Index: branches/2.8.x/CHANGELOG =================================================================== --- branches/2.8.x/CHANGELOG (revision 1486) +++ branches/2.8.x/CHANGELOG (revision 1487) @@ -12,6 +12,9 @@ =============================== FEATURES FREEZE ================================ ----------------------------------- Fixes 2.8.2 -------------------------------- +10 Aug-2011 Build 1487 Werner v.d.Decken(DarkViper) +# class.order completely recoded to reduce SQL requests +# all other files: fix SQL-statements to SQL-strict 08 Aug-2011 Build 1486 Werner v.d.Decken(DarkViper) # database::field_modify() there was a bug to fix # all other files: fix SQL-statements to SQL-strict Index: branches/2.8.x/wb/admin/interface/version.php =================================================================== --- branches/2.8.x/wb/admin/interface/version.php (revision 1486) +++ branches/2.8.x/wb/admin/interface/version.php (revision 1487) @@ -52,4 +52,4 @@ // check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) if(!defined('VERSION')) define('VERSION', '2.8.2'); -if(!defined('REVISION')) define('REVISION', '1486'); +if(!defined('REVISION')) define('REVISION', '1487'); Index: branches/2.8.x/wb/framework/initialize.php =================================================================== --- branches/2.8.x/wb/framework/initialize.php (revision 1486) +++ branches/2.8.x/wb/framework/initialize.php (revision 1487) @@ -16,8 +16,14 @@ * */ -// Must include code to stop this file being access directly -if(defined('WB_PATH') == false) { die("Cannot access this file directly"); } +//require_once(dirname(__FILE__).'/globalExceptionHandler.php'); +//// Must include code to stop this file being access directly +//if(!defined('WB_PATH')) { throw new Exception('Illegaler Aufruf!'); } + +require_once('globalExceptionHandler.php'); +if(!defined('WB_PATH')) { throw new IllegalFileException(); } +//if(defined('WB_PATH') == false) { die("Cannot access this file directly"); } + //set_include_path(get_include_path() . PATH_SEPARATOR . WB_PATH); if (file_exists(WB_PATH.'/framework/class.database.php')) { Index: branches/2.8.x/wb/framework/class.wb.php =================================================================== --- branches/2.8.x/wb/framework/class.wb.php (revision 1486) +++ branches/2.8.x/wb/framework/class.wb.php (revision 1487) @@ -138,13 +138,15 @@ $has_active_sections = false; $page_id = $page['page_id']; $now = time(); - $query_sections = $database->query("SELECT publ_start,publ_end FROM ".TABLE_PREFIX."sections WHERE page_id = '$page_id'"); - if($query_sections->numRows() != 0) - { - while($section = $query_sections->fetchRow()) - { - if($now<$section['publ_end'] && ($now>$section['publ_start'] || $section['publ_start']==0) || $now>$section['publ_start'] && $section['publ_end']==0) - { + $sql = 'SELECT `publ_start`, `publ_end` '; + $sql .= 'FROM `'.TABLE_PREFIX.'sections` WHERE `page_id`='.(int)$page_id; + $query_sections = $database->query($sql); + if($query_sections->numRows() != 0) { + while($section = $query_sections->fetchRow()) { + if( $now<$section['publ_end'] && + ($now>$section['publ_start'] || $section['publ_start']==0) || + $now>$section['publ_start'] && $section['publ_end']==0) + { $has_active_sections = true; break; } @@ -156,31 +158,24 @@ // Check whether we should show a page or not (for front-end) function show_page($page) { - if($this->page_is_visible($page) && $this->page_is_active($page)) - { - return true; - } else { - return false; - } + $retval = ($this->page_is_visible($page) && $this->page_is_active($page)); + return $retval; } // Check if the user is already authenticated or not function is_authenticated() { - if(isset($_SESSION['USER_ID']) AND $_SESSION['USER_ID'] != "" AND is_numeric($_SESSION['USER_ID'])) - { - return true; - } else { - return false; - } + $retval = ( isset($_SESSION['USER_ID']) AND + $_SESSION['USER_ID'] != "" AND + is_numeric($_SESSION['USER_ID'])); + return $retval; } // Modified addslashes function which takes into account magic_quotes function add_slashes($input) { - if ( get_magic_quotes_gpc() || ( !is_string($input) ) ) { + if( get_magic_quotes_gpc() || (!is_string($input)) ) { return $input; } - $output = addslashes($input); - return $output; + return addslashes($input); } // Ditto for stripslashes @@ -191,8 +186,7 @@ if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) { return $input; } - $output = stripslashes($input); - return $output; + return stripslashes($input); } // Escape backslashes for use with mySQL LIKE strings @@ -211,11 +205,7 @@ // Get POST data function get_post($field) { - if(isset($_POST[$field])) { - return $_POST[$field]; - } else { - return null; - } + return (isset($_POST[$field]) ? $_POST[$field] : null); } // Get POST data and escape it @@ -226,29 +216,17 @@ // Get GET data function get_get($field) { - if(isset($_GET[$field])) { - return $_GET[$field]; - } else { - return null; - } + return (isset($_GET[$field]) ? $_GET[$field] : null); } // Get SESSION data function get_session($field) { - if(isset($_SESSION[$field])) { - return $_SESSION[$field]; - } else { - return null; - } + return (isset($_SESSION[$field]) ? $_SESSION[$field] : null); } // Get SERVER data function get_server($field) { - if(isset($_SERVER[$field])) { - return $_SERVER[$field]; - } else { - return null; - } + return (isset($_SERVER[$field]) ? $_SERVER[$field] : null); } // Get the current users id @@ -298,11 +276,7 @@ // Get the current users timezone function get_timezone() { - if(!isset($_SESSION['USE_DEFAULT_TIMEZONE'])) { - return $_SESSION['TIMEZONE']; - } else { - return '-72000'; - } + return (isset($_SESSION['USE_DEFAULT_TIMEZONE']) ? '-72000' : $_SESSION['TIMEZONE']); } // Validate supplied email address @@ -425,15 +399,15 @@ // Validate send email function mail($fromaddress, $toaddress, $subject, $message, $fromname='') { - /* - INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE - SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION - NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer) +/* + INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE + SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION + NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer) - NOTE: - To use SMTP for sending out mails, you have to specify the SMTP host of your domain - via the Settings panel in the backend of Website Baker - */ + NOTE: + To use SMTP for sending out mails, you have to specify the SMTP host of your domain + via the Settings panel in the backend of Website Baker +*/ $fromaddress = preg_replace('/[\r\n]/', '', $fromaddress); $toaddress = preg_replace('/[\r\n]/', '', $toaddress); @@ -443,20 +417,17 @@ // create PHPMailer object and define default settings $myMail = new wbmailer(); - // set user defined from address if ($fromaddress!='') { - if($fromname!='') $myMail->FromName = $fromname; // FROM-NAME - $myMail->From = $fromaddress; // FROM: - $myMail->AddReplyTo($fromaddress); // REPLY TO: + if($fromname!='') $myMail->FromName = $fromname; // FROM-NAME + $myMail->From = $fromaddress; // FROM: + $myMail->AddReplyTo($fromaddress); // REPLY TO: } - // define recepient and information to send out - $myMail->AddAddress($toaddress); // TO: - $myMail->Subject = $subject; // SUBJECT - $myMail->Body = nl2br($message); // CONTENT (HTML) - $myMail->AltBody = strip_tags($message); // CONTENT (TEXT) - + $myMail->AddAddress($toaddress); // TO: + $myMail->Subject = $subject; // SUBJECT + $myMail->Body = nl2br($message); // CONTENT (HTML) + $myMail->AltBody = strip_tags($message); // CONTENT (TEXT) // check if there are any send mail errors, otherwise say successful if (!$myMail->Send()) { return false; Index: branches/2.8.x/wb/framework/class.order.php =================================================================== --- branches/2.8.x/wb/framework/class.order.php (revision 1486) +++ branches/2.8.x/wb/framework/class.order.php (revision 1487) @@ -1,153 +1,138 @@ - Copyright (C) 2004-2009, Ryan Djurovich + private $_Table = ''; + private $_FieldOrder = ''; + private $_FieldId = ''; + private $_FieldGroup = ''; + private $_DB = null; - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - -/* - -Ordering class - -This class will be used to change the order of an item in a table -which contains a special order field (type must be integer) - -*/ - -// Must include code to stop this file being access directly -if(defined('WB_PATH') == false) { die("Cannot access this file directly"); } - -define('ORDERING_CLASS_LOADED', true); - -// Load the other required class files if they are not already loaded -require_once(WB_PATH."