From: Roland Häder Date: Sat, 6 Sep 2008 19:51:38 +0000 (+0000) Subject: More fixes for surfbar, SQL_QUERY_ESC() now escapes zeros X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=commitdiff_plain;h=e0c325d3886bfff13a50a06cfedf9a8da24b2598 More fixes for surfbar, SQL_QUERY_ESC() now escapes zeros --- diff --git a/inc/db/lib-mysql3.php b/inc/db/lib-mysql3.php index a49a60f109..9bf9d9eaf9 100644 --- a/inc/db/lib-mysql3.php +++ b/inc/db/lib-mysql3.php @@ -203,7 +203,7 @@ function SQL_QUERY_ESC($qstring, $data, $file, $line, $run=true, $strip=true) { global $link; $eval = "\$query = sprintf(\"".$qstring."\""; foreach ($data as $var) { - if (!empty($var)) { + if ((!empty($var)) || ($var === 0)) { if ($strip) { $eval .= ", SQL_ESCAPE(\"".strip_tags($var)."\")"; } else { diff --git a/inc/functions.php b/inc/functions.php index 64ff243e2e..da970eb6f5 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -33,7 +33,7 @@ // Some security stuff... if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { - $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; + $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php"; require($INC); } @@ -140,7 +140,7 @@ function OUTPUT_HTML($HTML, $NEW_LINE = true) { while (strpos($OUTPUT, '{!') > 0) { // Prepare the content and eval() it... $newContent = ""; - $eval = "\$newContent = \"" . COMPILE_CODE(addslashes($OUTPUT)) . "\";"; + $eval = "\$newContent = \"".COMPILE_CODE(addslashes($OUTPUT))."\";"; @eval($eval); if (empty($newContent)) { @@ -160,7 +160,7 @@ function OUTPUT_HTML($HTML, $NEW_LINE = true) { // Compile and run finished rendered HTML code while (strpos($OUTPUT, '{!') > 0) { - $eval = "\$OUTPUT = \"" . COMPILE_CODE(addslashes($OUTPUT)) . "\";"; + $eval = "\$OUTPUT = \"".COMPILE_CODE(addslashes($OUTPUT))."\";"; eval($eval); } @@ -292,7 +292,7 @@ function LOAD_TEMPLATE($template, $return=false, $content="") { // Do we have to compile the code? if ((strpos($tmpl_file, "\$") !== false) || (strpos($tmpl_file, '{--') !== false) || (strpos($tmpl_file, '--}') > 0)) { // Okay, compile it! - $tmpl_file = "\$ret=\"" . COMPILE_CODE(addslashes($tmpl_file)) . "\";"; + $tmpl_file = "\$ret=\"".COMPILE_CODE(addslashes($tmpl_file))."\";"; eval($tmpl_file); } else { // Simply return loaded code @@ -332,7 +332,7 @@ function LOAD_TEMPLATE($template, $return=false, $content="") { // Send mail out to an email address function SEND_EMAIL($TO, $SUBJECT, $MSG, $HTML='N', $FROM="") { // Compile subject line (for POINTS constant etc.) - $eval = "\$SUBJECT = \"" . COMPILE_CODE(addslashes($SUBJECT)) . "\";"; + $eval = "\$SUBJECT = \"".COMPILE_CODE(addslashes($SUBJECT))."\";"; eval($eval); $SUBJECT = html_entity_decode($SUBJECT); @@ -1858,7 +1858,7 @@ function MEMBER_ACTION_LINKS($uid, $status="") { } // Finish navigation link - $eval = substr($eval, 0, -7) . "]\";"; + $eval = substr($eval, 0, -7)."]\";"; eval($eval); // Return string @@ -1942,7 +1942,7 @@ function generateHash ($plainText, $salt = "") { } // Return hash - return $salt . sha1($salt . $plainText); + return $salt.sha1($salt.$plainText); } // function scrambleString($str) { diff --git a/inc/libs/surfbar_functions.php b/inc/libs/surfbar_functions.php index 1a451ebb23..5297332658 100644 --- a/inc/libs/surfbar_functions.php +++ b/inc/libs/surfbar_functions.php @@ -338,8 +338,8 @@ function SURFBAR_LOCKDOWN_ID ($id) { array($GLOBALS['userid'], bigintval($id)), __FILE__, __LINE__); // Remove the salt from database - SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_surfbar_salts WHERE url_id=%s AND userid=%s LIMIT 1", - array(bigintval($id), $GLOBALS['userid']), __FILE__, __LINE__); + //SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_surfbar_salts WHERE url_id=%s AND userid=%s LIMIT 1", + // array(bigintval($id), $GLOBALS['userid']), __FILE__, __LINE__); } // Pay points to the user and remove it from the sender function SURFBAR_PAY_POINTS ($id) { @@ -394,7 +394,7 @@ LIMIT 1", SQL_FREERESULT($result); // Return check - //* DEBUG: */ echo __FUNCTION__.":cnt={$cnt}
\n"; + //* DEBUG: */ echo __FUNCTION__.":cnt={$cnt},".SURFBAR_GET_DATA('surf_lock')."
