Index: trunk/wb/include/htmlarea/popups/link.php
===================================================================
--- trunk/wb/include/htmlarea/popups/link.php (revision 41)
+++ trunk/wb/include/htmlarea/popups/link.php (revision 42)
@@ -75,7 +75,7 @@
global $template, $database;
$get_pages = $database->query("SELECT page_id,menu_title,link,level FROM ".TABLE_PREFIX."pages WHERE parent = '$parent' AND visibility!='deleted' ORDER BY position ASC");
while($page = $get_pages->fetchRow()) {
- $title = $admin->strip_slashes($page['menu_title']);
+ $title = $admin->strip_slashes_dummy($page['menu_title']);
// Add leading -'s so we can tell what level a page is at
$leading_dashes = '';
for($i = 0; $i < $page['level']; $i++) {
@@ -99,7 +99,7 @@
$template->parse('page_list', 'page_list_block', true);
// Loop through pages
while($page = $get_pages->fetchRow()) {
- $title = $admin->strip_slashes($page['menu_title']);
+ $title = $admin->strip_slashes_dummy($page['menu_title']);
$template->set_var('TITLE', $title);
$template->set_var('LINK', '[wblink'.$page['page_id'].']');
$template->parse('page_list', 'page_list_block', true);
Index: trunk/wb/search/search.php
===================================================================
--- trunk/wb/search/search.php (revision 41)
+++ trunk/wb/search/search.php (revision 42)
@@ -38,7 +38,9 @@
if(isset($_REQUEST['string'])) {
if ($_REQUEST['match']!='exact') {
$string=str_replace(',', '', $_REQUEST['string']);
- }
+ } else {
+ $string=$_REQUEST['string'];
+ }
// reverse potential magic_quotes action
$original_string=$this->strip_slashes($string);
// Double backslashes (mySQL needs doubly escaped backslashes in LIKE comparisons)
@@ -54,7 +56,7 @@
$all_checked = '';
$any_checked = '';
$exact_checked = '';
- if($_REQUEST['match'] == 'any' OR $_REQUEST['match'] == 'all') {
+ if($_REQUEST['match'] != 'exact') {
// Split string into array with explode() function
$exploded_string = explode(' ', $string);
// Make sure there is no blank values in the array
@@ -103,13 +105,13 @@
// Replace vars in search settings with values
$vars = array('[SEARCH_STRING]', '[WB_URL]', '[PAGE_EXTENSION]', '[TEXT_RESULTS_FOR]');
$values = array($search_string, WB_URL, PAGE_EXTENSION, $TEXT['RESULTS_FOR']);
- $search_footer = str_replace($vars, $values, $this->strip_slashes($fetch_footer['value']));
- $search_results_header = str_replace($vars, $values, $this->strip_slashes($fetch_results_header['value']));
- $search_results_footer = str_replace($vars, $values, $this->strip_slashes($fetch_results_footer['value']));
+ $search_footer = str_replace($vars, $values, $this->strip_slashes_dummy($fetch_footer['value']));
+ $search_results_header = str_replace($vars, $values, $this->strip_slashes_dummy($fetch_results_header['value']));
+ $search_results_footer = str_replace($vars, $values, $this->strip_slashes_dummy($fetch_results_footer['value']));
// Do extra vars/values replacement
$vars = array('[SEARCH_STRING]', '[WB_URL]', '[PAGE_EXTENSION]', '[TEXT_SEARCH]', '[TEXT_ALL_WORDS]', '[TEXT_ANY_WORDS]', '[TEXT_EXACT_MATCH]', '[TEXT_MATCH]', '[TEXT_MATCHING]', '[ALL_CHECKED]', '[ANY_CHECKED]', '[EXACT_CHECKED]');
$values = array($search_string, WB_URL, PAGE_EXTENSION, $TEXT['SEARCH'], $TEXT['ALL_WORDS'], $TEXT['ANY_WORDS'], $TEXT['EXACT_MATCH'], $TEXT['MATCH'], $TEXT['MATCHING'], $all_checked, $any_checked, $exact_checked);
- $search_header = str_replace($vars, $values, $this->strip_slashes($fetch_header['value']));
+ $search_header = str_replace($vars, $values, $this->strip_slashes_dummy($fetch_header['value']));
