Revision 1785
Added by Dietmar about 12 years ago
branches/2.8.x/CHANGELOG | ||
---|---|---|
13 | 13 |
|
14 | 14 |
|
15 | 15 |
|
16 |
12 Oct-2012 Build 1785 Dietmar Woellbrink (Luisehahne) |
|
17 |
# fixed language uninstall, change mysql to strict |
|
18 |
! secure fix for search update in settings, search_footer now can be empty |
|
19 |
! change ->fetchRow() to ->fetchRow(MYSQL_ASSOC) in frontend.functions.php |
|
16 | 20 |
12 Oct-2012 Build 1784 Dietmar Woellbrink (Luisehahne) |
17 | 21 |
# fixed security warning if a group will be deleted |
18 | 22 |
11 Oct-2012 Build 1783 Dietmar Woellbrink (Luisehahne) |
branches/2.8.x/wb/upgrade-script.php | ||
---|---|---|
15 | 15 |
* |
16 | 16 |
*/ |
17 | 17 |
|
18 |
require_once('config.php'); |
|
18 |
// Include config file |
|
19 |
$config_file = realpath('config.php'); |
|
20 |
if(file_exists($config_file) && !defined('WB_URL')) |
|
21 |
{ |
|
22 |
require_once($config_file); |
|
23 |
} |
|
19 | 24 |
|
25 |
//require_once(WB_PATH.'/framework/class.admin.php'); |
|
26 |
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); } |
|
20 | 27 |
require_once(WB_PATH.'/framework/functions.php'); |
21 |
require_once(WB_PATH.'/framework/class.admin.php'); |
|
22 | 28 |
// require_once(WB_PATH.'/framework/Database.php'); |
23 | 29 |
$admin = new admin('Addons', 'modules', false, false); |
24 | 30 |
|
... | ... | |
60 | 66 |
'[ADMIN]/themes/', |
61 | 67 |
); |
62 | 68 |
|
63 |
if(version_compare(WB_REVISION, '1762', '<'))
|
|
69 |
if(version_compare(WB_REVISION, '1785', '<'))
|
|
64 | 70 |
{ |
65 | 71 |
$filesRemove['0'] = array( |
66 | 72 |
|
... | ... | |
71 | 77 |
|
72 | 78 |
'[FRAMEWORK]/class.msg_queue.php', |
73 | 79 |
'[FRAMEWORK]/class.logfile.php', |
74 |
// '[FRAMEWORK]/class.database.php',
|
|
80 |
'[MODULES]/droplets/js/mdcr.js',
|
|
75 | 81 |
|
76 | 82 |
); |
77 | 83 |
|
... | ... | |
343 | 349 |
$bDebugModus = ( (isset($_POST['debug_confirmed']) && $_POST['debug_confirmed'] == 'debug') ? true : false); |
344 | 350 |
if (!(isset($_POST['backup_confirmed']) && $_POST['backup_confirmed'] == 'confirmed')) { ?> |
345 | 351 |
<h2>Step 1: Backup your files</h2> |
346 |
<p>It is highly recommended to <strong>create a manual backup</strong> of the entire <strong><?php echo PAGES_DIRECTORY ?>/ folder</strong> and the <strong>MySQL database</strong> before proceeding.<br /><strong class="error">Note: </strong>The upgrade script alters some settings of your existing database!!! You need to confirm the disclaimer before proceeding.</p> |
|
352 |
<h5 class="warning">It is highly recommended to <strong>create a manual backup</strong> of the entire <strong class="error"><?php echo PAGES_DIRECTORY ?>/</strong> folder and the <strong>MySQL database</strong> before proceeding.</h5> |
|
353 |
<p><strong class="error">Note: </strong>The upgrade script alters some settings of your existing database!!! You need to confirm the disclaimer before proceeding.</p> |
|
347 | 354 |
|
348 | 355 |
<form name="send" action="<?php echo $_SERVER['SCRIPT_NAME'];?>" method="post"> |
349 | 356 |
<textarea cols="92" rows="5">DISCLAIMER: The WebsiteBaker upgrade script is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. One needs to confirm that a manual backup of the <?php echo PAGES_DIRECTORY ?>/ folder (including all files and subfolders contained in it) and backup of the entire WebsiteBaker MySQL database was created before you can proceed.</textarea> |
branches/2.8.x/wb/admin/skel/themes/htt/settings.htt | ||
---|---|---|
389 | 389 |
<div class="mbox sub-row"> |
390 | 390 |
<label class="setting_name">{TEXT_HEADER}:</label> |
391 | 391 |
<div class="input" > |
392 |
<textarea name="search_header" style="height: 100px;" cols="50" rows="3">{SEARCH_HEADER}</textarea> |
