From d0f0f15c27d6af49056e2658bb683a469f49db38 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Fri, 19 Dec 2008 14:07:05 +0000 Subject: [PATCH] Missing URL blacklist tabled (re-)added --- inc/databases.php | 2 +- inc/extensions/ext-order.php | 20 +++++- inc/filters.php | 2 +- inc/language/de.php | 1 + inc/modules/admin/what-unlock_emails.php | 84 ++++++++++++------------ inc/modules/member/what-order.php | 25 +++---- 6 files changed, 76 insertions(+), 58 deletions(-) diff --git a/inc/databases.php b/inc/databases.php index a7a03c1ed5..94869b2265 100644 --- a/inc/databases.php +++ b/inc/databases.php @@ -114,7 +114,7 @@ define('USAGE_BASE', "usage"); define('SERVER_URL', "http://www.mxchange.org"); // Current SVN revision -define('CURR_SVN_REVISION', "657"); +define('CURR_SVN_REVISION', "658"); // Take a prime number which is long (if you know a longer one please try it out!) define('_PRIME', 591623); diff --git a/inc/extensions/ext-order.php b/inc/extensions/ext-order.php index 4df2357071..ff17638453 100644 --- a/inc/extensions/ext-order.php +++ b/inc/extensions/ext-order.php @@ -38,13 +38,13 @@ if (!defined('__SECURITY')) { } // Version number -$EXT_VERSION = "0.4.9"; +$EXT_VERSION = "0.5.0"; // Auto-set extension version if (empty($EXT_VER)) $EXT_VER = $EXT_VERSION; // Version history array (add more with , "0.1" and so on) -$EXT_VER_HISTORY = array("0.0", "0.1", "0.1.1", "0.1.2", "0.1.3", "0.1.4", "0.1.5", "0.1.6", "0.1.7", "0.1.8", "0.1.9", "0.2.0", "0.2.1", "0.2.2", "0.2.3", "0.2.4", "0.2.5", "0.2.6", "0.2.7", "0.2.8", "0.2.9", "0.3.0", "0.3.1", "0.3.2", "0.3.3", "0.3.4", "0.3.5", "0.3.6", "0.3.7", "0.3.8", "0.3.9", "0.4.0", "0.4.1", "0.4.2", "0.4.3", "0.4.4", "0.4.5", "0.4.6", "0.4.7", "0.4.8", "0.4.9"); +$EXT_VER_HISTORY = array("0.0", "0.1", "0.1.1", "0.1.2", "0.1.3", "0.1.4", "0.1.5", "0.1.6", "0.1.7", "0.1.8", "0.1.9", "0.2.0", "0.2.1", "0.2.2", "0.2.3", "0.2.4", "0.2.5", "0.2.6", "0.2.7", "0.2.8", "0.2.9", "0.3.0", "0.3.1", "0.3.2", "0.3.3", "0.3.4", "0.3.5", "0.3.6", "0.3.7", "0.3.8", "0.3.9", "0.4.0", "0.4.1", "0.4.2", "0.4.3", "0.4.4", "0.4.5", "0.4.6", "0.4.7", "0.4.8", "0.4.9", "0.5.0"); switch ($EXT_LOAD_MODE) { @@ -298,6 +298,20 @@ nicht die vom Mitglied eingegebene. Resultat: Das Script beschwerte sich, der Us $UPDATE_NOTES = "Bei Löschung von Mailbuchungen kann nun global entschieden werden (Einstellungen also), ob die verbliebenen {!POINTS!} wieder gutgeschrieben werden sollen oder in den Jackpot landen."; break; + case "0.5.0": // SQL queries for v0.5.0 + $SQLs[] = "DROP TABLE IF EXISTS `"._MYSQL_PREFIX."_url_blacklist`"; + $SQLs[] = "CREATE TABLE `"._MYSQL_PREFIX."_url_blacklist` ( +`id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT, +`url` VARCHAR(255) NOT NULL DEFAULT '', +`pool_id` BIGINT(20) UNSIGNED NOT NULL DEFAULT 0, +`timestamp` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, +PRIMARY KEY (`id`), +INDEX (`pool_id`) +) TYPE=MYISAM COMMENT='URL blacklist'"; + + // Update notes (these will be set as task text!) + $UPDATE_NOTES = "Tabelle für URL-Sperrliste angelegt."; + break; } break; @@ -309,7 +323,7 @@ default: // Do stuff when extension is loaded if ((isBooleanConstantAndTrue('__DAILY_RESET')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (GET_EXT_VERSION("order") >= "0.1.1")) { // Reset mail order values $result_ext = SQL_QUERY("UPDATE `"._MYSQL_PREFIX."