/framework/class.database.php"); - -class order { - - // Get the db values - function order($table, $order_field, $id_field = 'id', $common_field) { - $this->table = $table; - $this->order_field = $order_field; - $this->id_field = $id_field; - $this->common_field = $common_field; + /** + * Constructor + * @param string $Table + * @param string $FieldOrder + * @param string $FieldId + * @param string $FieldGroup + * use $GLOBALS['database'] + */ + public function __construct($Table, $FieldOrder, $FieldId, $FieldGroup) { + $this->_DB = $GLOBALS['database']; + $this->_Table = $Table; + $this->_FieldOrder = $FieldOrder; + $this->_FieldId = $FieldId; + $this->_FieldGroup = $FieldGroup; } - - // Move a row up - function move_up($id) { - global $database; - // Get current order - $query_order = "SELECT ".$this->order_field.",".$this->common_field." FROM ".$this->table." WHERE ".$this->id_field." = '$id'"; - $get_order = $database->query($query_order); - $fetch_order = $get_order->fetchRow(); - $order = $fetch_order[$this->order_field]; - $parent = $fetch_order[$this->common_field]; - // Find out what row is before current one - $query_previous = "SELECT ".$this->id_field.",".$this->order_field." FROM ".$this->table." WHERE ".$this->order_field." < '$order' AND ".$this->common_field." = '$parent' ORDER BY ".$this->order_field." DESC LIMIT 1"; - $get_previous = $database->query($query_previous); - if($get_previous->numRows() > 0) { - // Change the previous row to the current order - $fetch_previous = $get_previous->fetchRow(); - $previous_id = $fetch_previous[$this->id_field]; - $decremented_order = $fetch_previous[$this->order_field]; - $query = "UPDATE ".$this->table." SET ".$this->order_field." = '$order' WHERE ".$this->id_field." = '$previous_id' LIMIT 1"; - $database->query($query); - // Change the row we want to the decremented order - $query = "UPDATE ".$this->table." SET ".$this->order_field." = '$decremented_order' WHERE ".$this->id_field." = '$id' LIMIT 1"; - $database->query($query); - - if($database->is_error()) { - return false; - } else { - return true; + /** + * + * @param string|int $id + * @param int $direction + * @return bool + */ + public function move($id, $direction = self::MOVE_UP) + { + $retval = false; + $sql = 'SELECT `'.$this->_FieldOrder.'` `order`, `'.$this->_FieldGroup.'` `group` '; + $sql .= 'FROM `'.$this->_Table.'` WHERE `'.$this->_FieldId.'`=\''.$id.'\''; + if(($res1 = $this->_DB->query($sql))) { + if(($rec1 = $res1->fetchRow())) { + $sql = 'SELECT `'.$this->_FieldId.'` `id`, `'.$this->_FieldOrder.'` `order` '; + $sql .= 'FROM `'.$this->_Table.'` '; + $sql .= 'WHERE `'.$this->_FieldGroup.'`=\''.$rec1['group'].'\' '; + if($direction == self::MOVE_UP) { + $sql .= 'AND `'.$this->_FieldOrder.'`>\''.$rec1['order'].'\' '; + $sql .= 'ORDER BY `'.$this->_FieldOrder.'` ASC'; + }else { + $sql .= 'AND `'.$this->_FieldOrder.'`<\''.$rec1['order'].'\' '; + $sql .= 'ORDER BY `'.$this->_FieldOrder.'` DESC'; + } + if(($res2 = $this->_DB->query($sql))) { + if(($rec2 = $res2->fetchRow())) { + $sql = 'UPDATE `'.$this->_Table.'` '; + $sql .= 'SET `'.$this->_FieldOrder.'`=\''.$rec1['order'].'\' '; + $sql .= 'WHERE `'.$this->_FieldId.'`=\''.$rec2['id'].'\''; + if($this->_DB->query($sql)) { + $sql = 'UPDATE `'.$this->_Table.'` '; + $sql .= 'SET `'.$this->_FieldOrder.'`=\''.$rec2['order'].'\' '; + $sql .= 'WHERE `'.$this->_FieldId.'`=\''.$id.'\''; + $retval = $this->_DB->query($sql); + } + } + } } - } else { - return false; } + return $retval; } - // Move a row up - function move_down($id) { - global $database; + + /** + * Move a row up + * @param string|int $id + * @return bool + */ + public function move_up($id) { // Get current order - $query_order = "SELECT ".$this->order_field.",".$this->common_field." FROM ".$this->table." WHERE ".