define('SERVER_URL', "http://www.mxchange.org");
// This current patch level
-define('CURR_SVN_REVISION', "513");
+define('CURR_SVN_REVISION', "514");
// Take a prime number which is long (if you know a longer one please try it out!)
define('_PRIME', 591623);
$_POST['menu'],
$_POST['name'],
$_POST['title'],
- addslashes($_POST['descr']),
+ $_POST['descr'],
bigintval($_POST['sort']),
), __FILE__, __LINE__
);
array(
$_POST['name'],
$_POST['title'],
- addslashes($_POST['descr']),
+ $_POST['descr'],
bigintval($_POST['sort']),
), __FILE__, __LINE__
);
$menu,
$_POST['sel_action'][$sel],
$_POST['sel_what'][$sel],
- addslashes($_POST['sel_desc'][$sel]),
+ $_POST['sel_desc'][$sel],
$sel,
), __FILE__, __LINE__);
}
if (isset($_POST['add'])) {
// Add a new category
$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_cats WHERE cat='%s' LIMIT 1",
- array(addslashes($_POST['catname'])), __FILE__, __LINE__);
+ array($_POST['catname']), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 0) {
// Category does not exists, we simply add it...
$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_cats (cat, visible, sort) VALUES ('%s','%s','%s')",
- array(addslashes($_POST['catname']), $_POST['visible'], bigintval($_POST['parent'] + 1)), __FILE__, __LINE__);
+ array($_POST['catname'], $_POST['visible'], bigintval($_POST['parent'] + 1)), __FILE__, __LINE__);
$content = "<SPAN class=\"admin_done\">".CATEGORY_ADDED."</SPAN>";
} else {
// Category does already exists
url='%s'
WHERE id=%s LIMIT 1",
array(
- addslashes($_POST['subj']),
- addslashes($_POST['text']),
- addslashes($_POST['url']),
+ $_POST['subj'],
+ $_POST['text'],
+ $_POST['url'],
bigintval($_POST['id']),
), __FILE__, __LINE__);
if (SQL_AFFECTEDROWS() == 1)
// Prepare content
$content = array(
- 'text' => SQL_ESCAPE($_POST['reason']),
+ 'text' => SQL_ESCAPE($_POST['reason']),
'points' => bigintval($_POST['points'])
);
// Prepare content
$content = array(
- 'text' => SQL_ESCAPE($_POST['reason']),
+ 'text' => SQL_ESCAPE($_POST['reason']),
'points' => bigintval($_POST['points'])
);
if ($probe_nickname) {
// Nickname entered
$result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' OR email='%s' LIMIT 1",
- array(addslashes($uid), $_POST['email']), __FILE__, __LINE__);
+ array($uid, $_POST['email']), __FILE__, __LINE__);
} else {
// Direct userid entered
$result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s OR email='%s' LIMIT 1",
- array($uid, $_POST['email']), __FILE__, __LINE__);
+ array(bigintval($uid), $_POST['email']), __FILE__, __LINE__);
}
// Any entry found?
} else {
// Old way with enterable two-char-code
$countryRow = "country";
- $countryData = addslashes(substr($_POST['cntry'], 0, 2));
+ $countryData = substr($_POST['cntry'], 0, 2);
}
//////////////////////////////
VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONFIRMED','%s','%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")",
array(
$countryRow,
- SQL_ESCAPE(substr($_POST['gender'], 0, 1)),
- SQL_ESCAPE($_POST['surname']),
- SQL_ESCAPE($_POST['family_name']),
- SQL_ESCAPE($_POST['street_nr']),
+ substr($_POST['gender'], 0, 1),
+ $_POST['surname'],
+ $_POST['family_name'],
+ $_POST['street_nr'],
$countryData,
bigintval($_POST['zip']),
- SQL_ESCAPE($_POST['city']),
- SQL_ESCAPE($_POST['addy']),
+ $_POST['city'],
+ $_POST['addy'],
bigintval($_POST['day']),
bigintval($_POST['month']),
bigintval($_POST['year']),
// Create task
$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_task_system (userid, assigned_admin, status, task_type, subject, text, task_created) VALUES ('%s','0','NEW','HOLIDAY_REQUEST','%s','%s', UNIX_TIMESTAMP())",
- array($GLOBALS['userid'], HOLIDAY_ADMIN_SUBJECT, addslashes($msg)), __FILE__, __LINE__);
+ array($GLOBALS['userid'], HOLIDAY_ADMIN_SUBJECT, $msg), __FILE__, __LINE__);
// Display message
LOAD_TEMPLATE("admin_settings_saved", false, HOLIDAY_IS_ACTIVATED_NOW);
$DATA[3] = $DATA[2] + $_CONFIG['profile_lock'];
// How far is last change on his profile away from now?
- if (($DATA[3] > time()) && (!IS_ADMIN()) && ($_CONFIG['profile_lock'] > 0))
- {
+ if (($DATA[3] > time()) && (!IS_ADMIN()) && ($_CONFIG['profile_lock'] > 0)) {
$DATA[3] = MAKE_DATETIME($DATA[3] + $_CONFIG['profile_lock'], "0");
// You cannot change your account
LOAD_TEMPLATE("member_mydata_locked");
- }
- elseif (!VALIDATE_EMAIL($_POST['addy']))
- {
+ } elseif (!VALIDATE_EMAIL($_POST['addy'])) {
// Invalid email address!
