[Easymod-cvs] easymod2/mods/easymod/includes admin_easymod.php.txt,1.34,1.35 mod_sql_body.tpl,1.5,1.
Status: Beta
Brought to you by:
wgeric
Menu
▾
▴
[Easymod-cvs] easymod2/mods/easymod/includes admin_easymod.php.txt,1.34,1.35 mod_sql_body.tpl,1.5,1.6
|
From: Markus P. <mar...@us...> - 2005-11-04 21:59:50
|
Update of /cvsroot/easymod/easymod2/mods/easymod/includes In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv27666 Modified Files: admin_easymod.php.txt mod_sql_body.tpl Log Message: Regarding usage of htmlspecialchars, just figured it's going to be a problem to fix existing installtions, hence undoing changes made here. Index: mod_sql_body.tpl =================================================================== RCS file: /cvsroot/easymod/easymod2/mods/easymod/includes/mod_sql_body.tpl,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** mod_sql_body.tpl 4 Nov 2005 05:14:10 -0000 1.5 --- mod_sql_body.tpl 4 Nov 2005 21:59:42 -0000 1.6 *************** *** 195,199 **** {HIDDEN} <input type="hidden" name="mode" value="{MODE}" /> - <input type="hidden" name="SQL_lines" value="{SQL_LINES}" /> <input type="hidden" name="themes" value="{THEMES}" /> <input type="hidden" name="languages" value="{LANGUAGES}" /> --- 195,198 ---- Index: admin_easymod.php.txt =================================================================== RCS file: /cvsroot/easymod/easymod2/mods/easymod/includes/admin_easymod.php.txt,v retrieving revision 1.34 retrieving revision 1.35 diff -C2 -d -r1.34 -r1.35 *** admin_easymod.php.txt 4 Nov 2005 05:14:10 -0000 1.34 --- admin_easymod.php.txt 4 Nov 2005 21:59:42 -0000 1.35 *************** *** 249,253 **** if ((stristr($buffer, 'MOD Title:')) || (($mod_title == '') && (stristr( $buffer, 'Title:')))) { ! $mod_title = trim(substr($buffer, strpos($buffer, ":")+1)); $getting_desc = 0; } --- 249,253 ---- if ((stristr($buffer, 'MOD Title:')) || (($mod_title == '') && (stristr( $buffer, 'Title:')))) { ! $mod_title = htmlspecialchars(trim(substr($buffer, strpos($buffer, ":")+1))); $getting_desc = 0; } *************** *** 294,300 **** $left = strpos( $orig, "<")+1; $len = strpos( $orig, ">") - $left; ! $mod_author_email = trim(substr($orig, $left, $len)); ! $mod_author_handle = trim(substr($orig, 0, $left-1)); ! $mod_author_url = trim(substr($orig, $left + $len +1)); } --- 294,300 ---- $left = strpos( $orig, "<")+1; $len = strpos( $orig, ">") - $left; ! $mod_author_email = htmlspecialchars(trim(substr($orig, $left, $len))); ! $mod_author_handle = htmlspecialchars(trim(substr($orig, 0, $left-1))); ! $mod_author_url = htmlspecialchars(trim(substr($orig, $left + $len +1))); } *************** *** 304,312 **** $left = strpos( $orig, "(")+1; $len = strpos( $orig, ")") - $left; ! $mod_author_name = trim(substr($orig, $left, $len)); ! $mod_author_url = trim(substr($orig, $left + $len +1)); if ( $mod_author_handle == '') { ! $mod_author_handle = trim(substr( $orig, 0, $left-1)); } } --- 304,312 ---- $left = strpos( $orig, "(")+1; $len = strpos( $orig, ")") - $left; ! $mod_author_name = htmlspecialchars(trim(substr($orig, $left, $len))); ! $mod_author_url = htmlspecialchars(trim(substr($orig, $left + $len +1))); if ( $mod_author_handle == '') { ! $mod_author_handle = htmlspecialchars(trim(substr($orig, 0, $left-1))); } } *************** *** 315,319 **** else if ($mod_author_handle == '') { ! $mod_author_handle = $orig; } --- 315,319 ---- else if ($mod_author_handle == '') { ! $mod_author_handle = htmlspecialchars($orig); } *************** *** 330,339 **** if (strstr($url_array[$url], 'http:')) { ! $mod_author_url = $url_array[$url]; // if we didn't get a proper real name, then use whatever was in front of the url if ($mod_author_name == '') { ! $mod_author_name = $pos_name; } break; --- 330,339 ---- if (strstr($url_array[$url], 'http:')) { ! $mod_author_url = htmlspecialchars($url_array[$url]); // if we didn't get a proper real name, then use whatever was in front of the url if ($mod_author_name == '') { ! $mod_author_name = htmlspecialchars($pos_name); } break; *************** *** 351,359 **** if (($mod_author_handle == '') && ($mod_author_name != '')) { ! $mod_author_handle = $mod_author_name; } else if (($mod_author_handle == '') && ($mod_author_email != '')) { ! $mod_author_handle = $mod_author_email; } --- 351,359 ---- if (($mod_author_handle == '') && ($mod_author_name != '')) { ! $mod_author_handle = htmlspecialchars($mod_author_name); } else if (($mod_author_handle == '') && ($mod_author_email != '')) { ! $mod_author_handle = htmlspecialchars($mod_author_email); } *************** *** 364,368 **** else if ((stristr($buffer, 'MOD Description:')) || (($mod_description == '') && (stristr( $buffer, 'Description:')))) { ! $mod_description = trim(substr($buffer, strpos($buffer, ":")+1)); $getting_desc = 1; } --- 364,368 ---- else if ((stristr($buffer, 'MOD Description:')) || (($mod_description == '') && (stristr( $buffer, 'Description:')))) { ! $mod_description = htmlspecialchars(trim(substr($buffer, strpos($buffer, ":")+1))); $getting_desc = 1; } *************** *** 371,375 **** else if ((stristr( $buffer, 'MOD Version:')) || (($mod_description == '') && (stristr( $buffer, 'Version:')))) { ! $mod_version = trim(substr($buffer, strpos($buffer, ":")+1)); $getting_desc = 0; } --- 371,375 ---- else if ((stristr( $buffer, 'MOD Version:')) || (($mod_description == '') && (stristr( $buffer, 'Version:')))) { ! $mod_version = htmlspecialchars(trim(substr($buffer, strpos($buffer, ":")+1))); $getting_desc = 0; } *************** *** 379,383 **** { $new_line = ' ' . trim(substr($buffer, 2)); ! $mod_description .= $new_line; $getting_desc = ($getting_desc >= 3) ? 0 : $getting_desc + 1; } --- 379,383 ---- { $new_line = ' ' . trim(substr($buffer, 2)); ! $mod_description .= htmlspecialchars($new_line); $getting_desc = ($getting_desc >= 3) ? 0 : $getting_desc + 1; } *************** *** 665,669 **** $install_file = ( !empty($HTTP_POST_VARS['install_file']) ) ? stripslashes(trim($HTTP_POST_VARS['install_file'])) : ''; $install_path = ( !empty($HTTP_POST_VARS['install_path']) ) ? stripslashes(trim($HTTP_POST_VARS['install_path'])) : ''; - $SQL_lines = ( isset($HTTP_POST_VARS['SQL_lines']) ) ? intval($HTTP_POST_VARS['SQL_lines']) : 0; // 0.0.11 preview mode --- 665,668 ---- *************** *** 1094,1101 **** 'ROW_CLASS' => $row_class, 'INSTALL_DATE' => create_date($board_config['default_dateformat'], $row['mod_process_date'], $board_config['board_timezone']), ! 'TITLE' => htmlspecialchars($row['mod_title']), ! 'VERSION' => htmlspecialchars($row['mod_version']), ! 'AUTHOR' => htmlspecialchars($row['mod_author_handle']), ! 