|
392 |
<textarea class="vert" name="search_header" style="height: 100px;" cols="50" rows="3">{SEARCH_HEADER}</textarea>
|
|
393 | 393 |
</div> |
394 | 394 |
</div> |
395 | 395 |
|
396 | 396 |
<div class="mbox sub-row"> |
397 | 397 |
<label class="setting_name">{TEXT_RESULTS_HEADER}:</label> |
398 | 398 |
<div class="input" > |
399 |
<textarea name="search_results_header" cols="50" rows="3">{SEARCH_RESULTS_HEADER}</textarea> |
|
399 |
<textarea class="vert" name="search_results_header" cols="50" rows="3">{SEARCH_RESULTS_HEADER}</textarea>
|
|
400 | 400 |
</div> |
401 | 401 |
</div> |
402 | 402 |
|
403 | 403 |
<div class="mbox sub-row"> |
404 | 404 |
<label class="setting_name">{TEXT_RESULTS_LOOP}:</label> |
405 | 405 |
<div class="input" > |
406 |
<textarea name="search_results_loop" cols="50" rows="3">{SEARCH_RESULTS_LOOP}</textarea> |
|
406 |
<textarea class="vert" name="search_results_loop" cols="50" rows="3">{SEARCH_RESULTS_LOOP}</textarea>
|
|
407 | 407 |
</div> |
408 | 408 |
</div> |
409 | 409 |
|
410 | 410 |
<div class="mbox sub-row"> |
411 | 411 |
<label class="setting_name">{TEXT_RESULTS_FOOTER}:</label> |
412 | 412 |
<div class="input" > |
413 |
<textarea name="search_results_footer" cols="50" rows="3">{SEARCH_RESULTS_FOOTER}</textarea> |
|
413 |
<textarea class="vert" name="search_results_footer" cols="50" rows="3">{SEARCH_RESULTS_FOOTER}</textarea>
|
|
414 | 414 |
</div> |
415 | 415 |
</div> |
416 | 416 |
|
... | ... | |
423 | 423 |
<div class="mbox sub-row"> |
424 | 424 |
<label class="setting_name">{TEXT_FOOTER}:</label> |
425 | 425 |
<div class="input" > |
426 |
<textarea name="search_footer" cols="50" rows="3">{SEARCH_FOOTER}</textarea> |
|
426 |
<textarea class="vert" name="search_footer" cols="50" rows="3">{SEARCH_FOOTER}</textarea>
|
|
427 | 427 |
</div> |
428 | 428 |
</div> |
429 | 429 |
|
branches/2.8.x/wb/admin/interface/version.php | ||
---|---|---|
51 | 51 |
|
52 | 52 |
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) |
53 | 53 |
if(!defined('VERSION')) define('VERSION', '2.8.3'); |
54 |
if(!defined('REVISION')) define('REVISION', '1784');
|
|
54 |
if(!defined('REVISION')) define('REVISION', '1785');
|
|
55 | 55 |
if(!defined('SP')) define('SP', ''); |
branches/2.8.x/wb/admin/settings/save.php | ||
---|---|---|
22 | 22 |
$advanced = ($_POST['advanced'] == 'yes') ? '?advanced=yes' : ''; |
23 | 23 |
|
24 | 24 |
// Print admin header |
25 |
require('../../config.php'); |
|
26 |
require_once(WB_PATH.'/framework/class.admin.php'); |
|
25 |
//require('../../config.php'); |
|
26 |
//require_once(WB_PATH.'/framework/class.admin.php'); |
|
27 |
|
|
28 |
// Include config file |
|
29 |
$config_file = realpath('../../config.php'); |
|
30 |
if(file_exists($config_file) && !defined('WB_URL')) |
|
31 |
{ |
|
32 |
require($config_file); |
|
33 |
} |
|
34 |
|
|
35 |
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); } |
|
36 |
|
|
27 | 37 |
require_once(WB_PATH.'/framework/functions.php'); |
28 | 38 |
|
29 | 39 |
// suppress to print the header, so no new FTAN will be set |
... | ... | |
212 | 222 |
|
213 | 223 |
if($res_settings = $database->query($sql)) { |
214 | 224 |
$passed = false; |
215 |
while($setting = $res_settings->fetchRow()) |
|
225 |
while($setting = $res_settings->fetchRow(MYSQL_ASSOC))
|
|
216 | 226 |
{ |
217 | 227 |
$setting_name = $setting['name']; |
218 | 228 |
$old_settings[$setting_name] = $setting['value']; |
... | ... | |
289 | 299 |
|
290 | 300 |
} |
291 | 301 |
$StripCodeFromISearch = array( |
302 |
'search_header', |
|
303 |
'search_results_header', |
|
304 |
'search_results_loop', |
|
305 |
'search_results_footer', |
|
306 |
'search_no_results', |
|
307 |
'search_footer', |
|