_user_data` SET mail_orders=0 WHERE mail_orders > 0", __FILE__, __LINE__); - } + } // END - if break; } diff --git a/inc/filters.php b/inc/filters.php index 4a15758156..d582202ac6 100644 --- a/inc/filters.php +++ b/inc/filters.php @@ -388,7 +388,7 @@ function FILTER_SOLVE_TASK ($data) { // Filter to load include files function FILTER_LOAD_INCLUDES ($data) { - global $INC_POOL; + global $INC_POOL, $CSS; // Is it an array? if ((!isset($INC_POOL)) || (!is_array($INC_POOL))) { diff --git a/inc/language/de.php b/inc/language/de.php index 8ce3b7db2f..eeb1e50985 100644 --- a/inc/language/de.php +++ b/inc/language/de.php @@ -1198,6 +1198,7 @@ define('TASK_SUBJ_EXTENSION_DEACTIVATED', "Erweiterung deaktiviert"); define('ADMIN_SUBJECT_EXTENSION_DEACTIVATED', "Automatische Deaktivierung einer Erweiterung"); define('FATAL_EXTENSION_LOADED', "Erweiterung %s/u> bereits geladen!"); define('ADMIN_ACCESS_DENIED', "Zugriff auf diesen Adminmenüpunkt nicht gestattet."); +define('ADMIN_URL_BLACKLIST_DISABLED', "URL-Sperrliste ist deaktiviert."); define('MEMBER_MAIL_BONUS_CONFIRMED_ON', "Sie haben diese Bonusmail %s bestätigt."); define('MEMBER_MAIL_NORMAL_CONFIRMED_ON', "Sie haben diese Klickmail %s bestätigt."); diff --git a/inc/modules/admin/what-unlock_emails.php b/inc/modules/admin/what-unlock_emails.php index c26b9bcda1..9419a62dc4 100644 --- a/inc/modules/admin/what-unlock_emails.php +++ b/inc/modules/admin/what-unlock_emails.php @@ -44,7 +44,10 @@ ADD_DESCR("admin", __FILE__); global $DATA; // Check for mails -$result_main = SQL_QUERY("SELECT id, sender, subject, payment_id, timestamp, url, target_send, cat_id FROM "._MYSQL_PREFIX."_pool WHERE data_type='ADMIN' ORDER BY timestamp", __FILE__, __LINE__); +$result_main = SQL_QUERY("SELECT `id`, `sender`, `subject`, `payment_id` AS `payment`, `timestamp`, `url`, `target_send`, `cat_id` AS `category` +FROM `"._MYSQL_PREFIX."_pool` +WHERE `data_type`='ADMIN' +ORDER BY `timestamp` ASC", __FILE__, __LINE__); if ((SQL_NUMROWS($result_main) > 0) || (isset($_POST['lock']))) { // Count checked checkboxes @@ -166,56 +169,52 @@ LIMIT 1", // Nothing selected LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_MAILS_NOTHING_CHECKED); } - } elseif ((isset($_POST['lock'])) || ($SEL > 0)) { - if ($SEL > 0) { - // Lock URLs - foreach ($_POST['sel'] as $id => $url) { - // Lookup in blacklist - $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_url_blist WHERE url='%s' LIMIT 1", - array($url), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 0) { - // Did not find a record so we can add it... :) - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_url_blist (url, timestamp) VALUES ('%s', UNIX_TIMESTAMP())", - array($url), __FILE__, __LINE__); - } else { - // Free memory - SQL_FREERESULT($result); - } - } - - // Set message - $MSG = ADMIN_URLS_BLOCKED; - } else { - // Nothing selected - $MSG = ADMIN_MAILS_NOTHING_CHECKED; - } - LOAD_TEMPLATE("admin_settings_saved", false, $MSG); - } elseif ((empty($_POST['lock'])) && (empty($_POST['accept'])) && (empty($_POST['reject']))) { + } elseif ((isset($_POST['lock'])) && ($SEL > 0) && (getConfig('url_blacklist') == "Y")) { + // Lock URLs + foreach ($_POST['sel'] as $id => $url) { + // Secure id number + $id = bigintval($id); + + // Lookup in blacklist + $result = SQL_QUERY_ESC("SELECT `id` FROM `"._MYSQL_PREFIX."