Index: branches/2.8.x/CHANGELOG =================================================================== --- branches/2.8.x/CHANGELOG (revision 2117) +++ branches/2.8.x/CHANGELOG (revision 2118) @@ -11,6 +11,8 @@ ! = Update/Change =============================================================================== +28 Dec-2014 Build 2118 Manuela v.d.Decken(DarkViper) +# admin/preferences/save fixed invalid SQL composing 28 Dec-2014 Build 2117 Manuela v.d.Decken(DarkViper) ! framework/SqlImport updatet for new phpMAdmin field formats 01 Dec-2014 Build 2116 Manuela v.d.Decken(DarkViper) Index: branches/2.8.x/wb/admin/interface/version.php =================================================================== --- branches/2.8.x/wb/admin/interface/version.php (revision 2117) +++ branches/2.8.x/wb/admin/interface/version.php (revision 2118) @@ -51,5 +51,5 @@ // check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) if(!defined('VERSION')) define('VERSION', '2.8.4'); -if(!defined('REVISION')) define('REVISION', '2117'); +if(!defined('REVISION')) define('REVISION', '2118'); if(!defined('SP')) define('SP', ''); Index: branches/2.8.x/wb/admin/preferences/save.php =================================================================== --- branches/2.8.x/wb/admin/preferences/save.php (revision 2117) +++ branches/2.8.x/wb/admin/preferences/save.php (revision 2118) @@ -35,9 +35,9 @@ $display_name = $admin->add_slashes(strip_tags($admin->StripCodeFromText($admin->get_post('display_name'),true))); $display_name = ( $display_name == '' ? $admin->get_display_name() : $display_name ); // check that display_name is unique in whoole system (prevents from User-faking) - $sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` '; + $sql = 'SELECT COUNT(*) FROM `'.$oDb->TablePrefix.'users` '; $sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$display_name.'"'; - if( $oDb->get_one($sql) > 0 ){ $err_msg[] = $oTrans->MESSAGE_USERS_USERNAME_TAKEN.' ('.$oTrans->TEXT_DISPLAY_NAME.')'; } + if( $oDb->getOne($sql) > 0 ){ $err_msg[] = $oTrans->MESSAGE_USERS_USERNAME_TAKEN.' ('.$oTrans->TEXT_DISPLAY_NAME.')'; } // language must be 2 upercase letters only $language = strtoupper($admin->get_post('language')); $language = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE); @@ -134,16 +134,15 @@ . '`language`=\''.$language.'\', ' . '`timezone`=\''.$timezone.'\', ' . '`date_format`=\''.$date_format.'\', ' - . '`time_format`=\''.$time_format.'\' '; - if($sPwHashNew) { - $sql .= '`password`=\''.$sPwHashNew.'\', '; + . '`time_format`=\''.$time_format.'\''; + if ($sPwHashNew) { + $sql .= ', `password`=\''.$sPwHashNew.'\''; } - if($email != '') { - $sql .= '`email`=\''.$email.'\', '; + if ($email != '') { + $sql .= ', `email`=\''.$email.'\''; } - $sql .= 'WHERE `user_id`='.(int)$admin->get_user_id(); - if( $oDb->doQuery($sql) ) - { + $sql .= ' WHERE `user_id`='.(int)$admin->get_user_id(); + if ($oDb->doQuery($sql)) { // update successfull, takeover values into the session $_SESSION['DISPLAY_NAME'] = $display_name; $_SESSION['LANGUAGE'] = $language;