292 | 308 |
'search_module_order', |
293 | 309 |
'search_max_excerpt', |
294 | 310 |
'search_time_limit', |
295 | 311 |
); |
312 |
$allow_empty_values = array( |
|
313 |
'search_footer', |
|
314 |
); |
|
296 | 315 |
|
297 | 316 |
// Query current search settings in the db, then loop through them and update the db with the new value |
298 | 317 |
$sql = 'SELECT `name`, `value` FROM `'.TABLE_PREFIX.'search` '; |
... | ... | |
303 | 322 |
$admin->print_error($database->is_error(), $js_back ); |
304 | 323 |
} |
305 | 324 |
|
306 |
while($search_setting = $res_search->fetchRow()) |
|
325 |
while($search_setting = $res_search->fetchRow(MYSQL_ASSOC))
|
|
307 | 326 |
{ |
308 | 327 |
$old_value = $search_setting['value']; |
309 | 328 |
$setting_name = $search_setting['name']; |
... | ... | |
315 | 334 |
if(in_array($post_name, $StripCodeFromISearch) ) { |
316 | 335 |
$value = $admin->StripCodeFromText($value); |
317 | 336 |
} |
318 |
$value = ( ($value == '') && ($setting_name != 'template') ) ? $old_value : $value; |
|
337 |
|
|
338 |
$passed = in_array($post_name, $allow_empty_values); |
|
339 |
|
|
340 |
$value = ( (!in_array($post_name, $allow_empty_values)) && ($setting_name != 'template') ) ? $old_value : $value; |
|
341 |
|
|
319 | 342 |
// $value = ( ($admin->get_post($post_name) == '') && ($setting_name == 'template') ) ? DEFAULT_TEMPLATE : $admin->get_post($post_name); |
320 | 343 |
if(isset($value)) |
321 | 344 |
{ |
322 | 345 |
$value = $admin->add_slashes($value); |
323 | 346 |
$sql = 'UPDATE `'.TABLE_PREFIX.'search` '; |
324 |
$sql .= 'SET `value` = "'.$value.'" ';
|
|
325 |
$sql .= 'WHERE `name` = "'.$setting_name.'" ';
|
|
326 |
$sql .= 'AND `extra` = ""';
|
|
347 |
$sql .= 'SET `value` = \''.$value.'\' ';
|
|
348 |
$sql .= 'WHERE `name` = \''.$setting_name.'\' ';
|
|
349 |
$sql .= 'AND `extra` = \'\' ';
|
|
327 | 350 |
if($database->query($sql)) { |
328 | 351 |
} |
329 | 352 |
$sql_info = mysql_info($database->db_handle); |
branches/2.8.x/wb/admin/languages/uninstall.php | ||
---|---|---|
16 | 16 |
* |
17 | 17 |
*/ |
18 | 18 |
|
19 |
// Setup admin object |
|
20 |
require('../../config.php'); |
|
21 |
require_once(WB_PATH.'/framework/class.admin.php'); |
|
19 |
// Include config file |
|
20 |
$config_file = realpath('../../config.php'); |
|
21 |
if(file_exists($config_file) && !defined('WB_URL')) |
|
22 |
{ |
|
23 |
require($config_file); |
|
24 |
} |
|
25 |
|
|
26 |
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); } |
|
27 |
|
|
22 | 28 |
$admin = new admin('Addons', 'languages_uninstall', false); |
23 | 29 |
if( !$admin->checkFTAN() ) |
24 | 30 |
{ |
... | ... | |
51 | 57 |
$admin->print_error($MESSAGE['ADMIN_INSUFFICIENT_PRIVELLIGES']); |
52 | 58 |
} |
53 | 59 |
|
54 |
/* |
|
55 |
// Check if user selected language |
|
56 |
if(!isset($_POST['code']) OR $_POST['code'] == "") { |
|
57 |
header("Location: index.php"); |
|
58 |
exit(0); |
|
59 |
} |
|
60 |
|
|
61 |
// Extra protection |
|
62 |
if(trim($_POST['code']) == '') { |
|
63 |
header("Location: index.php"); |
|
64 |
exit(0); |
|
65 |
} |
|
66 |
|
|
67 |
// Check if the language exists |
|
68 |
if(!file_exists(WB_PATH.'/languages/'.$_POST['code'].'.php')) { |
|
69 |
$admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED']); |
|
70 |
} |
|
71 |
*/ |
|
72 | 60 |
// Include the WB functions file |
73 | 61 |
require_once(WB_PATH.'/framework/functions.php'); |
74 | 62 |
|
... | ... | |
76 | 64 |
if($code == DEFAULT_LANGUAGE OR $code == LANGUAGE) { |
77 | 65 |
$admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL_IN_USE']); |
78 | 66 |
} else { |
79 |
$query_users = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE language = '".$admin->add_slashes($code)."' LIMIT 1"); |
|
80 |
