From 4dfa7b2274172717e7e5da373f8bb6bdc7b3d51b Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Mon, 28 Jun 2010 19:45:19 +0000 Subject: [PATCH] Naming convention applied, encodeEntities() added --- inc/db/lib-mysql3.php | 2 +- inc/filters.php | 2 +- inc/functions.php | 14 +++++++------- inc/libs/network_functions.php | 2 +- inc/modules/admin/admin-inc.php | 10 +++++----- inc/modules/admin/what-email_archiv.php | 9 +++------ inc/modules/admin/what-extensions.php | 6 +++--- inc/modules/admin/what-list_unconfirmed.php | 4 ++-- inc/modules/admin/what-repair_lang.php | 2 +- inc/wrapper-functions.php | 12 ++++++++++++ templates/de/html/admin/admin_email_archiv_row.tpl | 2 +- 11 files changed, 37 insertions(+), 28 deletions(-) diff --git a/inc/db/lib-mysql3.php b/inc/db/lib-mysql3.php index 8880bef74a..7441e5ab21 100644 --- a/inc/db/lib-mysql3.php +++ b/inc/db/lib-mysql3.php @@ -79,7 +79,7 @@ function SQL_QUERY ($sqlString, $F, $L) { $querytimeBefore = microtime(true); // Run SQL command - //* DEBUG: */ debugOutput('F=' . basename($F) . ',L=' . $L . 'sql=' . htmlentities($GLOBALS['last_sql'])); + //* DEBUG: */ debugOutput('F=' . basename($F) . ',L=' . $L . 'sql=' . encodeEntities($GLOBALS['last_sql'])); $result = mysql_query($GLOBALS['last_sql'], SQL_GET_LINK()) or debug_report_bug($F, $L, 'file='. $F . ',line=' . $L . ':mysql_error()=' . mysql_error() . "\n". 'Query string:' . $GLOBALS['last_sql']); diff --git a/inc/filters.php b/inc/filters.php index 260648a319..1a03451c33 100644 --- a/inc/filters.php +++ b/inc/filters.php @@ -436,7 +436,7 @@ function FILTER_COMPILE_CONFIG ($code, $compiled = false) { if ($compiled === true) { // Run the code $eval = "\$GLOBALS['compiled_config'][\$uncompiled] = \"" . $GLOBALS['compiled_config'][$uncompiled] . '";'; - //* DEBUG: */ debugOutput(__FUNCTION__.'['.__LINE__.']:
' . str_replace('$', '$', htmlentities($eval)) . '
'); + //* DEBUG: */ debugOutput(__FUNCTION__.'['.__LINE__.']:
' . encodeEntities($eval) . '
'); eval($eval); } // END - if diff --git a/inc/functions.php b/inc/functions.php index 837184d15f..79edbc765d 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -184,11 +184,11 @@ function doFinalCompilation ($code, $insertComments = true) { $newContent = ''; // Compile it - //* DEBUG: */ debugOutput('
'.htmlentities($code).'
'); + //* DEBUG: */ debugOutput('
'.encodeEntities($code).'
'); $eval = '$newContent = "' . str_replace('{DQUOTE}', '"', compileCode(escapeQuotes($code))) . '";'; //* DEBUG: */ if ($insertComments) die('
'.linenumberCode($eval).'
'); eval($eval); - //* DEBUG: */ die('
'.htmlentities($newContent).'
'); + //* DEBUG: */ die('
'.encodeEntities($newContent).'
