Changeset 9323


Ignore:
Timestamp:
02/20/11 13:14:40 (9 years ago)
Author:
patdenice
Message:

Use another $conf parameter to avoid conflicts.
Add htmlspecialchars in admin page.

Location:
extensions/AdditionalPages
Files:
8 edited

Legend:

Unmodified
Added
Removed
  • extensions/AdditionalPages/additional_page.php

    r9312 r9323  
    55global $template, $user; 
    66 
    7 $identifier = $page['ap_homepage'] ? $conf['additional_pages']['homepage'] : $tokens[1]; 
     7$identifier = $page['ap_homepage'] ? $conf['AP']['homepage'] : $tokens[1]; 
    88 
    99if (function_exists('get_extended_desc')) 
     
    9999  ); 
    100100 
    101   if ($conf['additional_pages']['show_home'] and !$page['ap_homepage']) 
     101  if ($conf['AP']['show_home'] and !$page['ap_homepage']) 
    102102  { 
    103103    $template->assign('PLUGIN_INDEX_ACTIONS' , ' 
  • extensions/AdditionalPages/admin/add_page.inc.php

    r9314 r9323  
    5656 
    5757  $user_access = 'NULL'; 
    58   if ($conf['additional_pages']['user_perm']) 
     58  if ($conf['AP']['user_perm']) 
    5959  { 
    6060    $user_access = !empty($_POST['users']) ? '"'.implode(',', $_POST['users']).'"' : '""'; 
     
    104104 
    105105    // Homepage 
    106     if (isset($_POST['homepage']) xor $conf['additional_pages']['homepage'] == $edited_page['id']) 
    107     { 
    108       $conf['additional_pages']['homepage'] = isset($_POST['homepage']) ? $edited_page['id'] : null; 
    109       conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['additional_pages']))); 
     106    if (isset($_POST['homepage']) xor $conf['AP']['homepage'] == $edited_page['id']) 
     107    { 
     108      $conf['AP']['homepage'] = isset($_POST['homepage']) ? $edited_page['id'] : null; 
     109      conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['AP']))); 
    110110    } 
    111111 
     
    152152 
    153153// Groups options 
    154 if ($conf['additional_pages']['group_perm']) 
     154if ($conf['AP']['group_perm']) 
    155155{ 
    156156        $query = 'SELECT id, name FROM '.GROUPS_TABLE.' ORDER BY name ASC;'; 
     
    169169 
    170170// Users options 
    171 if ($conf['additional_pages']['user_perm']) 
     171if ($conf['AP']['user_perm']) 
    172172{ 
    173173  $users_id = array('guest', 'generic', 'normal', 'admin', 'webmaster'); 
     
    185185 
    186186// User level options 
    187 if ($conf['additional_pages']['level_perm']) 
     187if ($conf['AP']['level_perm']) 
    188188{ 
    189189  foreach ($conf['available_permission_levels'] as $level) 
     
    201201$template->assign(array( 
    202202  'AP_TITLE' => $page_title, 
    203   'NAME' => $edited_page['title'], 
    204   'PERMALINK' => $edited_page['permalink'], 
     203  'NAME' => htmlspecialchars($edited_page['title']), 
     204  'PERMALINK' => htmlspecialchars($edited_page['permalink']), 
    205205  'HOMEPAGE' => $edited_page['homepage'], 
    206206  'STANDALONE' => $edited_page['standalone'], 
    207   'CONTENT' => $edited_page['content'])); 
     207  'CONTENT' => htmlspecialchars($edited_page['content']) 
     208  ) 
     209); 
    208210 
    209211$template->set_filename('plugin_admin_content', dirname(__FILE__) . '/template/add_page.tpl'); 
  • extensions/AdditionalPages/admin/config.inc.php

