Index: branches/2.8.x/CHANGELOG
===================================================================
--- branches/2.8.x/CHANGELOG	(revision 1784)
+++ branches/2.8.x/CHANGELOG	(revision 1785)
@@ -13,6 +13,10 @@
 
 
 
+12 Oct-2012 Build 1785 Dietmar Woellbrink (Luisehahne)
+# fixed language uninstall, change mysql to strict
+! secure fix for search update in settings, search_footer now can be empty
+! change ->fetchRow() to ->fetchRow(MYSQL_ASSOC) in frontend.functions.php
 12 Oct-2012 Build 1784 Dietmar Woellbrink (Luisehahne)
 # fixed security warning if a group will be deleted
 11 Oct-2012 Build 1783 Dietmar Woellbrink (Luisehahne)
Index: branches/2.8.x/wb/upgrade-script.php
===================================================================
--- branches/2.8.x/wb/upgrade-script.php	(revision 1784)
+++ branches/2.8.x/wb/upgrade-script.php	(revision 1785)
@@ -15,10 +15,16 @@
  *
  */
 
-require_once('config.php');
+// Include config file
+$config_file = realpath('config.php');
+if(file_exists($config_file) && !defined('WB_URL'))
+{
+	require_once($config_file);
+}
 
+//require_once(WB_PATH.'/framework/class.admin.php');
+if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
 require_once(WB_PATH.'/framework/functions.php');
-require_once(WB_PATH.'/framework/class.admin.php');
 // require_once(WB_PATH.'/framework/Database.php');
 $admin = new admin('Addons', 'modules', false, false);
 
@@ -60,7 +66,7 @@
 			'[ADMIN]/themes/',
 		 );
 
-if(version_compare(WB_REVISION, '1762', '<'))
+if(version_compare(WB_REVISION, '1785', '<'))
 {
     $filesRemove['0'] = array(
 
@@ -71,7 +77,7 @@
 
 			'[FRAMEWORK]/class.msg_queue.php',
 			'[FRAMEWORK]/class.logfile.php',
-//			'[FRAMEWORK]/class.database.php',
+			'[MODULES]/droplets/js/mdcr.js',
 
 		 );
 
@@ -343,7 +349,8 @@
 $bDebugModus = ( (isset($_POST['debug_confirmed']) && $_POST['debug_confirmed'] == 'debug') ? true : false);
 if (!(isset($_POST['backup_confirmed']) && $_POST['backup_confirmed'] == 'confirmed')) { ?>
 <h2>Step 1: Backup your files</h2>
-<p>It is highly recommended to <strong>create a manual backup</strong> of the entire <strong><?php echo  PAGES_DIRECTORY ?>/ folder</strong> and the <strong>MySQL database</strong> before proceeding.<br /><strong class="error">Note: </strong>The upgrade script alters some settings of your existing database!!! You need to confirm the disclaimer before proceeding.</p>
+<h5 class="warning">It is highly recommended to <strong>create a manual backup</strong> of the entire <strong class="error"><?php echo  PAGES_DIRECTORY ?>/</strong> folder and the <strong>MySQL database</strong> before proceeding.</h5>
+<p><strong class="error">Note: </strong>The upgrade script alters some settings of your existing database!!! You need to confirm the disclaimer before proceeding.</p>
 
 <form name="send" action="<?php echo $_SERVER['SCRIPT_NAME'];?>" method="post">
 <textarea cols="92" rows="5">DISCLAIMER: The WebsiteBaker upgrade script is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. One needs to confirm that a manual backup of the <?php echo  PAGES_DIRECTORY ?>/ folder (including all files and subfolders contained in it) and backup of the entire WebsiteBaker MySQL database was created before you can proceed.</textarea>
Index: branches/2.8.x/wb/admin/skel/themes/htt/settings.htt
===================================================================
--- branches/2.8.x/wb/admin/skel/themes/htt/settings.htt	(revision 1784)
+++ branches/2.8.x/wb/admin/skel/themes/htt/settings.htt	(revision 1785)
@@ -389,7 +389,7 @@
 		<div class="mbox sub-row">
 	 		<label class="setting_name">{TEXT_HEADER}:</label>
 			<div class="input" >
-		<textarea name="search_header" style="height: 100px;" cols="50" rows="3">{SEARCH_HEADER}</textarea>
+		<textarea class="vert" name="search_header" style="height: 100px;" cols="50" rows="3">{SEARCH_HEADER}</textarea>
 			</div>
 		</div>
 