_url_blacklist` WHERE `url`='%s' LIMIT 1", + array($url), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 0) { + // Did not find a record so we can add it... :) + SQL_QUERY_ESC("INSERT INTO `"._MYSQL_PREFIX."_url_blacklist` (`url`,`pool_id`) VALUES ('%s',%s)", + array($url, $id), __FILE__, __LINE__); + } // END - if + + // Free memory + SQL_FREERESULT($result); + } // END - foreach + + // Output message + LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_URLS_BLOCKED); + } elseif ((empty($_POST['lock'])) && (empty($_POST['accept'])) && (empty($_POST['reject'])) && (getConfig('url_blacklist') == "Y")) { // Mail orders are in pool so we can display them $SW = 2; $OUT = ""; - while (list($id, $sender, $subj, $pay, $time, $url, $tsend, $cat) = SQL_FETCHROW($result_main)) - { + while ($content = SQL_FETCHARRAY($result_main)) { // Prepare data for the template $content = array( 'sw' => $SW, - 'id' => $id, - 'sender' => $sender, - 'u_link' => ADMIN_USER_PROFILE_LINK($sender), - 'subj' => COMPILE_CODE($subj), - 'tester' => FRAMETESTER($url), - 'url' => $url, - 'cat_title' => str_replace("\"", """, GET_CATEGORY($cat)), - 'cat_link' => $cat, - 'pay_title' => str_replace("\"", """, GET_PAYMENT($pay, true)), - 'pay_link' => $pay, - 'ordered' => MAKE_DATETIME($time, "2"), - 'tsend' => $tsend, + 'id' => $content['id'], + 'sender' => $content['sender'], + 'u_link' => ADMIN_USER_PROFILE_LINK($content['sender']), + 'subj' => COMPILE_CODE($content['subject']), + 'tester' => FRAMETESTER($content['url']), + 'url' => $content['url'], + 'cat_title' => str_replace("\"", """, GET_CATEGORY($content['category'])), + 'cat_link' => $content['category'], + 'pay_title' => str_replace("\"", """, GET_PAYMENT($content['payment'], true)), + 'pay_link' => $content['payment'], + 'ordered' => MAKE_DATETIME($content['timestamp'], "2"), + 'tsend' => $content['target_send'], ); // Load row template and switch colors $OUT .= LOAD_TEMPLATE("admin_unlock_emails_row", true, $content); $SW = 3 - $SW; - } + } // END - while // Free memory SQL_FREERESULT($result_main); @@ -228,6 +227,9 @@ LIMIT 1", // Load main template LOAD_TEMPLATE("admin_unlock_emails"); + } elseif ((isset($_POST['lock'])) && (getConfig('url_blacklist') == "N")) { + // URL blacklist not activated + LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_URL_BLACKLIST_DISABLED); } else { // Wrong call! LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_WRONG_CALL); diff --git a/inc/modules/member/what-order.php b/inc/modules/member/what-order.php index eace0213cb..7753510fa8 100644 --- a/inc/modules/member/what-order.php +++ b/inc/modules/member/what-order.php @@ -84,9 +84,6 @@ if ($HOLIDAY == $DMY) $HOLIDAY='N'; $ALLOWED = $MAXI - $ORDERS; if (getConfig('order_max_full') == "MAX") $ALLOWED = $MAXI; -// Check HTML extension -$HTML_EXT = EXT_IS_ACTIVE("html_mail"); - // Now check his points amount $TOTAL = GET_TOTAL_DATA($GLOBALS['userid'], "user_points", "points"); @@ -153,15 +150,19 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1", // And shall I check that his URL is not in the black list? if (getConfig('url_blacklist') == "Y") { // Ok, I do that for you know... - $result = SQL_QUERY_ESC("SELECT timestamp FROM "._MYSQL_PREFIX."