    r9314 r9323  
    88if (isset($_POST['submit'])) 
    99{ 
    10   if (!$conf['additional_pages']['user_perm'] and isset($_POST['user_perm'])) 
     10  if (!$conf['AP']['user_perm'] and isset($_POST['user_perm'])) 
    1111  { 
    1212    pwg_query('UPDATE '.ADD_PAGES_TABLE.' SET users = "guest,generic,normal,admin,webmaster";'); 
    1313  } 
    14   if ($conf['additional_pages']['user_perm'] and !isset($_POST['user_perm'])) 
     14  if ($conf['AP']['user_perm'] and !isset($_POST['user_perm'])) 
    1515  { 
    1616    pwg_query('UPDATE '.ADD_PAGES_TABLE.' SET users = NULL;'); 
    1717  } 
    18   if ($conf['additional_pages']['level_perm'] and !isset($_POST['level_perm'])) 
     18  if ($conf['AP']['level_perm'] and !isset($_POST['level_perm'])) 
    1919  { 
    2020    $default_user = get_default_user_info(true); 
    2121    pwg_query('UPDATE '.ADD_PAGES_TABLE.' SET level = '.$default_user['level'].';'); 
    2222  } 
    23   if ($conf['additional_pages']['group_perm'] and !isset($_POST['group_perm'])) 
     23  if ($conf['AP']['group_perm'] and !isset($_POST['group_perm'])) 
    2424  { 
    2525    pwg_query('UPDATE '.ADD_PAGES_TABLE.' SET groups = NULL;'); 
     
    3030  foreach ($params as $param) 
    3131  { 
    32     $conf['additional_pages'][$param] = isset($_POST[$param]); 
     32    $conf['AP'][$param] = isset($_POST[$param]); 
    3333  } 
    3434 
    35   $conf['additional_pages']['languages'] = array(); 
     35  $conf['AP']['languages'] = array(); 
    3636        foreach($_POST['menu_lang'] as $language_code => $name) 
    3737  { 
    3838                if (!empty($name)) 
    39       $conf['additional_pages']['languages'][$language_code] = $name; 
     39      $conf['AP']['languages'][$language_code] = $name; 
    4040        } 
    4141 
    42   conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['additional_pages']))); 
     42  conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['AP']))); 
    4343 
    4444  if (isset($_POST['show_menu']) xor (!isset($mb_conf['mbAdditionalPages']) or $mb_conf['mbAdditionalPages'] > 0)) 
     
    6060  'LANGUAGE_NAME' => l10n('Default'), 
    6161  'LANGUAGE_CODE' => 'default', 
    62   'VALUE' => @$conf['additional_pages']['languages']['default'], 
     62  'VALUE' => @$conf['AP']['languages']['default'], 
    6363  ) 
    6464); 
     
    6868    'LANGUAGE_NAME' => $language_name, 
    6969    'LANGUAGE_CODE' => $language_code, 
    70     'VALUE' => isset($conf['additional_pages']['languages'][$language_code]) ? $conf['additional_pages']['languages'][$language_code] : '', 
     70    'VALUE' => isset($conf['AP']['languages'][$language_code]) ? $conf['AP']['languages'][$language_code] : '', 
    7171    ) 
    7272  ); 
     
    7474 
    7575// Parametrage du template 
    76 $template->assign('ap_conf', $conf['additional_pages']); 
     76$template->assign('ap_conf', $conf['AP']); 
    7777 
    7878if (!isset($mb_conf['mbAdditionalPages']) or $mb_conf['mbAdditionalPages'] == abs($mb_conf['mbAdditionalPages'])) 
  • extensions/AdditionalPages/admin/edit_page.inc.php

    r9312 r9323  
    1414  @unlink($conf['local_data_dir'].'/additional_pages_backup/' . $_GET['edit'] . '.txt'); 
    1515 
    16   if ($conf['additional_pages']['homepage'] == $_GET['edit']) 
     16  if ($conf['AP']['homepage'] == $_GET['edit']) 
    1717  { 
    18     $conf['additional_pages']['homepage'] = null; 
    19     conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['additional_pages']))); 
     18    $conf['AP']['homepage'] = null; 
     19    conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['AP']))); 
    2020  } 
    2121 
     