@@ -396,7 +396,7 @@
 		<div class="mbox sub-row">
 	 		<label class="setting_name">{TEXT_RESULTS_HEADER}:</label>
 			<div class="input" >
-		<textarea name="search_results_header" cols="50" rows="3">{SEARCH_RESULTS_HEADER}</textarea>
+		<textarea class="vert" name="search_results_header" cols="50" rows="3">{SEARCH_RESULTS_HEADER}</textarea>
 			</div>
 		</div>
 
@@ -403,7 +403,7 @@
 		<div class="mbox sub-row">
 	 		<label class="setting_name">{TEXT_RESULTS_LOOP}:</label>
 			<div class="input" >
-		<textarea name="search_results_loop" cols="50" rows="3">{SEARCH_RESULTS_LOOP}</textarea>
+		<textarea class="vert" name="search_results_loop" cols="50" rows="3">{SEARCH_RESULTS_LOOP}</textarea>
 			</div>
 		</div>
 
@@ -410,7 +410,7 @@
 		<div class="mbox sub-row">
 	 		<label class="setting_name">{TEXT_RESULTS_FOOTER}:</label>
 			<div class="input" >
-		<textarea name="search_results_footer" cols="50" rows="3">{SEARCH_RESULTS_FOOTER}</textarea>
+		<textarea class="vert" name="search_results_footer" cols="50" rows="3">{SEARCH_RESULTS_FOOTER}</textarea>
 			</div>
 		</div>
 
@@ -423,7 +423,7 @@
 		<div class="mbox sub-row">
 	 		<label class="setting_name">{TEXT_FOOTER}:</label>
 			<div class="input" >
-		<textarea name="search_footer" cols="50" rows="3">{SEARCH_FOOTER}</textarea>
+		<textarea class="vert" name="search_footer" cols="50" rows="3">{SEARCH_FOOTER}</textarea>
 			</div>
 		</div>
 
Index: branches/2.8.x/wb/admin/interface/version.php
===================================================================
--- branches/2.8.x/wb/admin/interface/version.php	(revision 1784)
+++ branches/2.8.x/wb/admin/interface/version.php	(revision 1785)
@@ -51,5 +51,5 @@
 
 // check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
 if(!defined('VERSION')) define('VERSION', '2.8.3');
-if(!defined('REVISION')) define('REVISION', '1784');
+if(!defined('REVISION')) define('REVISION', '1785');
 if(!defined('SP')) define('SP', '');
Index: branches/2.8.x/wb/admin/settings/save.php
===================================================================
--- branches/2.8.x/wb/admin/settings/save.php	(revision 1784)
+++ branches/2.8.x/wb/admin/settings/save.php	(revision 1785)
@@ -22,8 +22,18 @@
 $advanced = ($_POST['advanced'] == 'yes') ? '?advanced=yes' : '';
 
 // Print admin header
-require('../../config.php');
-require_once(WB_PATH.'/framework/class.admin.php');
+//require('../../config.php');
+//require_once(WB_PATH.'/framework/class.admin.php');
+
+// Include config file
+$config_file = realpath('../../config.php');
+if(file_exists($config_file) && !defined('WB_URL'))
+{
+	require($config_file);
+}
+
+if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
+
 require_once(WB_PATH.'/framework/functions.php');
 
 // suppress to print the header, so no new FTAN will be set
@@ -212,7 +222,7 @@
 
 if($res_settings = $database->query($sql)) {
 	$passed = false;
-	while($setting = $res_settings->fetchRow())
+	while($setting = $res_settings->fetchRow(MYSQL_ASSOC))
 	{
 		$setting_name = $setting['name'];
 		$old_settings[$setting_name] = $setting['value'];
@@ -289,10 +299,19 @@
 
