Security line in all includes changed
[mailer.git] / inc / modules / admin / what-extensions.php
index d574a54..a8181f2 100644 (file)
@@ -32,7 +32,7 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) {
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }
@@ -40,11 +40,11 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", basename(__FILE__));
 
-global $CACHE, $KEEP_ACTIVE, $CACHE_FILE;
+global $cacheInstance, $cacheArray, $cacheMode;
 
 // Normally we want the overview of all registered extensions
 $do = "overview";
-$SEL = "0";
+$SEL = 0;
 if (!empty($_POST['sel'])) $SEL = SELECTION_COUNT($_POST['sel']);
 
 if (!empty($_GET['reg_ext'])) {
@@ -53,15 +53,15 @@ if (!empty($_GET['reg_ext'])) {
        // The ID comes from task management and it is - of course - *not* the extension's name!
 } elseif ((isset($_POST['change'])) && ($SEL > 0) && (!IS_DEMO())) {
        // De-/activate extensions
-       foreach ($_POST['sel'] as $id=>$active) {
+       foreach ($_POST['sel'] as $id => $active) {
                // Shall we keep the extension always active?
-               if ((isset($KEEP_ACTIVE[GET_EXT_NAME($id)])) && ($KEEP_ACTIVE[GET_EXT_NAME($id)] == "Y") && ($active == "N")) {
+               if ((isset($cacheArray['active_extensions'][GET_EXT_NAME($id)])) && ($cacheArray['active_extensions'][GET_EXT_NAME($id)] == "Y") && ($active == "N")) {
                        // Keep this extension active!
                } else {
                        // De/activate extension
                        $ACT = "N"; $EXT_LOAD_MODE = "deactivate";
                        if ($active == "N") { $ACT = "Y"; $EXT_LOAD_MODE = "activate"; }
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='".$ACT."' WHERE id=%d AND ext_active='%s' LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='".$ACT."' WHERE id=%s AND ext_active='%s' LIMIT 1",
                         array(bigintval($id), $active), __FILE__, __LINE__);
 
                        // Run embeded SQL commands
@@ -72,8 +72,8 @@ if (!empty($_GET['reg_ext'])) {
        // Change settings like CSS file load
        if (isset($_POST['modify'])) {
                // Change entries
-               $CACHE_UPDATE = "0";
-               foreach ($_POST['sel'] as $id=>$sel) {
+               $cache_update = 0;
+               foreach ($_POST['sel'] as $id => $sel) {
                        // Secure ID
                        $id = bigintval($id);
 
@@ -83,18 +83,18 @@ if (!empty($_GET['reg_ext'])) {
                                $active = $_POST['active'][$id];
                                if (GET_EXT_VERSION("sql_patches") >= "0.0.6")  {
                                        // Update also CSS column when extensions sql_patches is newer or exact v0.0.6
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_has_css='%s', ext_active='%s' WHERE id=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_has_css='%s', ext_active='%s' WHERE id=%s LIMIT 1",
                                         array($_POST['css'][$id], $active, $id), __FILE__, __LINE__);
                                } else {
                                        // When extension is older than v0.0.6 there is no column for the CSS information
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='%s' WHERE id=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='%s' WHERE id=%s LIMIT 1",
                                         array($active, $id), __FILE__, __LINE__);
                                }
 
                                // Run SQLs on activation / deactivation
                                switch ($active) {
-                                       case "Y": $EXT_LOAD_MODE = "activate";   break;
-                                       case "N": $EXT_LOAD_MODE = "deactivate"; break;
+                                       case 'Y': $EXT_LOAD_MODE = "activate";   break;
+                                       case 'N': $EXT_LOAD_MODE = "deactivate"; break;
                                }
 
                                // Run embeded SQL commands
@@ -103,23 +103,23 @@ if (!empty($_GET['reg_ext'])) {
                }
 
                // Extensions changed
-               OUTPUT_HTML ("<P align=\"center\">");
+               OUTPUT_HTML("<P align=\"center\">");
                LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_EXT_CHANGED);
-               OUTPUT_HTML ("</P>");
+               OUTPUT_HTML("</P>");
        } else {
                // Edit selected entries
                $SW = "2"; $OUT = "";
-               foreach ($_POST['sel'] as $id=>$sel) {
+               foreach ($_POST['sel'] as $id => $sel) {
                        // Edit this extension?
                        if (($sel == "Y") || ($sel == "N")) {
                                // Load required data
                                if (GET_EXT_VERSION("sql_patches") >= "0.0.6") {
-                                       $result = SQL_QUERY_ESC("SELECT ext_name, ext_has_css, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("SELECT ext_name, ext_has_css, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%s LIMIT 1",
                                         array(bigintval($id)), __FILE__, __LINE__);
                                        list($name, $css, $active) = SQL_FETCHROW($result);
                                        SQL_FREERESULT($result);
                                } else {
-                                       $result = SQL_QUERY_ESC("SELECT ext_name, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("SELECT ext_name, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%s LIMIT 1",
                                         array(bigintval($id)), __FILE__, __LINE__);
                                        list($name, $active) = SQL_FETCHROW($result);
                                        SQL_FREERESULT($result);
@@ -143,7 +143,7 @@ if (!empty($_GET['reg_ext'])) {
                                $OUT .= LOAD_TEMPLATE("admin_extensions_edit_row", true, $content);
                                $SW = 3 - $SW;
                        }
-               }
+               } // END - foreach
                define('__EXTENSIONS_ROWS', $OUT);
 