if($query_users->numRows() > 0) { |
|
67 |
$sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` '; |
|
68 |
$sql .= 'WHERE`language`=\''.mysql_real_escape_string($code).'\''; |
|
69 |
if( $database->get_one($sql) ) { |
|
81 | 70 |
$admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL_IN_USE']); |
82 | 71 |
} |
83 | 72 |
} |
... | ... | |
87 | 76 |
$admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL']); |
88 | 77 |
} else { |
89 | 78 |
// Remove entry from DB |
90 |
$database->query("DELETE FROM ".TABLE_PREFIX."addons WHERE directory = \'".$code."\' AND type = 'language'"); |
|
79 |
$sql = 'DELETE FROM `'.TABLE_PREFIX.'addons` '; |
|
80 |
$sql .= 'WHERE `directory`=\''.mysql_real_escape_string($code).'\' '; |
|
81 |
$sql .= 'AND `type`=`type`=\'language\' '; |
|
82 |
if( $database->query($sql) ) { |
|
83 |
// Print success message |
|
84 |
$admin->print_success($MESSAGE['GENERIC_UNINSTALLED']); |
|
85 |
} else { |
|
86 |
$admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL'].'<br />'.$database->get_error()); |
|
87 |
} |
|
91 | 88 |
} |
92 | 89 |
|
93 |
// Print success message |
|
94 |
$admin->print_success($MESSAGE['GENERIC_UNINSTALLED']); |
|
95 |
|
|
96 | 90 |
// Print admin footer |
97 | 91 |
$admin->print_footer(); |
branches/2.8.x/wb/framework/frontend.functions.php | ||
---|---|---|
37 | 37 |
$sql = 'SELECT `directory` FROM `'.TABLE_PREFIX.'addons` '; |
38 | 38 |
$sql .= 'WHERE `type`=\'module\' AND `function`=\'snippet\''; |
39 | 39 |
if(($resSnippets = $database->query($sql))) { |
40 |
while($recSnippet = $resSnippets->fetchRow()) { |
|
40 |
while($recSnippet = $resSnippets->fetchRow(MYSQL_ASSOC)) {
|
|
41 | 41 |
$module_dir = $recSnippet['directory']; |
42 | 42 |
if (is_readable(WB_PATH.'/modules/'.$module_dir.'/include.php')) { |
43 | 43 |
include(WB_PATH.'/modules/'.$module_dir.'/include.php'); |
... | ... | |
101 | 101 |
* @return string |
102 | 102 |
*/ |
103 | 103 |
function search_highlight($foo='', $arr_string=array()) { |
104 |
require_once(WB_PATH.'/framework/functions.php');
|
|
104 |
require(WB_PATH.'/framework/functions.php'); |
|
105 | 105 |
static $string_ul_umlaut = FALSE; |
106 | 106 |
static $string_ul_regex = FALSE; |
107 | 107 |
if($string_ul_umlaut === FALSE || $string_ul_regex === FALSE) { |
... | ... | |
294 | 294 |
} |
295 | 295 |
|
296 | 296 |
// Loop through them and include their module file |
297 |
while($section = $oSections->fetchRow()) { |
|
297 |
while($section = $oSections->fetchRow(MYSQL_ASSOC)) {
|
|
298 | 298 |
// skip this section if it is out of publication-date |
299 | 299 |
$now = time(); |
300 | 300 |
if( !(($now<=$section['publ_end'] || $section['publ_end']==0) && ($now>=$section['publ_start'] || $section['publ_start']==0)) ) { |
... | ... | |
307 | 307 |
// fetch content -- this is where to place possible output-filters (before highlighting) |
308 | 308 |
ob_start(); // fetch original content |
309 | 309 |
$sectionAnchor = (defined('SEC_ANCHOR') && SEC_ANCHOR!='') ? SEC_ANCHOR.$section_id : 'section_'.$section_id; |
310 |
echo PHP_EOL.'<div id="'.$sectionAnchor.'" class="wb_'.$module.'" >'.PHP_EOL;
|
|
310 |
echo "\n".'<div id="'.$sectionAnchor.'" class="wb_'.$module.'" >'."\n";
|
|
311 | 311 |
require(WB_PATH.'/modules/'.$module.'/view.php'); |
312 |
echo PHP_EOL.'</div><!-- '.$module.$section_id.' -->'.PHP_EOL;
|
|
312 |
echo "\n".'</div><!-- '.$module.$section_id.' -->'."\n";
|
|
313 | 313 |
$content = ob_get_clean(); |
314 |
echo $content; |
|
314 | 315 |
} else { |
315 | 316 |
continue; |
316 | 317 |
} |
Also available in: Unified diff
! secure fix for search update in settings, search_footer now can be empty
! change ->fetchRow() to ->fetchRow(MYSQL_ASSOC) in frontend.functions.php