Fixes for stripped HTML tags, and false warnings in debug log

[mailer.git] / inc / modules / admin / what-config_payouts.php

diff --git a/inc/modules/admin/what-config_payouts.php b/inc/modules/admin/what-config_payouts.php
index 8ba924fe487977fa33abca44ebf42b33ada085d7..d15f8ae59fc5c8b0bafe00ebad6f048ea9698c2d 100644 (file)
--- a/inc/modules/admin/what-config_payouts.php
+++ b/inc/modules/admin/what-config_payouts.php
@@ -40,30 +40,30 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (!empty($_POST['rate'])) $_POST['rate'] = REVERT_COMMA($_POST['rate']);
+if (REQUEST_ISSET_POST(('rate'))) REQUEST_SET_POST('rate', REVERT_COMMA(REQUEST_POST('rate')));
 
-if ((isset($_POST['add'])) && (!empty($_POST['title'])) && ($_POST['rate'] > 0)) {
+if ((REQUEST_ISSET_POST(('add'))) && (REQUEST_ISSET_POST(('title'))) && (REQUEST_POST('rate') > 0)) {
        // Add new payout type
        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_payout_types` WHERE type='%s' LIMIT 1",
-               array($_POST['title']), __FILE__, __LINE__);
+               array(REQUEST_POST('title')), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 0) {
                // Add now
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_payout_types`
 (type, rate, min_points, from_account, from_pass, engine_url, engine_ret_ok, engine_ret_failed, pass_enc, allow_url)
 VALUES ('%s', %d, %d,'%s','%s','%s','%s','%s','%s','%s')",
  array(
-       $_POST['title'],
-       bigintval($_POST['rate']),
-       bigintval($_POST['mpoi']),
-       $_POST['yacc'],
-       $_POST['ypass'],
-       $_POST['yurl'],
-       $_POST['yrdone'],
-       $_POST['yrfailed'],
-       $_POST['ytrans'],
-       $_POST['allow_url'],
+       REQUEST_POST('title'),
+       bigintval(REQUEST_POST('rate')),
+       bigintval(REQUEST_POST('mpoi')),
+       REQUEST_POST('yacc'),
+       REQUEST_POST('ypass'),
+       REQUEST_POST('yurl'),
+       REQUEST_POST('yrdone'),
+       REQUEST_POST('yrfailed'),
+       REQUEST_POST('ytrans'),
+       REQUEST_POST('allow_url'),
 ), __FILE__, __LINE__);
-               $msg = ADMIN_PAYOUT_TYPE_ADDED;
+               $msg = getMessage('ADMIN_PAYOUT_TYPE_ADDED');
        } else {
                // Free memory
                SQL_FREERESULT($result);
@@ -77,16 +77,16 @@ VALUES ('%s', %d, %d,'%s','%s','%s','%s','%s','%s','%s')",
 $result_mem = SQL_QUERY("SELECT id FROM `{!_MYSQL_PREFIX!}_user_payouts` WHERE `status`='NEW' ORDER BY payout_timestamp DESC", __FILE__, __LINE__);
 
 $display = true;
-if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0)) {
+if ((REQUEST_ISSET_POST(('edit'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) {
        // Edit payout types
-       if ((isset($_GET['ok'])) && ($_GET['ok'] == "ok")) {
+       if ((REQUEST_ISSET_GET('ok')) && (REQUEST_GET('ok') == "ok")) {
                // Edit entries
-               foreach ($_POST['sel'] as $id => $sel) {
+               foreach (REQUEST_POST('sel') as $id => $sel) {
                        // Secure ID
                        $id = bigintval($id);
 
                        // Edit only if something is entered
-                       if ((!empty($_POST['title'][$id])) && ($_POST['rate'][$id] > 0)) {
+                       if ((REQUEST_ISSET_POST(('title', $id))) && (REQUEST_POST('rate', $id) > 0)) {
                                // Update entry
                                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_payout_types` SET
 type='%s',
@@ -95,18 +95,18 @@ min_points=%s,
 allow_url='%s'
 WHERE id='".$id."' LIMIT 1",
  array(
-       $_POST['title'][$id],
-       bigintval(REVERT_COMMA($_POST['rate'][$id])),
-       bigintval(REVERT_COMMA($_POST['mpoi'][$id])),
-       $_POST['allow'][$id],
+       REQUEST_POST('title', $id),
+       bigintval(REVERT_COMMA(REQUEST_POST('rate', $id))),
+       bigintval(REVERT_COMMA(REQUEST_POST('mpoi' , $id))),
+       REQUEST_POST('allow', $id),
 ),__FILE__, __LINE__);
                        }
                }
-               $msg = ADMIN_PAYOUT_ENTRIES_CHANGED;
+               $msg = getMessage('ADMIN_PAYOUT_ENTRIES_CHANGED');
        } else {
                $display = false; //Suppress any other outputs
                $SW = 2; $OUT = "";
-               foreach ($_POST['sel'] as $id => $sel) {
+               foreach (REQUEST_POST('sel') as $id => $sel) {
                        // Load data
                        $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM `{!_MYSQL_PREFIX!}_payout_types` WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
@@ -132,11 +132,11 @@ WHERE id='".$id."' LIMIT 1",
                // Load main template
                LOAD_TEMPLATE("admin_config_payouts_edit");
        }
-} elseif ((isset($_POST['del'])) && (SELECTION_COUNT($_POST['sel']) > 0)) {
+} elseif ((REQUEST_ISSET_POST(('del'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) {
        // Delete payout types
-       if ((isset($_GET['ok'])) && ($_GET['ok'] == "ok")) {
+       if ((REQUEST_ISSET_GET('ok')) && (REQUEST_GET('ok') == "ok")) {
                // Delete entries
-               foreach ($_POST['sel'] as $id => $sel) {
+               foreach (REQUEST_POST('sel') as $id => $sel) {
                        SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_payout_types` WHERE id=%s LIMIT 1",
                                array(bigintval($id)), __FILE__, __LINE__);
                }
@@ -144,7 +144,7 @@ WHERE id='".$id."' LIMIT 1",
        } else {
                $display = false; //Suppress any other outputs
                $SW = 2; $OUT = "";
-               foreach ($_POST['sel'] as $id => $sel) {
+               foreach (REQUEST_POST('sel') as $id => $sel) {
                        // Secure ID number
                        $id = bigintval($id);