$this->id_field." = '$id'"; - $get_order = $database->query($query_order); - $fetch_order = $get_order->fetchRow(); - $order = $fetch_order[$this->order_field]; - $parent = $fetch_order[$this->common_field]; - // Find out what row is before current one - $query_next = "SELECT $this->id_field,".$this->order_field." FROM ".$this->table." WHERE ".$this->order_field." > '$order' AND ".$this->common_field." = '$parent' ORDER BY ".$this->order_field." ASC LIMIT 1"; - $get_next = $database->query($query_next); - if($get_next->numRows() > 0) { - // Change the previous row to the current order - $fetch_next = $get_next->fetchRow(); - $next_id = $fetch_next[$this->id_field]; - $incremented_order = $fetch_next[$this->order_field]; - $query = "UPDATE ".$this->table." SET ".$this->order_field." = '$order' WHERE ".$this->id_field." = '$next_id' LIMIT 1"; - $database->query($query); - // Change the row we want to the decremented order - $query = "UPDATE ".$this->table." SET ".$this->order_field." = '$incremented_order' WHERE ".$this->id_field." = '$id' LIMIT 1"; - $database->query($query); - if($database->is_error()) { - return false; - } else { - return true; - } - } else { - return false; - } + return $this->move($id, self::MOVE_UP); } + + /** + * Move a row down + * @param string|int $id + * @return bool + */ + public function move_down($id) { + // Get current order + return $this->move($id, self::MOVE_DOWN); + } - // Get new number for order - function get_new($cf_value) { - global $database; - // $database = new database(); + /** + * Get next free number for order + * @param string|int $group + * @return integer + */ + public function get_new($group) { // Get last order - $query_last = "SELECT ".$this->order_field." FROM ".$this->table." WHERE ".$this->common_field." = '$cf_value' ORDER BY ".$this->order_field." DESC LIMIT 1"; - $get_last = $database->query($query_last); - if($get_last->numRows() > 0) { - $fetch_last = $get_last->fetchRow(); - $last_order = $fetch_last[$this->order_field]; - return $last_order+1; - } else { - return 1; - } + $sql = 'SELECT MAX(`'.$this->_FieldOrder.'`) FROM `'.$this->_Table.'` '; + $sql .= 'WHERE `'.$this->_FieldGroup.'`=\''.$group.'\' '; + $max = intval($this->_DB->get_one($sql)) + 1; + return $max; } - // Clean ordering (should be called if a row in the middle has been deleted) - function clean($cf_value) { - global $database; + /** + * Renumbering a group from 1 to n (should be called if a row in the middle has been deleted) + * @param string|int $group + * @return bool + */ + public function clean($group) { // Loop through all records and give new order - $query_all = "SELECT * FROM ".$this->table." WHERE ".$this->common_field." = '$cf_value' ORDER BY ".$this->order_field." ASC"; - $get_all = $database->query($query_all); - if($get_all->numRows() > 0) { - $count = 1; - while($row = $get_all->fetchRow()) { - // Update row with new order - $database->query("UPDATE ".$this->table." SET ".$this->order_field." = '$count' WHERE ".$this->id_field." = '".$row[$this->id_field]."'"); - $count = $count+1; - } - } else { - return true; - } + $sql = 'SET @c := 0; '; + $sql .= 'UPDATE `'.$this->_Table.'` SET `'.$this->_FieldOrder.'`=( SELECT @c := @c + 1 ) '; + $sql .= 'WHERE `'.$this->_FieldGroup.'`=\''.$group.'\' '; + $sql .= 'ORDER BY `'.$this->_FieldOrder.'` ASC;'; + return $this->_DB->query($sql); } -} - -?> \ No newline at end of file +} // end of class Property changes on: branches/2.8.x/wb/framework/class.order.php ___________________________________________________________________ Modified: svn:keywords ## -1 +1,4 ## -Date Revision Id HeadURL \ No newline at end of property +Id +Revision +HeadURL +Date \ No newline at end of property Index: branches/2.8.x/wb/framework/frontend.functions.php =================================================================== --- branches/2.8.x/wb/framework/frontend.functions.php (revision 1486) +++ branches/2.8.x/wb/framework/frontend.functions.php (revision 1487) @@ -19,68 +19,72 @@ // Must include code to stop this file being access directly if(defined('WB_PATH') == false) { die("Cannot access this file directly"); } -// references to objects and variables that changed their names - -$admin = &$wb; - -$default_link=&$wb->default_link; - -$page_trail=&$wb->page_trail; -$page_description=&$wb->page_description; -$page_keywords=&$wb->page_keywords; -$page_link=&$wb->link; - +// compatibility