Testers excluded (almost, see TODO) from guest stats page:

- Don't do secureString(getRequestElement('foo')) as it is already secured
- Testers excluded from almost all statistics in what-stats.php
- TODOs.txt updated

diff --git a/DOCS/TODOs.txt b/DOCS/TODOs.txt
index dce33cd8fe29c191c598eb2fa68a3fe9539467df..ad96435c7045fb895324772c4ec590c5ec170d3b 100644 (file)
--- a/DOCS/TODOs.txt
+++ b/DOCS/TODOs.txt
@@ -153,11 +153,12 @@
 ./inc/modules/frametester.php:95:      // @TODO Rewrite this somehow
 ./inc/modules/guest/what-beg.php:51:// @TODO No more needed? define('__BEG_USERID_TIMEOUT', createFancyTime(getBegUseridTimeout()));
 ./inc/modules/guest/what-login.php:134:        // @TODO Move this HTML code into a template
-./inc/modules/guest/what-mediadata.php:186:// @TODO Rewrite all these if-blocks to filters
+./inc/modules/guest/what-mediadata.php:188:// @TODO Rewrite all these if-blocks to filters
 ./inc/modules/guest/what-mediadata.php:67:     // @TODO Find a better formular than this one
 ./inc/modules/guest/what-rallyes.php:99:       // @TODO Reactivate this: $content['admin'] = '<a href="{%url=modules.php?module=index&amp;what=impressum&amp;id=' . $content['admin_id'] . '%}">' . $content['login'] . '</a>';
 ./inc/modules/guest/what-sponsor_reg.php:293:                  // @TODO Maybe a default referral id?
 ./inc/modules/guest/what-stats.php:110:                // @TODO This can be somehow rewritten
+./inc/modules/guest/what-stats.php:119:                        // @TODO This does not exclude testers
 ./inc/modules/guest/what-stats.php:82:// @TODO This can be rewritten in a dynamic include
 ./inc/modules/member/what-beg.php:54:// @TODO Can't this be moved into EL?
 ./inc/modules/member/what-beg.php:63:// @TODO No more needed? define('__BEG_USERID_TIMEOUT', createFancyTime(getBegUseridTimeout()));

diff --git a/inc/modules/admin/what-extensions.php b/inc/modules/admin/what-extensions.php
index 42530629b253d92ed4524007b1912c8e2dd577c2..52e243e51ddc8138fdaa9356a04828cf670b9436 100644 (file)
--- a/inc/modules/admin/what-extensions.php
+++ b/inc/modules/admin/what-extensions.php
@@ -235,7 +235,7 @@ if (isGetRequestElementSet('register_ext')) {
        redirectToUrl('modules.php?module=admin&what=extensions&removed=' . countPostSelection());
 } elseif ((isGetRequestElementSet('do')) && (!isDemoModeActive())) {
        // Other things to do
-       $do = SQL_ESCAPE(secureString(getRequestElement('do')));
+       $do = getRequestElement('do');
 } elseif (isGetRequestElementSet('do')) {
        // Demo mode active!
        $do = 'demo';
@@ -269,7 +269,7 @@ if (isGetRequestElementSet('register_ext')) {
 // Shall we display active/inactive extensions?
 $where = '';
 if (isGetRequestElementSet('active')) {
-       $where = sprintf("WHERE `ext_active`='%s'", SQL_ESCAPE(secureString(getRequestElement('active'))));
+       $where = sprintf("WHERE `ext_active`='%s'", SQL_ESCAPE(getRequestElement('active')));
 } // END - if
 
 // Case selection

diff --git a/inc/modules/admin/what-list_user.php b/inc/modules/admin/what-list_user.php
index 82728709f2c80aa948fa5bb1f0d173dd3ff50579..c16f1787ec1a0ae8cfc838636496138170170784 100644 (file)
--- a/inc/modules/admin/what-list_user.php
+++ b/inc/modules/admin/what-list_user.php
@@ -232,7 +232,7 @@ LIMIT 1',
                                break;
 
                        default: // Invalid list mode
-                               reportBug(__FILE__, __LINE__, sprintf('Invalid do %s detected.', SQL_ESCAPE(secureString(getRequestElement('do')))));
+                               reportBug(__FILE__, __LINE__, sprintf('Invalid do %s detected.', SQL_ESCAPE(getRequestElement('do'))));
                                break;
                } // END - switch
 

diff --git a/inc/modules/admin/what-logs.php b/inc/modules/admin/what-logs.php
index 3c51dfa5c9a8f0993867cbb749e92cc627a721b7..3cdb8f6007be98f65060e31258a446c7ab4b22a0 100644 (file)
--- a/inc/modules/admin/what-logs.php
+++ b/inc/modules/admin/what-logs.php
@@ -45,7 +45,7 @@ addYouAreHereLink('admin', __FILE__);
 
 if (isGetRequestElementSet('access')) {
        // Secure input and construct FQFN
-       $access = SQL_ESCAPE(secureString(getRequestElement('access')));
+       $access = SQL_ESCAPE(getRequestElement('access'));
        $target = sprintf("%slogs/%s", getPath(), $access);
 
