();
-		curl_setopt ($handle, CURLOPT_URL, $uri);
+		curl_setopt($handle, CURLOPT_URL, $uri);
-		curl_setopt ($handle, CURLOPT_CONNECTTIMEOUT, 1);
+		curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 1);
-		curl_setopt ($handle, CURLOPT_RETURNTRANSFER, 1);
+		curl_setopt($handle, CURLOPT_RETURNTRANSFER, 1);
 		$buffer = curl_exec($handle);
 		curl_close($handle);
 		return $buffer;
--- a/fp-includes/core/core.wp-pluggable-funcs.php
+++ b/fp-includes/core/core.wp-pluggable-funcs.php
@ -331,10 +331,12 @@ if (!function_exists('wp_verify_nonce')) :
 		$user = user_get();
 		$uid = $user ['userid'];
-		$i = ceil(time() / 43200);
+		// new nonce each 12 hours
 		$i = ceil(time() / (60 * 60 * 12));
 		// Allow for expanding range, but only do one check if we can
-		if (substr(wp_hash($i . $action . $uid), -12, 10) == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce)
+		$expectedNonce = substr(wp_hash($i . $action . $uid), -12, 10);
 		if ($expectedNonce == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce)
 			return true;
 		return false;
 	}
@ -342,11 +344,20 @@ endif;
 if (!function_exists('wp_create_nonce')) :
 	/**
 	 * Creates and returns the valid nonce.
 	 *
 	 * @param int $action
 	 *        	optional: the action
 	 * @return string the nonce
 	 */
 	function wp_create_nonce($action = -1) {
 		// get the info array of the user currenty logged in
 		$user = user_get();
 		$uid = $user ['userid'];
-		$i = ceil(time() / 43200);
+		// new nonce each 12 hours
 		$i = ceil(time() / (60 * 60 * 12));
 		return substr(wp_hash($i . $action . $uid), -12, 10);
 	}
@ -355,18 +366,20 @@ endif;
 if (!function_exists('wp_salt')) :
 	/**
 	 * Returns a salt for hashing.<br>
 	 * The salt is unique for each FlatPress installation; see <code>fp-content/config/hashsalt.conf.php</code>
 	 *
-	 * @return NULL|unknown
+	 * @return string the salt
 	 * @deprecated as of FlatPress 1.2 - still here only to be able to update pre-1.2 credentials
 	 */
 	function wp_salt() {
 		global $fp_config;
 		static $salt = null;
 		if (!$salt) {
 			// get the salt from the hashsalt file
 			@include (HASHSALT_FILE);
-			if (!$fp_hashsalt)
+			if (!$fp_hashsalt) {
 				trigger_error('Cannot load hash salt: reinstall FlatPress', E_USER_ERROR);
-
+			}
 			$salt = $fp_hashsalt;
 		}
 		return $salt;
@ -376,10 +389,11 @@ endif;
 if (!function_exists('wp_hash')) :
 	/**
 	 * Creates a salted MD5 hash of the given string.
 	 *
-	 * @param unknown $data
+	 * @param string $data
-	 * @return string
+	 *        	the string to hash
-	 * @deprecated as of FlatPress 1.2 - still here only to be able to update pre-1.2 credentials
+	 * @return string the hash
 	 */
 	function wp_hash($data) {
 		$salt = wp_salt();
--- a/fp-includes/core/core.wp-pluggable-funcs_old.php
+++ b/fp-includes/core/core.wp-pluggable-funcs_old.php
@ -1,64 +0,0 @@
 <?php
 	/* These functions can be replaced via plugins.  They are loaded after
 	 plugins are loaded. */
 	function get_settings() {
 	}
 	function wp_filter_kses($str) {
 		return $str;
 	}
 	//----------------------------------------------------------------------------
 	// WordPress pluggable functions
 	//----------------------------------------------------------------------------
 	/*
 	get_currentuserinfo()
 		Grabs the information of the current logged in user, if there is one. Essentially a
 		wrapper for get_userdata(), but it also stores information in global variables.