'URL' => htmlspecialchars($row['mod_author_url']), 'PHPBB_VER' => $row['mod_phpBB_version'], --- 1093,1100 ---- 'ROW_CLASS' => $row_class, 'INSTALL_DATE' => create_date($board_config['default_dateformat'], $row['mod_process_date'], $board_config['board_timezone']), ! 'TITLE' => $row['mod_title'], ! 'VERSION' => $row['mod_version'], ! 'AUTHOR' => $row['mod_author_handle'], ! 'URL' => $row['mod_author_url'], 'PHPBB_VER' => $row['mod_phpBB_version'], *************** *** 1106,1111 **** ///////////////// blah, what about schema name? ///////////////// ! 'THEMES' => htmlspecialchars($row['mod_processed_themes']), ! 'LANGS' => htmlspecialchars($row['mod_processed_langs'])) ); $total_mods++; --- 1105,1110 ---- ///////////////// blah, what about schema name? ///////////////// ! 'THEMES' => $row['mod_processed_themes'], ! 'LANGS' => $row['mod_processed_langs']) ); $total_mods++; *************** *** 1246,1261 **** $template->assign_vars(array( ! 'TITLE' => htmlspecialchars($row['mod_title']), ! 'VERSION' => htmlspecialchars($row['mod_version']), 'MOD_FILE' => $mod_file, ! 'DESCRIPTION' => htmlspecialchars($row['mod_description']), ! 'AUTHOR' => htmlspecialchars($row['mod_author_handle']), ! 'EMAIL' => htmlspecialchars($row['mod_author_email']), ! 'REAL_NAME' => htmlspecialchars($row['mod_author_name']), ! 'URL' => htmlspecialchars($row['mod_author_url']), 'DATE' => create_date($board_config['default_dateformat'], $row['mod_process_date'], $board_config['board_timezone']), 'PHPBB_VERSION' => $row['mod_phpBB_version'], ! 'THEMES' => htmlspecialchars($row['mod_processed_themes']), ! 'LANGUAGES' => htmlspecialchars($row['mod_processed_langs']), 'FILES' => $row['mod_files_edited'], 'FILE_LIST' => $epf_list, --- 1245,1260 ---- $template->assign_vars(array( ! 'TITLE' => $row['mod_title'], ! 'VERSION' => $row['mod_version'], 'MOD_FILE' => $mod_file, ! 'DESCRIPTION' => $row['mod_description'], ! 'AUTHOR' => $row['mod_author_handle'], ! 'EMAIL' => $row['mod_author_email'], ! 'REAL_NAME' => $row['mod_author_name'], ! 'URL' => $row['mod_author_url'], 'DATE' => create_date($board_config['default_dateformat'], $row['mod_process_date'], $board_config['board_timezone']), 'PHPBB_VERSION' => $row['mod_phpBB_version'], ! 'THEMES' => $row['mod_processed_themes'], ! 'LANGUAGES' => $row['mod_processed_langs'], 'FILES' => $row['mod_files_edited'], 'FILE_LIST' => $epf_list, *************** *** 1549,1557 **** $template->assign_block_vars('unprocessed', array( 'ROW_CLASS' => $row_class, ! 'MOD_TITLE' => htmlspecialchars($mod_title), ! 'MOD_AUTHOR' => htmlspecialchars($mod_author_handle), ! 'MOD_URL' => htmlspecialchars($mod_author_url), ! 'MOD_VERSION' => htmlspecialchars($mod_version), ! 'MOD_DESC' => htmlspecialchars($mod_description), 'MOD_EMC' => ($compliant) ? '<img src="../templates/subSilver/images/emc.gif">' : $lang['No'], 'MOD_PATH' => $path . '/', --- 1548,1556 ---- $template->assign_block_vars('unprocessed', array( 'ROW_CLASS' => $row_class, ! 'MOD_TITLE' => $mod_title, ! 'MOD_AUTHOR' => $mod_author_handle, ! 'MOD_URL' => $mod_author_url, ! 'MOD_VERSION' => $mod_version, ! 'MOD_DESC' => $mod_description, 'MOD_EMC' => ($compliant) ? '<img src="../templates/subSilver/images/emc.gif">' : $lang['No'], 'MOD_PATH' => $path . '/', *************** *** 2802,2815 **** 'INSTALL_PATH' => $print_path, ! 'TITLE' => htmlspecialchars($mod_title), ! 