Project

General

Profile

« Previous | Next » 

Revision 1785

Added by Dietmar about 12 years ago

  1. fixed language uninstall, change mysql to strict
    ! secure fix for search update in settings, search_footer now can be empty
    ! change ->fetchRow() to ->fetchRow(MYSQL_ASSOC) in frontend.functions.php

View differences:

branches/2.8.x/CHANGELOG
13 13

  
14 14

  
15 15

  
16
12 Oct-2012 Build 1785 Dietmar Woellbrink (Luisehahne)
17
# fixed language uninstall, change mysql to strict
18
! secure fix for search update in settings, search_footer now can be empty
19
! change ->fetchRow() to ->fetchRow(MYSQL_ASSOC) in frontend.functions.php
16 20
12 Oct-2012 Build 1784 Dietmar Woellbrink (Luisehahne)
17 21
# fixed security warning if a group will be deleted
18 22
11 Oct-2012 Build 1783 Dietmar Woellbrink (Luisehahne)
branches/2.8.x/wb/upgrade-script.php
15 15
 *
16 16
 */
17 17

  
18
require_once('config.php');
18
// Include config file
19
$config_file = realpath('config.php');
20
if(file_exists($config_file) && !defined('WB_URL'))
21
{
22
	require_once($config_file);
23
}
19 24

  
25
//require_once(WB_PATH.'/framework/class.admin.php');
26
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
20 27
require_once(WB_PATH.'/framework/functions.php');
21
require_once(WB_PATH.'/framework/class.admin.php');
22 28
// require_once(WB_PATH.'/framework/Database.php');
23 29
$admin = new admin('Addons', 'modules', false, false);
24 30

  
......
60 66
			'[ADMIN]/themes/',
61 67
		 );
62 68

  
63
if(version_compare(WB_REVISION, '1762', '<'))
69
if(version_compare(WB_REVISION, '1785', '<'))
64 70
{
65 71
    $filesRemove['0'] = array(
66 72

  
......
71 77

  
72 78
			'[FRAMEWORK]/class.msg_queue.php',
73 79
			'[FRAMEWORK]/class.logfile.php',
74
//			'[FRAMEWORK]/class.database.php',
80
			'[MODULES]/droplets/js/mdcr.js',
75 81

  
76 82
		 );
77 83

  
......
343 349
$bDebugModus = ( (isset($_POST['debug_confirmed']) && $_POST['debug_confirmed'] == 'debug') ? true : false);
344 350
if (!(isset($_POST['backup_confirmed']) && $_POST['backup_confirmed'] == 'confirmed')) { ?>
345 351
<h2>Step 1: Backup your files</h2>
346
<p>It is highly recommended to <strong>create a manual backup</strong> of the entire <strong><?php echo  PAGES_DIRECTORY ?>/ folder</strong> and the <strong>MySQL database</strong> before proceeding.<br /><strong class="error">Note: </strong>The upgrade script alters some settings of your existing database!!! You need to confirm the disclaimer before proceeding.</p>
352
<h5 class="warning">It is highly recommended to <strong>create a manual backup</strong> of the entire <strong class="error"><?php echo  PAGES_DIRECTORY ?>/</strong> folder and the <strong>MySQL database</strong> before proceeding.</h5>
353
<p><strong class="error">Note: </strong>The upgrade script alters some settings of your existing database!!! You need to confirm the disclaimer before proceeding.</p>
347 354

  
348 355
<form name="send" action="<?php echo $_SERVER['SCRIPT_NAME'];?>" method="post">
349 356
<textarea cols="92" rows="5">DISCLAIMER: The WebsiteBaker upgrade script is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. One needs to confirm that a manual backup of the <?php echo  PAGES_DIRECTORY ?>/ folder (including all files and subfolders contained in it) and backup of the entire WebsiteBaker MySQL database was created before you can proceed.</textarea>
branches/2.8.x/wb/admin/skel/themes/htt/settings.htt
389 389
		<div class="mbox sub-row">
390 390
	 		<label class="setting_name">{TEXT_HEADER}:</label>
391 391
			<div class="input" >
392
		<textarea name="search_header" style="height: 100px;" cols="50" rows="3">{SEARCH_HEADER}</textarea>
392
		<textarea class="vert" name="search_header" style="height: 100px;" cols="50" rows="3">{SEARCH_HEADER}</textarea>
393 393
			</div>
394 394
		</div>
395 395