// Insert js code
?>
@@ -158,10 +160,10 @@
$date = $TEXT['UNKNOWN'].' '.$TEXT['DATE'];
$time = $TEXT['UNKNOWN'].' '.$TEXT['TIME'];
}
- $values = array($link, $this->strip_slashes($page['page_title']),$this->strip_slashes($page['description']), $users[$page['modified_by']]['username'], $users[$page['modified_by']]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
+ $values = array($link, $this->strip_slashes_dummy($page['page_title']),$this->strip_slashes_dummy($page['description']), $users[$page['modified_by']]['username'], $users[$page['modified_by']]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
// Show loop code with vars replaced by values
if($values != array()) {
- echo str_replace($vars, $values, $this->strip_slashes($fetch_results_loop['value']));
+ echo str_replace($vars, $values, $this->strip_slashes_dummy($fetch_results_loop['value']));
}
// Say that we have already listed this page id
$pages_listed[$page['page_id']] = true;
@@ -184,7 +186,7 @@
// Fetch query start
$fetch_query_start = $get_query_start->fetchRow();
// Prepare query start for execution by replacing {TP} with the TABLE_PREFIX
- $query_start = str_replace('[TP]', TABLE_PREFIX, $this->strip_slashes($fetch_query_start['value']));
+ $query_start = str_replace('[TP]', TABLE_PREFIX, $this->strip_slashes_dummy($fetch_query_start['value']));
// Get query end
$get_query_end = $database->query("SELECT value FROM ".TABLE_PREFIX."search WHERE name = 'query_end' AND extra = '$module_name' LIMIT 1");
if($get_query_end->numRows() > 0) {
@@ -191,7 +193,7 @@
// Fetch query start
$fetch_query_end = $get_query_end->fetchRow();
// Set query end
- $query_end = $this->strip_slashes($fetch_query_end['value']);
+ $query_end = $this->strip_slashes_dummy($fetch_query_end['value']);
// Get query body
$get_query_body = $database->query("SELECT value FROM ".TABLE_PREFIX."search WHERE name = 'query_body' AND extra = '$module_name' LIMIT 1");
if($get_query_body->numRows() > 0) {
@@ -198,7 +200,7 @@
// Fetch query start
$fetch_query_body = $get_query_body->fetchRow();
// Prepare query body for execution by replacing {STRING} with the correct one
- $query_body = str_replace(array('[TP]','[O]','[W]'), array(TABLE_PREFIX,'LIKE','%'), $this->strip_slashes($fetch_query_body['value']));
+ $query_body = str_replace(array('[TP]','[O]','[W]'), array(TABLE_PREFIX,'LIKE','%'), $this->strip_slashes_dummy($fetch_query_body['value']));
// Loop through query body for each string, then combine with start and end
$prepared_query = $query_start;
$count = 0;
@@ -226,9 +228,9 @@
$date = $TEXT['UNKNOWN'].' '.$TEXT['DATE'];
$time = $TEXT['UNKNOWN'].' '.$TEXT['TIME'];
}
- $values = array($link, $this->strip_slashes($page[$fields['title']]), $this->strip_slashes($page[$fields['description']]), $users[$page[$fields['modified_by']]]['username'], $users[$page[$fields['modified_by']]]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
+ $values = array($link, $this->strip_slashes_dummy($page[$fields['title']]), $this->strip_slashes_dummy($page[$fields['description']]), $users[$page[$fields['modified_by']]]['username'], $users[$page[$fields['modified_by']]]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
// Show loop code with vars replaced by values
- echo str_replace($vars, $values, $this->strip_slashes($fetch_results_loop['value']));
+ echo str_replace($vars, $values, $this->strip_slashes_dummy($fetch_results_loop['value']));
// Say that this page or item has been listed if we can
if(isset($fields['page_id'])) {
$pages_listed[$page[$fields['page_id']]] = true;
Index: trunk/wb/admin/pages/intro.php
