Project

General

Profile

« Previous | Next » 

Revision 1948

Added by darkviper over 11 years ago

added $page_id compatibility to /index.php
solved escaping problems on save to database in modules/droplets

View differences:

branches/2.8.x/CHANGELOG
11 11
! = Update/Change
12 12
===============================================================================
13 13

  
14
04 Aug-2013 Build 1948 M.v.d.Decken(DarkViper)
15
+ added $page_id compatibility to /index.php
16
# solved escaping problems on save to database in modules/droplets
14 17
03 Aug-2013 Build 1947 M.v.d.Decken(DarkViper)
15 18
+ added classes AccessFile and AccessFileHelper to /framework/
16 19
03 Aug-2013 Build 1946 M.v.d.Decken(DarkViper)
branches/2.8.x/wb/admin/interface/version.php
51 51

  
52 52
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
53 53
if(!defined('VERSION')) define('VERSION', '2.8.3');
54
if(!defined('REVISION')) define('REVISION', '1947');
54
if(!defined('REVISION')) define('REVISION', '1948');
55 55
if(!defined('SP')) define('SP', '');
branches/2.8.x/wb/index.php
15 15
 *
16 16
 */
17 17

  
18
// compatibility between old and new access file format
19
if (isset($iPageId)) { $page_id = $iPageId; }
20
if (isset($page_id) && !isset($iPageId)) { $iPageId = $page_id; }
18 21
// Include config file
19 22
$config_file = dirname(__FILE__).'/config.php';
20 23
if(file_exists($config_file) && !defined('WB_URL'))
branches/2.8.x/wb/modules/droplets/droplets.functions.php
72 72
{
73 73
	$OK  = ' <span style="color:#006400; font-weight:bold;">OK</span> ';
74 74
	$FAIL = ' <span style="color:#ff0000; font-weight:bold;">FAILED</span> ';
75
	$database=WbDatabase::getInstance();
75
	$oDb = WbDatabase::getInstance();
76 76
	foreach ($aDropletFiles as $sDropletFile) {
77 77
		$msgSql = '';
78 78
		$extraSql = '';
79 79
		$sDropletName = pathinfo ($sDropletFile, PATHINFO_FILENAME);
80
		$sql = 'SELECT `code` FROM `'.$database->TablePrefix.'mod_droplets` WHERE `name` LIKE "'.$sDropletName.'" ';
81
		if( !($database->get_one($sql)) ) {
82
			$sql = 'INSERT INTO `'.$database->TablePrefix.'mod_droplets`';
83
			$msgSql = 'INSERT Droplet `'.$sDropletName.'` INTO`'.$database->TablePrefix.'mod_droplets`'." $OK";
80
		$sql = 'SELECT `code` FROM `'.$oDb->TablePrefix.'mod_droplets` WHERE `name` LIKE "'.$sDropletName.'" ';
81
		if( !($oDb->get_one($sql)) ) {
82
			$sql = 'INSERT INTO `'.$oDb->TablePrefix.'mod_droplets`';
83
			$msgSql = 'INSERT Droplet `'.$sDropletName.'` INTO`'.$oDb->TablePrefix.'mod_droplets`'." $OK";
84 84
		} elseif ($bOverwriteDroplets) {
85
			$sql = 'UPDATE `'.$database->TablePrefix.'mod_droplets` ';
85
			$sql = 'UPDATE `'.$oDb->TablePrefix.'mod_droplets` ';
86 86
			$extraSql = 'WHERE `name` = \''.$sDropletName.'\' ';
87
			$msgSql = 'UPDATE Droplet `'.$sDropletName.'` INTO`'.$database->TablePrefix.'mod_droplets`'." $OK";
87
			$msgSql = 'UPDATE Droplet `'.$sDropletName.'` INTO`'.$oDb->TablePrefix.'mod_droplets`'." $OK";
88 88
		}
89 89
// get description, comments and oode
90 90
		$sDropletFile = preg_replace('/^\xEF\xBB\xBF/', '', $sDropletFile);
......
115 115
			}
116 116
		$iModifiedWhen = time();
117 117
		$iModifiedBy = (method_exists($admin, 'get_user_id') && ($admin->get_user_id()!=null) ? $admin->get_user_id() : 1);
118
		$sql .= 'SET  `name` =\''.$sDropletName.'\','
119
		     .       '`description` =\''.$sDescription.'\','
120
		     .       '`comments` =\''.$sComments.'\','
121
		     .       '`code` =\''.$database->escapeString($sCode).'\','
118
		$sql .= 'SET  `name` =\''.$oDb->escapeString($sDropletName).'\','
119
		     .       '`description` =\''.$oDb->escapeString($sDescription).'\','
120
		     .       '`comments` =\''.$oDb->escapeString($sComments).'\','
121
		     .       '`code` =\''.$oDb->escapeString($sCode).'\','
122 122
		     .       '`modified_when` = '.$iModifiedWhen.','
123 123
		     .       '`modified_by` = '.$iModifiedBy.','
124 124
		     .       '`active` = 1'
125 125
		     .       $extraSql;
126 126
		}
127
		if( $database->query($sql) ) {
127
		if( $oDb->query($sql) ) {
128 128
			if( $msgSql!='' ) { $msg[] = $msgSql; }
129 129
		} else {
130
			$msg[] = $database->get_error();
130
			$msg[] = $oDb->get_error();
131 131
		}
132 132
	}
133 133
	return;
branches/2.8.x/wb/modules/droplets/save_droplet.php
43 43
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $module_edit_link );
44 44
}
45 45
$admin->print_header();
46

