Fixes for #113, task texts where too much secured, resolved

diff --git a/inc/db/lib-mysql3.php b/inc/db/lib-mysql3.php
index 024908a9dfd667b11b173194445d1ee11bbca816..e0c63d2f0198c9a3fe09bcfa1c6757f98fbed5fe 100644 (file)
--- a/inc/db/lib-mysql3.php
+++ b/inc/db/lib-mysql3.php
@@ -242,7 +242,7 @@ function SQL_FREERESULT ($result) {
 }
 
 // SQL string escaping
 }
 
 // SQL string escaping

-function SQL_QUERY_ESC ($qstring, $data, $F, $L, $run=true, $strip=true) {
+function SQL_QUERY_ESC ($qstring, $data, $F, $L, $run=true, $strip=true, $secure=true) {

        // Link is there?
        if (!SQL_IS_LINK_UP()) return false;
 
        // Link is there?
        if (!SQL_IS_LINK_UP()) return false;
 


@@ -255,10 +255,16 @@ function SQL_QUERY_ESC ($qstring, $data, $F, $L, $run=true, $strip=true) {
                $strip = "false";
        }
 
                $strip = "false";
        }
 

+       if ($secure === true) {
+               $secure = "true";
+       } else {
+               $secure = "false";
+       }
+

        $eval = "\$query = sprintf(\"".$qstring."\"";
        foreach ($data as $var) {
                if ((!empty($var)) || ($var === 0)) {
        $eval = "\$query = sprintf(\"".$qstring."\"";
        foreach ($data as $var) {
                if ((!empty($var)) || ($var === 0)) {

-                       $eval .= ", SQL_ESCAPE(\"".$var."\",true,".$strip.")";
+                       $eval .= ", SQL_ESCAPE(\"".$var."\", ".$secure.", ".$strip.")";

                } else {
                        $eval .= ", ''";
                }
                } else {
                        $eval .= ", ''";
                }

diff --git a/inc/extensions.php b/inc/extensions.php
index c2dd63532587979c36cb430edb314d9e68df397a..609af2b242d05b2f64fa294cfc57ff0348cc3093 100644 (file)
--- a/inc/extensions.php
+++ b/inc/extensions.php
@@ -746,7 +746,7 @@ function CREATE_NEW_EXTENSION_TASK ($admin_id, $subject, $ext) {
                // Load text for task if found
                if (FILE_READABLE($tpl)) {
                        // Load extension's own text template (HTML!)
                // Load text for task if found
                if (FILE_READABLE($tpl)) {
                        // Load extension's own text template (HTML!)

-                       $msg = LOAD_TEMPLATE("ext_".$ext, true);
+                       $msg = LOAD_TEMPLATE("ext_" . $ext, true);

                } else {
                        // Write this in debug.log as well
                        DEBUG_LOG(__FUNCTION__, __LINE__, $msg);
                } else {
                        // Write this in debug.log as well
                        DEBUG_LOG(__FUNCTION__, __LINE__, $msg);


@@ -754,12 +754,12 @@ function CREATE_NEW_EXTENSION_TASK ($admin_id, $subject, $ext) {
 
                // Task not created so it's a brand-new extension which we need to register and create a task for!
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_task_system` (assigned_admin, userid, status, task_type, subject, text, task_created)
 
                // Task not created so it's a brand-new extension which we need to register and create a task for!
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_task_system` (assigned_admin, userid, status, task_type, subject, text, task_created)

-VALUES (%s,0,'NEW','EXTENSION','%s','%s',UNIX_TIMESTAMP())",
+VALUES (%s, 0, 'NEW', 'EXTENSION', '%s', '%s', UNIX_TIMESTAMP())",

                        array(
                                $admin_id,
                                $subject,
                        array(
                                $admin_id,
                                $subject,

-                               SQL_ESCAPE($msg),
-                       ),  __FUNCTION__, __LINE__, true, false
+                               smartAddSlashes($msg),
+                       ),  __FUNCTION__, __LINE__, true, false, false

                );
        } // END - if
 }
                );
        } // END - if
 }


@@ -773,7 +773,7 @@ function CREATE_EXTENSION_DEACTIVATION_TASK ($ext) {
        if ((DETERMINE_TASK_ID_BY_SUBJECT($subject) == 0) && (GET_EXT_VERSION($ext) != "")) {
                // Task not created so add it
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_task_system` (assigned_admin, userid, status, task_type, subject, text, task_created)
        if ((DETERMINE_TASK_ID_BY_SUBJECT($subject) == 0) && (GET_EXT_VERSION($ext) != "")) {
                // Task not created so add it
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_task_system` (assigned_admin, userid, status, task_type, subject, text, task_created)

-VALUES (0,0,'NEW','EXTENSION_DEACTIVATION','%s','%s',UNIX_TIMESTAMP())",
+VALUES (0, 0, 'NEW', 'EXTENSION_DEACTIVATION', '%s', '%s', UNIX_TIMESTAMP())",

                        array(
                                $subject,
                                SQL_ESCAPE(LOAD_TEMPLATE("task_ext_deactivated", true, $ext)),
                        array(
                                $subject,
                                SQL_ESCAPE(LOAD_TEMPLATE("task_ext_deactivated", true, $ext)),

diff --git a/inc/modules/admin/overview-inc.php b/inc/modules/admin/overview-inc.php
index 0ffec8391190adf76fed5d029ffb72774d6a6754..6840cbe603d36df4ebe92fe6969c4aff999af256 100644 (file)
--- a/inc/modules/admin/overview-inc.php
+++ b/inc/modules/admin/overview-inc.php
@@ -383,7 +383,6 @@ function OUTPUT_SELECTED_TASKS ($POST, $result_tasks) {
                } // END - if
 
                // There are uncompleted jobs!
                } // END - if
 
                // There are uncompleted jobs!

-               // @TODO Rewrite this to one template and use $OUT = ...

                $OUT = ""; $SW = 2;
                while ($content = SQL_FETCHARRAY($result_tasks)) {
                        // Init infos
                $OUT = ""; $SW = 2;
                while ($content = SQL_FETCHARRAY($result_tasks)) {
                        // Init infos