===================================================================
--- trunk/wb/admin/pages/intro.php (revision 41)
+++ trunk/wb/admin/pages/intro.php (revision 42)
@@ -43,7 +43,7 @@
$template->set_file('page', 'intro.html');
$template->set_block('page', 'main_block', 'main');
$template->set_var(array(
- 'CONTENT' => $admin->strip_slashes($content),
+ 'CONTENT' => $admin->strip_slashes_dummy($content),
'WB_URL' => WB_URL,
'ADMIN_URL' => ADMIN_URL,
'TEXT_SAVE' => $TEXT['SAVE'],
Index: trunk/wb/admin/pages/settings.php
===================================================================
--- trunk/wb/admin/pages/settings.php (revision 41)
+++ trunk/wb/admin/pages/settings.php (revision 42)
@@ -79,10 +79,10 @@
$template->set_block('page', 'main_block', 'main');
$template->set_var(array(
'PAGE_ID' => $results_array['page_id'],
- 'PAGE_TITLE' => $admin->strip_slashes($results_array['page_title']),
- 'MENU_TITLE' => $admin->strip_slashes($results_array['menu_title']),
- 'DESCRIPTION' => $admin->strip_slashes($results_array['description']),
- 'KEYWORDS' => $admin->strip_slashes($results_array['keywords']),
+ 'PAGE_TITLE' => $admin->strip_slashes_dummy($results_array['page_title']),
+ 'MENU_TITLE' => $admin->strip_slashes_dummy($results_array['menu_title']),
+ 'DESCRIPTION' => $admin->strip_slashes_dummy($results_array['description']),
+ 'KEYWORDS' => $admin->strip_slashes_dummy($results_array['keywords']),
'MODIFIED_BY' => $user['display_name'],
'MODIFIED_BY_USERNAME' => $user['username'],
'MODIFIED_WHEN' => $modified_ts,
@@ -251,7 +251,7 @@
for($i = 1; $i <= $page['level']; $i++) { $title_prefix .= ' - '; }
$template->set_var(array(
'ID' => $page['page_id'],
- 'TITLE' => $admin->strip_slashes($title_prefix.$page['page_title'])
+ 'TITLE' => $admin->strip_slashes_dummy($title_prefix.$page['page_title'])
)
);
if($results_array['parent'] == $page['page_id']) {
Index: trunk/wb/admin/pages/index.php
===================================================================
--- trunk/wb/admin/pages/index.php (revision 41)
+++ trunk/wb/admin/pages/index.php (revision 42)
@@ -150,15 +150,15 @@
get_permission('pages_modify') == true AND $can_modify == true) { ?>
|
- strip_slashes($page['page_title']); ?>
+ strip_slashes_dummy($page['page_title']); ?>
|
- strip_slashes($page['page_title']); ?>
+ strip_slashes_dummy($page['page_title']); ?>
|
- strip_slashes($page['menu_title']); ?>
+ strip_slashes_dummy($page['menu_title']); ?>
|
@@ -446,7 +446,7 @@
for($i = 1; $i <= $page['level']; $i++) { $title_prefix .= ' - '; }
$template->set_var(array(
'ID' => $page['page_id'],
- 'TITLE' => $admin->strip_slashes($title_prefix.$page['page_title'])
+ 'TITLE' => $admin->strip_slashes_dummy($title_prefix.$page['page_title'])
)
);
if($can_modify == true) {
Index: trunk/wb/admin/pages/trash.php
===================================================================
--- trunk/wb/admin/pages/trash.php (revision 41)
+++ trunk/wb/admin/pages/trash.php (revision 42)
@@ -141,15 +141,15 @@
|
get_permission('pages_modify') == true AND $can_modify == true AND $page['visibility'] != 'heading') { ?>
- strip_slashes($page['page_title']); ?>
+ strip_slashes_dummy($page['page_title']); ?>
|
strip_slashes($page['page_title']);
+ echo $admin->strip_slashes_dummy($page['page_title']);
} else {
- echo ''.$admin->strip_slashes($page['page_title']).'';
+ echo ''.$admin->strip_slashes_dummy($page['page_title']).'';
}
?>
|
Index: trunk/wb/admin/pages/sections.php
===================================================================
--- trunk/wb/admin/pages/sections.php (revision 41)
