$querytimeBefore = microtime(true);
// Run SQL command
- //* DEBUG: */ debugOutput('F=' . basename($F) . ',L=' . $L . 'sql=' . htmlentities($GLOBALS['last_sql']));
+ //* DEBUG: */ debugOutput('F=' . basename($F) . ',L=' . $L . 'sql=' . encodeEntities($GLOBALS['last_sql']));
$result = mysql_query($GLOBALS['last_sql'], SQL_GET_LINK())
or debug_report_bug($F, $L, 'file='. $F . ',line=' . $L . ':mysql_error()=' . mysql_error() . "\n".
'Query string:' . $GLOBALS['last_sql']);
if ($compiled === true) {
// Run the code
$eval = "\$GLOBALS['compiled_config'][\$uncompiled] = \"" . $GLOBALS['compiled_config'][$uncompiled] . '";';
- //* DEBUG: */ debugOutput(__FUNCTION__.'['.__LINE__.']:<pre>' . str_replace('$', '$', htmlentities($eval)) . '</pre>');
+ //* DEBUG: */ debugOutput(__FUNCTION__.'['.__LINE__.']:<pre>' . encodeEntities($eval) . '</pre>');
eval($eval);
} // END - if
$newContent = '';
// Compile it
- //* DEBUG: */ debugOutput('<pre>'.htmlentities($code).'</pre>');
+ //* DEBUG: */ debugOutput('<pre>'.encodeEntities($code).'</pre>');
$eval = '$newContent = "' . str_replace('{DQUOTE}', '"', compileCode(escapeQuotes($code))) . '";';
//* DEBUG: */ if ($insertComments) die('<pre>'.linenumberCode($eval).'</pre>');
eval($eval);
- //* DEBUG: */ die('<pre>'.htmlentities($newContent).'</pre>');
+ //* DEBUG: */ die('<pre>'.encodeEntities($newContent).'</pre>');
// Was that eval okay?
if (empty($newContent)) {
if (isDebugModeEnabled()) {
// In debug mode we want to display the mail instead of sending it away so we can debug this part
outputHtml('<pre>
-Headers : ' . htmlentities(utf8_decode(trim($mailHeader))) . '
-To : ' . htmlentities(utf8_decode($toEmail)) . '
-Subject : ' . htmlentities(utf8_decode($subject)) . '
-Message : ' . htmlentities(utf8_decode($message)) . '
+Headers : ' . encodeEntities(utf8_decode(trim($mailHeader))) . '
+To : ' . encodeEntities(utf8_decode($toEmail)) . '
+Subject : ' . encodeEntities(utf8_decode($subject)) . '
+Message : ' . encodeEntities(utf8_decode($message)) . '
</pre>');
// This is always fine
$r .= '</span>|';
// Add code
- $r .= '<span class="linetext">' . htmlentities($c) . '</span></div>';
+ $r .= '<span class="linetext">' . encodeEntities($c) . '</span></div>';
}
return '<div class="code">' . $r . '</div>';
// Free the result
SQL_FREERESULT($result);
- //* DEBUG: */ die('<pre>'.htmlentities($content).'</pre>');
+ //* DEBUG: */ die('<pre>'.encodeEntities($content).'</pre>');
// Return content
return $content;
// Is the raw userid set?
