Revision 1948
Added by darkviper over 11 years ago
| branches/2.8.x/CHANGELOG | ||
|---|---|---|
| 11 | 11 |
! = Update/Change |
| 12 | 12 |
=============================================================================== |
| 13 | 13 |
|
| 14 |
04 Aug-2013 Build 1948 M.v.d.Decken(DarkViper) |
|
| 15 |
+ added $page_id compatibility to /index.php |
|
| 16 |
# solved escaping problems on save to database in modules/droplets |
|
| 14 | 17 |
03 Aug-2013 Build 1947 M.v.d.Decken(DarkViper) |
| 15 | 18 |
+ added classes AccessFile and AccessFileHelper to /framework/ |
| 16 | 19 |
03 Aug-2013 Build 1946 M.v.d.Decken(DarkViper) |
| branches/2.8.x/wb/admin/interface/version.php | ||
|---|---|---|
| 51 | 51 |
|
| 52 | 52 |
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) |
| 53 | 53 |
if(!defined('VERSION')) define('VERSION', '2.8.3');
|
| 54 |
if(!defined('REVISION')) define('REVISION', '1947');
|
|
| 54 |
if(!defined('REVISION')) define('REVISION', '1948');
|
|
| 55 | 55 |
if(!defined('SP')) define('SP', '');
|
| branches/2.8.x/wb/index.php | ||
|---|---|---|
| 15 | 15 |
* |
| 16 | 16 |
*/ |
| 17 | 17 |
|
| 18 |
// compatibility between old and new access file format |
|
| 19 |
if (isset($iPageId)) { $page_id = $iPageId; }
|
|
| 20 |
if (isset($page_id) && !isset($iPageId)) { $iPageId = $page_id; }
|
|
| 18 | 21 |
// Include config file |
| 19 | 22 |
$config_file = dirname(__FILE__).'/config.php'; |
| 20 | 23 |
if(file_exists($config_file) && !defined('WB_URL'))
|
| branches/2.8.x/wb/modules/droplets/droplets.functions.php | ||
|---|---|---|
| 72 | 72 |
{
|
| 73 | 73 |
$OK = ' <span style="color:#006400; font-weight:bold;">OK</span> '; |
| 74 | 74 |
$FAIL = ' <span style="color:#ff0000; font-weight:bold;">FAILED</span> '; |
| 75 |
$database=WbDatabase::getInstance();
|
|
| 75 |
$oDb = WbDatabase::getInstance();
|
|
| 76 | 76 |
foreach ($aDropletFiles as $sDropletFile) {
|
| 77 | 77 |
$msgSql = ''; |
| 78 | 78 |
$extraSql = ''; |
| 79 | 79 |
$sDropletName = pathinfo ($sDropletFile, PATHINFO_FILENAME); |
| 80 |
$sql = 'SELECT `code` FROM `'.$database->TablePrefix.'mod_droplets` WHERE `name` LIKE "'.$sDropletName.'" ';
|
|
| 81 |
if( !($database->get_one($sql)) ) {
|
|
| 82 |
$sql = 'INSERT INTO `'.$database->TablePrefix.'mod_droplets`';
|
|
| 83 |
$msgSql = 'INSERT Droplet `'.$sDropletName.'` INTO`'.$database->TablePrefix.'mod_droplets`'." $OK";
|
|
| 80 |
$sql = 'SELECT `code` FROM `'.$oDb->TablePrefix.'mod_droplets` WHERE `name` LIKE "'.$sDropletName.'" ';
|
|
| 81 |
if( !($oDb->get_one($sql)) ) {
|
|
| 82 |
$sql = 'INSERT INTO `'.$oDb->TablePrefix.'mod_droplets`';
|
|
| 83 |
$msgSql = 'INSERT Droplet `'.$sDropletName.'` INTO`'.$oDb->TablePrefix.'mod_droplets`'." $OK";
|
|
| 84 | 84 |
} elseif ($bOverwriteDroplets) {
|
| 85 |
$sql = 'UPDATE `'.$database->TablePrefix.'mod_droplets` ';
|
|
| 85 |
$sql = 'UPDATE `'.$oDb->TablePrefix.'mod_droplets` ';
|
|
| 86 | 86 |
$extraSql = 'WHERE `name` = \''.$sDropletName.'\' '; |
| 87 |
$msgSql = 'UPDATE Droplet `'.$sDropletName.'` INTO`'.$database->TablePrefix.'mod_droplets`'." $OK";
|
|
| 87 |
$msgSql = 'UPDATE Droplet `'.$sDropletName.'` INTO`'.$oDb->TablePrefix.'mod_droplets`'." $OK";
|
|
| 88 | 88 |
} |
| 89 | 89 |
// get description, comments and oode |
| 90 | 90 |
$sDropletFile = preg_replace('/^\xEF\xBB\xBF/', '', $sDropletFile);
|
| ... | ... | |
| 115 | 115 |
} |
| 116 | 116 |
$iModifiedWhen = time(); |
| 117 | 117 |
$iModifiedBy = (method_exists($admin, 'get_user_id') && ($admin->get_user_id()!=null) ? $admin->get_user_id() : 1); |
| 118 |
$sql .= 'SET `name` =\''.$sDropletName.'\','
|
|
| 119 |
. '`description` =\''.$sDescription.'\','
|
|
| 120 |
. '`comments` =\''.$sComments.'\','
|
|
| 121 |
. '`code` =\''.$database->escapeString($sCode).'\','
|
|
| 118 |
$sql .= 'SET `name` =\''.$oDb->escapeString($sDropletName).'\','
|
|
| 119 |
. '`description` =\''.$oDb->escapeString($sDescription).'\','
|
|
| 120 |