                // Load template
@@ -153,25 +153,29 @@ if (!empty($_GET['reg_ext'])) {
 } elseif ((isset($_POST['delete'])) && ($SEL > 0) && (!IS_DEMO())) {
        // List extensions and when verbose is enabled SQL statements which will be executed
        $SW = 2; $OUT = "";
-       foreach ($_POST['sel'] as $id=>$sel) {
+       foreach ($_POST['sel'] as $id => $sel) {
+               // Init variables
                $VERBOSE_OUT = ""; $SQLs = array();
-               // Load extension's data
-               $result = SQL_QUERY_ESC("SELECT ext_name, ext_version FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1",
-                array(bigintval($id)), __FILE__, __LINE__);
-               list($ext_name, $ext_ver) = SQL_FETCHROW($result);
+
+               // Secure id number
+               $id = bigintval($id);
+
+               // Get extension name
+               $ext_name = GET_EXT_NAME($id);
+               $ext_ver = GET_EXT_VERSION($ext_name);
 
                // Free the result
                SQL_FREERESULT($result);
 
-               if ($CONFIG['verbose_sql']) {
+               if ($_CONFIG['verbose_sql']) {
                        // Load SQL commands in remove mode
                        $EXT_LOAD_MODE = "remove";
-                       $file = sprintf(PATH."inc/extensions/ext-%s.php", $ext_name);
+                       $file = sprintf("%sinc/extensions/ext-%s.php", PATH, $ext_name);
                        include($file);
 
                        // Generate extra table with loaded SQL commands
                        $VERBOSE_OUT = EXTENSION_VERBOSE_TABLE($SQLs);
-               }
+               } // END - if
 
                // Prepare data for the row template
                $content = array(
@@ -185,7 +189,7 @@ if (!empty($_GET['reg_ext'])) {
                // Load row template and switch color
                $OUT .= LOAD_TEMPLATE("admin_extensions_delete_row", true, $content);
                $SW = 3 - $SW;
-       }
+       } // END - foreach
        define('__EXTENSIONS_ROWS', $OUT);
 
        // Load template
@@ -193,8 +197,8 @@ if (!empty($_GET['reg_ext'])) {
        $do = "delete";
 } elseif ((isset($_POST['remove'])) && ($SEL > 0) && (!IS_DEMO())) {
        // Remove extensions from DB (you have to delete all files manually!)
-       $CACHE_UPDATE = "0";
-       foreach ($_POST['sel'] as $id=>$active) {
+       $cache_update = 0;
+       foreach ($_POST['sel'] as $id => $active) {
                // Secure ID number
                $id = bigintval($id);
 
@@ -202,12 +206,8 @@ if (!empty($_GET['reg_ext'])) {
                if ($active == 1) {
                        // Run embeded SQL commands
                        EXTENSION_RUN_SQLS($id, "remove");
-
-                       // Delete this extension (remember to remove it from your server *before* you click on welcome!
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1",
-                        array(bigintval($id)), __FILE__, __LINE__);
-               }
-       }
+               } // END - if
+       } // END - foreach
 } elseif (!empty($_GET['do']) && (!IS_DEMO())) {
        // Other things to do
        $do = SQL_ESCAPE(strip_tags($_GET['do']));
@@ -220,7 +220,7 @@ if (!empty($_GET['reg_ext'])) {
 $where = "";
 if (!empty($_GET['active'])) {
        $where = sprintf("WHERE ext_active = '%s'", SQL_ESCAPE(strip_tags($_GET['active'])));
-}
+} // END - if
 
 // Case selection
 switch ($do) {
@@ -277,12 +277,12 @@ case "overview": // List all registered extensions
                LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_NO_EXTENSION_REGISTERED."</FONT>");
        }
        // Link for checking for new or updated extensions
-       OUTPUT_HTML ("<BR><A href=\"".URL."/modules.php?module=admin&amp;what=extensions&amp;do=search\">".ADMIN_SEARCH_NEW_EXTENSIONS."</A>");
+       OUTPUT_HTML("<br /><A href=\"".URL."/modules.php?module=admin&amp;what=extensions&amp;do=search\">".ADMIN_SEARCH_NEW_EXTENSIONS."</A>");
        break;
 
 case "register": // Register new extension
        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin='%s' AND task_type='EXTENSION' LIMIT 1",
-        array(bigintval(GET_ADMIN_ID($_COOKIE['admin_login']))), __FILE__, __LINE__);
+        array(bigintval(GET_ADMIN_ID(get_session('admin_login')))), __FILE__, __LINE__);
        $task_found = SQL_NUMROWS($result);
 
