Changeset 9323


Ignore:
Timestamp:
Feb 20, 2011, 1:14:40 PM (9 years ago)
Author:
patdenice
Message:

Use another $conf parameter to avoid conflicts.
Add htmlspecialchars in admin page.

Location:
extensions/AdditionalPages
Files:
8 edited

Legend:

Unmodified
Added
Removed
  • extensions/AdditionalPages/additional_page.php

    r9312 r9323  
    55global $template, $user;
    66
    7 $identifier = $page['ap_homepage'] ? $conf['additional_pages']['homepage'] : $tokens[1];
     7$identifier = $page['ap_homepage'] ? $conf['AP']['homepage'] : $tokens[1];
    88
    99if (function_exists('get_extended_desc'))
     
    9999  );
    100100
    101   if ($conf['additional_pages']['show_home'] and !$page['ap_homepage'])
     101  if ($conf['AP']['show_home'] and !$page['ap_homepage'])
    102102  {
    103103    $template->assign('PLUGIN_INDEX_ACTIONS' , '
  • extensions/AdditionalPages/admin/add_page.inc.php

    r9314 r9323  
    5656
    5757  $user_access = 'NULL';
    58   if ($conf['additional_pages']['user_perm'])
     58  if ($conf['AP']['user_perm'])
    5959  {
    6060    $user_access = !empty($_POST['users']) ? '"'.implode(',', $_POST['users']).'"' : '""';
     
    104104
    105105    // Homepage
    106     if (isset($_POST['homepage']) xor $conf['additional_pages']['homepage'] == $edited_page['id'])
    107     {
    108       $conf['additional_pages']['homepage'] = isset($_POST['homepage']) ? $edited_page['id'] : null;
    109       conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['additional_pages'])));
     106    if (isset($_POST['homepage']) xor $conf['AP']['homepage'] == $edited_page['id'])
     107    {
     108      $conf['AP']['homepage'] = isset($_POST['homepage']) ? $edited_page['id'] : null;
     109      conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['AP'])));
    110110    }
    111111
     
    152152
    153153// Groups options
    154 if ($conf['additional_pages']['group_perm'])
     154if ($conf['AP']['group_perm'])
    155155{
    156156        $query = 'SELECT id, name FROM '.GROUPS_TABLE.' ORDER BY name ASC;';
     
    169169
    170170// Users options
    171 if ($conf['additional_pages']['user_perm'])
     171if ($conf['AP']['user_perm'])
    172172{
    173173  $users_id = array('guest', 'generic', 'normal', 'admin', 'webmaster');
     
    185185
    186186// User level options
    187 if ($conf['additional_pages']['level_perm'])
     187if ($conf['AP']['level_perm'])
    188188{
    189189  foreach ($conf['available_permission_levels'] as $level)
     
    201201$template->assign(array(
    202202  'AP_TITLE' => $page_title,
    203   'NAME' => $edited_page['title'],
    204   'PERMALINK' => $edited_page['permalink'],
     203  'NAME' => htmlspecialchars($edited_page['title']),
     204  'PERMALINK' => htmlspecialchars($edited_page['permalink']),
    205205  'HOMEPAGE' => $edited_page['homepage'],
    206206  'STANDALONE' => $edited_page['standalone'],
    207   'CONTENT' => $edited_page['content']));
     207  'CONTENT' => htmlspecialchars($edited_page['content'])
     208  )
     209);
    208210
    209211$template->set_filename('plugin_admin_content', dirname(__FILE__) . '/template/add_page.tpl');
  • extensions/AdditionalPages/admin/config.inc.php