if (postRequestParameter($userid, $id) > 0) {
// Generate subject
- $subjectLine = '{--MEMBER_' . strtoupper($subject) . '_' . strtoupper($table) . '_SUBJECT--}';
+ $subject = '{--MEMBER_' . strtoupper($subject) . '_' . strtoupper($table) . '_SUBJECT--}';
// Load email template
if (!empty($subjectPart)) {
}
// Send email out
- sendEmail(postRequestParameter($userid, $id), $subjectLine, $mail);
+ sendEmail(postRequestParameter($userid, $id), $subject, $mail);
} // END - if
// Generate subject
- $subjectLine = '{--ADMIN_' . strtoupper($subject) . '_' . strtoupper($table) . '_SUBJECT--}';
+ $subject = '{--ADMIN_' . strtoupper($subject) . '_' . strtoupper($table) . '_SUBJECT--}';
// Send admin notification out
if (!empty($subjectPart)) {
- sendAdminNotification($subjectLine, 'admin_' . $mode . '_' . strtolower($subjectPart) . '_' . $table, $content, postRequestParameter($userid, $id));
+ sendAdminNotification($subject, 'admin_' . $mode . '_' . strtolower($subjectPart) . '_' . $table, $content, postRequestParameter($userid, $id));
} else {
- sendAdminNotification($subjectLine, 'admin_' . $mode . '_' . $table, $content, postRequestParameter($userid, $id));
+ sendAdminNotification($subject, 'admin_' . $mode . '_' . $table, $content, postRequestParameter($userid, $id));
}
}
// Add description as navigation point
addMenuDescription('admin', __FILE__);
-// Init SQL string
-$sql = "SELECT
+// Check for maximum pages
+$result_maximum = SQL_QUERY("SELECT
`id`, `sender`, `subject`, `text`, `receivers`, `payment_id`, `data_type`, `timestamp`, `url`, `target_send`, `cat_id`
FROM
`{?_MYSQL_PREFIX?}_pool`
WHERE
`data_type`='SEND' OR `data_type`='DELETED'
ORDER BY
- `timestamp` DESC";
-
-// Check for maximum pages
-$result_maximum = SQL_QUERY($sql, __FILE__, __LINE__);
+ `timestamp` DESC", __FILE__, __LINE__);
// Set offset an current page to default values
if (!isGetRequestParameterSet('page')) setGetRequestParameter('page' , 1);
// id is valid so begin with registration, we first want to it's real name from task management (subject column)
$result = SQL_QUERY_ESC("SELECT `subject` FROM `{?_MYSQL_PREFIX?}_task_system` WHERE `id`=%s LIMIT 1",
array(bigintval($ext_id)), __FILE__, __LINE__);
- list($subj) = SQL_FETCHROW($result);
+ list($subject) = SQL_FETCHROW($result);
// Free result
SQL_FREERESULT($result);
// Disable cache update by default
$cache_update = '0';
- if (!empty($subj)) {
+ if (!empty($subject)) {
// Extract extension's name from subject...
- $ext_name = trim(substr($subj, 1, strpos($subj, ':') - 1));
+ $ext_name = trim(substr($subject, 1, strpos($subject, ':') - 1));
// Test the extension for deprecation
loadExtension($ext_name, 'test');
if (SQL_NUMROWS($result_master) == 1) {
// Mail order / bonus mail found!
// @TODO Rewrite this to $content = SQL_FETCHARRAY(), look some lines above for two differrent queries
- list($stats_id, $sender, $subj, $text, $url, $stamp, $max) = SQL_FETCHROW($result_master);
+ list($stats_id, $sender, $subject, $text, $url, $stamp, $max) = SQL_FETCHROW($result_master);
// Transfer data to constants for the template
if (($stats_id > 0) && ($ID == '-1')) $ID = $stats_id;
// Prepare content
$content = array(
'sender' => $sender,
- 'subject' => $subj,
+ 'subject' => $subject,
'text' => $text,
'url' => $url,
'unconfirmed' => $unconfirmed,
if (count($GLOBALS['lang_diff'][$INC]) <= 100) {
// Display them, it is not more than 100 entries difference
foreach ($GLOBALS['lang_diff'][$INC] as $key => $value) {
- $diffContent .= '<li>' . $key . '=' . htmlentities($value) . '</li>';
+ $diffContent .= '<li>' . $key . '=' . encodeEntities($value) . '</li>';
} // END - foreach
} else {
// To much to display!
return $GLOBALS['is_valid_userid'][$userid];
}
+// Encodes entities
+function encodeEntities ($str) {
+ // Secure it first
+ $str = secureString($str);
+
+ // Encode dollar sign as well
+ $str = str_replace('$', '$', $str);
+
+ // Return it
+ return $str;
+}
+
// [EOF]
?>
</td>
<td class="switch_sw$content[sw] bottom right" width="23%" align="center">
{--EMAIL_SUBJECT--}:<br />
- <strong class="admin_misc">$content[subject]</strong>
+ <strong class="admin_misc">{%pipe,encodeEntities=$content[subject]%}</strong>
</td>
<td class="switch_sw$content[sw] bottom" width="54%" align="center">
{--EMAIL_TEXT--}:<br />
projects / mailer.git / commitdiff