        // Free result
@@ -291,28 +291,33 @@ case "register": // Register new extension
        // Is the ID number valid and the task was found?
        if (($id > 0) && ($task_found == 1)) {
                // ID is valid so begin with registration, we first want to it's real name from task management (subject column)
-               $result = SQL_QUERY_ESC("SELECT subject FROM "._MYSQL_PREFIX."_task_system WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT subject FROM "._MYSQL_PREFIX."_task_system WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($subj) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
 
                // Disable cache update by default
-               $CACHE_UPDATE = "0";
+               $cache_update = 0;
                if (!empty($subj)) {
                        // Extract extension's name from subject...
                        $ext_name = trim(substr($subj, 1, strpos($subj, ":") - 1));
 
                        // ... so we can finally register and load it in registration mode
                        $status = EXTENSION_REGISTER($ext_name, $id);
-                       if ($status) {
+                       if ($status == true) {
                                // Extension was found and successfully registered
                                LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_EXTENSION_REGISTERED);
 
                                // Do we need to update cache file?
-                               if ((EXT_IS_ACTIVE("cache")) && ($CACHE_FILE != "no")) {
+                               if ((EXT_IS_ACTIVE("cache")) && ($cacheMode != "no")) {
                                        // Remove cache file (will be auto-created again!)
-                                       if ($CACHE->cache_file("extensions", true)) $CACHE->cache_destroy();
-                               }
+                                       if ($cacheInstance->cache_file("config"    , true)) $cacheInstance->cache_destroy();
+                                       if ($cacheInstance->cache_file("extensions", true)) $cacheInstance->cache_destroy();
+                                       if ($cacheInstance->cache_file("mod_reg"   , true)) $cacheInstance->cache_destroy();
+                               } // END - if
+                       } elseif (GET_EXT_VERSION($ext_name) != "") {
+                               // Motify the admin that we have a problem here...
+                               LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_REG_FAILED_ALREADY);
                        } else {
                                // Motify the admin that we have a problem here...
                                LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_REG_FAILED_404);
@@ -332,7 +337,7 @@ case "register": // Register new extension
 
 case "search": // Search for new extensions on our server
        // Get response from our server
-       $response = MXCHANGE_OPEN("extensions.php");
+       $response = GET_URL("extensions.php");
 
        // Are extensions found?
        if (($response[sizeof($response) - 1] == "[EOF]") && ($response[0] != "[EOF]"))
@@ -349,14 +354,14 @@ case "search": // Search for new extensions on our server
 
                // Get count of extensions for validation
                $count = trim($response[sizeof($response) - 2]);
-               foreach ($response as $id=>$value)
+               foreach ($response as $id => $value)
                {
                        $value = str_replace("\n", "", $value); $ver = "";
                        // Leave loop when data is invalid or EOF?
                        if ((substr($value, 0, 4) == "ext-") && (substr($value, -4) == ".zip"))
                        {
                                $name = substr($value, 4, -4);
-                               $file = sprintf(PATH."inc/extensions/ext-%s.php", $name);
+                               $file = sprintf("%sinc/extensions/ext-%s.php", PATH, $name);
                                $ver = trim(substr($response[$id + 3], 4));
 
                                // Load current extension's version
@@ -364,7 +369,7 @@ case "search": // Search for new extensions on our server
                                if (empty($cver)) $cver = "-.-";
 
                                // Is the extension already installed or not?
-                               if (!file_exists($file) || ($ver != $cver))
+                               if (!FILE_READABLE($file) || ($ver != $cver))
                                {
                                        // No, it isn't. So let's add this one!
                                        $EXT_SEARCH['fname'][]  = $name;
@@ -378,7 +383,7 @@ case "search": // Search for new extensions on our server
                                        $INFO = ADMIN_EXT_NO_INFO_FOUND;
 
                                        // Trim every data line
-                                       foreach ($LANG_DUMMY as $k=>$v)
+                                       foreach ($LANG_DUMMY as $k => $v)
                                        {
                                                $v = trim($v);
                                                if (substr($v, 3) == "") $v = "---";
@@ -407,7 +412,7 @@ case "search": // Search for new extensions on our server
 
                        // Extensions where found which are not downloaded and installed
                        $SW = 2; $OUT = ""; $TSIZE = 0;
-                       foreach ($EXT_SEARCH['fname'] as $id=>$name)
+                       foreach ($EXT_SEARCH['fname'] as $id => $name)
                        {
                                // Generate download link
                                $LINK = SERVER_URL."/extensions/ext-".$name.".zip";
@@ -422,7 +427,7 @@ case "search": // Search for new extensions on our server
                                        'link'    => $LINK,
                                        'last'    => MAKE_DATETIME($EXT_SEARCH['fctime'][$id], "2"),
                                        'size'    => TRANSLATE_COMMA(round($EXT_SEARCH['fsize'][$id] / 1.024) / 1000),
-                                       'info'    => stripslashes($EXT_SEARCH['infos'][$id]),
+                                       'info'    => $EXT_SEARCH['infos'][$id],
                                );
 
                                // Load row template add current size to total size and switch color