Revision 1948
Added by darkviper over 11 years ago
branches/2.8.x/CHANGELOG | ||
---|---|---|
11 | 11 |
! = Update/Change |
12 | 12 |
=============================================================================== |
13 | 13 |
|
14 |
04 Aug-2013 Build 1948 M.v.d.Decken(DarkViper) |
|
15 |
+ added $page_id compatibility to /index.php |
|
16 |
# solved escaping problems on save to database in modules/droplets |
|
14 | 17 |
03 Aug-2013 Build 1947 M.v.d.Decken(DarkViper) |
15 | 18 |
+ added classes AccessFile and AccessFileHelper to /framework/ |
16 | 19 |
03 Aug-2013 Build 1946 M.v.d.Decken(DarkViper) |
branches/2.8.x/wb/admin/interface/version.php | ||
---|---|---|
51 | 51 |
|
52 | 52 |
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) |
53 | 53 |
if(!defined('VERSION')) define('VERSION', '2.8.3'); |
54 |
if(!defined('REVISION')) define('REVISION', '1947');
|
|
54 |
if(!defined('REVISION')) define('REVISION', '1948');
|
|
55 | 55 |
if(!defined('SP')) define('SP', ''); |
branches/2.8.x/wb/index.php | ||
---|---|---|
15 | 15 |
* |
16 | 16 |
*/ |
17 | 17 |
|
18 |
// compatibility between old and new access file format |
|
19 |
if (isset($iPageId)) { $page_id = $iPageId; } |
|
20 |
if (isset($page_id) && !isset($iPageId)) { $iPageId = $page_id; } |
|
18 | 21 |
// Include config file |
19 | 22 |
$config_file = dirname(__FILE__).'/config.php'; |
20 | 23 |
if(file_exists($config_file) && !defined('WB_URL')) |
branches/2.8.x/wb/modules/droplets/droplets.functions.php | ||
---|---|---|
72 | 72 |
{ |
73 | 73 |
$OK = ' <span style="color:#006400; font-weight:bold;">OK</span> '; |
74 | 74 |
$FAIL = ' <span style="color:#ff0000; font-weight:bold;">FAILED</span> '; |
75 |
$database=WbDatabase::getInstance();
|
|
75 |
$oDb = WbDatabase::getInstance();
|
|
76 | 76 |
foreach ($aDropletFiles as $sDropletFile) { |
77 | 77 |
$msgSql = ''; |
78 | 78 |
$extraSql = ''; |
79 | 79 |
$sDropletName = pathinfo ($sDropletFile, PATHINFO_FILENAME); |
80 |
$sql = 'SELECT `code` FROM `'.$database->TablePrefix.'mod_droplets` WHERE `name` LIKE "'.$sDropletName.'" ';
|
|
81 |
if( !($database->get_one($sql)) ) {
|
|
82 |
$sql = 'INSERT INTO `'.$database->TablePrefix.'mod_droplets`';
|
|
83 |
$msgSql = 'INSERT Droplet `'.$sDropletName.'` INTO`'.$database->TablePrefix.'mod_droplets`'." $OK";
|
|
80 |
$sql = 'SELECT `code` FROM `'.$oDb->TablePrefix.'mod_droplets` WHERE `name` LIKE "'.$sDropletName.'" ';
|
|
81 |
if( !($oDb->get_one($sql)) ) {
|
|
82 |
$sql = 'INSERT INTO `'.$oDb->TablePrefix.'mod_droplets`';
|
|
83 |
$msgSql = 'INSERT Droplet `'.$sDropletName.'` INTO`'.$oDb->TablePrefix.'mod_droplets`'." $OK";
|
|
84 | 84 |
} elseif ($bOverwriteDroplets) { |
85 |
$sql = 'UPDATE `'.$database->TablePrefix.'mod_droplets` ';
|
|
85 |
$sql = 'UPDATE `'.$oDb->TablePrefix.'mod_droplets` ';
|
|
86 | 86 |
$extraSql = 'WHERE `name` = \''.$sDropletName.'\' '; |
87 |
$msgSql = 'UPDATE Droplet `'.$sDropletName.'` INTO`'.$database->TablePrefix.'mod_droplets`'." $OK";
|
|
87 |
$msgSql = 'UPDATE Droplet `'.$sDropletName.'` INTO`'.$oDb->TablePrefix.'mod_droplets`'." $OK";
|
|
88 | 88 |
} |
89 | 89 |
// get description, comments and oode |
90 | 90 |
$sDropletFile = preg_replace('/^\xEF\xBB\xBF/', '', $sDropletFile); |
... | ... | |
115 | 115 |
} |
116 | 116 |
$iModifiedWhen = time(); |
117 | 117 |
$iModifiedBy = (method_exists($admin, 'get_user_id') && ($admin->get_user_id()!=null) ? $admin->get_user_id() : 1); |
118 |
$sql .= 'SET `name` =\''.$sDropletName.'\','
|
|
119 |
. '`description` =\''.$sDescription.'\','
|
|
120 |
. '`comments` =\''.$sComments.'\','
|
|
121 |
. '`code` =\''.$database->escapeString($sCode).'\','
|
|
118 |
$sql .= 'SET `name` =\''.$oDb->escapeString($sDropletName).'\','
|
|
119 |
. '`description` =\''.$oDb->escapeString($sDescription).'\','
|
|
120 |
