From 05d337e2e0de096225f74d0e039cb32970a7d0df Mon Sep 17 00:00:00 2001
From: =?utf8?q?Roland=20H=C3=A4der?= <roland@mxchange.org>
Date: Sat, 22 Nov 2008 19:47:08 +0000
Subject: [PATCH] Again some fixes: - $_GET['what'] was used in sponsor
 extension, fixed to $GLOBALS['what'] because   $GLOBALS is secured and $_GET
 only a bit - Constant ORDER_ALLOWED_UNKNOWN added - Template
 "admin_data_saved" is now deprecated

---
 inc/databases.php                            |  2 +-
 inc/language/order_de.php                    |  1 +
 inc/libs/sponsor_functions.php               | 12 +++++-----
 inc/modules/admin/what-adminedit.php         |  4 ++--
 inc/modules/admin/what-guestedit.php         |  6 ++---
 inc/modules/admin/what-memedit.php           | 24 ++++++++------------
 templates/de/html/admin/admin_data_saved.tpl | 16 +------------
 7 files changed, 24 insertions(+), 41 deletions(-)

diff --git a/inc/databases.php b/inc/databases.php
index 0bd032d1e9..e13d1a8022 100644
--- a/inc/databases.php
+++ b/inc/databases.php
@@ -114,7 +114,7 @@ define('USAGE_BASE', "usage");
 define('SERVER_URL', "http://www.mxchange.org");
 
 // This current patch level
-define('CURR_SVN_REVISION', "541");
+define('CURR_SVN_REVISION', "542");
 
 // Take a prime number which is long (if you know a longer one please try it out!)
 define('_PRIME', 591623);
diff --git a/inc/language/order_de.php b/inc/language/order_de.php
index 158b146cd9..23a7d5793d 100644
--- a/inc/language/order_de.php
+++ b/inc/language/order_de.php
@@ -49,6 +49,7 @@ define('ORDER_ALLOWED_RECEIVE_2', "</STRONG> von <STRONG>");
 define('ORDER_ALLOWED_RECEIVE_3', "</STRONG> Mailbuchungen aufgeben.");
 define('MEMBER_ORDER_MAX_ALLOWED', "Maximale Mailbuchungen");
 define('ORDER_ALLOED_MAX', "Sie k&ouml;nnen solange Mailbuchungen aufgeben, bis alle Mitglieder nicht mehr empfangsbereit sind.");
+define('ORDER_ALLOWED_UNKNOWN', "Fehler in Konfiguration erkannt! Bitte den Administrator benachrichtigen.");
 define('MEMBER_ORDER_ALLOWED_EXHAUSTED', "Sie k&ouml;nnen keine weiteren Mails mehr versenden, oder stellen Sie bitte den Empfang h&ouml;her ein.");
 define('MEMBER_MIN_RECS_1', "Minimum:");
 define('MEMBER_MIN_RECS_2', "");
diff --git a/inc/libs/sponsor_functions.php b/inc/libs/sponsor_functions.php
index 340958e686..c16023477f 100644
--- a/inc/libs/sponsor_functions.php
+++ b/inc/libs/sponsor_functions.php
@@ -81,7 +81,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST
 						SQL_FREERESULT($result);
 
 						// Yes, he is!
-						if (($_GET['what'] == "add_sponsor") || ($NO_UPDATE))
+						if (($GLOBALS['what'] == "add_sponsor") || ($NO_UPDATE))
 						{
 							// Already found!
 							$ALREADY = true;
@@ -181,7 +181,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST
 			// Add new sponsor, first add more data
 			$DATA['keys'][] = "sponsor_created"; $DATA['values'][] = time();
 			$DATA['keys'][] = "status";
-			if ((!$NO_UPDATE) && (IS_ADMIN()) && ($_GET['what'] == "add_sponsor"))
+			if ((!$NO_UPDATE) && (IS_ADMIN()) && ($GLOBALS['what'] == "add_sponsor"))
 			{
 				// Only allowed for admin
 				$DATA['values'][] = "PENDING";
@@ -539,7 +539,7 @@ function SPONSOR_SAVE_DATA($POST, $content)
 	$DATA[] = $_COOKIE['sponsorpass'];
 
 	// Saving data was completed... ufff...
-	switch ($_GET['what'])
+	switch ($GLOBALS['what'])
 	{
 	case "account": // Change account data
 		if ($EMAIL)
@@ -568,8 +568,8 @@ function SPONSOR_SAVE_DATA($POST, $content)
 		break;
 
 	default: // Unknown sponsor what value!
-		DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown sponsor module (what) %s detected.", $_GET['what']));
-		$MSG = SPONSOR_UNKNOWN_WHAT_1.$_GET['what'].SPONSOR_UNKNOWN_WHAT_2;
+		DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown sponsor module (what) %s detected.", $GLOBALS['what']));
+		$MSG = SPONSOR_UNKNOWN_WHAT_1.$GLOBALS['what'].SPONSOR_UNKNOWN_WHAT_2;
 		$templ = ""; $subj = "";
 		break;
 	}
@@ -601,7 +601,7 @@ function SPONSOR_SAVE_DATA($POST, $content)
 				// to the old address
 
 				// First to old address
-				switch ($_GET['what'])
+				switch ($GLOBALS['what'])
 				{
 				case "account": // Change account data
 					$email_msg = LOAD_EMAIL_TEMPLATE("sponsor_change_data", $content);
diff --git a/inc/modules/admin/what-adminedit.php b/inc/modules/admin/what-adminedit.php
index 688b5758c5..6e66b07863 100644
--- a/inc/modules/admin/what-adminedit.php
+++ b/inc/modules/admin/what-adminedit.php
@@ -175,7 +175,7 @@ WHERE ".$AND." AND id=%s LIMIT 1",
 		CACHE_PURGE_ADMIN_MENU(0, $_POST['sel_action'][$sel], $_POST['sel_what'][$sel]);
 