'); // Was that eval okay? if (empty($newContent)) { @@ -578,10 +578,10 @@ function sendEmail ($toEmail, $subject, $message, $isHtml = 'N', $mailHeader = ' if (isDebugModeEnabled()) { // In debug mode we want to display the mail instead of sending it away so we can debug this part outputHtml('
-Headers : ' . htmlentities(utf8_decode(trim($mailHeader))) . '
-To      : ' . htmlentities(utf8_decode($toEmail)) . '
-Subject : ' . htmlentities(utf8_decode($subject)) . '
-Message : ' . htmlentities(utf8_decode($message)) . '
+Headers : ' . encodeEntities(utf8_decode(trim($mailHeader))) . '
+To      : ' . encodeEntities(utf8_decode($toEmail)) . '
+Subject : ' . encodeEntities(utf8_decode($subject)) . '
+Message : ' . encodeEntities(utf8_decode($message)) . '
'); // This is always fine @@ -3477,7 +3477,7 @@ function linenumberCode ($code) { $r .= '|'; // Add code - $r .= '' . htmlentities($c) . ''; + $r .= '' . encodeEntities($c) . ''; } return '
' . $r . '
'; diff --git a/inc/libs/network_functions.php b/inc/libs/network_functions.php index 8f4e0a59f4..0950f82ccf 100644 --- a/inc/libs/network_functions.php +++ b/inc/libs/network_functions.php @@ -474,7 +474,7 @@ ORDER BY // Free the result SQL_FREERESULT($result); - //* DEBUG: */ die('
'.htmlentities($content).'
'); + //* DEBUG: */ die('
'.encodeEntities($content).'
'); // Return content return $content; diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index 40e5d1aaca..ed8d5e956d 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -733,7 +733,7 @@ function sendAdminBuildMails ($mode, $table, $content, $id, $subjectPart = '', $ // Is the raw userid set? if (postRequestParameter($userid, $id) > 0) { // Generate subject - $subjectLine = '{--MEMBER_' . strtoupper($subject) . '_' . strtoupper($table) . '_SUBJECT--}'; + $subject = '{--MEMBER_' . strtoupper($subject) . '_' . strtoupper($table) . '_SUBJECT--}'; // Load email template if (!empty($subjectPart)) { @@ -743,17 +743,17 @@ function sendAdminBuildMails ($mode, $table, $content, $id, $subjectPart = '', $ } // Send email out - sendEmail(postRequestParameter($userid, $id), $subjectLine, $mail); + sendEmail(postRequestParameter($userid, $id), $subject, $mail); } // END - if // Generate subject - $subjectLine = '{--ADMIN_' . strtoupper($subject) . '_' . strtoupper($table) . '_SUBJECT--}'; + $subject = '{--ADMIN_' . strtoupper($subject) . '_' . strtoupper($table) . '_SUBJECT--}'; // Send admin notification out if (!empty($subjectPart)) { - sendAdminNotification($subjectLine, 'admin_' . $mode . '_' . strtolower($subjectPart) . '_' . $table, $content, postRequestParameter($userid, $id)); + sendAdminNotification($subject, 'admin_' . $mode . '_' . strtolower($subjectPart) . '_' . $table, $content, postRequestParameter($userid, $id)); } else { - sendAdminNotification($subjectLine, 'admin_' . $mode . '_' . $table, $content, postRequestParameter($userid, $id)); + sendAdminNotification($subject, 'admin_' . $mode . '_' . $table, $content, postRequestParameter($userid, $id)); } } diff --git a/inc/modules/admin/what-email_archiv.php b/inc/modules/admin/what-email_archiv.php index b4df32c746..978a0a71f6 100644 --- a/inc/modules/admin/what-email_archiv.php +++ b/inc/modules/admin/what-email_archiv.php @@ -48,18 +48,15 @@ if ((!defined('__SECURITY')) || (!isAdmin())) { // Add description as navigation point addMenuDescription('admin', __FILE__); -// Init SQL string -$sql = "SELECT +// Check for maximum pages +$result_maximum = SQL_QUERY("SELECT `id`, `sender`, `subject`, `text`, `receivers`, `payment_id`, `data_type`, `timestamp`, `url`, `target_send`, `cat_id` FROM `{?_MYSQL_PREFIX?