LOAD_TEMPLATE("admin_settings_saved", false, INVALID_EMAIL_ADDRESS_ENTERED);
- }
- else
- {
- // Secure every submitted variable
- foreach ($_POST as $key => $value)
- {
- $_POST[$key] = addslashes($value);
- }
-
+ } else {
+ // Generate hash
$hash = generateHash($_POST['pass1'], substr($DATA[1], 0, -40));
if ((($hash == $DATA[1]) || ($_POST['pass1'] == $_POST['pass2'])) && (!empty($_POST['pass1'])))
{
// Add task
$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_task_system (assigned_admin, status, task_type, subject, text, task_created, userid)
-VALUES ('0','NEW','NL_UNSUBSCRIBE','".ADMIN_NL_SUBJECT."','".addslashes($admin_msg)."', UNIX_TIMESTAMP(),'%s')", array($GLOBALS['userid']), __FILE__, __LINE__);
+VALUES ('0','NEW','NL_UNSUBSCRIBE','".ADMIN_NL_SUBJECT."','".$admin_msg."', UNIX_TIMESTAMP(),'%s')", array($GLOBALS['userid']), __FILE__, __LINE__);
// Send mail to member
$msg = LOAD_EMAIL_TEMPLATE("member_newsletter_request", array(), $GLOBALS['userid']);
if (empty($_POST['receiver'])) $_POST['receiver'] = "";
if (IS_ADMIN()) $whereStatement = "";
-// Add slashes to every value
-foreach($_POST as $key => $value)
-{
- // Skip submit buttons
- if (($key != "data") && ($key != "frametester")) $_POST[$key] = addslashes($value);
-}
-
// Minimum mails / order
define('__MIN_VALUE', $_CONFIG['order_min']);
// URL found!
$URL = URL."/modules.php?module=login&what=order&msg=".CODE_URL_FOUND;
}
- $TEST = str_replace("\n", "", str_replace("\r", "", addslashes($_POST['text'])));
+ $TEST = str_replace("\n", "", str_replace("\r", "", $_POST['text']));
if (strlen($TEST) > $_CONFIG['max_tlength'])
{
// Text is too long!
VALUES ('%s','%s','%s','%s','%s','TEMP','%s','%s','%s','%s','%s','%s')",
array(
$GLOBALS['userid'],
- addslashes($_POST['subject']),
- addslashes($_POST['text']),
+ $_POST['subject'],
+ $_POST['text'],
$RECEIVER,
bigintval($_POST['type']),
$TIME,
VALUES ('%s','%s','%s','%s','%s','TEMP','%s','%s','%s','%s','%s')",
array(
$GLOBALS['userid'],
- addslashes($_POST['subject']),
- addslashes($_POST['text']),
+ $_POST['subject'],
+ $_POST['text'],
$RECEIVER,
bigintval($_POST['type']),
$TIME,
}
else
{
- $msg_adm = addslashes(LOAD_EMAIL_TEMPLATE("admin_payout_request_banner", array(), $GLOBALS['userid']));
+ $msg_adm = LOAD_EMAIL_TEMPLATE("admin_payout_request_banner", array(), $GLOBALS['userid']);
}
}
else
// Load templates
$msg_mem = LOAD_EMAIL_TEMPLATE("member_payout_request", array(), $GLOBALS['userid']);
- $msg_adm = addslashes(LOAD_EMAIL_TEMPLATE("admin_payout_request", array(), $GLOBALS['userid']));
+ $msg_adm = LOAD_EMAIL_TEMPLATE("admin_payout_request", array(), $GLOBALS['userid']);
$admin_tpl = "";
if (GET_EXT_VERSION("admins") >= "0.4.1")
{
// Drop a message in the admin's area
$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_task_system (userid, assigned_admin, status, task_type, subject, text, task_created) VALUES ('%s','0','NEW','SUPPORT_MEMBER','%s','%s', UNIX_TIMESTAMP())",
- array($GLOBALS['userid'], addslashes($subj_a), addslashes($_POST['qsummary'].":".$_POST['qdetails'])), __FILE__, __LINE__);
+ array($GLOBALS['userid'], $subj_a, $_POST['qsummary'].":".$_POST['qdetails']), __FILE__, __LINE__);
// Form sent
LOAD_TEMPLATE("member_support_contcted");
// Add entries to both tables
$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_transfers_in (userid, from_uid, points, reason, time_trans, trans_id) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP(),'%s')",
- array(bigintval($_POST['to_uid']), $GLOBALS['userid'], bigintval($_POST['points']), addslashes($_POST['reason']), __TRANS_ID),
- __FILE__, __LINE__);
+ array(bigintval($_POST['to_uid']), $GLOBALS['userid'], bigintval($_POST['points']), $_POST['reason'], __TRANS_ID),
+ __FILE__, __LINE__);
$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_transfers_out (userid, to_uid, points, reason, time_trans, trans_id) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP(),'%s')",
- array($GLOBALS['userid'], bigintval($_POST['to_uid']), bigintval($_POST['points']), addslashes($_POST['reason']), __TRANS_ID),
- __FILE__, __LINE__);
+ array($GLOBALS['userid'], bigintval($_POST['to_uid']), bigintval($_POST['points']), $_POST['reason'], __TRANS_ID),
+ __FILE__, __LINE__);
// Add points to account *directly* ...
ADD_POINTS_REFSYSTEM(bigintval($_POST['to_uid']), bigintval($_POST['points']), false, "0", false, "direct");
array(
$admin_id,
$subject,
- addslashes($msg),
+ SQL_ESCAPE($msg),
), __FILE__, __LINE__, true, false
);
} // END - if
VALUES ('%s','%s','%s','%s','%s','NEW', UNIX_TIMESTAMP(),'%s','%s','%s','%s','%s')",
array(
$subject,
- addslashes($text),
+ $text,
$receiverList,
$points,
$seconds,
VALUES ('%s','%s','%s','%s','%s','NEW', UNIX_TIMESTAMP(),'%s','%s','%s','%s')",
array(
$subject,
- addslashes($text),
+ $text,
$receiverList,
$points,
$seconds,
projects / mailer.git / commitdiff