 		// Load template
-		LOAD_TEMPLATE("admin_data_saved");
+		LOAD_TEMPLATE("admin_settings_saved", false, SAVING_DONE);
 		break;
 
 	case "del": // Delete menu
@@ -186,7 +186,7 @@ WHERE ".$AND." AND id=%s LIMIT 1",
 		} // END - foreach
 
 		// Load template
-		LOAD_TEMPLATE("admin_data_saved");
+		LOAD_TEMPLATE("admin_settings_saved", false, SAVING_DONE);
 		break;
 
 	default: // Unexpected action
diff --git a/inc/modules/admin/what-guestedit.php b/inc/modules/admin/what-guestedit.php
index dc1d4bad68..8d295b27dc 100644
--- a/inc/modules/admin/what-guestedit.php
+++ b/inc/modules/admin/what-guestedit.php
@@ -160,7 +160,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
 			$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET title='%s', action='%s', what='%s' WHERE ".$AND." AND id=%s LIMIT 1",
 			 array($menu, $_POST['sel_action'][$sel], $_POST['sel_what'][$sel], $sel),__FILE__, __LINE__);
 		}
-		LOAD_TEMPLATE("admin_data_saved");
+		LOAD_TEMPLATE("admin_settings_saved", false, SAVING_DONE);
 		break;
 
 	case "del": // Delete menu
@@ -170,7 +170,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
 			$result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1",
 			 array(bigintval($sel)), __FILE__, __LINE__);
 		}
-		LOAD_TEMPLATE("admin_data_saved");
+		LOAD_TEMPLATE("admin_settings_saved", false, SAVING_DONE);
 		break;
 
 	case "status": // Change access levels
@@ -183,7 +183,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
 			$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET visible='%s', locked='%s' WHERE ".$AND." AND id=%s LIMIT 1",
 			 array($_POST['visible'][$sel], $_POST['locked'][$sel], $sel), __FILE__, __LINE__);
 		}
-		LOAD_TEMPLATE("admin_data_saved");
+		LOAD_TEMPLATE("admin_settings_saved", false, SAVING_DONE);
 		break;
 
 	default: // Unexpected action
diff --git a/inc/modules/admin/what-memedit.php b/inc/modules/admin/what-memedit.php
index 2c464b2229..2b6238e22d 100644
--- a/inc/modules/admin/what-memedit.php
+++ b/inc/modules/admin/what-memedit.php
@@ -218,15 +218,14 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
 	}
 
 	// Load template
-	LOAD_TEMPLATE("admin_data_saved");
-}
- else
-{
-	if ((!empty($_GET['act'])) && (!empty($_GET['tid'])) && (!empty($_GET['fid'])))
-	{
+	LOAD_TEMPLATE("admin_settings_saved", false, SAVING_DONE);
+} else {
+	if ((!empty($_GET['act'])) && (!empty($_GET['tid'])) && (!empty($_GET['fid']))) {
+		// Init
+		$tid = ""; $fid = "";
+
 		// Get IDs
-		if (!empty($_GET['w']))
-		{
+		if (!empty($_GET['w'])) {
 			// Sub menus selected
 			$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_member_menu WHERE action='%s' AND sort='%s' LIMIT 1",
 			 array(bigintval($_GET['act']), bigintval($_GET['tid'])), __FILE__, __LINE__);
@@ -236,9 +235,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
 			 array(bigintval($_GET['act']), bigintval($_GET['fid'])), __FILE__, __LINE__);
 			list($fid) = SQL_FETCHROW($result);
 			SQL_FREERESULT($result);
-		}
-		 else
-		{
+		} else {
 			// Main menu selected
 			$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_member_menu WHERE (what='' OR what IS NULL) AND sort='%s' LIMIT 1",
 			 array(bigintval($_GET['tid'])), __FILE__, __LINE__);
@@ -248,14 +245,13 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
 			list($fid) = SQL_FETCHROW($result);
 		}
 
-		if ((!empty($tid)) && (!empty($fid)))
-		{
+		if ((!empty($tid)) && (!empty($fid))) {
 			// Sort menu
 			$result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
 			 array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__);
 			$result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
 			 array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__);
-		}
+		} // END - -fi
 	}
 
 	if (!empty($SUB))
diff --git a/templates/de/html/admin/admin_data_saved.tpl b/templates/de/html/admin/admin_data_saved.tpl
index 3cdc3d4875..8be440394e 100644
--- a/templates/de/html/admin/admin_data_saved.tpl
+++ b/templates/de/html/admin/admin_data_saved.tpl
@@ -1,15 +1 @@
-<TABLE border="0" cellspacing="0" cellpadding="0" width="450"
-	class="admin_table dashed">
-	<TR>
-		<TD class="admin_done" height="14" colspan="3"></TD>
-	</TR>
-	<TR>
-		<TD class="admin_done" rowspan="3" width="7">&nbsp;</TD>
-		<TD class="admin_done" align="center"><SPAN class="admin_done2">{--SAVING_DATA--}...</SPAN>&nbsp;<STRONG><SPAN
-			class="admin_done">{--SAVING_DONE--}</SPAN></STRONG></TD>
-		<TD class="admin_done" rowspan="3" width="7">&nbsp;</TD>
-	</TR>
-	<TR>
-		<TD class="admin_done" height="14" colspan="3"></TD>
-	</TR>
-</TABLE>
\ No newline at end of file
+<!-- DEPRECATED! //-->
-- 
2.30.2