mode for versions before 2.8.1 + $admin = $wb; + $default_link = $wb->default_link; + $page_trail = $wb->page_trail; + $page_description = $wb->page_description; + $page_keywords = $wb->page_keywords; + $page_link = $wb->link; +// ---------- // // extra_sql is not used anymore - this is basically a register_globals exploit prevention... -$extra_sql=&$wb->extra_sql; -$extra_where_sql=&$wb->extra_where_sql; + $extra_sql = $wb->extra_sql; + $extra_where_sql = $wb->extra_where_sql; +// ---------- // + $include_head_link_css = ''; + $include_body_links = ''; + $include_head_links = ''; -$include_head_link_css = ''; -$include_body_links = ''; -$include_head_links = ''; // workout to included frontend.css, fronten.js and frontend_body.js in snippets -$query="SELECT directory FROM ".TABLE_PREFIX."addons WHERE type = 'module' AND function = 'snippet'"; -$query_result=$database->query($query); -if ($query_result->numRows()>0) { - while ($row = $query_result->fetchRow()) { - $module_dir = $row['directory']; - if (file_exists(WB_PATH.'/modules/'.$module_dir.'/include.php')) { - include(WB_PATH.'/modules/'.$module_dir.'/include.php'); - /* check if frontend.css file needs to be included into the of index.php - */ - if( file_exists(WB_PATH .'/modules/'.$module_dir.'/frontend.css')) { - $include_head_link_css .= 'query($sql))) { + while($recSnippet = $resSnippets->fetchRow()) { + $module_dir = $recSnippet['directory']; + if (file_exists(WB_PATH.'/modules/'.$module_dir.'/include.php')) { + include(WB_PATH.'/modules/'.$module_dir.'/include.php'); + // check if frontend.css file needs to be included into the of index.php + if( file_exists(WB_PATH .'/modules/'.$module_dir.'/frontend.css')) { + $include_head_link_css .= ' of index.php - if(file_exists(WB_PATH .'/modules/'.$module_dir.'/frontend.js')) { - $include_head_links .= ''."\n"; - $include_head_file = 'frontend.js'; - } + if(file_exists(WB_PATH .'/modules/'.$module_dir.'/frontend.js')) { + $include_head_links .= ''."\n"; + $include_head_file = 'frontend.js'; + } // check if frontend_body.js file needs to be included into the of index.php - if(file_exists(WB_PATH .'/modules/'.$module_dir.'/frontend_body.js')) { - $include_body_links .= ''."\n"; - $include_body_file = 'frontend_body.js'; + if(file_exists(WB_PATH .'/modules/'.$module_dir.'/frontend_body.js')) { + $include_body_links .= ''."\n"; + $include_body_file = 'frontend_body.js'; + } } } } -} // Frontend functions -if (!function_exists('page_link')) -{ +if(!function_exists('page_link')) { + /** + * generate full qualified URL from relative link based on pages_dir + * @param string $link + * @return string + */ function page_link($link) { - global $wb; - return $wb->page_link($link); + return $GLOBALS['wb']->page_link($link); } } -if (!function_exists('get_page_link')) -{ - function get_page_link( $id ) +if (!function_exists('get_page_link')) { + /** + * get relative link from database based on pages_dir + * @global $database + * @param $id + * @return + */ + function get_page_link( $id ) { global $database; - // Get link $sql = 'SELECT `link` FROM `'.TABLE_PREFIX.'pages` WHERE `page_id` = '.$id; $link = $database->get_one( $sql ); return $link; @@ -89,45 +93,66 @@ //function to highlight search results if(!function_exists('search_highlight')) { -function search_highlight($foo='', $arr_string=array()) { - require_once(WB_PATH.'/framework/functions.php'); - static $string_ul_umlaut = FALSE; - static $string_ul_regex = FALSE; - if($string_ul_umlaut===FALSE || $string_ul_regex===FALSE) - require(WB_PATH.'/search/search_convert.php'); - $foo = entities_to_umlauts($foo, 'UTF-8'); - array_walk($arr_string, create_function('&$v,$k','$v = preg_quote($v, \'~\');')); - $search_string = implode("|", $arr_string); - $string = str_replace($string_ul_umlaut, $string_ul_regex, $search_string); - // the highlighting - // match $string, but not inside , , or HTML-Tags - // Also droplet tags are now excluded from highlighting. - // split $string into pieces - "cut away" styles, scripts, comments, HTML-tags and eMail-addresses - // we have to cut 
 and  as well.