    3333$edited_page['users'] = !empty($edited_page['users']) ? explode(',', $edited_page['users']) : array(); 
    3434$edited_page['groups'] = !empty($edited_page['groups']) ? explode(',', $edited_page['groups']) : array(); 
    35 $edited_page['homepage'] = $conf['additional_pages']['homepage'] == $edited_page['id']; 
     35$edited_page['homepage'] = $conf['AP']['homepage'] == $edited_page['id']; 
    3636$edited_page['standalone'] = ($edited_page['standalone'] == 'true'); 
    3737 
  • extensions/AdditionalPages/admin/manage.inc.php

    r9313 r9323  
    5050$template->assign(array( 
    5151  'F_ACTION' => $my_base_url.'&tab=manage', 
    52   'HOMEPAGE' => $conf['additional_pages']['homepage'], 
     52  'HOMEPAGE' => $conf['AP']['homepage'], 
    5353  ) 
    5454); 
  • extensions/AdditionalPages/admin/upgrade.inc.php

    r9310 r9323  
    1818} 
    1919 
    20 if ($conf['additional_pages'] === false) 
     20if ($conf['AP'] === false) 
    2121{ 
    2222  load_conf_from_db('param = "additional_pages"'); 
     
    6262    $position = $row['pos']; 
    6363    if ($row['pos'] === '0') 
    64       $position = '-100'; 
     64      $position = '-1000'; 
    6565    elseif (empty($row['pos'])) 
    6666      $position = '0'; 
     
    7070    $query = ' 
    7171UPDATE '.$prefixeTable.'additionalpages 
    72 SET title = "'.addslashes($title).'", 
     72SET title = "'.pwg_db_real_escape_string($title).'", 
    7373    pos = '.$position.', 
    7474    lang = '.$language.', 
     
    108108  } 
    109109 
    110   $conf['additional_pages'] = $new_conf; 
     110  $conf['AP'] = $new_conf; 
    111111 
    112112  conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($new_conf))); 
    113113} 
    114114 
    115 if (!isset($conf['additional_pages']['level_perm'])) 
     115if (!isset($conf['AP']['level_perm'])) 
    116116{ 
    117117  $query = ' 
     
    128128  pwg_query($query); 
    129129 
    130   $conf['additional_pages']['level_perm'] = false; 
     130  $conf['AP']['level_perm'] = false; 
    131131 
    132   conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['additional_pages']))); 
     132  conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['AP']))); 
    133133} 
    134134 
  • extensions/AdditionalPages/main.inc.php

    r9312 r9323  
    1717define('ADD_PAGES_TABLE' , $prefixeTable . 'additionalpages'); 
    1818 
    19 $conf['additional_pages'] = @unserialize($conf['additional_pages']); 
     19$conf['AP'] = @unserialize($conf['additional_pages']); 
    2020 
    2121// Need upgrade? 
    22 if (!isset($conf['additional_pages']['level_perm'])) 
     22if (!isset($conf['AP']['level_perm'])) 
    2323  include(AP_PATH.'admin/upgrade.inc.php'); 
    2424 
     
    3939  $page['ap_homepage'] = (count($tokens) == 1 and empty($tokens[0])); 
    4040 
    41   if (($tokens[0] == 'page' and !empty($tokens[1])) or ($page['ap_homepage'] and !is_null($conf['additional_pages']['homepage']))) 
     41  if (($tokens[0] == 'page' and !empty($tokens[1])) or ($page['ap_homepage'] and !is_null($conf['AP']['homepage']))) 
    4242    include(AP_PATH . 'additional_page.php'); 
    4343 
     
    8383    if (!empty($data)) 
    8484    { 
    85       $title = isset($conf['additional_pages']['languages'][$user['language']]) ? 
    86         $conf['additional_pages']['languages'][$user['language']] : 
    87         @$conf['additional_pages']['languages']['default']; 
     85      $title = isset($conf['AP']['languages'][$user['language']]) ? 
     86        $conf['AP']['languages'][$user['language']] : 
     87        @$conf['AP']['languages']['default']; 
    8888 
    8989      $template->set_template_dir(AP_PATH.'template/'); 
  • extensions/AdditionalPages/maintain.inc.php

    r9310 r9323  
    3939 
    4040    $query = 'INSERT INTO ' . CONFIG_TABLE . ' (param,value,comment) 
    41 VALUES ("additional_pages" , "'.pwg_db_real_escape_string(serialize($config)).'" , "Additional Pages config configuration");'; 
     41VALUES ("additional_pages" , "'.pwg_db_real_escape_string(serialize($config)).'" , "Additional Pages configuration");'; 
    4242    pwg_query($query); 
    4343  } 
Note: See TracChangeset for help on using the changeset viewer.