. '`comments` =\''.$oDb->escapeString($sComments).'\','
|
|
121 |
. '`code` =\''.$oDb->escapeString($sCode).'\','
|
|
122 | 122 |
. '`modified_when` = '.$iModifiedWhen.',' |
123 | 123 |
. '`modified_by` = '.$iModifiedBy.',' |
124 | 124 |
. '`active` = 1' |
125 | 125 |
. $extraSql; |
126 | 126 |
} |
127 |
if( $database->query($sql) ) {
|
|
127 |
if( $oDb->query($sql) ) {
|
|
128 | 128 |
if( $msgSql!='' ) { $msg[] = $msgSql; } |
129 | 129 |
} else { |
130 |
$msg[] = $database->get_error();
|
|
130 |
$msg[] = $oDb->get_error();
|
|
131 | 131 |
} |
132 | 132 |
} |
133 | 133 |
return; |
branches/2.8.x/wb/modules/droplets/save_droplet.php | ||
---|---|---|
43 | 43 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $module_edit_link ); |
44 | 44 |
} |
45 | 45 |
$admin->print_header(); |
46 |
|
|
46 |
$oDb = WbDatabase::getInstance(); |
|
47 | 47 |
// Validate all fields |
48 | 48 |
if($admin->get_post('title') == '') { |
49 | 49 |
$admin->print_error($MESSAGE['GENERIC']['FILL_IN_ALL'], WB_URL.'/modules/droplets/modify_droplet.php?droplet_id='. $admin->getIDKEY($droplet_id)); |
50 | 50 |
} else { |
51 |
$title = $admin->add_slashes($admin->get_post('title'));
|
|
51 |
$title = $admin->get_post('title');
|
|
52 | 52 |
$active = (int) $admin->get_post('active'); |
53 | 53 |
$admin_view = (int) $admin->get_post('admin_view'); |
54 | 54 |
$admin_edit = (int) $admin->get_post('admin_edit'); |
55 | 55 |
$show_wysiwyg = (int) $admin->get_post('show_wysiwyg'); |
56 |
$description = $admin->add_slashes($admin->get_post('description'));
|
|
56 |
$description = $admin->get_post('description');
|
|
57 | 57 |
$tags = array('<?php', '?>' , '<?'); |
58 |
$content = $admin->add_slashes(str_replace($tags, '', $_POST['savecontent']));
|
|
59 |
$comments = $admin->add_slashes($admin->get_post('comments'));
|
|
58 |
$content = str_replace($tags, '', $_POST['savecontent']);
|
|
59 |
$comments = $admin->get_post('comments');
|
|
60 | 60 |
$modified_when = time(); |
61 | 61 |
$modified_by = (int) $admin->get_user_id(); |
62 | 62 |
} |
63 | 63 |
|
64 | 64 |
// Update row |
65 |
$sql = 'UPDATE `'.TABLE_PREFIX.'mod_droplets` SET ';
|
|
66 |
$sql .= '`name` = \''.$title.'\', ';
|
|
65 |
$sql = 'UPDATE `'.$oDb->TablePrefix.'mod_droplets` SET ';
|
|
66 |
$sql .= '`name` = \''.$oDb->escapeString($title).'\', ';
|
|
67 | 67 |
$sql .= '`active` = '.$active.', '; |
68 | 68 |
$sql .= '`admin_view` = '.$admin_view.', '; |
69 | 69 |
$sql .= '`admin_edit` = '.$admin_edit.', '; |
70 | 70 |
$sql .= '`show_wysiwyg` = '.$show_wysiwyg.', '; |
71 |
$sql .= '`description` = \''.$description.'\', ';
|
|
72 |
$sql .= '`code` = \''.$content.'\', ';
|
|
73 |
$sql .= '`comments` = \''.$comments.'\', ';
|
|
71 |
$sql .= '`description` = \''.$oDb->escapeString($description).'\', ';
|
|
72 |
$sql .= '`code` = \''.$oDb->escapeString($content).'\', ';
|
|
73 |
$sql .= '`comments` = \''.$oDb->escapeString($comments).'\', ';
|
|
74 | 74 |
$sql .= '`modified_when` = '.$modified_when.', '; |
75 | 75 |
$sql .= '`modified_by` = '.$modified_by.' '; |
76 | 76 |
$sql .= 'WHERE `id` = '.$droplet_id; |
77 |
$database->query($sql);
|
|
77 |
$oDb->query($sql);
|
|
78 | 78 |
|
79 | 79 |
// Check if there is a db error, otherwise say successful |
80 |
if($database->is_error()) {
|
|
81 |
$admin->print_error($database->get_error(), WB_URL.'/modules/droplets/modify_droplet.php?droplet_id='. $admin->getIDKEY($droplet_id));
|
|
80 |
if($oDb->is_error()) {
|
|
81 |
$admin->print_error($oDb->get_error(), WB_URL.'/modules/droplets/modify_droplet.php?droplet_id='. $admin->getIDKEY($droplet_id));
|
|
82 | 82 |
} else { |
83 | 83 |
$admin->print_success($TEXT['SUCCESS'], $module_edit_link); |
84 | 84 |
} |
Also available in: Unified diff
added $page_id compatibility to /index.php
solved escaping problems on save to database in modules/droplets