  
396 396
		<div class="mbox sub-row">
397 397
	 		<label class="setting_name">{TEXT_RESULTS_HEADER}:</label>
398 398
			<div class="input" >
399
		<textarea name="search_results_header" cols="50" rows="3">{SEARCH_RESULTS_HEADER}</textarea>
399
		<textarea class="vert" name="search_results_header" cols="50" rows="3">{SEARCH_RESULTS_HEADER}</textarea>
400 400
			</div>
401 401
		</div>
402 402

  
403 403
		<div class="mbox sub-row">
404 404
	 		<label class="setting_name">{TEXT_RESULTS_LOOP}:</label>
405 405
			<div class="input" >
406
		<textarea name="search_results_loop" cols="50" rows="3">{SEARCH_RESULTS_LOOP}</textarea>
406
		<textarea class="vert" name="search_results_loop" cols="50" rows="3">{SEARCH_RESULTS_LOOP}</textarea>
407 407
			</div>
408 408
		</div>
409 409

  
410 410
		<div class="mbox sub-row">
411 411
	 		<label class="setting_name">{TEXT_RESULTS_FOOTER}:</label>
412 412
			<div class="input" >
413
		<textarea name="search_results_footer" cols="50" rows="3">{SEARCH_RESULTS_FOOTER}</textarea>
413
		<textarea class="vert" name="search_results_footer" cols="50" rows="3">{SEARCH_RESULTS_FOOTER}</textarea>
414 414
			</div>
415 415
		</div>
416 416

  
......
423 423
		<div class="mbox sub-row">
424 424
	 		<label class="setting_name">{TEXT_FOOTER}:</label>
425 425
			<div class="input" >
426
		<textarea name="search_footer" cols="50" rows="3">{SEARCH_FOOTER}</textarea>
426
		<textarea class="vert" name="search_footer" cols="50" rows="3">{SEARCH_FOOTER}</textarea>
427 427
			</div>
428 428
		</div>
429 429

  
branches/2.8.x/wb/admin/interface/version.php
51 51

  
52 52
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
53 53
if(!defined('VERSION')) define('VERSION', '2.8.3');
54
if(!defined('REVISION')) define('REVISION', '1784');
54
if(!defined('REVISION')) define('REVISION', '1785');
55 55
if(!defined('SP')) define('SP', '');
branches/2.8.x/wb/admin/settings/save.php
22 22
$advanced = ($_POST['advanced'] == 'yes') ? '?advanced=yes' : '';
23 23

  
24 24
// Print admin header
25
require('../../config.php');
26
require_once(WB_PATH.'/framework/class.admin.php');
25
//require('../../config.php');
26
//require_once(WB_PATH.'/framework/class.admin.php');
27

  
28
// Include config file
29
$config_file = realpath('../../config.php');
30
if(file_exists($config_file) && !defined('WB_URL'))
31
{
32
	require($config_file);
33
}
34

  
35
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
36

  
27 37
require_once(WB_PATH.'/framework/functions.php');
28 38

  
29 39
// suppress to print the header, so no new FTAN will be set
......
212 222

  
213 223
if($res_settings = $database->query($sql)) {
214 224
	$passed = false;
215
	while($setting = $res_settings->fetchRow())
225
	while($setting = $res_settings->fetchRow(MYSQL_ASSOC))
216 226
	{
217 227
		$setting_name = $setting['name'];
218 228
		$old_settings[$setting_name] = $setting['value'];
......
289 299

