Project

General

Profile

« Previous | Next » 

Revision 1785

Added by Dietmar about 12 years ago

  1. fixed language uninstall, change mysql to strict
    ! secure fix for search update in settings, search_footer now can be empty
    ! change ->fetchRow() to ->fetchRow(MYSQL_ASSOC) in frontend.functions.php

View differences:

save.php
22 22 
$advanced = ($_POST['advanced'] == 'yes') ? '?advanced=yes' : '';
23 23 

  		




  24
  24
  
    
// Print admin header


  		




  25
  
  
    
require('../../config.php');


  		




  26
  
  
    
require_once(WB_PATH.'/framework/class.admin.php');


  		




  
  25
  
    
//require('../../config.php');


  		




  
  26
  
    
//require_once(WB_PATH.'/framework/class.admin.php');


  		




  
  27
  
    

  		




  
  28
  
    
// Include config file


  		




  
  29
  
    
$config_file = realpath('../../config.php');


  		




  
  30
  
    
if(file_exists($config_file) && !defined('WB_URL'))


  		




  
  31
  
    
{


  		




  
  32
  
    
	require($config_file);


  		




  
  33
  
    
}


  		




  
  34
  
    

  		




  
  35
  
    
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }


  		




  
  36
  
    

  		




  27
  37
  
    
require_once(WB_PATH.'/framework/functions.php');


  		




  28
  38
  
    

  		




  29
  39
  
    
// suppress to print the header, so no new FTAN will be set


  		




  ......




  212
  222
  
    

  		




  213
  223
  
    
if($res_settings = $database->query($sql)) {


  		




  214
  224
  
    
	$passed = false;


  		




  215
  
  
    
	while($setting = $res_settings->fetchRow())


  		




  
  225
  
    
	while($setting = $res_settings->fetchRow(MYSQL_ASSOC))


  		




  216
  226
  
    
	{


  		




  217
  227
  
    
		$setting_name = $setting['name'];


  		




  218
  228
  
    
		$old_settings[$setting_name] = $setting['value'];


  		




  ......




  289
  299
  
    

  		




  290
  300
  
    
}


  		




  291
  301
  
    
$StripCodeFromISearch = array(


  		




  
  302
  
    
    'search_header',


  		




  
  303
  
    
    'search_results_header',


  		




  
  304
  
    
    'search_results_loop',


  		




  
  305
  
    
    'search_results_footer',


  		




  
  306
  
    
    'search_no_results',


  		




  
  307
  
    
    'search_footer',


  		




  292
  308
  
    
    'search_module_order',


  		




  293
  309
  
    
    'search_max_excerpt',


  		




  294
  310
  
    
    'search_time_limit',


  		




  295
  311
  
    
    );


  		




  
  312
  
    
$allow_empty_values = array(


  		




  
  313
  
    
    'search_footer',


  		




  
  314
  
    
    );


  		




  296
  315
  
    

  		




  297
  316
  
    
// Query current search settings in the db, then loop through them and update the db with the new value


  		




  298
  317
  
    
$sql  = 'SELECT `name`, `value` FROM `'.TABLE_PREFIX.'search` ';


  		




  ......




  303
  322
  
    
	$admin->print_error($database->is_error(), $js_back );


  		




  304
  323
  
    
}


  		




  305
  324
  
    

  		




  306
  
  
    
while($search_setting = $res_search->fetchRow())


  		




  
  325
  
    
while($search_setting = $res_search->fetchRow(MYSQL_ASSOC))


  		




  307
  326
  
    
{


  		




  308
  327
  
    
	$old_value = $search_setting['value'];


  		




  309
  328
  
    
	$setting_name = $search_setting['name'];


  		




  ......




  315
  334
  
    
    if(in_array($post_name, $StripCodeFromISearch) ) {


  		




  316
  335
  
    
        $value = $admin->StripCodeFromText($value);


  		




  317
  336
  
    
    }


  		




  318
  
  
    
    $value = ( ($value == '') && ($setting_name != 'template') ) ? $old_value : $value;


  		




  
  337
  
    

  		




  
  338
  
    
    $passed = in_array($post_name, $allow_empty_values);


  		




  
  339
  
    

  		




  
  340
  
    
    $value = ( (!in_array($post_name, $allow_empty_values)) && ($setting_name != 'template') ) ? $old_value : $value;


  		




  
  341
  
    

  		




  319
  342
  
    
    // $value =  ( ($admin->get_post($post_name) == '') && ($setting_name == 'template') ) ? DEFAULT_TEMPLATE : $admin->get_post($post_name);


  		




  320
  343
  
    
    if(isset($value))


  		




  321
  344
  
    
	{


  		




  322
  345
  
    
		$value = $admin->add_slashes($value);


  		




  323
  346
  
    
        $sql  = 'UPDATE `'.TABLE_PREFIX.'search` ';


  		




  324
  
  
    
        $sql .= 'SET `value` = "'.$value.'" ';


  		




  325
  
  
    
        $sql .= 'WHERE `name` = "'.$setting_name.'" ';


  		




  326
  
  
    
        $sql .= 'AND `extra` = ""';


  		




  
  347
  
    
        $sql .= 'SET `value` = \''.$value.'\' ';


  		




  
  348
  
    
        $sql .= 'WHERE `name` = \''.$setting_name.'\' ';


  		




  
  349
  
    
        $sql .= 'AND `extra` = \'\' ';


  		




  327
  350
  
    
		if($database->query($sql)) {


  		




  328
  351
  
    
		}


  		




  329
  352
  
    
		$sql_info = mysql_info($database->db_handle);


  		












Also available in:  Unified diff