From 06e24098eb8296f63f7d647c6a630a55ca0fdb94 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Roland=20H=C3=A4der?= <roland@mxchange.org>
Date: Tue, 23 Oct 2012 21:01:18 +0000
Subject: [PATCH] Testers excluded (almost, see TODO) from guest stats page: -
Don't do secureString(getRequestElement('foo')) as it is already secured -
Testers excluded from almost all statistics in what-stats.php - TODOs.txt
updated
---
DOCS/TODOs.txt | 3 ++-
inc/modules/admin/what-extensions.php | 4 ++--
inc/modules/admin/what-list_user.php | 2 +-
inc/modules/admin/what-logs.php | 2 +-
inc/modules/guest/what-stats.php | 11 ++++++-----
inc/referral-functions.php | 4 ++--
6 files changed, 14 insertions(+), 12 deletions(-)
diff --git a/DOCS/TODOs.txt b/DOCS/TODOs.txt
index dce33cd8fe..ad96435c70 100644
--- a/DOCS/TODOs.txt
+++ b/DOCS/TODOs.txt
@@ -153,11 +153,12 @@
./inc/modules/frametester.php:95: // @TODO Rewrite this somehow
./inc/modules/guest/what-beg.php:51:// @TODO No more needed? define('__BEG_USERID_TIMEOUT', createFancyTime(getBegUseridTimeout()));
./inc/modules/guest/what-login.php:134: // @TODO Move this HTML code into a template
-./inc/modules/guest/what-mediadata.php:186:// @TODO Rewrite all these if-blocks to filters
+./inc/modules/guest/what-mediadata.php:188:// @TODO Rewrite all these if-blocks to filters
./inc/modules/guest/what-mediadata.php:67: // @TODO Find a better formular than this one
./inc/modules/guest/what-rallyes.php:99: // @TODO Reactivate this: $content['admin'] = '<a href="{%url=modules.php?module=index&what=impressum&id=' . $content['admin_id'] . '%}">' . $content['login'] . '</a>';
./inc/modules/guest/what-sponsor_reg.php:293: // @TODO Maybe a default referral id?
./inc/modules/guest/what-stats.php:110: // @TODO This can be somehow rewritten
+./inc/modules/guest/what-stats.php:119: // @TODO This does not exclude testers
./inc/modules/guest/what-stats.php:82:// @TODO This can be rewritten in a dynamic include
./inc/modules/member/what-beg.php:54:// @TODO Can't this be moved into EL?
./inc/modules/member/what-beg.php:63:// @TODO No more needed? define('__BEG_USERID_TIMEOUT', createFancyTime(getBegUseridTimeout()));
diff --git a/inc/modules/admin/what-extensions.php b/inc/modules/admin/what-extensions.php
index 42530629b2..52e243e51d 100644
--- a/inc/modules/admin/what-extensions.php
+++ b/inc/modules/admin/what-extensions.php
@@ -235,7 +235,7 @@ if (isGetRequestElementSet('register_ext')) {
redirectToUrl('modules.php?module=admin&what=extensions&removed=' . countPostSelection());
} elseif ((isGetRequestElementSet('do')) && (!isDemoModeActive())) {
// Other things to do
- $do = SQL_ESCAPE(secureString(getRequestElement('do')));
+ $do = getRequestElement('do');
} elseif (isGetRequestElementSet('do')) {
// Demo mode active!
$do = 'demo';
@@ -269,7 +269,7 @@ if (isGetRequestElementSet('register_ext')) {
// Shall we display active/inactive extensions?
$where = '';
if (isGetRequestElementSet('active')) {
- $where = sprintf("WHERE `ext_active`='%s'", SQL_ESCAPE(secureString(getRequestElement('active'))));
+ $where = sprintf("WHERE `ext_active`='%s'", SQL_ESCAPE(getRequestElement('active')));
} // END - if
// Case selection
diff --git a/inc/modules/admin/what-list_user.php b/inc/modules/admin/what-list_user.php
index 82728709f2..c16f1787ec 100644
--- a/inc/modules/admin/what-list_user.php
+++ b/inc/modules/admin/what-list_user.php
@@ -232,7 +232,7 @@ LIMIT 1',
break;
default: // Invalid list mode
- reportBug(__FILE__, __LINE__, sprintf('Invalid do %s detected.', SQL_ESCAPE(secureString(getRequestElement('do')))));
+ reportBug(__FILE__, __LINE__, sprintf('Invalid do %s detected.', SQL_ESCAPE(getRequestElement('do'))));
break;
} // END - switch
diff --git a/inc/modules/admin/what-logs.php b/inc/modules/admin/what-logs.php
index 3c51dfa5c9..3cdb8f6007 100644
--- a/inc/modules/admin/what-logs.php
+++ b/inc/modules/admin/what-logs.php
@@ -45,7 +45,7 @@ addYouAreHereLink('admin', __FILE__);
if (isGetRequestElementSet('access')) {
// Secure input and construct FQFN
- $access = SQL_ESCAPE(secureString(getRequestElement('access')));
+ $access = SQL_ESCAPE(getRequestElement('access'));
$target = sprintf("%slogs/%s", getPath(), $access);
// Is the file valid and readable?
