Security line in all includes changed
[mailer.git] / inc / modules / admin / what-extensions.php
index b6a7d36..a8181f2 100644 (file)
@@ -32,7 +32,7 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) {
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }
@@ -44,7 +44,7 @@ global $cacheInstance, $cacheArray, $cacheMode;
 
 // Normally we want the overview of all registered extensions
 $do = "overview";
-$SEL = "0";
+$SEL = 0;
 if (!empty($_POST['sel'])) $SEL = SELECTION_COUNT($_POST['sel']);
 
 if (!empty($_GET['reg_ext'])) {
@@ -53,7 +53,7 @@ if (!empty($_GET['reg_ext'])) {
        // The ID comes from task management and it is - of course - *not* the extension's name!
 } elseif ((isset($_POST['change'])) && ($SEL > 0) && (!IS_DEMO())) {
        // De-/activate extensions
-       foreach ($_POST['sel'] as $id=>$active) {
+       foreach ($_POST['sel'] as $id => $active) {
                // Shall we keep the extension always active?
                if ((isset($cacheArray['active_extensions'][GET_EXT_NAME($id)])) && ($cacheArray['active_extensions'][GET_EXT_NAME($id)] == "Y") && ($active == "N")) {
                        // Keep this extension active!
@@ -61,7 +61,7 @@ if (!empty($_GET['reg_ext'])) {
                        // De/activate extension
                        $ACT = "N"; $EXT_LOAD_MODE = "deactivate";
                        if ($active == "N") { $ACT = "Y"; $EXT_LOAD_MODE = "activate"; }
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='".$ACT."' WHERE id=%d AND ext_active='%s' LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='".$ACT."' WHERE id=%s AND ext_active='%s' LIMIT 1",
                         array(bigintval($id), $active), __FILE__, __LINE__);
 
                        // Run embeded SQL commands
@@ -72,8 +72,8 @@ if (!empty($_GET['reg_ext'])) {
        // Change settings like CSS file load
        if (isset($_POST['modify'])) {
                // Change entries
-               $cacheInstance_UPDATE = "0";
-               foreach ($_POST['sel'] as $id=>$sel) {
+               $cache_update = 0;
+               foreach ($_POST['sel'] as $id => $sel) {
                        // Secure ID
                        $id = bigintval($id);
 
@@ -83,11 +83,11 @@ if (!empty($_GET['reg_ext'])) {
                                $active = $_POST['active'][$id];
                                if (GET_EXT_VERSION("sql_patches") >= "0.0.6")  {
                                        // Update also CSS column when extensions sql_patches is newer or exact v0.0.6
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_has_css='%s', ext_active='%s' WHERE id=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_has_css='%s', ext_active='%s' WHERE id=%s LIMIT 1",
                                         array($_POST['css'][$id], $active, $id), __FILE__, __LINE__);
                                } else {
                                        // When extension is older than v0.0.6 there is no column for the CSS information
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='%s' WHERE id=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='%s' WHERE id=%s LIMIT 1",
                                         array($active, $id), __FILE__, __LINE__);
                                }
 
@@ -109,17 +109,17 @@ if (!empty($_GET['reg_ext'])) {
        } else {
                // Edit selected entries
                $SW = "2"; $OUT = "";
-               foreach ($_POST['sel'] as $id=>$sel) {
+               foreach ($_POST['sel'] as $id => $sel) {
                        // Edit this extension?
                        if (($sel == "Y") || ($sel == "N")) {
                                // Load required data
                                if (GET_EXT_VERSION("sql_patches") >= "0.0.6") {
-                                       $result = SQL_QUERY_ESC("SELECT ext_name, ext_has_css, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("SELECT ext_name, ext_has_css, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%s LIMIT 1",
                                         array(bigintval($id)), __FILE__, __LINE__);
                                        list($name, $css, $active) = SQL_FETCHROW($result);
                                        SQL_FREERESULT($result);
                                } else {
-                                       $result = SQL_QUERY_ESC("SELECT ext_name, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("SELECT ext_name, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%s LIMIT 1",
                                         array(bigintval($id)), __FILE__, __LINE__);
                                        list($name, $active) = SQL_FETCHROW($result);
                                        SQL_FREERESULT($result);
@@ -153,7 +153,7 @@ if (!empty($_GET['reg_ext'])) {
 } elseif ((isset($_POST['delete'])) && ($SEL > 0) && (!IS_DEMO())) {
        // List extensions and when verbose is enabled SQL statements which will be executed
        $SW = 2; $OUT = "";
-       foreach ($_POST['sel'] as $id=>$sel) {
+       foreach ($_POST['sel'] as $id => $sel) {
                // Init variables
                $VERBOSE_OUT = ""; $SQLs = array();
 