_url_blist WHERE url='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT UNIX_TIMESTAMP(`timestamp`) AS tstamp FROM `"._MYSQL_PREFIX."_url_blacklist` WHERE `url`='%s' LIMIT 1", array($_POST['url']), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Jupp, we got one listed list($blist) = SQL_FETCHROW($result); - SQL_FREERESULT($result); + + // Create redirect-URL $URL = URL."/modules.php?module=login&what=order&msg=".CODE_BLIST_URL."&blist=".$blist; } // END - if + + // Free result + SQL_FREERESULT($result); } // END - if // Enougth receivers entered? @@ -177,7 +178,7 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1", } // END - if // Probe for HTML extension - if ($HTML_EXT) { + if (EXT_IS_ACTIVE("html_mail")) { // HTML or regular text mail? if ($_POST['html'] == "Y") { // Chek for valid HTML tags @@ -276,7 +277,7 @@ WHERE userid=%s AND holiday_start < UNIX_TIMESTAMP() AND holiday_end > UNIX_TIME if (($id == "0") || ($type != "TEMP")) { // New order $id = 0; - if ($HTML_EXT) { + if (EXT_IS_ACTIVE("html_mail")) { // HTML extension is active $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_pool (sender, subject, text, receivers, payment_id, data_type, timestamp, url, cat_id, target_send, zip, html_msg) VALUES ('%s','%s','%s','%s','%s','TEMP','%s','%s','%s','%s','%s','%s')", @@ -312,7 +313,7 @@ array( } } else { // Change current order - if ($HTML_EXT) { + if (EXT_IS_ACTIVE("html_mail")) { // HTML extension is active $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET subject='%s', @@ -414,7 +415,7 @@ array( // Enable HTML checking $HTML = ""; $HOLIDAY = false; $HOL_STRING = ""; - if (($HTML_EXT) && ($_POST['html'] == "Y")) $HTML = " AND html='Y'"; + if ((EXT_IS_ACTIVE("html_mail")) && ($_POST['html'] == "Y")) $HTML = " AND html='Y'"; if (GET_EXT_VERSION("holiday") >= "0.1.3") { // Extension's version is fine $HOLIDAY = true; $HOL_STRING = " AND holiday_active='N'"; @@ -624,7 +625,7 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__); } // 01 2 21 12 2 23 443 3 3210 - if ((!empty($_POST['data'])) || ((getConfig('order_multi_page') == "N") && ((!IS_ADMIN()) && (!$HTML_EXT)))) { + if ((!empty($_POST['data'])) || ((getConfig('order_multi_page') == "N") && ((!IS_ADMIN()) && (!EXT_IS_ACTIVE("html_mail"))))) { // Pre-output categories $CAT = ""; foreach ($CATS['id'] as $key => $value) { @@ -661,7 +662,7 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__); } // HTML extension - if (($HTML_EXT) && ($_POST['html'] == "Y")) { + if ((EXT_IS_ACTIVE("html_mail")) && ($_POST['html'] == "Y")) { // Extension is active so output valid HTML tags define('MEMBER_HTML_EXTENSION', LOAD_TEMPLATE("member_order-html_ext", true, HTML_ADD_VALID_TAGS())); } else { @@ -674,7 +675,7 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__); } else { // Remember maybe entered ZIP code in constant $ADD = ""; - if ($HTML_EXT) { + if (EXT_IS_ACTIVE("html_mail")) { // Add some content when html extension is active if ((getConfig('order_multi_page') == "Y") || (IS_ADMIN())) $ADD = " \n"; define('MEMBER_HTML_EXTENSION', LOAD_TEMPLATE("member_order-html_intro", true)); -- 2.39.5