X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fwhat-extensions.php;h=a8181f2999675750fbd1b211011c091c21f555bc;hp=b6a7d366578062fb146f87654b9492e42d0292a1;hb=963e55ca1ea79e255f235e359cde9f7862191dc5;hpb=3f5269bfc3bc519223716d1ee2039ffc796931fb diff --git a/inc/modules/admin/what-extensions.php b/inc/modules/admin/what-extensions.php index b6a7d36657..a8181f2999 100644 --- a/inc/modules/admin/what-extensions.php +++ b/inc/modules/admin/what-extensions.php @@ -32,7 +32,7 @@ ************************************************************************/ // Some security stuff... -if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) { +if ((!defined('__SECURITY')) || (!IS_ADMIN())) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } @@ -44,7 +44,7 @@ global $cacheInstance, $cacheArray, $cacheMode; // Normally we want the overview of all registered extensions $do = "overview"; -$SEL = "0"; +$SEL = 0; if (!empty($_POST['sel'])) $SEL = SELECTION_COUNT($_POST['sel']); if (!empty($_GET['reg_ext'])) { @@ -53,7 +53,7 @@ if (!empty($_GET['reg_ext'])) { // The ID comes from task management and it is - of course - *not* the extension's name! } elseif ((isset($_POST['change'])) && ($SEL > 0) && (!IS_DEMO())) { // De-/activate extensions - foreach ($_POST['sel'] as $id=>$active) { + foreach ($_POST['sel'] as $id => $active) { // Shall we keep the extension always active? if ((isset($cacheArray['active_extensions'][GET_EXT_NAME($id)])) && ($cacheArray['active_extensions'][GET_EXT_NAME($id)] == "Y") && ($active == "N")) { // Keep this extension active! @@ -61,7 +61,7 @@ if (!empty($_GET['reg_ext'])) { // De/activate extension $ACT = "N"; $EXT_LOAD_MODE = "deactivate"; if ($active == "N") { $ACT = "Y"; $EXT_LOAD_MODE = "activate"; } - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='".$ACT."' WHERE id=%d AND ext_active='%s' LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='".$ACT."' WHERE id=%s AND ext_active='%s' LIMIT 1", array(bigintval($id), $active), __FILE__, __LINE__); // Run embeded SQL commands @@ -72,8 +72,8 @@ if (!empty($_GET['reg_ext'])) { // Change settings like CSS file load if (isset($_POST['modify'])) { // Change entries - $cacheInstance_UPDATE = "0"; - foreach ($_POST['sel'] as $id=>$sel) { + $cache_update = 0; + foreach ($_POST['sel'] as $id => $sel) { // Secure ID $id = bigintval($id); @@ -83,11 +83,11 @@ if (!empty($_GET['reg_ext'])) { $active = $_POST['active'][$id]; if (GET_EXT_VERSION("sql_patches") >= "0.0.6") { // Update also CSS column when extensions sql_patches is newer or exact v0.0.6 - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_has_css='%s', ext_active='%s' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_has_css='%s', ext_active='%s' WHERE id=%s LIMIT 1", array($_POST['css'][$id], $active, $id), __FILE__, __LINE__); } else { // When extension is older than v0.0.6 there is no column for the CSS information - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='%s' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='%s' WHERE id=%s LIMIT 1", array($active, $id), __FILE__, __LINE__); } @@ -109,17 +109,17 @@ if (!empty($_GET['reg_ext'])) { } else { // Edit selected entries $SW = "2"; $OUT = ""; - foreach ($_POST['sel'] as $id=>$sel) { + foreach ($_POST['sel'] as $id => $sel) { // Edit this extension? if (($sel == "Y") || ($sel == "N")) { // Load required data if (GET_EXT_VERSION("sql_patches") >= "0.0.6") { - $result = SQL_QUERY_ESC("SELECT ext_name, ext_has_css, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT ext_name, ext_has_css, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($name, $css, $active) = SQL_FETCHROW($result); SQL_FREERESULT($result); } else { - $result = SQL_QUERY_ESC("SELECT ext_name, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT ext_name, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($name, $active) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -153,7 +153,7 @@ if (!empty($_GET['reg_ext'])) { } elseif ((isset($_POST['delete'])) && ($SEL > 0) && (!IS_DEMO())) { // List extensions and when verbose is enabled SQL statements which will be executed $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $id=>$sel) { + foreach ($_POST['sel'] as $id => $sel) { // Init variables $VERBOSE_OUT = ""; $SQLs = array(); @@ -197,8 +197,8 @@ if (!empty($_GET['reg_ext'])) { $do = "delete"; } elseif ((isset($_POST['remove'])) && ($SEL > 0) && (!IS_DEMO())) { // Remove extensions from DB (you have to delete all files manually!) - $cacheInstance_UPDATE = "0"; - foreach ($_POST['sel'] as $id=>$active) { + $cache_update = 0; + foreach ($_POST['sel'] as $id => $active) { // Secure ID number $id = bigintval($id); @@ -291,13 +291,13 @@ case "register": // Register new extension // Is the ID number valid and the task was found? if (($id > 0) && ($task_found == 1)) { // ID is valid so begin with registration, we first want to it's real name from task management (subject column) - $result = SQL_QUERY_ESC("SELECT subject FROM "._MYSQL_PREFIX."_task_system WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT subject FROM "._MYSQL_PREFIX."_task_system WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($subj) = SQL_FETCHROW($result); SQL_FREERESULT($result); // Disable cache update by default - $cacheInstance_UPDATE = "0"; + $cache_update = 0; if (!empty($subj)) { // Extract extension's name from subject... $ext_name = trim(substr($subj, 1, strpos($subj, ":") - 1)); @@ -314,7 +314,10 @@ case "register": // Register new extension if ($cacheInstance->cache_file("config" , true)) $cacheInstance->cache_destroy(); if ($cacheInstance->cache_file("extensions", true)) $cacheInstance->cache_destroy(); if ($cacheInstance->cache_file("mod_reg" , true)) $cacheInstance->cache_destroy(); - } + } // END - if + } elseif (GET_EXT_VERSION($ext_name) != "") { + // Motify the admin that we have a problem here... + LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_REG_FAILED_ALREADY); } else { // Motify the admin that we have a problem here... LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_REG_FAILED_404); @@ -334,7 +337,7 @@ case "register": // Register new extension case "search": // Search for new extensions on our server // Get response from our server - $response = MXCHANGE_OPEN("extensions.php"); + $response = GET_URL("extensions.php"); // Are extensions found? if (($response[sizeof($response) - 1] == "[EOF]") && ($response[0] != "[EOF]")) @@ -351,7 +354,7 @@ case "search": // Search for new extensions on our server // Get count of extensions for validation $count = trim($response[sizeof($response) - 2]); - foreach ($response as $id=>$value) + foreach ($response as $id => $value) { $value = str_replace("\n", "", $value); $ver = ""; // Leave loop when data is invalid or EOF? @@ -366,7 +369,7 @@ case "search": // Search for new extensions on our server if (empty($cver)) $cver = "-.-"; // Is the extension already installed or not? - if (!file_exists($file) || ($ver != $cver)) + if (!FILE_READABLE($file) || ($ver != $cver)) { // No, it isn't. So let's add this one! $EXT_SEARCH['fname'][] = $name; @@ -380,7 +383,7 @@ case "search": // Search for new extensions on our server $INFO = ADMIN_EXT_NO_INFO_FOUND; // Trim every data line - foreach ($LANG_DUMMY as $k=>$v) + foreach ($LANG_DUMMY as $k => $v) { $v = trim($v); if (substr($v, 3) == "") $v = "---"; @@ -409,7 +412,7 @@ case "search": // Search for new extensions on our server // Extensions where found which are not downloaded and installed $SW = 2; $OUT = ""; $TSIZE = 0; - foreach ($EXT_SEARCH['fname'] as $id=>$name) + foreach ($EXT_SEARCH['fname'] as $id => $name) { // Generate download link $LINK = SERVER_URL."/extensions/ext-".$name.".zip";