 }
 $StripCodeFromISearch = array(
+    'search_header',
+    'search_results_header',
+    'search_results_loop',
+    'search_results_footer',
+    'search_no_results',
+    'search_footer',
     'search_module_order',
     'search_max_excerpt',
     'search_time_limit',
     );
+$allow_empty_values = array(
+    'search_footer',
+    );
 
 // Query current search settings in the db, then loop through them and update the db with the new value
 $sql  = 'SELECT `name`, `value` FROM `'.TABLE_PREFIX.'search` ';
@@ -303,7 +322,7 @@
 	$admin->print_error($database->is_error(), $js_back );
 }
 
-while($search_setting = $res_search->fetchRow())
+while($search_setting = $res_search->fetchRow(MYSQL_ASSOC))
 {
 	$old_value = $search_setting['value'];
 	$setting_name = $search_setting['name'];
@@ -315,15 +334,19 @@
     if(in_array($post_name, $StripCodeFromISearch) ) {
         $value = $admin->StripCodeFromText($value);
     }
-    $value = ( ($value == '') && ($setting_name != 'template') ) ? $old_value : $value;
+
+    $passed = in_array($post_name, $allow_empty_values);
+
+    $value = ( (!in_array($post_name, $allow_empty_values)) && ($setting_name != 'template') ) ? $old_value : $value;
+
     // $value =  ( ($admin->get_post($post_name) == '') && ($setting_name == 'template') ) ? DEFAULT_TEMPLATE : $admin->get_post($post_name);
     if(isset($value))
 	{
 		$value = $admin->add_slashes($value);
         $sql  = 'UPDATE `'.TABLE_PREFIX.'search` ';
-        $sql .= 'SET `value` = "'.$value.'" ';
-        $sql .= 'WHERE `name` = "'.$setting_name.'" ';
-        $sql .= 'AND `extra` = ""';
+        $sql .= 'SET `value` = \''.$value.'\' ';
+        $sql .= 'WHERE `name` = \''.$setting_name.'\' ';
+        $sql .= 'AND `extra` = \'\' ';
 		if($database->query($sql)) {
 		}
 		$sql_info = mysql_info($database->db_handle);
Index: branches/2.8.x/wb/admin/languages/uninstall.php
===================================================================
--- branches/2.8.x/wb/admin/languages/uninstall.php	(revision 1784)
+++ branches/2.8.x/wb/admin/languages/uninstall.php	(revision 1785)
@@ -16,9 +16,15 @@
  *
  */
 
-// Setup admin object
-require('../../config.php');
-require_once(WB_PATH.'/framework/class.admin.php');
+// Include config file
+$config_file = realpath('../../config.php');
+if(file_exists($config_file) && !defined('WB_URL'))
+{
+	require($config_file);
+}
+
+if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
+
 $admin = new admin('Addons', 'languages_uninstall', false);
 if( !$admin->checkFTAN() )
 {
@@ -51,24 +57,6 @@
 	$admin->print_error($MESSAGE['ADMIN_INSUFFICIENT_PRIVELLIGES']);
 }
 
-/*
-// Check if user selected language
-if(!isset($_POST['code']) OR $_POST['code'] == "") {
-	header("Location: index.php");
-	exit(0);
-}
-
-// Extra protection
-if(trim($_POST['code']) == '') {
-	header("Location: index.php");
-	exit(0);
-}
-
-// Check if the language exists
-if(!file_exists(WB_PATH.'/languages/'.$_POST['code'].'.php')) {
-	$admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED']);
-}
-*/
 // Include the WB functions file
 require_once(WB_PATH.'/framework/functions.php');
 