  
290 300
}
291 301
$StripCodeFromISearch = array(
302
    'search_header',
303
    'search_results_header',
304
    'search_results_loop',
305
    'search_results_footer',
306
    'search_no_results',
307
    'search_footer',
292 308
    'search_module_order',
293 309
    'search_max_excerpt',
294 310
    'search_time_limit',
295 311
    );
312
$allow_empty_values = array(
313
    'search_footer',
314
    );
296 315

  
297 316
// Query current search settings in the db, then loop through them and update the db with the new value
298 317
$sql  = 'SELECT `name`, `value` FROM `'.TABLE_PREFIX.'search` ';
......
303 322
	$admin->print_error($database->is_error(), $js_back );
304 323
}
305 324

  
306
while($search_setting = $res_search->fetchRow())
325
while($search_setting = $res_search->fetchRow(MYSQL_ASSOC))
307 326
{
308 327
	$old_value = $search_setting['value'];
309 328
	$setting_name = $search_setting['name'];
......
315 334
    if(in_array($post_name, $StripCodeFromISearch) ) {
316 335
        $value = $admin->StripCodeFromText($value);
317 336
    }
318
    $value = ( ($value == '') && ($setting_name != 'template') ) ? $old_value : $value;
337

  
338
    $passed = in_array($post_name, $allow_empty_values);
339

  
340
    $value = ( (!in_array($post_name, $allow_empty_values)) && ($setting_name != 'template') ) ? $old_value : $value;
341

  
319 342
    // $value =  ( ($admin->get_post($post_name) == '') && ($setting_name == 'template') ) ? DEFAULT_TEMPLATE : $admin->get_post($post_name);
320 343
    if(isset($value))
321 344
	{
322 345
		$value = $admin->add_slashes($value);
323 346
        $sql  = 'UPDATE `'.TABLE_PREFIX.'search` ';
324
        $sql .= 'SET `value` = "'.$value.'" ';
325
        $sql .= 'WHERE `name` = "'.$setting_name.'" ';
326
        $sql .= 'AND `extra` = ""';
347
        $sql .= 'SET `value` = \''.$value.'\' ';
348
        $sql .= 'WHERE `name` = \''.$setting_name.'\' ';
349
        $sql .= 'AND `extra` = \'\' ';
327 350
		if($database->query($sql)) {
328 351
		}
329 352
		$sql_info = mysql_info($database->db_handle);
branches/2.8.x/wb/admin/languages/uninstall.php
16 16
 *
17 17
 */
18 18

  
19
// Setup admin object
20
require('../../config.php');
21
require_once(WB_PATH.'/framework/class.admin.php');
19
// Include config file
20
$config_file = realpath('../../config.php');
21
if(file_exists($config_file) && !defined('WB_URL'))
22
{
23
	require($config_file);
24
}
25

  
26
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
27

  
22 28
$admin = new admin('Addons', 'languages_uninstall', false);
23 29
if( !$admin->checkFTAN() )
24 30
{
......
51 57
	$admin->print_error($MESSAGE['ADMIN_INSUFFICIENT_PRIVELLIGES']);
52 58
}
53 59

  
54
/*
55
// Check if user selected language
56
if(!isset($_POST['code']) OR $_POST['code'] == "") {
57
	header("Location: index.php");
58
	exit(0);
59
}
60

  
61
// Extra protection
62
if(trim($_POST['code']) == '') {
63
	header("Location: index.php");
64
	exit(0);
65
}
66

  
67
// Check if the language exists
68
if(!file_exists(WB_PATH.'/languages/'.$_POST['code'].'.php')) {
69
	$admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED']);
70
}
71
*/
72 60
// Include the WB functions file
73 61
require_once(WB_PATH.'/framework/functions.php');
74 62

