Project

General

Profile

« Previous | Next » 

Revision 1948

Added by darkviper over 11 years ago

added $page_id compatibility to /index.php
solved escaping problems on save to database in modules/droplets

View differences:

droplets.functions.php
72 72
{
73 73
	$OK  = ' <span style="color:#006400; font-weight:bold;">OK</span> ';
74 74
	$FAIL = ' <span style="color:#ff0000; font-weight:bold;">FAILED</span> ';
75
	$database=WbDatabase::getInstance();
75
	$oDb = WbDatabase::getInstance();
76 76
	foreach ($aDropletFiles as $sDropletFile) {
77 77
		$msgSql = '';
78 78
		$extraSql = '';
79 79
		$sDropletName = pathinfo ($sDropletFile, PATHINFO_FILENAME);
80
		$sql = 'SELECT `code` FROM `'.$database->TablePrefix.'mod_droplets` WHERE `name` LIKE "'.$sDropletName.'" ';
81
		if( !($database->get_one($sql)) ) {
82
			$sql = 'INSERT INTO `'.$database->TablePrefix.'mod_droplets`';
83
			$msgSql = 'INSERT Droplet `'.$sDropletName.'` INTO`'.$database->TablePrefix.'mod_droplets`'." $OK";
80
		$sql = 'SELECT `code` FROM `'.$oDb->TablePrefix.'mod_droplets` WHERE `name` LIKE "'.$sDropletName.'" ';
81
		if( !($oDb->get_one($sql)) ) {
82
			$sql = 'INSERT INTO `'.$oDb->TablePrefix.'mod_droplets`';
83
			$msgSql = 'INSERT Droplet `'.$sDropletName.'` INTO`'.$oDb->TablePrefix.'mod_droplets`'." $OK";
84 84
		} elseif ($bOverwriteDroplets) {
85
			$sql = 'UPDATE `'.$database->TablePrefix.'mod_droplets` ';
85
			$sql = 'UPDATE `'.$oDb->TablePrefix.'mod_droplets` ';
86 86
			$extraSql = 'WHERE `name` = \''.$sDropletName.'\' ';
87
			$msgSql = 'UPDATE Droplet `'.$sDropletName.'` INTO`'.$database->TablePrefix.'mod_droplets`'." $OK";
87
			$msgSql = 'UPDATE Droplet `'.$sDropletName.'` INTO`'.$oDb->TablePrefix.'mod_droplets`'." $OK";
88 88
		}
89 89
// get description, comments and oode
90 90
		$sDropletFile = preg_replace('/^\xEF\xBB\xBF/', '', $sDropletFile);
......
115 115
			}
116 116
		$iModifiedWhen = time();
117 117
		$iModifiedBy = (method_exists($admin, 'get_user_id') && ($admin->get_user_id()!=null) ? $admin->get_user_id() : 1);
118
		$sql .= 'SET  `name` =\''.$sDropletName.'\','
119
		     .       '`description` =\''.$sDescription.'\','
120
		     .       '`comments` =\''.$sComments.'\','
121
		     .       '`code` =\''.$database->escapeString($sCode).'\','
118
		$sql .= 'SET  `name` =\''.$oDb->escapeString($sDropletName).'\','
119
		     .       '`description` =\''.$oDb->escapeString($sDescription).'\','
120
		     .       '`comments` =\''.$oDb->escapeString($sComments).'\','
121
		     .       '`code` =\''.$oDb->escapeString($sCode).'\','
122 122
		     .       '`modified_when` = '.$iModifiedWhen.','
123 123
		     .       '`modified_by` = '.$iModifiedBy.','
124 124
		     .       '`active` = 1'
125 125
		     .       $extraSql;
126 126
		}
127
		if( $database->query($sql) ) {
127
		if( $oDb->query($sql) ) {
128 128
			if( $msgSql!='' ) { $msg[] = $msgSql; }
129 129
		} else {
130
			$msg[] = $database->get_error();
130
			$msg[] = $oDb->get_error();
131 131
		}
132 132
	}
133 133
	return;

Also available in: Unified diff