@@ -76,8 +64,9 @@
 if($code == DEFAULT_LANGUAGE OR $code == LANGUAGE) {
 	$admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL_IN_USE']);
 } else {
-	$query_users = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE language = '".$admin->add_slashes($code)."' LIMIT 1");
-	if($query_users->numRows() > 0) {
+	$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
+	$sql .= 'WHERE`language`=\''.mysql_real_escape_string($code).'\'';
+	if( $database->get_one($sql) ) {
 		$admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL_IN_USE']);
 	}
 }
@@ -87,11 +76,16 @@
 	$admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL']);
 } else {
 	// Remove entry from DB
-	$database->query("DELETE FROM ".TABLE_PREFIX."addons WHERE directory = \'".$code."\' AND type = 'language'");
+	$sql  = 'DELETE FROM `'.TABLE_PREFIX.'addons` ';
+	$sql .= 'WHERE `directory`=\''.mysql_real_escape_string($code).'\' ';
+	$sql .=   'AND `type`=`type`=\'language\' ';
+	if( $database->query($sql) ) {
+        // Print success message
+        $admin->print_success($MESSAGE['GENERIC_UNINSTALLED']);
+    } else {
+    	$admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL'].'<br />'.$database->get_error());
+    }
 }
 
-// Print success message
-$admin->print_success($MESSAGE['GENERIC_UNINSTALLED']);
-
 // Print admin footer
 $admin->print_footer();
Index: branches/2.8.x/wb/framework/frontend.functions.php
===================================================================
--- branches/2.8.x/wb/framework/frontend.functions.php	(revision 1784)
+++ branches/2.8.x/wb/framework/frontend.functions.php	(revision 1785)
@@ -37,7 +37,7 @@
 	$sql  = 'SELECT `directory` FROM `'.TABLE_PREFIX.'addons` ';
 	$sql .= 'WHERE `type`=\'module\' AND `function`=\'snippet\'';
 	if(($resSnippets = $database->query($sql))) {
-		while($recSnippet = $resSnippets->fetchRow()) {
+		while($recSnippet = $resSnippets->fetchRow(MYSQL_ASSOC)) {
 			$module_dir = $recSnippet['directory'];
 			if (is_readable(WB_PATH.'/modules/'.$module_dir.'/include.php')) {
 				include(WB_PATH.'/modules/'.$module_dir.'/include.php');
@@ -101,7 +101,7 @@
 	 * @return string
 	 */
 	function search_highlight($foo='', $arr_string=array()) {
-		require_once(WB_PATH.'/framework/functions.php');
+		require(WB_PATH.'/framework/functions.php');
 		static $string_ul_umlaut = FALSE;
 		static $string_ul_regex = FALSE;
 		if($string_ul_umlaut === FALSE || $string_ul_regex === FALSE) {
@@ -294,7 +294,7 @@
 			}
 
 			// Loop through them and include their module file
-			while($section = $oSections->fetchRow()) {
+			while($section = $oSections->fetchRow(MYSQL_ASSOC)) {
 				// skip this section if it is out of publication-date
 				$now = time();
 				if( !(($now<=$section['publ_end'] || $section['publ_end']==0) && ($now>=$section['publ_start'] || $section['publ_start']==0)) ) {
@@ -307,10 +307,11 @@
 				// fetch content -- this is where to place possible output-filters (before highlighting)
 					ob_start(); // fetch original content
                     $sectionAnchor = (defined('SEC_ANCHOR') && SEC_ANCHOR!='') ? SEC_ANCHOR.$section_id : 'section_'.$section_id;
-                    echo PHP_EOL.'<div id="'.$sectionAnchor.'" class="wb_'.$module.'" >'.PHP_EOL;
+                    echo "\n".'<div id="'.$sectionAnchor.'" class="wb_'.$module.'" >'."\n";
 					require(WB_PATH.'/modules/'.$module.'/view.php');
-                    echo PHP_EOL.'</div><!-- '.$module.$section_id.' -->'.PHP_EOL;
+                    echo "\n".'</div><!-- '.$module.$section_id.' -->'."\n";
 					$content = ob_get_clean();
+					echo $content;
 				} else {
 					continue;
 				}