    r9314 r9323  
    88if (isset($_POST['submit']))
    99{
    10   if (!$conf['additional_pages']['user_perm'] and isset($_POST['user_perm']))
     10  if (!$conf['AP']['user_perm'] and isset($_POST['user_perm']))
    1111  {
    1212    pwg_query('UPDATE '.ADD_PAGES_TABLE.' SET users = "guest,generic,normal,admin,webmaster";');
    1313  }
    14   if ($conf['additional_pages']['user_perm'] and !isset($_POST['user_perm']))
     14  if ($conf['AP']['user_perm'] and !isset($_POST['user_perm']))
    1515  {
    1616    pwg_query('UPDATE '.ADD_PAGES_TABLE.' SET users = NULL;');
    1717  }
    18   if ($conf['additional_pages']['level_perm'] and !isset($_POST['level_perm']))
     18  if ($conf['AP']['level_perm'] and !isset($_POST['level_perm']))
    1919  {
    2020    $default_user = get_default_user_info(true);
    2121    pwg_query('UPDATE '.ADD_PAGES_TABLE.' SET level = '.$default_user['level'].';');
    2222  }
    23   if ($conf['additional_pages']['group_perm'] and !isset($_POST['group_perm']))
     23  if ($conf['AP']['group_perm'] and !isset($_POST['group_perm']))
    2424  {
    2525    pwg_query('UPDATE '.ADD_PAGES_TABLE.' SET groups = NULL;');
     
    3030  foreach ($params as $param)
    3131  {
    32     $conf['additional_pages'][$param] = isset($_POST[$param]);
     32    $conf['AP'][$param] = isset($_POST[$param]);
    3333  }
    3434
    35   $conf['additional_pages']['languages'] = array();
     35  $conf['AP']['languages'] = array();
    3636        foreach($_POST['menu_lang'] as $language_code => $name)
    3737  {
    3838                if (!empty($name))
    39       $conf['additional_pages']['languages'][$language_code] = $name;
     39      $conf['AP']['languages'][$language_code] = $name;
    4040        }
    4141
    42   conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['additional_pages'])));
     42  conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['AP'])));
    4343
    4444  if (isset($_POST['show_menu']) xor (!isset($mb_conf['mbAdditionalPages']) or $mb_conf['mbAdditionalPages'] > 0))
     
    6060  'LANGUAGE_NAME' => l10n('Default'),
    6161  'LANGUAGE_CODE' => 'default',
    62   'VALUE' => @$conf['additional_pages']['languages']['default'],
     62  'VALUE' => @$conf['AP']['languages']['default'],
    6363  )
    6464);
     
    6868    'LANGUAGE_NAME' => $language_name,
    6969    'LANGUAGE_CODE' => $language_code,
    70     'VALUE' => isset($conf['additional_pages']['languages'][$language_code]) ? $conf['additional_pages']['languages'][$language_code] : '',
     70    'VALUE' => isset($conf['AP']['languages'][$language_code]) ? $conf['AP']['languages'][$language_code] : '',
    7171    )
    7272  );
     
    7474
    7575// Parametrage du template
    76 $template->assign('ap_conf', $conf['additional_pages']);
     76$template->assign('ap_conf', $conf['AP']);
    7777
    7878if (!isset($mb_conf['mbAdditionalPages']) or $mb_conf['mbAdditionalPages'] == abs($mb_conf['mbAdditionalPages']))
  • extensions/AdditionalPages/admin/edit_page.inc.php

    r9312 r9323  
    1414  @unlink($conf['local_data_dir'].'/additional_pages_backup/' . $_GET['edit'] . '.txt');
    1515
    16   if ($conf['additional_pages']['homepage'] == $_GET['edit'])
     16  if ($conf['AP']['homepage'] == $_GET['edit'])
    1717  {
    18     $conf['additional_pages']['homepage'] = null;
    19     conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['additional_pages'])));
     18    $conf['AP']['homepage'] = null;
     19    conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['AP'])));
    2020  }
    2121
     