+++ trunk/wb/admin/pages/sections.php (revision 42)
@@ -134,7 +134,7 @@
:
- strip_slashes($results_array['page_title']); ?>
+ strip_slashes_dummy($results_array['page_title']); ?>
-
-
Index: trunk/wb/admin/pages/modify.php
===================================================================
--- trunk/wb/admin/pages/modify.php (revision 41)
+++ trunk/wb/admin/pages/modify.php (revision 42)
@@ -81,7 +81,7 @@
$template->set_block('page', 'main_block', 'main');
$template->set_var(array(
'PAGE_ID' => $results_array['page_id'],
- 'PAGE_TITLE' => $admin->strip_slashes($results_array['page_title']),
+ 'PAGE_TITLE' => $admin->strip_slashes_dummy($results_array['page_title']),
'MODIFIED_BY' => $user['display_name'],
'MODIFIED_BY_USERNAME' => $user['username'],
'MODIFIED_WHEN' => $modified_ts,
Index: trunk/wb/admin/pages/add.php
===================================================================
--- trunk/wb/admin/pages/add.php (revision 41)
+++ trunk/wb/admin/pages/add.php (revision 42)
@@ -77,11 +77,14 @@
$database = new database();
$get_same_page = $database->query("SELECT page_id FROM ".TABLE_PREFIX."pages WHERE link = '$link'");
if($get_same_page->numRows() > 0) {
- $admin->print_error($MESSAGE['PAGES']['PAGE_EXISTS']);
+ $admin->print_error("database");
+// $admin->print_error($MESSAGE['PAGES']['PAGE_EXISTS']);
} elseif(file_exists(WB_PATH.PAGES_DIRECTORY.$link.'.php')) {
- $admin->print_error($MESSAGE['PAGES']['PAGE_EXISTS']);
+ $admin->print_error(WB_PATH.PAGES_DIRECTORY.$link.'.php');
+// $admin->print_error($MESSAGE['PAGES']['PAGE_EXISTS']);
} elseif(file_exists(WB_PATH.PAGES_DIRECTORY.$link.'/')) {
- $admin->print_error($MESSAGE['PAGES']['PAGE_EXISTS']);
+ $admin->print_error("dir");
+// $admin->print_error($MESSAGE['PAGES']['PAGE_EXISTS']);
}
// Include the ordering class
Index: trunk/wb/admin/settings/index.php
===================================================================
--- trunk/wb/admin/settings/index.php (revision 41)
+++ trunk/wb/admin/settings/index.php (revision 42)
@@ -45,7 +45,7 @@
$results = $database->query($query);
while($setting = $results->fetchRow()) {
$setting_name = $setting['name'];
- $setting_value = htmlspecialchars($admin->strip_slashes($setting['value']));
+ $setting_value = htmlspecialchars($admin->strip_slashes_dummy($setting['value']));
switch($setting_name) {
// Website title
case 'title':
@@ -79,7 +79,7 @@
$results = $database->query($query);
while($setting = $results->fetchRow()) {
$setting_name = $setting['name'];
- $setting_value = htmlspecialchars($admin->strip_slashes($setting['value']));
+ $setting_value = htmlspecialchars($admin->strip_slashes_dummy($setting['value']));
switch($setting_name) {
// Search header
case 'header':
@@ -463,7 +463,7 @@
}
// Insert WYSIWYG style value into template
-$template->set_var('WYSIWYG_STYLE', $admin->strip_slashes(WYSIWYG_STYLE));
+$template->set_var('WYSIWYG_STYLE', $admin->strip_slashes_dummy(WYSIWYG_STYLE));
// Insert Server Email value into template
$template->set_var('SERVER_EMAIL', SERVER_EMAIL);
Index: trunk/wb/modules/wrapper/view.php
===================================================================
--- trunk/wb/modules/wrapper/view.php (revision 41)
+++ trunk/wb/modules/wrapper/view.php (revision 42)
@@ -26,7 +26,7 @@
// Get url
$get_settings = $database->query("SELECT url,height FROM ".TABLE_PREFIX."mod_wrapper WHERE section_id = '$section_id'");
$fetch_settings = $get_settings->fetchRow();
-$url = $this->strip_slashes($fetch_settings['url']);
+$url = $this->strip_slashes_dummy($fetch_settings['url']);
?>
|