. '`comments` =\''.$oDb->escapeString($sComments).'\','
|
|
| 121 |
. '`code` =\''.$oDb->escapeString($sCode).'\','
|
|
| 122 | 122 |
. '`modified_when` = '.$iModifiedWhen.',' |
| 123 | 123 |
. '`modified_by` = '.$iModifiedBy.',' |
| 124 | 124 |
. '`active` = 1' |
| 125 | 125 |
. $extraSql; |
| 126 | 126 |
} |
| 127 |
if( $database->query($sql) ) {
|
|
| 127 |
if( $oDb->query($sql) ) {
|
|
| 128 | 128 |
if( $msgSql!='' ) { $msg[] = $msgSql; }
|
| 129 | 129 |
} else {
|
| 130 |
$msg[] = $database->get_error();
|
|
| 130 |
$msg[] = $oDb->get_error();
|
|
| 131 | 131 |
} |
| 132 | 132 |
} |
| 133 | 133 |
return; |
| branches/2.8.x/wb/modules/droplets/save_droplet.php | ||
|---|---|---|
| 43 | 43 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $module_edit_link ); |
| 44 | 44 |
} |
| 45 | 45 |
$admin->print_header(); |
| 46 |
|
|
| 46 |
$oDb = WbDatabase::getInstance(); |
|
| 47 | 47 |
// Validate all fields |
| 48 | 48 |
if($admin->get_post('title') == '') {
|
| 49 | 49 |
$admin->print_error($MESSAGE['GENERIC']['FILL_IN_ALL'], WB_URL.'/modules/droplets/modify_droplet.php?droplet_id='. $admin->getIDKEY($droplet_id)); |
| 50 | 50 |
} else {
|
| 51 |
$title = $admin->add_slashes($admin->get_post('title'));
|
|
| 51 |
$title = $admin->get_post('title');
|
|
| 52 | 52 |
$active = (int) $admin->get_post('active');
|
| 53 | 53 |
$admin_view = (int) $admin->get_post('admin_view');
|
| 54 | 54 |
$admin_edit = (int) $admin->get_post('admin_edit');
|
| 55 | 55 |
$show_wysiwyg = (int) $admin->get_post('show_wysiwyg');
|
| 56 |
$description = $admin->add_slashes($admin->get_post('description'));
|
|
| 56 |
$description = $admin->get_post('description');
|
|
| 57 | 57 |
$tags = array('<?php', '?>' , '<?');
|
| 58 |
$content = $admin->add_slashes(str_replace($tags, '', $_POST['savecontent']));
|
|
| 59 |
$comments = $admin->add_slashes($admin->get_post('comments'));
|
|
| 58 |
$content = str_replace($tags, '', $_POST['savecontent']);
|
|
| 59 |
$comments = $admin->get_post('comments');
|
|
| 60 | 60 |
$modified_when = time(); |
| 61 | 61 |
$modified_by = (int) $admin->get_user_id(); |
| 62 | 62 |
} |
| 63 | 63 |
|
| 64 | 64 |
// Update row |
| 65 |
$sql = 'UPDATE `'.TABLE_PREFIX.'mod_droplets` SET ';
|
|
| 66 |
$sql .= '`name` = \''.$title.'\', ';
|
|
| 65 |
$sql = 'UPDATE `'.$oDb->TablePrefix.'mod_droplets` SET ';
|
|
| 66 |
$sql .= '`name` = \''.$oDb->escapeString($title).'\', ';
|
|
| 67 | 67 |
$sql .= '`active` = '.$active.', '; |
| 68 | 68 |
$sql .= '`admin_view` = '.$admin_view.', '; |
| 69 | 69 |
$sql .= '`admin_edit` = '.$admin_edit.', '; |
| 70 | 70 |
$sql .= '`show_wysiwyg` = '.$show_wysiwyg.', '; |
| 71 |
$sql .= '`description` = \''.$description.'\', ';
|
|
| 72 |
$sql .= '`code` = \''.$content.'\', ';
|
|
| 73 |
$sql .= '`comments` = \''.$comments.'\', ';
|
|
| 71 |
$sql .= '`description` = \''.$oDb->escapeString($description).'\', ';
|
|
| 72 |
$sql .= '`code` = \''.$oDb->escapeString($content).'\', ';
|
|
| 73 |
$sql .= '`comments` = \''.$oDb->escapeString($comments).'\', ';
|
|
| 74 | 74 |
$sql .= '`modified_when` = '.$modified_when.', '; |
| 75 | 75 |
$sql .= '`modified_by` = '.$modified_by.' '; |
| 76 | 76 |
$sql .= 'WHERE `id` = '.$droplet_id; |
| 77 |
$database->query($sql);
|
|
| 77 |
$oDb->query($sql);
|
|
| 78 | 78 |
|
| 79 | 79 |
// Check if there is a db error, otherwise say successful |
| 80 |
if($database->is_error()) {
|
|
| 81 |
$admin->print_error($database->get_error(), WB_URL.'/modules/droplets/modify_droplet.php?droplet_id='. $admin->getIDKEY($droplet_id));
|
|
| 80 |
if($oDb->is_error()) {
|
|
| 81 |
$admin->print_error($oDb->get_error(), WB_URL.'/modules/droplets/modify_droplet.php?droplet_id='. $admin->getIDKEY($droplet_id));
|
|
| 82 | 82 |
} else {
|
| 83 | 83 |
$admin->print_success($TEXT['SUCCESS'], $module_edit_link); |
| 84 | 84 |
} |
Also available in: Unified diff
added $page_id compatibility to /index.php
solved escaping problems on save to database in modules/droplets