Changeset 9323 for extensions

Timestamp:

Feb 20, 2011, 1:14:40 PM (14 years ago)

Author:

patdenice

Message:

Use another $conf parameter to avoid conflicts.
Add htmlspecialchars in admin page.

Location:

extensions/AdditionalPages

Files:

• additional_page.php (modified) (2 diffs)
• admin/add_page.inc.php (modified) (6 diffs)
• admin/config.inc.php (modified) (5 diffs)
• admin/edit_page.inc.php (modified) (2 diffs)
• admin/manage.inc.php (modified) (1 diff)
• admin/upgrade.inc.php (modified) (5 diffs)
• main.inc.php (modified) (3 diffs)
• maintain.inc.php (modified) (1 diff)

extensions/AdditionalPages/additional_page.php

@@ -5 +5 @@
 global $template, $user;
 
-$identifier = $page['ap_homepage'] ? $conf['additional_pages']['homepage'] : $tokens[1];
+$identifier = $page['ap_homepage'] ? $conf['AP']['homepage'] : $tokens[1];
 
 if (function_exists('get_extended_desc'))
@@ -99 +99 @@
   );
 
-  if ($conf['additional_pages']['show_home'] and !$page['ap_homepage'])
+  if ($conf['AP']['show_home'] and !$page['ap_homepage'])
   {
     $template->assign('PLUGIN_INDEX_ACTIONS' , '

extensions/AdditionalPages/admin/add_page.inc.php

@@ -56 +56 @@
 
   $user_access = 'NULL';
-  if ($conf['additional_pages']['user_perm'])
+  if ($conf['AP']['user_perm'])
   {
     $user_access = !empty($_POST['users']) ? '"'.implode(',', $_POST['users']).'"' : '""';
@@ -104 +104 @@
 
     // Homepage
-    if (isset($_POST['homepage']) xor $conf['additional_pages']['homepage'] == $edited_page['id'])
-    {
-      $conf['additional_pages']['homepage'] = isset($_POST['homepage']) ? $edited_page['id'] : null;
-      conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['additional_pages'])));
+    if (isset($_POST['homepage']) xor $conf['AP']['homepage'] == $edited_page['id'])
+    {
+      $conf['AP']['homepage'] = isset($_POST['homepage']) ? $edited_page['id'] : null;
+      conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['AP'])));
     }
 
@@ -152 +152 @@
 
 // Groups options
-if ($conf['additional_pages']['group_perm'])
+if ($conf['AP']['group_perm'])
 {
         $query = 'SELECT id, name FROM '.GROUPS_TABLE.' ORDER BY name ASC;';
@@ -169 +169 @@
 
 // Users options
-if ($conf['additional_pages']['user_perm'])
+if ($conf['AP']['user_perm'])
 {
   $users_id = array('guest', 'generic', 'normal', 'admin', 'webmaster');
@@ -185 +185 @@
 
 // User level options
-if ($conf['additional_pages']['level_perm'])
+if ($conf['AP']['level_perm'])
 {
   foreach ($conf['available_permission_levels'] as $level)
@@ -201 +201 @@
 $template->assign(array(
   'AP_TITLE' => $page_title,
-  'NAME' => $edited_page['title'],
-  'PERMALINK' => $edited_page['permalink'],
+  'NAME' => htmlspecialchars($edited_page['title']),
+  'PERMALINK' => htmlspecialchars($edited_page['permalink']),
   'HOMEPAGE' => $edited_page['homepage'],
   'STANDALONE' => $edited_page['standalone'],
-  'CONTENT' => $edited_page['content']));
+  'CONTENT' => htmlspecialchars($edited_page['content'])
+  )
+);
 