    3333$edited_page['users'] = !empty($edited_page['users']) ? explode(',', $edited_page['users']) : array();
    3434$edited_page['groups'] = !empty($edited_page['groups']) ? explode(',', $edited_page['groups']) : array();
    35 $edited_page['homepage'] = $conf['additional_pages']['homepage'] == $edited_page['id'];
     35$edited_page['homepage'] = $conf['AP']['homepage'] == $edited_page['id'];
    3636$edited_page['standalone'] = ($edited_page['standalone'] == 'true');
    3737
  • extensions/AdditionalPages/admin/manage.inc.php

    r9313 r9323  
    5050$template->assign(array(
    5151  'F_ACTION' => $my_base_url.'&tab=manage',
    52   'HOMEPAGE' => $conf['additional_pages']['homepage'],
     52  'HOMEPAGE' => $conf['AP']['homepage'],
    5353  )
    5454);
  • extensions/AdditionalPages/admin/upgrade.inc.php

    r9310 r9323  
    1818}
    1919
    20 if ($conf['additional_pages'] === false)
     20if ($conf['AP'] === false)
    2121{
    2222  load_conf_from_db('param = "additional_pages"');
     
    6262    $position = $row['pos'];
    6363    if ($row['pos'] === '0')
    64       $position = '-100';
     64      $position = '-1000';
    6565    elseif (empty($row['pos']))
    6666      $position = '0';
     
    7070    $query = '
    7171UPDATE '.$prefixeTable.'additionalpages
    72 SET title = "'.addslashes($title).'",
     72SET title = "'.pwg_db_real_escape_string($title).'",
    7373    pos = '.$position.',
    7474    lang = '.$language.',
     
    108108  }
    109109
    110   $conf['additional_pages'] = $new_conf;
     110  $conf['AP'] = $new_conf;
    111111
    112112  conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($new_conf)));
    113113}
    114114
    115 if (!isset($conf['additional_pages']['level_perm']))
     115if (!isset($conf['AP']['level_perm']))
    116116{
    117117  $query = '
     
    128128  pwg_query($query);
    129129
    130   $conf['additional_pages']['level_perm'] = false;
     130  $conf['AP']['level_perm'] = false;
    131131
    132   conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['additional_pages'])));
     132  conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['AP'])));
    133133}
    134134
  • extensions/AdditionalPages/main.inc.php

    r9312 r9323  
    1717define('ADD_PAGES_TABLE' , $prefixeTable . 'additionalpages');
    1818
    19 $conf['additional_pages'] = @unserialize($conf['additional_pages']);
     19$conf['AP'] = @unserialize($conf['additional_pages']);
    2020
    2121// Need upgrade?
    22 if (!isset($conf['additional_pages']['level_perm']))
     22if (!isset($conf['AP']['level_perm']))
    2323  include(AP_PATH.'admin/upgrade.inc.php');
    2424
     
    3939  $page['ap_homepage'] = (count($tokens) == 1 and empty($tokens[0]));
    4040
    41   if (($tokens[0] == 'page' and !empty($tokens[1])) or ($page['ap_homepage'] and !is_null($conf['additional_pages']['homepage'])))
     41  if (($tokens[0] == 'page' and !empty($tokens[1])) or ($page['ap_homepage'] and !is_null($conf['AP']['homepage'])))
    4242    include(AP_PATH . 'additional_page.php');
    4343
     
    8383    if (!empty($data))
    8484    {
    85       $title = isset($conf['additional_pages']['languages'][$user['language']]) ?
    86         $conf['additional_pages']['languages'][$user['language']] :
    87         @$conf['additional_pages']['languages']['default'];
     85      $title = isset($conf['AP']['languages'][$user['language']]) ?
     86        $conf['AP']['languages'][$user['language']] :
     87        @$conf['AP']['languages']['default'];
    8888
    8989      $template->set_template_dir(AP_PATH.'template/');
  • extensions/AdditionalPages/maintain.inc.php

    r9310 r9323  
    3939
    4040    $query = 'INSERT INTO ' . CONFIG_TABLE . ' (param,value,comment)
    41 VALUES ("additional_pages" , "'.pwg_db_real_escape_string(serialize($config)).'" , "Additional Pages config configuration");';
     41VALUES ("additional_pages" , "'.pwg_db_real_escape_string(serialize($config)).'" , "Additional Pages configuration");';
    4242    pwg_query($query);
    4343  }
Note: See TracChangeset for help on using the changeset viewer.