-	// for HTML-Tags use <(?:[^<]|<.*>)*> which will match strings like 
-	$matches = preg_split("~(\[\[.*\]\]||||||<(?:[^<]|<.*>)*>|\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,8}\b)~iUs",$foo,-1,(PREG_SPLIT_DELIM_CAPTURE|PREG_SPLIT_NO_EMPTY));
-	if(is_array($matches) && $matches != array()) {
-		$foo = "";
-		foreach($matches as $match) {
-			if($match{0}!="<" && !preg_match('/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,8}$/i', $match) && !preg_match('~\[\[.*\]\]~', $match)) {
-				$match = str_replace(array('<', '>', '&', '"', ''', ' '), array('<', '>', '&', '"', '\'', "\xC2\xA0"), $match);
-				$match = preg_replace('~('.$string.')~ui', '_span class=_highlight__$1_/span_',$match);
-				$match = str_replace(array('&', '<', '>', '"', '\'', "\xC2\xA0"), array('&', '<', '>', '"', ''', ' '), $match);
-				$match = str_replace(array('_span class=_highlight__', '_/span_'), array('', ''), $match);
+	/**
+	 *
+	 * @staticvar boolean $string_ul_umlaut
+	 * @staticvar boolean $string_ul_regex
+	 * @param string $foo
+	 * @param array $arr_string
+	 * @return string
+	 */
+	function search_highlight($foo='', $arr_string=array()) {
+		require_once(WB_PATH.'/framework/functions.php');
+		static $string_ul_umlaut = FALSE;
+		static $string_ul_regex = FALSE;
+		if($string_ul_umlaut === FALSE || $string_ul_regex === FALSE) {
+			require(WB_PATH.'/search/search_convert.php');
+		}
+		$foo = entities_to_umlauts($foo, 'UTF-8');
+		array_walk($arr_string, create_function('&$v,$k','$v = preg_quote($v, \'~\');'));
+		$search_string = implode("|", $arr_string);
+		$string = str_replace($string_ul_umlaut, $string_ul_regex, $search_string);
+		// the highlighting
+		// match $string, but not inside , ,  or HTML-Tags
+		// Also droplet tags are now excluded from highlighting.
+		// split $string into pieces - "cut away" styles, scripts, comments, HTML-tags and eMail-addresses
+		// we have to cut 
 and  as well.
+		// for HTML-Tags use <(?:[^<]|<.*>)*> which will match strings like 
+		$matches = preg_split("~(\[\[.*\]\]||||||<(?:[^<]|<.*>)*>|\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,8}\b)~iUs",$foo,-1,(PREG_SPLIT_DELIM_CAPTURE|PREG_SPLIT_NO_EMPTY));
+		if(is_array($matches) && $matches != array()) {
+			$foo = "";
+			foreach($matches as $match) {
+				if($match{0}!="<" && !preg_match('/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,8}$/i', $match) && !preg_match('~\[\[.*\]\]~', $match)) {
+					$match = str_replace(array('<', '>', '&', '"', ''', ' '), array('<', '>', '&', '"', '\'', "\xC2\xA0"), $match);
+					$match = preg_replace('~('.$string.')~ui', '_span class=_highlight__$1_/span_',$match);
+					$match = str_replace(array('&', '<', '>', '"', '\'', "\xC2\xA0"), array('&', '<', '>', '"', ''', ' '), $match);
+					$match = str_replace(array('_span class=_highlight__', '_/span_'), array('', ''), $match);
+				}
+				$foo .= $match;
 			}
-			$foo .= $match;
 		}
-	}
 
-	if(DEFAULT_CHARSET != 'utf-8') {
-		$foo = umlauts_to_entities($foo, 'UTF-8');
+		if(DEFAULT_CHARSET != 'utf-8') {
+			$foo = umlauts_to_entities($foo, 'UTF-8');
+		}
+		return $foo;
 	}
-	return $foo;
 }
-}
 
-// Old menu call invokes new menu function
 if (!function_exists('page_menu')) {
+	/**
+	 * Old menu generator
+	 * @deprecated from WB 2.9.x and up
+	 * @global  $wb
+	 * @param  $parent
+	 * @param  $menu_number
+	 * @param  $item_template
+	 * @param  $menu_header
+	 * @param  $menu_footer
+	 * @param  $default_class
+	 * @param  $current_class
+	 * @param  $recurse
+	 */
 	function page_menu($parent = 0, $menu_number = 1, $item_template = '[a] [menu_title] [/a]', $menu_header = '
    ', $menu_footer = '
', $default_class = ' class="menu_default"', $current_class = ' class="menu_current"', $recurse = LEVEL) {
 		global $wb;
 		$wb->menu_number=$menu_number;
@@ -155,6 +180,22 @@
 }
 
 if (!function_exists('show_menu')) {