  
......
76 64
if($code == DEFAULT_LANGUAGE OR $code == LANGUAGE) {
77 65
	$admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL_IN_USE']);
78 66
} else {
79
	$query_users = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE language = '".$admin->add_slashes($code)."' LIMIT 1");
80
	if($query_users->numRows() > 0) {
67
	$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
68
	$sql .= 'WHERE`language`=\''.mysql_real_escape_string($code).'\'';
69
	if( $database->get_one($sql) ) {
81 70
		$admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL_IN_USE']);
82 71
	}
83 72
}
......
87 76
	$admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL']);
88 77
} else {
89 78
	// Remove entry from DB
90
	$database->query("DELETE FROM ".TABLE_PREFIX."addons WHERE directory = \'".$code."\' AND type = 'language'");
79
	$sql  = 'DELETE FROM `'.TABLE_PREFIX.'addons` ';
80
	$sql .= 'WHERE `directory`=\''.mysql_real_escape_string($code).'\' ';
81
	$sql .=   'AND `type`=`type`=\'language\' ';
82
	if( $database->query($sql) ) {
83
        // Print success message
84
        $admin->print_success($MESSAGE['GENERIC_UNINSTALLED']);
85
    } else {
86
    	$admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL'].'<br />'.$database->get_error());
87
    }
91 88
}
92 89

  
93
// Print success message
94
$admin->print_success($MESSAGE['GENERIC_UNINSTALLED']);
95

  
96 90
// Print admin footer
97 91
$admin->print_footer();
branches/2.8.x/wb/framework/frontend.functions.php
37 37
	$sql  = 'SELECT `directory` FROM `'.TABLE_PREFIX.'addons` ';
38 38
	$sql .= 'WHERE `type`=\'module\' AND `function`=\'snippet\'';
39 39
	if(($resSnippets = $database->query($sql))) {
40
		while($recSnippet = $resSnippets->fetchRow()) {
40
		while($recSnippet = $resSnippets->fetchRow(MYSQL_ASSOC)) {
41 41
			$module_dir = $recSnippet['directory'];
42 42
			if (is_readable(WB_PATH.'/modules/'.$module_dir.'/include.php')) {
43 43
				include(WB_PATH.'/modules/'.$module_dir.'/include.php');
......
101 101
	 * @return string
102 102
	 */
103 103
	function search_highlight($foo='', $arr_string=array()) {
104
		require_once(WB_PATH.'/framework/functions.php');
104
		require(WB_PATH.'/framework/functions.php');
105 105
		static $string_ul_umlaut = FALSE;
106 106
		static $string_ul_regex = FALSE;
107 107
		if($string_ul_umlaut === FALSE || $string_ul_regex === FALSE) {
......
294 294
			}
295 295

  
296 296
			// Loop through them and include their module file
297
			while($section = $oSections->fetchRow()) {
297
			while($section = $oSections->fetchRow(MYSQL_ASSOC)) {
298 298
				// skip this section if it is out of publication-date
299 299
				$now = time();
300 300
				if( !(($now<=$section['publ_end'] || $section['publ_end']==0) && ($now>=$section['publ_start'] || $section['publ_start']==0)) ) {
......
307 307
				// fetch content -- this is where to place possible output-filters (before highlighting)
308 308
					ob_start(); // fetch original content
309 309
                    $sectionAnchor = (defined('SEC_ANCHOR') && SEC_ANCHOR!='') ? SEC_ANCHOR.$section_id : 'section_'.$section_id;
310
                    echo PHP_EOL.'<div id="'.$sectionAnchor.'" class="wb_'.$module.'" >'.PHP_EOL;
310
                    echo "\n".'<div id="'.$sectionAnchor.'" class="wb_'.$module.'" >'."\n";
311 311
					require(WB_PATH.'/modules/'.$module.'/view.php');
312
                    echo PHP_EOL.'</div><!-- '.$module.$section_id.' -->'.PHP_EOL;
312
                    echo "\n".'</div><!-- '.$module.$section_id.' -->'."\n";
313 313
					$content = ob_get_clean();
314
					echo $content;
314 315
				} else {
315 316
					continue;
316 317
				}

Also available in: Unified diff