\n"; return ($cnt == 1); } // Determine next id for surfbar view, always call this before you call other @@ -426,19 +426,21 @@ LEFT JOIN "._MYSQL_PREFIX."_surfbar_salts AS sbs ON sbu.id=sbs.url_id LEFT JOIN "._MYSQL_PREFIX."_surfbar_locks AS l ON sbu.id=l.url_id -WHERE sbu.userid != %d AND sbu.status='CONFIRMED' AND (l.last_surfed IS NULL OR (UNIX_TIMESTAMP() - ".SURFBAR_GET_DATA('surf_lock').") >= UNIX_TIMESTAMP(l.last_surfed)) -ORDER BY l.last_surfed DESC, sbs.last_salt ASC, sbu.id ASC -LIMIT %d,1", +WHERE sbu.userid != %s AND sbu.status='CONFIRMED' AND (l.last_surfed IS NULL OR (UNIX_TIMESTAMP() - ".SURFBAR_GET_DATA('surf_lock').") >= UNIX_TIMESTAMP(l.last_surfed)) +ORDER BY l.last_surfed ASC, sbu.id ASC +LIMIT %s,1", array($GLOBALS['userid'], $randNum), __FILE__, __LINE__ ); } else { // Get data from specified id number - $result = SQL_QUERY_ESC("SELECT sbu.id, sbu.userid, sbu.url, sbs.last_salt, sbu.reward, sbu.costs, sbu.views_total, p.time + $result = SQL_QUERY_ESC("SELECT sbu.id, sbu.userid, sbu.url, sbs.last_salt, sbu.reward, sbu.costs, sbu.views_total, p.time, UNIX_TIMESTAMP(l.last_surfed) AS last_surfed FROM "._MYSQL_PREFIX."_surfbar_urls AS sbu LEFT JOIN "._MYSQL_PREFIX."_payments AS p ON sbu.payment_id=p.id LEFT JOIN "._MYSQL_PREFIX."_surfbar_salts AS sbs ON sbu.id=sbs.url_id +LEFT JOIN "._MYSQL_PREFIX."_surfbar_locks AS l +ON sbu.id=l.url_id WHERE sbu.userid != %s AND sbu.status='CONFIRMED' AND sbu.id=%s LIMIT 1", array($GLOBALS['userid'], bigintval($id)), __FILE__, __LINE__ @@ -455,18 +457,21 @@ LIMIT 1", // Is the time there? if (is_null($SURFBAR_CACHE['time'])) { // Then repair it wit the static! + //* DEBUG: */ echo __FUNCTION__.": time - STATIC!
\n"; $SURFBAR_CACHE['time'] = $_CONFIG['surfbar_static_time']; } // END - if // Is the last salt there? if (is_null($SURFBAR_CACHE['last_salt'])) { // Then repair it wit the static! + //* DEBUG: */ echo __FUNCTION__.": last_salt - FIXED!
\n"; $SURFBAR_CACHE['last_salt'] = ""; } // END - if // Fix missing last_surfed if ((!isset($SURFBAR_CACHE['last_surfed'])) || (is_null($SURFBAR_CACHE['last_surfed']))) { // Fix it here + //* DEBUG: */ echo __FUNCTION__.": last_surfed - FIXED!
\n"; $SURFBAR_CACHE['last_surfed'] = "0"; } // END - if diff --git a/surfbar.php b/surfbar.php index d283eacf2d..a5dd72bd50 100644 --- a/surfbar.php +++ b/surfbar.php @@ -99,11 +99,11 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install // Check if reload is full if (SURFBAR_CHECK_RELOAD_FULL()) { // Then load waiting page - LOAD_URL("surfbar.php?frame=start"); + LOAD_URL("surfbar.php?frame=stop"); } // END - if } else { - // Reload to start frame! - LOAD_URL("surfbar.php?frame=start"); + // Reload to stop frame! + LOAD_URL("surfbar.php?frame=stop"); } // All done, so fix notice for footer.php