Fixes for various bugs (e.g.: 'secret file could not be read', SQL error and more)

[mailer.git] / inc / modules / admin / admin-inc.php

diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php
index 9360b73c8ae581708cb69e5f1327a36f3c1fa0d0..078108d8f464f1e64958f21398e4fb67653857ee 100644 (file)
--- a/inc/modules/admin/admin-inc.php
+++ b/inc/modules/admin/admin-inc.php
@@ -635,9 +635,9 @@ function adminSaveSettings (&$postData, $tableName = '_config', $whereStatement
        $result = FALSE;
        if ($alwaysAdd === FALSE) {
                if (!empty($whereStatement)) {
-                       $result = sqlQuery("SELECT * FROM `{?_MYSQL_PREFIX?}" . $tableName . "` WHERE " . $whereStatement . " LIMIT 1", __FUNCTION__, __LINE__);
+                       $result = sqlQuery('SELECT * FROM `{?_MYSQL_PREFIX?}' . $tableName . '` WHERE ' . $whereStatement . ' LIMIT 1', __FUNCTION__, __LINE__);
                } else {
-                       $result = sqlQuery("SELECT * FROM `{?_MYSQL_PREFIX?}" . $tableName . "` LIMIT 1", __FUNCTION__, __LINE__);
+                       $result = sqlQuery('SELECT * FROM `{?_MYSQL_PREFIX?}' . $tableName . '` LIMIT 1', __FUNCTION__, __LINE__);
                }
        } // END - if
 
@@ -646,7 +646,7 @@ function adminSaveSettings (&$postData, $tableName = '_config', $whereStatement
                $updatedData = implode(', ', $tableData);
 
                // Generate SQL string
-               $sql = sprintf("UPDATE `{?_MYSQL_PREFIX?}%s` SET %s WHERE %s LIMIT 1",
+               $sql = sprintf('UPDATE `{?_MYSQL_PREFIX?}%s` SET %s WHERE %s LIMIT 1',
                        $tableName,
                        $updatedData,
                        $whereStatement
@@ -666,7 +666,7 @@ function adminSaveSettings (&$postData, $tableName = '_config', $whereStatement
                $values = implode(', '  , $values);
 
                // Generate SQL string
-               $sql = sprintf("INSERT INTO `{?_MYSQL_PREFIX?}%s` (%s) VALUES (%s)",
+               $sql = sprintf('INSERT INTO `{?_MYSQL_PREFIX?}%s` (%s) VALUES (%s)',
                        $tableName,
                        $keys,
                        $values
@@ -698,7 +698,7 @@ function adminSaveSettings (&$postData, $tableName = '_config', $whereStatement
 // Generate a selection box
 function adminAddMenuSelectionBox ($menu, $type, $name, $default = '') {
        // Open the requested menu directory
-       $menuArray = getArrayFromDirectory(sprintf("inc/modules/%s/", $menu), $type . '-', FALSE, FALSE);
+       $menuArray = getArrayFromDirectory(sprintf('inc/modules/%s/', $menu), $type . '-', FALSE, FALSE);
 
        // Init the selection box
        $OUT = '<select name="' . $name . '" class="form_select" size="1"><option value="">{--ADMIN_IS_TOP_MENU--}</option>';
@@ -708,7 +708,7 @@ function adminAddMenuSelectionBox ($menu, $type, $name, $default = '') {
                // Is this a PHP script?
                if ((!isDirectory($file)) && (isInString('' . $type . '-', $file)) && (isInString('.php', $file))) {
                        // Then test if the file is readable
-                       $test = sprintf("inc/modules/%s/%s", $menu, $file);
+                       $test = sprintf('inc/modules/%s/%s', $menu, $file);
 
                        // Is the file there?
                        if (isIncludeReadable($test)) {
@@ -802,7 +802,7 @@ function adminGetMenuMode () {
                incrementStatsEntry('cache_hits');
        } elseif (isExtensionInstalledAndNewer('admins', '0.6.7')) {
                // Load from database when version of 'admins' is enough
-               $result = sqlQueryEscaped("SELECT `la_mode` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1",
+               $result = sqlQueryEscaped('SELECT `la_mode` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1',
                        array($adminId), __FUNCTION__, __LINE__);
 
                // Is there an entry?
@@ -836,7 +836,7 @@ function adminChangeActivationStatus ($IDs, $table, $row, $idRow = 'id') {
                        // Should always be set... ;-)
                        if (!empty($selected)) {
                                // Determine new status
-                               $result = sqlQueryEscaped("SELECT %s FROM `{?_MYSQL_PREFIX?}_%s` WHERE %s=%s LIMIT 1",
+                               $result = sqlQueryEscaped('SELECT %s FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s`=%s LIMIT 1',
                                        array(
                                                $row,
                                                $table,
@@ -853,7 +853,7 @@ function adminChangeActivationStatus ($IDs, $table, $row, $idRow = 'id') {
                                        $newStatus = convertBooleanToYesNo(!($currStatus == 'Y'));
 
                                        // Change this status
-                                       sqlQueryEscaped("UPDATE `{?_MYSQL_PREFIX?}_%s` SET %s='%s' WHERE %s=%s LIMIT 1",
+                                       sqlQueryEscaped("UPDATE `{?_MYSQL_PREFIX?}_%s` SET `%s`='%s' WHERE `%s`=%s LIMIT 1",
                                                array(
                                                        $table,
                                                        $row,
@@ -903,10 +903,10 @@ function adminBuilderStatusHandler ($mode, $tableName, $columns, $filterFunction
        // "Walk" through all entries
        foreach (postRequestElement($idColumn[0]) as $id => $sel) {
                // Construct SQL query
-               $sql = sprintf("UPDATE `{?_MYSQL_PREFIX?}_%s` SET", sqlEscapeString($tableName[0]));
+               $sql = sprintf('UPDATE `{?_MYSQL_PREFIX?}_%s` SET', sqlEscapeString($tableName[0]));
 
                // Load data of entry
-               $result = sqlQueryEscaped("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s`=%s LIMIT 1",
+               $result = sqlQueryEscaped('SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s`=%s LIMIT 1',
                        array(
                                $tableName[0],
                                $idColumn[0],
@@ -952,7 +952,7 @@ function adminBuilderStatusHandler ($mode, $tableName, $columns, $filterFunction
                                // Are there brackets () at the end?
                                if (substr($entries[$id], -2, 2) == '()') {
                                        // Direct SQL command found
-                                       $sql .= sprintf(" `%s`=%s,", sqlEscapeString($key), sqlEscapeString($entries[$id]));
+                                       $sql .= sprintf(' `%s`=%s,', sqlEscapeString($key), sqlEscapeString($entries[$id]));
                                } else {
                                        // Add regular entry
                                        $sql .= sprintf(" `%s`='%s',", sqlEscapeString($key), sqlEscapeString($entries[$id]));