From: Roland Häder Date: Sat, 14 Mar 2009 21:34:52 +0000 (+0000) Subject: Fixes for #113, task texts where too much secured, resolved X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=7f7d59d3ca92202906892fa9a7ecdba6d4cab0da;p=mailer.git Fixes for #113, task texts where too much secured, resolved --- diff --git a/inc/db/lib-mysql3.php b/inc/db/lib-mysql3.php index 024908a9df..e0c63d2f01 100644 --- a/inc/db/lib-mysql3.php +++ b/inc/db/lib-mysql3.php @@ -242,7 +242,7 @@ function SQL_FREERESULT ($result) { } // SQL string escaping -function SQL_QUERY_ESC ($qstring, $data, $F, $L, $run=true, $strip=true) { +function SQL_QUERY_ESC ($qstring, $data, $F, $L, $run=true, $strip=true, $secure=true) { // Link is there? if (!SQL_IS_LINK_UP()) return false; @@ -255,10 +255,16 @@ function SQL_QUERY_ESC ($qstring, $data, $F, $L, $run=true, $strip=true) { $strip = "false"; } + if ($secure === true) { + $secure = "true"; + } else { + $secure = "false"; + } + $eval = "\$query = sprintf(\"".$qstring."\""; foreach ($data as $var) { if ((!empty($var)) || ($var === 0)) { - $eval .= ", SQL_ESCAPE(\"".$var."\",true,".$strip.")"; + $eval .= ", SQL_ESCAPE(\"".$var."\", ".$secure.", ".$strip.")"; } else { $eval .= ", ''"; } diff --git a/inc/extensions.php b/inc/extensions.php index c2dd635325..609af2b242 100644 --- a/inc/extensions.php +++ b/inc/extensions.php @@ -746,7 +746,7 @@ function CREATE_NEW_EXTENSION_TASK ($admin_id, $subject, $ext) { // Load text for task if found if (FILE_READABLE($tpl)) { // Load extension's own text template (HTML!) - $msg = LOAD_TEMPLATE("ext_".$ext, true); + $msg = LOAD_TEMPLATE("ext_" . $ext, true); } else { // Write this in debug.log as well DEBUG_LOG(__FUNCTION__, __LINE__, $msg); @@ -754,12 +754,12 @@ function CREATE_NEW_EXTENSION_TASK ($admin_id, $subject, $ext) { // Task not created so it's a brand-new extension which we need to register and create a task for! SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_task_system` (assigned_admin, userid, status, task_type, subject, text, task_created) -VALUES (%s,0,'NEW','EXTENSION','%s','%s',UNIX_TIMESTAMP())", +VALUES (%s, 0, 'NEW', 'EXTENSION', '%s', '%s', UNIX_TIMESTAMP())", array( $admin_id, $subject, - SQL_ESCAPE($msg), - ), __FUNCTION__, __LINE__, true, false + smartAddSlashes($msg), + ), __FUNCTION__, __LINE__, true, false, false ); } // END - if } @@ -773,7 +773,7 @@ function CREATE_EXTENSION_DEACTIVATION_TASK ($ext) { if ((DETERMINE_TASK_ID_BY_SUBJECT($subject) == 0) && (GET_EXT_VERSION($ext) != "")) { // Task not created so add it SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_task_system` (assigned_admin, userid, status, task_type, subject, text, task_created) -VALUES (0,0,'NEW','EXTENSION_DEACTIVATION','%s','%s',UNIX_TIMESTAMP())", +VALUES (0, 0, 'NEW', 'EXTENSION_DEACTIVATION', '%s', '%s', UNIX_TIMESTAMP())", array( $subject, SQL_ESCAPE(LOAD_TEMPLATE("task_ext_deactivated", true, $ext)), diff --git a/inc/modules/admin/overview-inc.php b/inc/modules/admin/overview-inc.php index 0ffec83911..6840cbe603 100644 --- a/inc/modules/admin/overview-inc.php +++ b/inc/modules/admin/overview-inc.php @@ -383,7 +383,6 @@ function OUTPUT_SELECTED_TASKS ($POST, $result_tasks) { } // END - if // There are uncompleted jobs! - // @TODO Rewrite this to one template and use $OUT = ... $OUT = ""; $SW = 2; while ($content = SQL_FETCHARRAY($result_tasks)) { // Init infos