 	get_userdata($userid)
 		Pulls user information for the specified user from the database.
 	get_userdatabylogin($user_login)
 		Pulls user information for the specified user from the database.
 	wp_mail($to, $subject, $message, $headers = '')
 		A convenient wrapper for PHP's mail function.
 	wp_login($username, $password, $already_md5 = false)
 		Returns true if the specified username and password correspond to a registered
 		user.
 	auth_redirect()
 		If a user is not logged in, he or she will be redirected to WordPress' login page before
 		being allowed to access content on the page from which this function was called.
 		Upon sucessfully logging in, the user is sent back to the page in question.
 	wp_redirect($location)
 		Redirects a browser to the absolute URI specified by the $location parameter.
 	wp_setcookie($username, $password, $already_md5 = false, $home =
 		'', $siteurl = '')
 		Sets the WordPress cookies for a logged in user. See WordPress Cookies.
 	wp_clearcookie()
 		Clears the cookies for a logged in user. See WordPress Cookies.
 	wp_notify_postauthor($comment_id, $comment_type='')
 		Emails the author of the comment's post the content of the comment specified.
 	wp_notify_moderator($comment_id)
 		Informs the administrative email account that the comment specified needs to be
 		moderated. See General Options SubPanel.
 	*/
 if ( !function_exists('wp_mail') ) :
 function wp_mail($to, $subject, $message, $headers = '') {
 	if( $headers == '' ) {
 		$headers = "MIME-Version: 1.0\n" .
 			"From: " . get_settings('admin_email') . "\n" . 
 			"Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
 	}
 	return @mail($to, $subject, $message, $headers);
 }
 endif;
 ?>
--- a/fp-interface/lang/cs-cz/lang.comments.php
+++ b/fp-interface/lang/cs-cz/lang.comments.php
@ -11,4 +11,6 @@ S pozdravem %blogtitle%
 ';
 $lang ['comments'] ['newcomment'] = 'Nový komentář k';
 ?>
--- a/fp-interface/lang/el-gr/lang.comments.php
+++ b/fp-interface/lang/el-gr/lang.comments.php
@ -16,4 +16,6 @@ $lang ['comments'] ['mail'] = 'Αγαπητέ/η %toname%,
 ';
 $lang ['comments'] ['newcomment'] = 'νέο σχόλιο στο';
 ?>
--- a/fp-interface/lang/es-es/lang.comments.php
+++ b/fp-interface/lang/es-es/lang.comments.php
@ -16,4 +16,6 @@ Todo lo mejor,
 ';
 $lang ['comments'] ['newcomment'] = 'Nuevo comentario sobre';
 ?>
--- a/fp-interface/lang/fr-fr/lang.comments.php
+++ b/fp-interface/lang/fr-fr/lang.comments.php
@ -16,4 +16,6 @@ Cordialement,
 ';
 $lang ['comments'] ['newcomment'] = 'Nouveau commentaire sur';
 ?>
--- a/fp-interface/lang/it-it/lang.comments.php
+++ b/fp-interface/lang/it-it/lang.comments.php
@ -16,4 +16,6 @@ Saluti,
 ';
 $lang ['comments'] ['newcomment'] = 'Nuovo commento su';
 ?>
--- a/fp-interface/lang/ja-jp/lang.comments.php
+++ b/fp-interface/lang/ja-jp/lang.comments.php
@ -19,4 +19,6 @@ $lang ['comments'] ['mail'] = '%toname% さま,
 ';
 $lang ['comments'] ['newcomment'] = 'の新しいコメント';
 ?>
--- a/fp-interface/lang/nl-nl/lang.comments.php