 $template->set_filename('plugin_admin_content', dirname(__FILE__) . '/template/add_page.tpl');

extensions/AdditionalPages/admin/config.inc.php

@@ -8 +8 @@
 if (isset($_POST['submit']))
 {
-  if (!$conf['additional_pages']['user_perm'] and isset($_POST['user_perm']))
+  if (!$conf['AP']['user_perm'] and isset($_POST['user_perm']))
   {
     pwg_query('UPDATE '.ADD_PAGES_TABLE.' SET users = "guest,generic,normal,admin,webmaster";');
   }
-  if ($conf['additional_pages']['user_perm'] and !isset($_POST['user_perm']))
+  if ($conf['AP']['user_perm'] and !isset($_POST['user_perm']))
   {
     pwg_query('UPDATE '.ADD_PAGES_TABLE.' SET users = NULL;');
   }
-  if ($conf['additional_pages']['level_perm'] and !isset($_POST['level_perm']))
+  if ($conf['AP']['level_perm'] and !isset($_POST['level_perm']))
   {
     $default_user = get_default_user_info(true);
     pwg_query('UPDATE '.ADD_PAGES_TABLE.' SET level = '.$default_user['level'].';');
   }
-  if ($conf['additional_pages']['group_perm'] and !isset($_POST['group_perm']))
+  if ($conf['AP']['group_perm'] and !isset($_POST['group_perm']))
   {
     pwg_query('UPDATE '.ADD_PAGES_TABLE.' SET groups = NULL;');
@@ -30 +30 @@
   foreach ($params as $param)
   {
-    $conf['additional_pages'][$param] = isset($_POST[$param]);
+    $conf['AP'][$param] = isset($_POST[$param]);
   }
 
-  $conf['additional_pages']['languages'] = array();
+  $conf['AP']['languages'] = array();
         foreach($_POST['menu_lang'] as $language_code => $name)
   {
                 if (!empty($name))
-      $conf['additional_pages']['languages'][$language_code] = $name;
+      $conf['AP']['languages'][$language_code] = $name;
         }
 
-  conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['additional_pages'])));
+  conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['AP'])));
 
   if (isset($_POST['show_menu']) xor (!isset($mb_conf['mbAdditionalPages']) or $mb_conf['mbAdditionalPages'] > 0))
@@ -60 +60 @@
   'LANGUAGE_NAME' => l10n('Default'),
   'LANGUAGE_CODE' => 'default',
-  'VALUE' => @$conf['additional_pages']['languages']['default'],
+  'VALUE' => @$conf['AP']['languages']['default'],
   )
 );
@@ -68 +68 @@
     'LANGUAGE_NAME' => $language_name,
     'LANGUAGE_CODE' => $language_code,
-    'VALUE' => isset($conf['additional_pages']['languages'][$language_code]) ? $conf['additional_pages']['languages'][$language_code] : '',
+    'VALUE' => isset($conf['AP']['languages'][$language_code]) ? $conf['AP']['languages'][$language_code] : '',
     )
   );
@@ -74 +74 @@
 
 // Parametrage du template
-$template->assign('ap_conf', $conf['additional_pages']);
+$template->assign('ap_conf', $conf['AP']);
 
 if (!isset($mb_conf['mbAdditionalPages']) or $mb_conf['mbAdditionalPages'] == abs($mb_conf['mbAdditionalPages']))

extensions/AdditionalPages/admin/edit_page.inc.php

@@ -14 +14 @@
   @unlink($conf['local_data_dir'].'/additional_pages_backup/' . $_GET['edit'] . '.txt');
 
-  if ($conf['additional_pages']['homepage'] == $_GET['edit'])
+  if ($conf['AP']['homepage'] == $_GET['edit'])
   {
-    $conf['additional_pages']['homepage'] = null;
-    conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['additional_pages'])));
+    $conf['AP']['homepage'] = null;
+    conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['AP'])));
   }
 