+	/**
+	 * Old menu generator
+	 * @deprecated from WB 2.9.x and up
+	 * @global  $wb
+	 * @param  $menu_number
+	 * @param  $start_level
+	 * @param  $recurse
+	 * @param  $collapse
+	 * @param  $item_template
+	 * @param  $item_footer
+	 * @param  $menu_header
+	 * @param  $menu_footer
+	 * @param  $default_class
+	 * @param  $current_class
+	 * @param  $parent
+	 */
 	function show_menu($menu_number = NULL, $start_level=NULL, $recurse = NULL, $collapse = NULL, $item_template = NULL, $item_footer = NULL, $menu_header = NULL, $menu_footer = NULL, $default_class = NULL, $current_class = NULL, $parent = NULL) {
 		global $wb;
 		if (isset($menu_number))
@@ -187,6 +228,19 @@
 }
 
 if (!function_exists('page_content')) {
+	/**
+	 *
+	 * @global array $TEXT
+	 * @global array $MENU
+	 * @global array $HEADING
+	 * @global array $MESSAGE
+	 * @global array $globals several global vars
+	 * @global datadase $database
+	 * @global wb $wb
+	 * @global string $global_name
+	 * @param int $block
+	 * @return void
+	 */
 	function page_content($block = 1) {
 		// Get outside objects
 		global $TEXT,$MENU,$HEADING,$MESSAGE;
@@ -193,26 +247,22 @@
 		global $globals;
 		global $database;
 		global $wb;
-		$admin = & $wb;
-		if ($wb->page_access_denied==true)
-        {
+		$admin = $wb;
+		if ($wb->page_access_denied==true) {
 	        echo $MESSAGE['FRONTEND']['SORRY_NO_VIEWING_PERMISSIONS'];
 			return;
 		}
-		if ($wb->page_no_active_sections==true)
-        {
+		if ($wb->page_no_active_sections==true) {
 	        echo $MESSAGE['FRONTEND']['SORRY_NO_ACTIVE_SECTIONS'];
 			return;
 		}
-		if(isset($globals) AND is_array($globals))
-        {
-            foreach($globals AS $global_name)
-            {
+		if(isset($globals) AND is_array($globals)) {
+            foreach($globals AS $global_name) {
                 global $$global_name;
-                }
+			}
         }
 		// Make sure block is numeric
-		if(!is_numeric($block)) { $block = 1; }
+		if( ($block = intval($block)) == 0 ) { $block = 1; }
 		// Include page content
 		if(!defined('PAGE_CONTENT') OR $block!=1)
         {
@@ -224,24 +274,27 @@
             {
             $_SESSION['PAGE_ID'] = $page_id;
             }
-
-			// First get all sections for this page
-			$query_sections = $database->query("SELECT section_id,module,publ_start,publ_end FROM ".TABLE_PREFIX."sections WHERE page_id = '".$page_id."' AND block = '$block' ORDER BY position");
-			// If none were found, check if default content is supposed to be shown
+		// First get all sections for this page
+			$sql  = 'SELECT `section_id`, `module`, `publ_start`, `publ_end` ';
+			$sql .= 'FROM `'.TABLE_PREFIX.'sections` ';
+			$sql .= 'WHERE `page_id`='.$page_id.' AND `block`='.$block.' ';
+			$sql .= 'ORDER BY `position`';
+			if( !($query_sections = $database->query($sql)) ) { return; }
+		// If none were found, check if default content is supposed to be shown
 			if($query_sections->numRows() == 0) {
-				if ($wb->default_block_content=='none') {
-					return;
-				}
+				if($wb->default_block_content == 'none') { return; }
 				if (is_numeric($wb->default_block_content)) {
-					$page_id=$wb->default_block_content;
+					$page_id = $wb->default_block_content;
 				} else {
-					$page_id=$wb->default_page_id;
+					$page_id = $wb->default_page_id;
 				}				
-				$query_sections = $database->query("SELECT section_id,module,publ_start,publ_end FROM ".TABLE_PREFIX."sections WHERE page_id = '".$page_id."' AND block = '$block' ORDER BY position");
+				$sql  = 'SELECT `section_id`, `module`, `publ_start`, `publ_end` ';
+				$sql .= 'FROM `'.TABLE_PREFIX.'sections` ';
+				$sql .= 'WHERE `page_id`='.$page_id.' AND `block`='.$block.' ';
+				$sql .= 'ORDER BY `position`';
+				if( !($query_sections = $database->query($sql)) ) { return; }
 				// Still no cotent found? Give it up, there's just nothing to show!