+++ b/fp-interface/lang/nl-nl/lang.comments.php
@ -16,4 +16,6 @@ Groeten,
 ';
 $lang ['comments'] ['newcomment'] = 'Nieuw commentaar op';
 ?>
--- a/fp-interface/lang/pt-br/lang.comments.php
+++ b/fp-interface/lang/pt-br/lang.comments.php
@ -17,4 +17,6 @@ Um abraço,
 ';
 $lang ['comments'] ['newcomment'] = 'Novo comentário em';
 ?>
--- a/fp-plugins/mediamanager/panels/panel.mediamanager.file.php
+++ b/fp-plugins/mediamanager/panels/panel.mediamanager.file.php
@ -74,8 +74,13 @@ class admin_uploader_mediamanager extends AdminPanelAction {
 	}
 	function doItemActions($folder, $mmbaseurl) {
 		/* delete file */
 		if (isset($_GET ['deletefile'])) {
 			// at first: check if nonce was given correctly
 			check_admin_referer('mediamanager_deletefile');
 			// now get the file to be deleted
 			list ($type, $name) = explode("-", $_GET ['deletefile'], 2);
 			// prevent path traversal: remove ".." and "/" resp. "\"
 			$name = preg_replace('(\.\.|\/|\\\\)', '', $name);
--- a/fp-plugins/mediamanager/tpls/admin.plugin.mediamanager.files.tpl
+++ b/fp-plugins/mediamanager/tpls/admin.plugin.mediamanager.files.tpl
@ -43,7 +43,7 @@
 			<td>{$v.size}</td>
 			<td>{$v.mtime}</td>
 			<td>
-				<a class="link-delete" href="{$mmbaseurl}&deletefile={$v.type}-{$v.name}">{$plang.delete}</a>
+				<a class="link-delete" href="{wp_nonce_url("{$mmbaseurl}&deletefile={$v.type}-{$v.name}", 'mediamanager_deletefile')}">{$plang.delete}</a>
 			</td>
 		</tr>
 	{/foreach}
@ -70,7 +70,7 @@
 			<td>{$v.size}</td>
 			<td>{$v.mtime}</td>
 			<td>
-				<a class="link-delete" href="{$mmbaseurl}&deletefile={$v.type}-{$v.name}">{$plang.delete}</a>
+				<a class="link-delete" href="{wp_nonce_url("{$mmbaseurl}&deletefile={$v.type}-{$v.name}", 'mediamanager_deletefile')}">{$plang.delete}</a>
 			</td>
 		</tr>
 	{/foreach}
--- a/index.php
+++ b/index.php
@ -10,7 +10,7 @@ if (!file_exists(CONFIG_FILE))
 /* local function defines follow */
 function index_permatitle($val, $sep) {
 	global $fpdb;
-	$q = & $fpdb->getQuery();
+	$q = &$fpdb->getQuery();
 	list ($id, $e) = @$q->peekEntry();
 	if ($e)
 		return "{$e['subject']} {$sep} $val ";
@ -126,12 +126,12 @@ function index_main() {
 	$module = 'index.tpl';
 	$can404 = true;
-	if (!empty($fp_params ['entry'])) {
+	// register all Smarty modifier functions used by the templates
 	$smarty->registerPlugin('modifier', 'wp_specialchars', 'wp_specialchars');
 	if (!empty($fp_params ['entry'])) {
 		index_singlepost($params, $module);
-	} elseif (
+	} elseif (($explicit_req = $page = @$fp_params ['page']) || (empty($fp_params) && $page = @$fp_config ['general'] ['startpage'])) {
 	($explicit_req = $page = @$fp_params ['page']) || (empty($fp_params) && $page = @$fp_config ['general'] ['startpage'])) 
 	{
 		index_staticpage($page, $explicit_req, $params, $module);
 		return $module;
@ -163,7 +163,7 @@ function index_main() {
 	$fpdb->query($params);
-	$q = & $fpdb->getQuery();
+	$q = &$fpdb->getQuery();
 	list ($id, $e) = $q->peekEntry();
 	/* no entry found : 404 */