}_pool` WHERE `data_type`='SEND' OR `data_type`='DELETED' ORDER BY - `timestamp` DESC"; - -// Check for maximum pages -$result_maximum = SQL_QUERY($sql, __FILE__, __LINE__); + `timestamp` DESC", __FILE__, __LINE__); // Set offset an current page to default values if (!isGetRequestParameterSet('page')) setGetRequestParameter('page' , 1); diff --git a/inc/modules/admin/what-extensions.php b/inc/modules/admin/what-extensions.php index 5dd017ec47..9458da0541 100644 --- a/inc/modules/admin/what-extensions.php +++ b/inc/modules/admin/what-extensions.php @@ -319,16 +319,16 @@ ORDER BY `ext_name` ASC", __FILE__, __LINE__); // id is valid so begin with registration, we first want to it's real name from task management (subject column) $result = SQL_QUERY_ESC("SELECT `subject` FROM `{?_MYSQL_PREFIX?}_task_system` WHERE `id`=%s LIMIT 1", array(bigintval($ext_id)), __FILE__, __LINE__); - list($subj) = SQL_FETCHROW($result); + list($subject) = SQL_FETCHROW($result); // Free result SQL_FREERESULT($result); // Disable cache update by default $cache_update = '0'; - if (!empty($subj)) { + if (!empty($subject)) { // Extract extension's name from subject... - $ext_name = trim(substr($subj, 1, strpos($subj, ':') - 1)); + $ext_name = trim(substr($subject, 1, strpos($subject, ':') - 1)); // Test the extension for deprecation loadExtension($ext_name, 'test'); diff --git a/inc/modules/admin/what-list_unconfirmed.php b/inc/modules/admin/what-list_unconfirmed.php index a016dbe653..0887f450cd 100644 --- a/inc/modules/admin/what-list_unconfirmed.php +++ b/inc/modules/admin/what-list_unconfirmed.php @@ -98,7 +98,7 @@ if ($listed === true) { if (SQL_NUMROWS($result_master) == 1) { // Mail order / bonus mail found! // @TODO Rewrite this to $content = SQL_FETCHARRAY(), look some lines above for two differrent queries - list($stats_id, $sender, $subj, $text, $url, $stamp, $max) = SQL_FETCHROW($result_master); + list($stats_id, $sender, $subject, $text, $url, $stamp, $max) = SQL_FETCHROW($result_master); // Transfer data to constants for the template if (($stats_id > 0) && ($ID == '-1')) $ID = $stats_id; @@ -172,7 +172,7 @@ LIMIT %s", // Prepare content $content = array( 'sender' => $sender, - 'subject' => $subj, + 'subject' => $subject, 'text' => $text, 'url' => $url, 'unconfirmed' => $unconfirmed, diff --git a/inc/modules/admin/what-repair_lang.php b/inc/modules/admin/what-repair_lang.php index 378c3e0e6a..c62b539465 100644 --- a/inc/modules/admin/what-repair_lang.php +++ b/inc/modules/admin/what-repair_lang.php @@ -93,7 +93,7 @@ foreach ($validLanguages as $lang) { if (count($GLOBALS['lang_diff'][$INC]) <= 100) { // Display them, it is not more than 100 entries difference foreach ($GLOBALS['lang_diff'][$INC] as $key => $value) { - $diffContent .= '
  • ' . $key . '=' . htmlentities($value) . '
    • '; + $diffContent .= '
  • ' . $key . '=' . encodeEntities($value) . '
    • '; } // END - foreach } else { // To much to display! diff --git a/inc/wrapper-functions.php b/inc/wrapper-functions.php index c80742992c..fdd6be73f4 100644 --- a/inc/wrapper-functions.php +++ b/inc/wrapper-functions.php @@ -1061,5 +1061,17 @@ function isValidUserId ($userid) { return $GLOBALS['is_valid_userid'][$userid]; } +// Encodes entities +function encodeEntities ($str) { + // Secure it first + $str = secureString($str); + + // Encode dollar sign as well + $str = str_replace('$', '$', $str); + + // Return it + return $str; +} + // [EOF] ?> diff --git a/templates/de/html/admin/admin_email_archiv_row.tpl b/templates/de/html/admin/admin_email_archiv_row.tpl index 2bd5b2e67d..bf64afbcf7 100644 --- a/templates/de/html/admin/admin_email_archiv_row.tpl +++ b/templates/de/html/admin/admin_email_archiv_row.tpl @@ -5,7 +5,7 @@ {--EMAIL_SUBJECT--}:
    - $content[subject] + {%pipe,encodeEntities=$content[subject]%} {--EMAIL_TEXT--}:
    -- 2.39.5