}
// SQL string escaping
-function SQL_QUERY_ESC ($qstring, $data, $F, $L, $run=true, $strip=true) {
+function SQL_QUERY_ESC ($qstring, $data, $F, $L, $run=true, $strip=true, $secure=true) {
// Link is there?
if (!SQL_IS_LINK_UP()) return false;
$strip = "false";
}
+ if ($secure === true) {
+ $secure = "true";
+ } else {
+ $secure = "false";
+ }
+
$eval = "\$query = sprintf(\"".$qstring."\"";
foreach ($data as $var) {
if ((!empty($var)) || ($var === 0)) {
- $eval .= ", SQL_ESCAPE(\"".$var."\",true,".$strip.")";
+ $eval .= ", SQL_ESCAPE(\"".$var."\", ".$secure.", ".$strip.")";
} else {
$eval .= ", ''";
}
// Load text for task if found
if (FILE_READABLE($tpl)) {
// Load extension's own text template (HTML!)
- $msg = LOAD_TEMPLATE("ext_".$ext, true);
+ $msg = LOAD_TEMPLATE("ext_" . $ext, true);
} else {
// Write this in debug.log as well
DEBUG_LOG(__FUNCTION__, __LINE__, $msg);
// Task not created so it's a brand-new extension which we need to register and create a task for!
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_task_system` (assigned_admin, userid, status, task_type, subject, text, task_created)
-VALUES (%s,0,'NEW','EXTENSION','%s','%s',UNIX_TIMESTAMP())",
+VALUES (%s, 0, 'NEW', 'EXTENSION', '%s', '%s', UNIX_TIMESTAMP())",
array(
$admin_id,
$subject,
- SQL_ESCAPE($msg),
- ), __FUNCTION__, __LINE__, true, false
+ smartAddSlashes($msg),
+ ), __FUNCTION__, __LINE__, true, false, false
);
} // END - if
}
if ((DETERMINE_TASK_ID_BY_SUBJECT($subject) == 0) && (GET_EXT_VERSION($ext) != "")) {
// Task not created so add it
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_task_system` (assigned_admin, userid, status, task_type, subject, text, task_created)
-VALUES (0,0,'NEW','EXTENSION_DEACTIVATION','%s','%s',UNIX_TIMESTAMP())",
+VALUES (0, 0, 'NEW', 'EXTENSION_DEACTIVATION', '%s', '%s', UNIX_TIMESTAMP())",
array(
$subject,
SQL_ESCAPE(LOAD_TEMPLATE("task_ext_deactivated", true, $ext)),
projects / mailer.git / commitdiff