-				if($query_sections->numRows() == 0) {
-					return;
-				}
+				if($query_sections->numRows() == 0) { return; }
 			}
 			// Loop through them and include their module file
 			while($section = $query_sections->fetchRow()) {
@@ -261,12 +314,10 @@
 				// fetch content -- this is where to place possible output-filters (before highlighting)
 					ob_start(); // fetch original content
 					require(WB_PATH.'/modules/'.$module.'/view.php');
-					$content = ob_get_contents();
-					ob_end_clean();
+					$content = ob_get_clean();
 				} else {
 					continue;
 				}
-
 				// highlights searchresults
 				if(isset($_GET['searchresult']) && is_numeric($_GET['searchresult']) && !isset($_GET['nohighlight']) && isset($_GET['sstring']) && !empty($_GET['sstring'])) {
 					$arr_string = explode(" ", $_GET['sstring']);
@@ -279,9 +330,7 @@
 				}
 			}
 		}
-        else
-        {
-
+        else {
 			require(PAGE_CONTENT);
 		}
 	}
@@ -319,14 +368,13 @@
 			foreach ($crumbs as $temp)
             {
                 if($counter == $depth) { break; }
-                    // set links and separator
-					$query_menu = $database->query("SELECT * FROM ".TABLE_PREFIX."pages WHERE page_id = $temp");
+                // set links and separator
+					$sql  = 'SELECT * FROM `'.TABLE_PREFIX.'pages` WHERE `page_id`='.(int)$temp;
+					$query_menu = $database->query($sql);
 					$page = $query_menu->fetchRow();
-
                     $show_crumb = (($links == true) && ($temp != $page_id))
                             ? ''.$page['menu_title'].''
                             : ''.$page['menu_title'].'';
-
                     // Permission
                     switch ($page['visibility'])
                     {
@@ -334,10 +382,10 @@
                         case 'hidden' :
                         // if show, you know there is an error in a hidden page
                             print $show_crumb.' ';
-                        break;
+	                        break;
                         default :
                             print $show_crumb;
-                        break;
+		                    break;
                     }
 
                     if ( ( $counter <> $total_crumbs-1 ) )
@@ -474,7 +522,7 @@
     		// gather information for all models embedded on actual page
     		$page_id = $wb->page_id;
 			$sql = 'SELECT `module` FROM `'.TABLE_PREFIX.'sections` ';
-			$sql .= 'WHERE `page_id` = '.(int)$page_id.' AND `module` <> \'wysiwyg\'';
+			$sql .= 'WHERE `page_id` = '.(int)$page_id.' AND `module`<>\'wysiwyg\'';
     		if( ($query_modules = $database->query($sql)) )
 			{
 	    		while($row = $query_modules->fetchRow())
@@ -551,8 +599,8 @@
         {
     		// gather information for all models embedded on actual page
     		$page_id = $wb->page_id;
-			$sql = 'SELECT `module` FROM `'.TABLE_PREFIX.'sections` ';
-			$sql .= 'WHERE `page_id` = '.(int)$page_id.' AND `module` <> \'wysiwyg\'';
+			$sql  = 'SELECT `module` FROM `'.TABLE_PREFIX.'sections` ';
+			$sql .= 'WHERE `page_id` = '.(int)$page_id.' AND `module`<>\'wysiwyg\'';
     		if( ($query_modules = $database->query($sql)) )
 			{
 	    		while($row = $query_modules->fetchRow())
@@ -619,13 +667,15 @@
 	$private_sql = $extra_sql;
 	$private_where_sql = $extra_where_sql;
 	// Query pages for menu
-	$menu1 = $database->query("SELECT page_id,menu_title,page_title,link,target,visibility$extra_sql FROM ".TABLE_PREFIX."pages WHERE parent = '0' AND $extra_where_sql ORDER BY position ASC");
+	$sql  = 'SELECT `page_id`,`menu_title`,`page_title`,`link`,`target`,`visibility`'.$extra_sql.' ';
+	$sql .= 'FROM `'.TABLE_PREFIX.'pages` ';
+	$sql .= 'WHERE `parent`=0 AND '.$extra_where_sql.' ';
+	$sql .= 'ORDER BY `position` ASC';
+	$menu1 = $database->query($sql);
 	// Check if current pages is a parent page and if we need its submenu
-	if(PARENT == 0) {
-		// Get the pages submenu
-		$menu2 = $database->query("SELECT page_id,menu_title,page_title,link,target,visibility$extra_sql FROM ".TABLE_PREFIX."pages WHERE parent = '".PAGE_ID."' AND $extra_where_sql ORDER BY position ASC");
-	} else {
-		// Get the pages submenu
-		$menu2 = $database->query("SELECT page_id,menu_title,page_title,link,target,visibility$extra_sql FROM ".TABLE_PREFIX."pages WHERE parent = '".PARENT."' AND $extra_where_sql ORDER BY position ASC");
-	}
-
+	$tmp = (PARENT == 0 ? PAGE_ID : PARENT);
+	$sql  = 'SELECT `page_id`,`menu_title`,`page_title`,`link`,`target`,`visibility`'.$extra_sql.' ';
+	$sql .= 'FROM `'.TABLE_PREFIX.'pages` ';
+	$sql .= 'WHERE `parent`='.$tmp.' AND '.$extra_where_sql.' ';
+	$sql .= 'ORDER BY `position` ASC';
+	$menu2 = $database->query($sql);