'VERSION' => htmlspecialchars($mod_version), 'MOD_FILE' => $install_file, ! 'AUTHOR' => htmlspecialchars($mod_author_handle), ! 'EMAIL' => htmlspecialchars($mod_author_email), ! 'REAL_NAME' => htmlspecialchars($mod_author_name), ! 'URL' => htmlspecialchars($mod_author_url), ! 'THEMES' => htmlspecialchars($mod_themes), ! 'LANGUAGES' => htmlspecialchars($mod_langs), 'FILES' => $files_edited, 'PROCESSED' => $num_processed, --- 2801,2814 ---- 'INSTALL_PATH' => $print_path, ! 'TITLE' => $mod_title, ! 'VERSION' => $mod_version, 'MOD_FILE' => $install_file, ! 'AUTHOR' => $mod_author_handle, ! 'EMAIL' => $mod_author_email, ! 'REAL_NAME' => $mod_author_name, ! 'URL' => $mod_author_url, ! 'THEMES' => $mod_themes, ! 'LANGUAGES' => $mod_langs, 'FILES' => $files_edited, 'PROCESSED' => $num_processed, *************** *** 2860,2864 **** 'L_NEXT_STEP' => $lang['EM_next_step'], ! 'TITLE' => htmlspecialchars($mod_title), 'INSTALL_PATH' => $print_path, --- 2859,2863 ---- 'L_NEXT_STEP' => $lang['EM_next_step'], ! 'TITLE' => $mod_title, 'INSTALL_PATH' => $print_path, *************** *** 3111,3120 **** 'L_FOLLOWING_ERROR' => $lang['EM_following_error'], ! 'THEMES' => htmlspecialchars($themes), ! 'LANGUAGES' => htmlspecialchars($languages), 'FILES' => $files, 'PROCESSED' => $num_proc, 'UNPROCESSED' => $num_unproc, - 'SQL_LINES' => $num_sql_lines, 'MOD_FILE' => $install_file, 'MOD_PATH' => $install_path, --- 3110,3118 ---- 'L_FOLLOWING_ERROR' => $lang['EM_following_error'], ! 'THEMES' => $themes, ! 'LANGUAGES' => $languages, 'FILES' => $files, 'PROCESSED' => $num_proc, 'UNPROCESSED' => $num_unproc, 'MOD_FILE' => $install_file, 'MOD_PATH' => $install_path, *************** *** 3239,3249 **** 'L_COMPLETE' => $lang['EM_complete_install'], ! 'THEMES' => htmlspecialchars($themes), ! 'LANGUAGES' => htmlspecialchars($languages), 'FILES' => $files, 'PROCESSED' => $num_proc, 'UNPROCESSED' => $num_unproc, - // 'SQL_LINES' => $i, - 'SQL_LINES' => $num_sql_lines, 'MOD_FILE' => $install_file, 'MOD_PATH' => $install_path, --- 3237,3245 ---- 'L_COMPLETE' => $lang['EM_complete_install'], ! 'THEMES' => $themes, ! 'LANGUAGES' => $languages, 'FILES' => $files, 'PROCESSED' => $num_proc, 'UNPROCESSED' => $num_unproc, 'MOD_FILE' => $install_file, 'MOD_PATH' => $install_path, *************** *** 3474,3490 **** 'INSTALL_PATH' => $print_path, ! 'TITLE' => htmlspecialchars($mod_title), ! 'VERSION' => htmlspecialchars($mod_version), 'MOD_FILE' => $install_file, ! 'AUTHOR' => htmlspecialchars($mod_author_handle), ! 'EMAIL' => htmlspecialchars($mod_author_email), ! 'REAL_NAME' => htmlspecialchars($mod_author_name), ! 'URL' => htmlspecialchars($mod_author_url), 'MOD_FILE' => $install_file, 'MOD_PATH' => $install_path, 'MOD_COUNT' => $mod_count, ! 'THEMES' => htmlspecialchars($themes), ! 'LANGUAGES' => htmlspecialchars($languages), 'FILES' => $files, 'PROCESSED' => $num_proc, --- 3470,3486 ---- 'INSTALL_PATH' => $print_path, ! 'TITLE' => $mod_title, ! 'VERSION' => $mod_version, 'MOD_FILE' => $install_file, ! 'AUTHOR' => $mod_author_handle, ! 'EMAIL' => $mod_author_email, ! 'REAL_NAME' => $mod_author_name, ! 'URL' => $mod_author_url, 'MOD_FILE' => $install_file, 'MOD_PATH' => $install_path, 'MOD_COUNT' => $mod_count, ! 'THEMES' => $themes, ! 'LANGUAGES' => $languages, 'FILES' => $files, 'PROCESSED' => $num_proc, |
