From 06e24098eb8296f63f7d647c6a630a55ca0fdb94 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Tue, 23 Oct 2012 21:01:18 +0000 Subject: [PATCH] Testers excluded (almost, see TODO) from guest stats page: - Don't do secureString(getRequestElement('foo')) as it is already secured - Testers excluded from almost all statistics in what-stats.php - TODOs.txt updated --- DOCS/TODOs.txt | 3 ++- inc/modules/admin/what-extensions.php | 4 ++-- inc/modules/admin/what-list_user.php | 2 +- inc/modules/admin/what-logs.php | 2 +- inc/modules/guest/what-stats.php | 11 ++++++----- inc/referral-functions.php | 4 ++-- 6 files changed, 14 insertions(+), 12 deletions(-) diff --git a/DOCS/TODOs.txt b/DOCS/TODOs.txt index dce33cd8fe..ad96435c70 100644 --- a/DOCS/TODOs.txt +++ b/DOCS/TODOs.txt @@ -153,11 +153,12 @@ ./inc/modules/frametester.php:95: // @TODO Rewrite this somehow ./inc/modules/guest/what-beg.php:51:// @TODO No more needed? define('__BEG_USERID_TIMEOUT', createFancyTime(getBegUseridTimeout())); ./inc/modules/guest/what-login.php:134: // @TODO Move this HTML code into a template -./inc/modules/guest/what-mediadata.php:186:// @TODO Rewrite all these if-blocks to filters +./inc/modules/guest/what-mediadata.php:188:// @TODO Rewrite all these if-blocks to filters ./inc/modules/guest/what-mediadata.php:67: // @TODO Find a better formular than this one ./inc/modules/guest/what-rallyes.php:99: // @TODO Reactivate this: $content['admin'] = '' . $content['login'] . ''; ./inc/modules/guest/what-sponsor_reg.php:293: // @TODO Maybe a default referral id? ./inc/modules/guest/what-stats.php:110: // @TODO This can be somehow rewritten +./inc/modules/guest/what-stats.php:119: // @TODO This does not exclude testers ./inc/modules/guest/what-stats.php:82:// @TODO This can be rewritten in a dynamic include ./inc/modules/member/what-beg.php:54:// @TODO Can't this be moved into EL? ./inc/modules/member/what-beg.php:63:// @TODO No more needed? define('__BEG_USERID_TIMEOUT', createFancyTime(getBegUseridTimeout())); diff --git a/inc/modules/admin/what-extensions.php b/inc/modules/admin/what-extensions.php index 42530629b2..52e243e51d 100644 --- a/inc/modules/admin/what-extensions.php +++ b/inc/modules/admin/what-extensions.php @@ -235,7 +235,7 @@ if (isGetRequestElementSet('register_ext')) { redirectToUrl('modules.php?module=admin&what=extensions&removed=' . countPostSelection()); } elseif ((isGetRequestElementSet('do')) && (!isDemoModeActive())) { // Other things to do - $do = SQL_ESCAPE(secureString(getRequestElement('do'))); + $do = getRequestElement('do'); } elseif (isGetRequestElementSet('do')) { // Demo mode active! $do = 'demo'; @@ -269,7 +269,7 @@ if (isGetRequestElementSet('register_ext')) { // Shall we display active/inactive extensions? $where = ''; if (isGetRequestElementSet('active')) { - $where = sprintf("WHERE `ext_active`='%s'", SQL_ESCAPE(secureString(getRequestElement('active')))); + $where = sprintf("WHERE `ext_active`='%s'", SQL_ESCAPE(getRequestElement('active'))); } // END - if // Case selection diff --git a/inc/modules/admin/what-list_user.php b/inc/modules/admin/what-list_user.php index 82728709f2..c16f1787ec 100644 --- a/inc/modules/admin/what-list_user.php +++ b/inc/modules/admin/what-list_user.php @@ -232,7 +232,7 @@ LIMIT 1', break; default: // Invalid list mode - reportBug(__FILE__, __LINE__, sprintf('Invalid do %s detected.', SQL_ESCAPE(secureString(getRequestElement('do'))))); + reportBug(__FILE__, __LINE__, sprintf('Invalid do %s detected.', SQL_ESCAPE(getRequestElement('do')))); break; } // END - switch diff --git a/inc/modules/admin/what-logs.php b/inc/modules/admin/what-logs.php index 3c51dfa5c9..3cdb8f6007 100644 --- a/inc/modules/admin/what-logs.php +++ b/inc/modules/admin/what-logs.php @@ -45,7 +45,7 @@ addYouAreHereLink('admin', __FILE__); if (isGetRequestElementSet('access')) { // Secure input and construct FQFN - $access = SQL_ESCAPE(secureString(getRequestElement('access'))); + $access = SQL_ESCAPE(getRequestElement('access')); $target = sprintf("%slogs/%s", getPath(), $access); // Is the file valid and readable? diff --git a/inc/modules/guest/what-stats.php b/inc/modules/guest/what-stats.php index 81acf6ecdf..f53674e51a 100644 --- a/inc/modules/guest/what-stats.php +++ b/inc/modules/guest/what-stats.php @@ -72,9 +72,9 @@ switch (getRequestElement('do')) { default: // Unsupported mode - reportBug(__FILE__, __LINE__, sprintf("Unsupported mode %s detected.", secureString(getRequestElement('do')))); + reportBug(__FILE__, __LINE__, sprintf("Unsupported mode %s detected.", getRequestElement('do'))); break; -} +} // END - switch // Set link title $ltitle = '{--GUEST_STATS_' . strtoupper($lmode) . '--}'; @@ -116,18 +116,19 @@ switch (getConfig('guest_stats')) { // Now we have all categories loaded, count members foreach ($cats as $id => $dummy) { // We only need id and nothing more to count... + // @TODO This does not exclude testers $cat_cnt[$id] = countSumTotalData(bigintval($id), 'user_cats', 'id', 'cat_id', TRUE); } // END - foreach // Prepare data for the template $content['total_users'] = ($male + $female); - $content['unconfirmed'] = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `status` != 'CONFIRMED'", __FILE__, __LINE__)); + $content['unconfirmed'] = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `status` != 'CONFIRMED'" . runFilterChain('user_exclusion_sql', ' '), __FILE__, __LINE__)); $content['total_males'] = $male; $content['total_females'] = $female; $content['tmem_count'] = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `last_online` >= {?START_TDAY?}" . runFilterChain('user_exclusion_sql', " AND `status`='CONFIRMED'"), __FILE__, __LINE__)); $content['ymem_count'] = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `last_online` >= {?START_YDAY?} AND `last_online` < {?START_TDAY?}" . runFilterChain('user_exclusion_sql', " AND `status`='CONFIRMED'"), __FILE__, __LINE__)); - $content['treg_count'] = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `joined` >= {?START_TDAY?}", __FILE__, __LINE__)); - $content['yreg_count'] = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `joined` >= {?START_YDAY?} AND `joined` < {?START_TDAY?}", __FILE__, __LINE__)); + $content['treg_count'] = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `joined` >= {?START_TDAY?}" . runFilterChain('user_exclusion_sql', ' '), __FILE__, __LINE__)); + $content['yreg_count'] = SQL_NUMROWS(SQL_QUERY("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `joined` >= {?START_YDAY?} AND `joined` < {?START_TDAY?}" . runFilterChain('user_exclusion_sql', ' '), __FILE__, __LINE__)); $content['lmode'] = $lmode; $content['ltitle'] = $ltitle; diff --git a/inc/referral-functions.php b/inc/referral-functions.php index 28ca19a42a..a60a8a2424 100644 --- a/inc/referral-functions.php +++ b/inc/referral-functions.php @@ -835,11 +835,11 @@ function determineReferralId () { } elseif (isGetRequestElementSet('refid')) { // Get referral id from GET parameter refid //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Using refid from GET data (' . getRequestElement('refid') . ')'); - setReferralId(secureString(getRequestElement('refid'))); + setReferralId(getRequestElement('refid')); } elseif (isGetRequestElementSet('ref')) { // Set refid=ref (the referral link uses such variable) //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Using ref from GET data (' . getRequestElement('ref') . ')'); - setReferralId(secureString(getRequestElement('ref'))); + setReferralId(getRequestElement('ref')); } elseif ((isGetRequestElementSet('user')) && (basename($_SERVER['PHP_SELF']) == 'click.php')) { // The variable user comes from click.php //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Using user from GET data (' . getRequestElement('user') . ')'); -- 2.39.2