Project

General

Profile

« Previous | Next » 

Revision 1785

Added by Dietmar about 12 years ago

  1. fixed language uninstall, change mysql to strict
    ! secure fix for search update in settings, search_footer now can be empty
    ! change ->fetchRow() to ->fetchRow(MYSQL_ASSOC) in frontend.functions.php

View differences:

save.php
22 22
$advanced = ($_POST['advanced'] == 'yes') ? '?advanced=yes' : '';
23 23

  
24 24
// Print admin header
25
require('../../config.php');
26
require_once(WB_PATH.'/framework/class.admin.php');
25
//require('../../config.php');
26
//require_once(WB_PATH.'/framework/class.admin.php');
27

  
28
// Include config file
29
$config_file = realpath('../../config.php');
30
if(file_exists($config_file) && !defined('WB_URL'))
31
{
32
	require($config_file);
33
}
34

  
35
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
36

  
27 37
require_once(WB_PATH.'/framework/functions.php');
28 38

  
29 39
// suppress to print the header, so no new FTAN will be set
......
212 222

  
213 223
if($res_settings = $database->query($sql)) {
214 224
	$passed = false;
215
	while($setting = $res_settings->fetchRow())
225
	while($setting = $res_settings->fetchRow(MYSQL_ASSOC))
216 226
	{
217 227
		$setting_name = $setting['name'];
218 228
		$old_settings[$setting_name] = $setting['value'];
......
289 299

  
290 300
}
291 301
$StripCodeFromISearch = array(
302
    'search_header',
303
    'search_results_header',
304
    'search_results_loop',
305
    'search_results_footer',
306
    'search_no_results',
307
    'search_footer',
292 308
    'search_module_order',
293 309
    'search_max_excerpt',
294 310
    'search_time_limit',
295 311
    );
312
$allow_empty_values = array(
313
    'search_footer',
314
    );
296 315

  
297 316
// Query current search settings in the db, then loop through them and update the db with the new value
298 317
$sql  = 'SELECT `name`, `value` FROM `'.TABLE_PREFIX.'search` ';
......
303 322
	$admin->print_error($database->is_error(), $js_back );
304 323
}
305 324

  
306
while($search_setting = $res_search->fetchRow())
325
while($search_setting = $res_search->fetchRow(MYSQL_ASSOC))
307 326
{
308 327
	$old_value = $search_setting['value'];
309 328
	$setting_name = $search_setting['name'];
......
315 334
    if(in_array($post_name, $StripCodeFromISearch) ) {
316 335
        $value = $admin->StripCodeFromText($value);
317 336
    }
318
    $value = ( ($value == '') && ($setting_name != 'template') ) ? $old_value : $value;
337

  
338
    $passed = in_array($post_name, $allow_empty_values);
339

  
340
    $value = ( (!in_array($post_name, $allow_empty_values)) && ($setting_name != 'template') ) ? $old_value : $value;
341

  
319 342
    // $value =  ( ($admin->get_post($post_name) == '') && ($setting_name == 'template') ) ? DEFAULT_TEMPLATE : $admin->get_post($post_name);
320 343
    if(isset($value))
321 344
	{
322 345
		$value = $admin->add_slashes($value);
323 346
        $sql  = 'UPDATE `'.TABLE_PREFIX.'search` ';
324
        $sql .= 'SET `value` = "'.$value.'" ';
325
        $sql .= 'WHERE `name` = "'.$setting_name.'" ';
326
        $sql .= 'AND `extra` = ""';
347
        $sql .= 'SET `value` = \''.$value.'\' ';
348
        $sql .= 'WHERE `name` = \''.$setting_name.'\' ';
349
        $sql .= 'AND `extra` = \'\' ';
327 350
		if($database->query($sql)) {
328 351
		}
329 352
		$sql_info = mysql_info($database->db_handle);

Also available in: Unified diff