        // Is the file valid and readable?

diff --git a/inc/modules/guest/what-stats.php b/inc/modules/guest/what-stats.php
index 81acf6ecdff4d084e6590da34d7efe93eab435bb..f53674e51a725517f16689d80d350e36e07e82da 100644 (file)
--- a/inc/modules/guest/what-stats.php
+++ b/inc/modules/guest/what-stats.php
@@ -72,9 +72,9 @@ switch (getRequestElement('do')) {
 
        default:
                // Unsupported mode
-               reportBug(__FILE__, __LINE__, sprintf("Unsupported mode <span class=\"data\">%s</span> detected.", secureString(getRequestElement('do'))));
+               reportBug(__FILE__, __LINE__, sprintf("Unsupported mode <span class=\"data\">%s</span> detected.", getRequestElement('do')));
                break;
-}
+} // END - switch
 
 // Set link title
 $ltitle = '{--GUEST_STATS_' . strtoupper($lmode) . '--}';
@@ -116,18 +116,19 @@ switch (getConfig('guest_stats')) {
                // Now we have all categories loaded, count members
                foreach ($cats as $id => $dummy) {
                        // We only need id and nothing more to count...
+                       // @TODO This does not exclude testers
                        $cat_cnt[$id] = countSumTotalData(bigintval($id), 'user_cats', 'id', 'cat_id', TRUE);
                } // END - foreach
 
                // Prepare data for the template
                $content['total_users']   = ($male + $female);
-               $content['unconfirmed']   = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `status` != 'CONFIRMED'", __FILE__, __LINE__));
+               $content['unconfirmed']   = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `status` != 'CONFIRMED'" . runFilterChain('user_exclusion_sql', ' '), __FILE__, __LINE__));
                $content['total_males']   = $male;
                $content['total_females'] = $female;
                $content['tmem_count']    = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `last_online` >= {?START_TDAY?}" . runFilterChain('user_exclusion_sql', " AND `status`='CONFIRMED'"), __FILE__, __LINE__));
                $content['ymem_count']    = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `last_online` >= {?START_YDAY?} AND `last_online` < {?START_TDAY?}" . runFilterChain('user_exclusion_sql', " AND `status`='CONFIRMED'"), __FILE__, __LINE__));
-               $content['treg_count']    = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `joined` >= {?START_TDAY?}", __FILE__, __LINE__));
-               $content['yreg_count']    = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `joined` >= {?START_YDAY?} AND `joined` < {?START_TDAY?}", __FILE__, __LINE__));
+               $content['treg_count']    = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `joined` >= {?START_TDAY?}" . runFilterChain('user_exclusion_sql', ' '), __FILE__, __LINE__));
+               $content['yreg_count']    = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `joined` >= {?START_YDAY?} AND `joined` < {?START_TDAY?}" . runFilterChain('user_exclusion_sql', ' '), __FILE__, __LINE__));
                $content['lmode']         = $lmode;
                $content['ltitle']        = $ltitle;
 

diff --git a/inc/referral-functions.php b/inc/referral-functions.php
index 28ca19a42a04fe516ac679dba79111c5cd0f3302..a60a8a2424b7c988f39fa8cf93ce4793e4d70258 100644 (file)
--- a/inc/referral-functions.php
+++ b/inc/referral-functions.php
@@ -835,11 +835,11 @@ function determineReferralId () {
        } elseif (isGetRequestElementSet('refid')) {
                // Get referral id from GET parameter refid
                //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Using refid from GET data (' . getRequestElement('refid') . ')');
-               setReferralId(secureString(getRequestElement('refid')));
+               setReferralId(getRequestElement('refid'));
        } elseif (isGetRequestElementSet('ref')) {
                // Set refid=ref (the referral link uses such variable)
                //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Using ref from GET data (' . getRequestElement('ref') . ')');
-               setReferralId(secureString(getRequestElement('ref')));
+               setReferralId(getRequestElement('ref'));
        } elseif ((isGetRequestElementSet('user')) && (basename($_SERVER['PHP_SELF']) == 'click.php')) {
                // The variable user comes from  click.php
                //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Using user from GET data (' . getRequestElement('user') . ')');