@@ -197,8 +197,8 @@ if (!empty($_GET['reg_ext'])) {
        $do = "delete";
 } elseif ((isset($_POST['remove'])) && ($SEL > 0) && (!IS_DEMO())) {
        // Remove extensions from DB (you have to delete all files manually!)
-       $cacheInstance_UPDATE = "0";
-       foreach ($_POST['sel'] as $id=>$active) {
+       $cache_update = 0;
+       foreach ($_POST['sel'] as $id => $active) {
                // Secure ID number
                $id = bigintval($id);
 
@@ -291,13 +291,13 @@ case "register": // Register new extension
        // Is the ID number valid and the task was found?
        if (($id > 0) && ($task_found == 1)) {
                // ID is valid so begin with registration, we first want to it's real name from task management (subject column)
-               $result = SQL_QUERY_ESC("SELECT subject FROM "._MYSQL_PREFIX."_task_system WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT subject FROM "._MYSQL_PREFIX."_task_system WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($subj) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
 
                // Disable cache update by default
-               $cacheInstance_UPDATE = "0";
+               $cache_update = 0;
                if (!empty($subj)) {
                        // Extract extension's name from subject...
                        $ext_name = trim(substr($subj, 1, strpos($subj, ":") - 1));
@@ -314,7 +314,10 @@ case "register": // Register new extension
                                        if ($cacheInstance->cache_file("config"    , true)) $cacheInstance->cache_destroy();
                                        if ($cacheInstance->cache_file("extensions", true)) $cacheInstance->cache_destroy();
                                        if ($cacheInstance->cache_file("mod_reg"   , true)) $cacheInstance->cache_destroy();
-                               }
+                               } // END - if
+                       } elseif (GET_EXT_VERSION($ext_name) != "") {
+                               // Motify the admin that we have a problem here...
+                               LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_REG_FAILED_ALREADY);
                        } else {
                                // Motify the admin that we have a problem here...
                                LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_REG_FAILED_404);
@@ -334,7 +337,7 @@ case "register": // Register new extension
 
 case "search": // Search for new extensions on our server
        // Get response from our server
-       $response = MXCHANGE_OPEN("extensions.php");
+       $response = GET_URL("extensions.php");
 
        // Are extensions found?
        if (($response[sizeof($response) - 1] == "[EOF]") && ($response[0] != "[EOF]"))
@@ -351,7 +354,7 @@ case "search": // Search for new extensions on our server
 
                // Get count of extensions for validation
                $count = trim($response[sizeof($response) - 2]);
-               foreach ($response as $id=>$value)
+               foreach ($response as $id => $value)
                {
                        $value = str_replace("\n", "", $value); $ver = "";
                        // Leave loop when data is invalid or EOF?
@@ -366,7 +369,7 @@ case "search": // Search for new extensions on our server
                                if (empty($cver)) $cver = "-.-";
 
                                // Is the extension already installed or not?
-                               if (!file_exists($file) || ($ver != $cver))
+                               if (!FILE_READABLE($file) || ($ver != $cver))
                                {
                                        // No, it isn't. So let's add this one!
                                        $EXT_SEARCH['fname'][]  = $name;
@@ -380,7 +383,7 @@ case "search": // Search for new extensions on our server
                                        $INFO = ADMIN_EXT_NO_INFO_FOUND;
 
                                        // Trim every data line
-                                       foreach ($LANG_DUMMY as $k=>$v)
+                                       foreach ($LANG_DUMMY as $k => $v)
                                        {
                                                $v = trim($v);
                                                if (substr($v, 3) == "") $v = "---";
@@ -409,7 +412,7 @@ case "search": // Search for new extensions on our server
 
                        // Extensions where found which are not downloaded and installed
                        $SW = 2; $OUT = ""; $TSIZE = 0;
-                       foreach ($EXT_SEARCH['fname'] as $id=>$name)
+                       foreach ($EXT_SEARCH['fname'] as $id => $name)
                        {
                                // Generate download link
                                $LINK = SERVER_URL."/extensions/ext-".$name.".zip";