diff --git a/inc/modules/guest/what-stats.php b/inc/modules/guest/what-stats.php
index 81acf6ecdf..f53674e51a 100644
--- a/inc/modules/guest/what-stats.php
+++ b/inc/modules/guest/what-stats.php
@@ -72,9 +72,9 @@ switch (getRequestElement('do')) {
default:
// Unsupported mode
- reportBug(__FILE__, __LINE__, sprintf("Unsupported mode <span class=\"data\">%s</span> detected.", secureString(getRequestElement('do'))));
+ reportBug(__FILE__, __LINE__, sprintf("Unsupported mode <span class=\"data\">%s</span> detected.", getRequestElement('do')));
break;
-}
+} // END - switch
// Set link title
$ltitle = '{--GUEST_STATS_' . strtoupper($lmode) . '--}';
@@ -116,18 +116,19 @@ switch (getConfig('guest_stats')) {
// Now we have all categories loaded, count members
foreach ($cats as $id => $dummy) {
// We only need id and nothing more to count...
+ // @TODO This does not exclude testers
$cat_cnt[$id] = countSumTotalData(bigintval($id), 'user_cats', 'id', 'cat_id', TRUE);
} // END - foreach
// Prepare data for the template
$content['total_users'] = ($male + $female);
- $content['unconfirmed'] = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `status` != 'CONFIRMED'", __FILE__, __LINE__));
+ $content['unconfirmed'] = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `status` != 'CONFIRMED'" . runFilterChain('user_exclusion_sql', ' '), __FILE__, __LINE__));
$content['total_males'] = $male;
$content['total_females'] = $female;
$content['tmem_count'] = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `last_online` >= {?START_TDAY?}" . runFilterChain('user_exclusion_sql', " AND `status`='CONFIRMED'"), __FILE__, __LINE__));
$content['ymem_count'] = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `last_online` >= {?START_YDAY?} AND `last_online` < {?START_TDAY?}" . runFilterChain('user_exclusion_sql', " AND `status`='CONFIRMED'"), __FILE__, __LINE__));
- $content['treg_count'] = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `joined` >= {?START_TDAY?}", __FILE__, __LINE__));
- $content['yreg_count'] = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `joined` >= {?START_YDAY?} AND `joined` < {?START_TDAY?}", __FILE__, __LINE__));
+ $content['treg_count'] = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `joined` >= {?START_TDAY?}" . runFilterChain('user_exclusion_sql', ' '), __FILE__, __LINE__));
+ $content['yreg_count'] = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `joined` >= {?START_YDAY?} AND `joined` < {?START_TDAY?}" . runFilterChain('user_exclusion_sql', ' '), __FILE__, __LINE__));
$content['lmode'] = $lmode;
$content['ltitle'] = $ltitle;
diff --git a/inc/referral-functions.php b/inc/referral-functions.php
index 28ca19a42a..a60a8a2424 100644
--- a/inc/referral-functions.php
+++ b/inc/referral-functions.php
@@ -835,11 +835,11 @@ function determineReferralId () {
} elseif (isGetRequestElementSet('refid')) {
// Get referral id from GET parameter refid
//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Using refid from GET data (' . getRequestElement('refid') . ')');
- setReferralId(secureString(getRequestElement('refid')));
+ setReferralId(getRequestElement('refid'));
} elseif (isGetRequestElementSet('ref')) {
// Set refid=ref (the referral link uses such variable)
//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Using ref from GET data (' . getRequestElement('ref') . ')');
- setReferralId(secureString(getRequestElement('ref')));
+ setReferralId(getRequestElement('ref'));
} elseif ((isGetRequestElementSet('user')) && (basename($_SERVER['PHP_SELF']) == 'click.php')) {
// The variable user comes from click.php
//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Using user from GET data (' . getRequestElement('user') . ')');
--
2.39.5