/ - Diff - WB 2.08.x - Tracking

« Previous | Next »

Revision 2118

Added by darkviper almost 10 years ago

28 Dec-2014 Build 2118 Manuela v.d.Decken(DarkViper)

admin/preferences/save fixed invalid SQL composing

     ! = Update/Change
     ===============================================================================
 Dec-2014 Build 2118 Manuela v.d.Decken(DarkViper)
     # admin/preferences/save fixed invalid SQL composing
 Dec-2014 Build 2117 Manuela v.d.Decken(DarkViper)
     ! framework/SqlImport updatet for new phpMAdmin field formats
 Dec-2014 Build 2116 Manuela v.d.Decken(DarkViper)

branches/2.8.x/wb/admin/interface/version.php
51	51
52	52	// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
53	53	if(!defined('VERSION')) define('VERSION', '2.8.4');
54		if(!defined('REVISION')) define('REVISION', '2117');
	54	if(!defined('REVISION')) define('REVISION', '2118');
55	55	if(!defined('SP')) define('SP', '');

             $display_name = $admin->add_slashes(strip_tags($admin->StripCodeFromText($admin->get_post('display_name'),true)));
         	$display_name = ( $display_name == '' ? $admin->get_display_name() : $display_name );
     // check that display_name is unique in whoole system (prevents from User-faking)
         	$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
         	$sql  = 'SELECT COUNT(*) FROM `'.$oDb->TablePrefix.'users` ';
         	$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$display_name.'"';
         	if( $oDb->get_one($sql) > 0 ){ $err_msg[] = $oTrans->MESSAGE_USERS_USERNAME_TAKEN.' ('.$oTrans->TEXT_DISPLAY_NAME.')'; }
         	if( $oDb->getOne($sql) > 0 ){ $err_msg[] = $oTrans->MESSAGE_USERS_USERNAME_TAKEN.' ('.$oTrans->TEXT_DISPLAY_NAME.')'; }
     // language must be 2 upercase letters only
         	$language         = strtoupper($admin->get_post('language'));
         	$language         = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);
-...
     				     .     '`language`=\''.$language.'\', '
     				     .     '`timezone`=\''.$timezone.'\', '
     				     .     '`date_format`=\''.$date_format.'\', '
     				     .     '`time_format`=\''.$time_format.'\' ';
     				if($sPwHashNew) {
     					$sql .=     '`password`=\''.$sPwHashNew.'\', ';
     				     .     '`time_format`=\''.$time_format.'\'';
     				if ($sPwHashNew) {
     					$sql .=     ', `password`=\''.$sPwHashNew.'\'';
+    				}
     				if($email != '') {
     					$sql .=     '`email`=\''.$email.'\', ';
     				if ($email != '') {
     					$sql .=     ', `email`=\''.$email.'\'';
+    				}
     				$sql .= 'WHERE `user_id`='.(int)$admin->get_user_id();
     				if( $oDb->doQuery($sql) )
+    				{
     				$sql .= ' WHERE `user_id`='.(int)$admin->get_user_id();
     				if ($oDb->doQuery($sql)) {
     					// update successfull, takeover values into the session
     					$_SESSION['DISPLAY_NAME'] = $display_name;
     					$_SESSION['LANGUAGE'] = $language;

Also available in: Unified diff

Project

General

Profile

WB 2.08.x

Revision 2118

Added by darkviper almost 10 years ago