From 0cbb56bacbaeed5d2bfd04081c018bda9248071b Mon Sep 17 00:00:00 2001 From: quix0r Date: Fri, 29 Jul 2011 05:07:08 +0000 Subject: [PATCH] Fixes --- inc/db/lib-mysql3.php | 8 +++++--- inc/mysql-manager.php | 9 +++++++-- inc/template-functions.php | 4 +++- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/inc/db/lib-mysql3.php b/inc/db/lib-mysql3.php index 5d346e48ff..c9b033172e 100644 --- a/inc/db/lib-mysql3.php +++ b/inc/db/lib-mysql3.php @@ -295,6 +295,9 @@ function SQL_INSERTID () { function SQL_ESCAPE ($str, $secureString = true, $strip = true) { // Do we have cache? if (!isset($GLOBALS['sql_escapes'][''.$str.''])) { + // Prepare the string here + $str = SQL_PREPARE_SQL_STRING($str); + // Secure string first? (which is the default behaviour!) if ($secureString === true) { // Then do it here @@ -541,12 +544,11 @@ function SQL_HASZEROAFFECTED () { function SQL_PREPARE_SQL_STRING ($sqlString, $enableCodes = true) { // Is it already cached? if (!isset($GLOBALS['sql_strings'][$sqlString])) { - // Compile config+expression code - $sqlString2 = FILTER_COMPILE_EXPRESSION_CODE(FILTER_COMPILE_CONFIG($sqlString)); + // Compile URI codes+config+expression code + $sqlString2 = FILTER_COMPILE_EXPRESSION_CODE(FILTER_COMPILE_CONFIG(compileUriCode($sqlString))); // Do final compilation $GLOBALS['sql_strings'][$sqlString] = doFinalCompilation($sqlString2, false, $enableCodes); - //die($sqlString.'
'.$sqlString2.'
'.$GLOBALS['sql_strings'][$sqlString]); } // END - if // Return it diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index 6ceef81e5f..8d64b2201a 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -790,11 +790,16 @@ function getActionFromModuleWhat ($module, $what) { $module = mapModuleToTable($module); // Guest and member menu is 'main' as the default - if (empty($data['action'])) $data['action'] = 'main'; + if (empty($data['action'])) { + $data['action'] = 'main'; + } // END - if // Load from database $result = SQL_QUERY_ESC("SELECT `action` FROM `{?_MYSQL_PREFIX?}_%s_menu` WHERE `what`='%s' LIMIT 1", - array($module, $what), __FUNCTION__, __LINE__); + array( + $module, + $what + ), __FUNCTION__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Load action value and pray that this one is the right you want... ;-) $data = SQL_FETCHARRAY($result); diff --git a/inc/template-functions.php b/inc/template-functions.php index 73e88c6ce0..ac94882546 100644 --- a/inc/template-functions.php +++ b/inc/template-functions.php @@ -1236,7 +1236,9 @@ function debug_report_bug ($F, $L, $message = '', $sendEmail = true) { // Compile characters which are allowed in URLs function compileUriCode ($code, $simple = true) { // Compile constants - if ($simple === false) $code = str_replace('{--', '".', str_replace('--}', '."', $code)); + if ($simple === false) { + $code = str_replace('{--', '".', str_replace('--}', '."', $code)); + } // END - if // Compile QUOT and other non-HTML codes $code = str_replace('{DOT}', '.', -- 2.39.5