Revision 1785
Added by Dietmar about 12 years ago
save.php | ||
---|---|---|
22 | 22 |
$advanced = ($_POST['advanced'] == 'yes') ? '?advanced=yes' : ''; |
23 | 23 |
|
24 | 24 |
// Print admin header |
25 |
require('../../config.php'); |
|
26 |
require_once(WB_PATH.'/framework/class.admin.php'); |
|
25 |
//require('../../config.php'); |
|
26 |
//require_once(WB_PATH.'/framework/class.admin.php'); |
|
27 |
|
|
28 |
// Include config file |
|
29 |
$config_file = realpath('../../config.php'); |
|
30 |
if(file_exists($config_file) && !defined('WB_URL')) |
|
31 |
{ |
|
32 |
require($config_file); |
|
33 |
} |
|
34 |
|
|
35 |
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); } |
|
36 |
|
|
27 | 37 |
require_once(WB_PATH.'/framework/functions.php'); |
28 | 38 |
|
29 | 39 |
// suppress to print the header, so no new FTAN will be set |
... | ... | |
212 | 222 |
|
213 | 223 |
if($res_settings = $database->query($sql)) { |
214 | 224 |
$passed = false; |
215 |
while($setting = $res_settings->fetchRow()) |
|
225 |
while($setting = $res_settings->fetchRow(MYSQL_ASSOC))
|
|
216 | 226 |
{ |
217 | 227 |
$setting_name = $setting['name']; |
218 | 228 |
$old_settings[$setting_name] = $setting['value']; |
... | ... | |
289 | 299 |
|
290 | 300 |
} |
291 | 301 |
$StripCodeFromISearch = array( |
302 |
'search_header', |
|
303 |
'search_results_header', |
|
304 |
'search_results_loop', |
|
305 |
'search_results_footer', |
|
306 |
'search_no_results', |
|
307 |
'search_footer', |
|
292 | 308 |
'search_module_order', |
293 | 309 |
'search_max_excerpt', |
294 | 310 |
'search_time_limit', |
295 | 311 |
); |
312 |
$allow_empty_values = array( |
|
313 |
'search_footer', |
|
314 |
); |
|
296 | 315 |
|
297 | 316 |
// Query current search settings in the db, then loop through them and update the db with the new value |
298 | 317 |
$sql = 'SELECT `name`, `value` FROM `'.TABLE_PREFIX.'search` '; |
... | ... | |
303 | 322 |
$admin->print_error($database->is_error(), $js_back ); |
304 | 323 |
} |
305 | 324 |
|
306 |
while($search_setting = $res_search->fetchRow()) |
|
325 |
while($search_setting = $res_search->fetchRow(MYSQL_ASSOC))
|
|
307 | 326 |
{ |
308 | 327 |
$old_value = $search_setting['value']; |
309 | 328 |
$setting_name = $search_setting['name']; |
... | ... | |
315 | 334 |
if(in_array($post_name, $StripCodeFromISearch) ) { |
316 | 335 |
$value = $admin->StripCodeFromText($value); |
317 | 336 |
} |
318 |
$value = ( ($value == '') && ($setting_name != 'template') ) ? $old_value : $value; |
|
337 |
|
|
338 |
$passed = in_array($post_name, $allow_empty_values); |
|
339 |
|
|
340 |
$value = ( (!in_array($post_name, $allow_empty_values)) && ($setting_name != 'template') ) ? $old_value : $value; |
|
341 |
|
|
319 | 342 |
// $value = ( ($admin->get_post($post_name) == '') && ($setting_name == 'template') ) ? DEFAULT_TEMPLATE : $admin->get_post($post_name); |
320 | 343 |
if(isset($value)) |
321 | 344 |
{ |
322 | 345 |
$value = $admin->add_slashes($value); |
323 | 346 |
$sql = 'UPDATE `'.TABLE_PREFIX.'search` '; |
324 |
$sql .= 'SET `value` = "'.$value.'" ';
|
|
325 |
$sql .= 'WHERE `name` = "'.$setting_name.'" ';
|
|
326 |
$sql .= 'AND `extra` = ""';
|
|
347 |
$sql .= 'SET `value` = \''.$value.'\' ';
|
|
348 |
$sql .= 'WHERE `name` = \''.$setting_name.'\' ';
|
|
349 |
$sql .= 'AND `extra` = \'\' ';
|
|
327 | 350 |
if($database->query($sql)) { |
328 | 351 |
} |
329 | 352 |
$sql_info = mysql_info($database->db_handle); |
Also available in: Unified diff
! secure fix for search update in settings, search_footer now can be empty
! change ->fetchRow() to ->fetchRow(MYSQL_ASSOC) in frontend.functions.php