@@ -33 +33 @@
 $edited_page['users'] = !empty($edited_page['users']) ? explode(',', $edited_page['users']) : array();
 $edited_page['groups'] = !empty($edited_page['groups']) ? explode(',', $edited_page['groups']) : array();
-$edited_page['homepage'] = $conf['additional_pages']['homepage'] == $edited_page['id'];
+$edited_page['homepage'] = $conf['AP']['homepage'] == $edited_page['id'];
 $edited_page['standalone'] = ($edited_page['standalone'] == 'true');
 

extensions/AdditionalPages/admin/manage.inc.php

@@ -50 +50 @@
 $template->assign(array(
   'F_ACTION' => $my_base_url.'&tab=manage',
-  'HOMEPAGE' => $conf['additional_pages']['homepage'],
+  'HOMEPAGE' => $conf['AP']['homepage'],
   )
 );

extensions/AdditionalPages/admin/upgrade.inc.php

@@ -18 +18 @@
 }
 
-if ($conf['additional_pages'] === false)
+if ($conf['AP'] === false)
 {
   load_conf_from_db('param = "additional_pages"');
@@ -62 +62 @@
     $position = $row['pos'];
     if ($row['pos'] === '0')
-      $position = '-100';
+      $position = '-1000';
     elseif (empty($row['pos']))
       $position = '0';
@@ -70 +70 @@
     $query = '
 UPDATE '.$prefixeTable.'additionalpages
-SET title = "'.addslashes($title).'",
+SET title = "'.pwg_db_real_escape_string($title).'",
     pos = '.$position.',
     lang = '.$language.',
@@ -108 +108 @@
   }
 
-  $conf['additional_pages'] = $new_conf;
+  $conf['AP'] = $new_conf;
 
   conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($new_conf)));
 }
 
-if (!isset($conf['additional_pages']['level_perm']))
+if (!isset($conf['AP']['level_perm']))
 {
   $query = '
@@ -128 +128 @@
   pwg_query($query);
 
-  $conf['additional_pages']['level_perm'] = false;
+  $conf['AP']['level_perm'] = false;
 
-  conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['additional_pages'])));
+  conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['AP'])));
 }
 

extensions/AdditionalPages/main.inc.php

@@ -17 +17 @@
 define('ADD_PAGES_TABLE' , $prefixeTable . 'additionalpages');
 
-$conf['additional_pages'] = @unserialize($conf['additional_pages']);
+$conf['AP'] = @unserialize($conf['additional_pages']);
 
 // Need upgrade?
-if (!isset($conf['additional_pages']['level_perm']))
+if (!isset($conf['AP']['level_perm']))
   include(AP_PATH.'admin/upgrade.inc.php');
 
@@ -39 +39 @@
   $page['ap_homepage'] = (count($tokens) == 1 and empty($tokens[0]));
 
-  if (($tokens[0] == 'page' and !empty($tokens[1])) or ($page['ap_homepage'] and !is_null($conf['additional_pages']['homepage'])))
+  if (($tokens[0] == 'page' and !empty($tokens[1])) or ($page['ap_homepage'] and !is_null($conf['AP']['homepage'])))
     include(AP_PATH . 'additional_page.php');
 
@@ -83 +83 @@
     if (!empty($data))
     {
-      $title = isset($conf['additional_pages']['languages'][$user['language']]) ?
-        $conf['additional_pages']['languages'][$user['language']] :
-        @$conf['additional_pages']['languages']['default'];
+      $title = isset($conf['AP']['languages'][$user['language']]) ?
+        $conf['AP']['languages'][$user['language']] :
+        @$conf['AP']['languages']['default'];
 
       $template->set_template_dir(AP_PATH.'template/');

extensions/AdditionalPages/maintain.inc.php

@@ -39 +39 @@
 
     $query = 'INSERT INTO ' . CONFIG_TABLE . ' (param,value,comment)
-VALUES ("additional_pages" , "'.pwg_db_real_escape_string(serialize($config)).'" , "Additional Pages config configuration");';
+VALUES ("additional_pages" , "'.pwg_db_real_escape_string(serialize($config)).'" , "Additional Pages configuration");';
     pwg_query($query);
   }