  
46
$oDb = WbDatabase::getInstance();
47 47
// Validate all fields
48 48
if($admin->get_post('title') == '') {
49 49
	$admin->print_error($MESSAGE['GENERIC']['FILL_IN_ALL'], WB_URL.'/modules/droplets/modify_droplet.php?droplet_id='. $admin->getIDKEY($droplet_id));
50 50
} else {
51
	$title = $admin->add_slashes($admin->get_post('title'));
51
	$title = $admin->get_post('title');
52 52
	$active = (int) $admin->get_post('active');
53 53
	$admin_view = (int) $admin->get_post('admin_view');
54 54
	$admin_edit = (int) $admin->get_post('admin_edit');
55 55
	$show_wysiwyg = (int) $admin->get_post('show_wysiwyg');
56
	$description = $admin->add_slashes($admin->get_post('description'));
56
	$description = $admin->get_post('description');
57 57
	$tags = array('<?php', '?>' , '<?');
58
	$content = $admin->add_slashes(str_replace($tags, '', $_POST['savecontent']));
59
	$comments = $admin->add_slashes($admin->get_post('comments'));
58
	$content = str_replace($tags, '', $_POST['savecontent']);
59
	$comments = $admin->get_post('comments');
60 60
	$modified_when = time();
61 61
	$modified_by = (int) $admin->get_user_id();
62 62
}
63 63

  
64 64
// Update row
65
$sql = 'UPDATE `'.TABLE_PREFIX.'mod_droplets` SET ';
66
$sql .= '`name` = \''.$title.'\', ';
65
$sql = 'UPDATE `'.$oDb->TablePrefix.'mod_droplets` SET ';
66
$sql .= '`name` = \''.$oDb->escapeString($title).'\', ';
67 67
$sql .= '`active` = '.$active.', ';
68 68
$sql .= '`admin_view` = '.$admin_view.', ';
69 69
$sql .= '`admin_edit` = '.$admin_edit.', ';
70 70
$sql .= '`show_wysiwyg` = '.$show_wysiwyg.', ';
71
$sql .= '`description` = \''.$description.'\', ';
72
$sql .= '`code` = \''.$content.'\', ';
73
$sql .= '`comments` = \''.$comments.'\', ';
71
$sql .= '`description` = \''.$oDb->escapeString($description).'\', ';
72
$sql .= '`code` = \''.$oDb->escapeString($content).'\', ';
73
$sql .= '`comments` = \''.$oDb->escapeString($comments).'\', ';
74 74
$sql .= '`modified_when` = '.$modified_when.', ';
75 75
$sql .= '`modified_by` = '.$modified_by.' ';
76 76
$sql .= 'WHERE `id` = '.$droplet_id;
77
$database->query($sql);
77
$oDb->query($sql);
78 78

  
79 79
// Check if there is a db error, otherwise say successful
80
if($database->is_error()) {
81
	$admin->print_error($database->get_error(), WB_URL.'/modules/droplets/modify_droplet.php?droplet_id='. $admin->getIDKEY($droplet_id));
80
if($oDb->is_error()) {
81
	$admin->print_error($oDb->get_error(), WB_URL.'/modules/droplets/modify_droplet.php?droplet_id='. $admin->getIDKEY($droplet_id));
82 82
} else {
83 83
    $admin->print_success($TEXT['SUCCESS'], $module_edit_link);
84 84
}

Also available in: Unified diff