Menu
▾
▴
helpmeict-cvs
|
From: Scott P. <wht...@us...> - 2007-09-11 20:21:09
|
Update of /cvsroot/helpmeict/Helpdesk In directory sc8-pr-cvs17:/tmp/cvs-serv7056 Modified Files: details.php priorities.php problemcategories.php Log Message: More elegant way of sanitizing inputs and assinging GET/POST/REQUEST variables. Index: priorities.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/priorities.php,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** priorities.php 7 Feb 2007 01:20:04 -0000 1.5 --- priorities.php 11 Sep 2007 20:21:01 -0000 1.6 *************** *** 1,326 **** ! <?php ! ! /* ! ! priorities.php ! ! Priority Admin. Allows the user to administer the list of priorities ! for this domain an put them in order. The order given is from lowest ! severity to highest. [Commented] ! ! Changelog: ! 2006-01-14 dave: Cleaned up code for v1.0 release ! ! ## PAGE CONTAINS HANDYANDY MYSQL MODS ## ! ## Copyright (C) 2005 Andy Deakin (handyandy.org.uk) ## ! ! ---- ! ! Copyright (C) 2003 Central Manchester CLC ! Copyright (C) 2003 David Thorne (dav...@gm...) ! ! This program is free software; you can redistribute it and/or ! modify it under the terms of the GNU General Public License ! as published by the Free Software Foundation version 2. ! ! This program is distributed in the hope that it will be useful, ! but WITHOUT ANY WARRANTY; without even the implied warranty of ! MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ! GNU General Public License for more details. ! ! You should have received a copy of the GNU General Public License ! along with this program; if not, write to the Free Software ! Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ! ! */ ! ! // Start session and populate it with data ! session_start(); ! ! // Page security ! if ($_SESSION['_usertype'] != 'Administrator' ! && $_SESSION['_usertype'] != 'Domain Administrator' ! && $_SESSION['_usertype'] != 'Root') { ! require_once 'system/security.php'; ! ThrowOut(); ! } ! ! // Page Title ! $ptitle = 'Priorities'; ! ! // Includes ! require_once 'system/db.php'; ! require_once 'system/lang.php'; ! require_once 'system/message.php'; ! require 'header.php'; ! ! // Language selection ! set_text_domain("priorities"); ! ! // Retrieve Get/Post variables ! $act = $_REQUEST['act']; ! $priority = $_POST['priority']; ! $class = $_POST['class']; ! $priorities = $_REQUEST['priorities']; ! ! // Action: Add a priority to the system ! if ($act == 'addpriorityaction') { ! $act = 'addpriority'; ! // Make sure the priority has a name ! if ($priority == '') { ! $message = gettext("CORRECTION: You must give this priority a name."); ! } else { ! $prioritycount = db_recordset("SELECT * FROM tbl_Priorities WHERE active=1 AND domain=$_SESSION[_domain] AND id>0"); ! $priorities = ''; ! // Add the priority ! db_send("INSERT INTO tbl_Priorities (priority,class,domain,sortorder) VALUES ('" . $priority . "'," . $class . "," . $_SESSION['_domain'] . ',' . count($prioritycount) . ")"); ! ! $act = ''; ! $message = gettext("NOTE: Priority successfully added to system."); ! } ! } ! ! // Action: Request details to add a priority to the system ! if ($act == 'addpriority') { ! ! if ($message) { display($message); } ! ?> ! ! <h1><?php echo gettext('Priority Admin')?></h1> ! <h2><?php echo gettext('Please enter the following information to add a priority:')?></h2> ! ! <div class="block"> ! <form name="mainform" method="post" action=""> ! <input type="hidden" name="act" value="addpriorityaction" /> ! <div class="labelfieldpair"> ! <div class="name"><label for="priority"><?php echo gettext('Priority Name')?></label></div> ! <div class="field"><input type="text" name="priority" id="priority" size="35" maxlength="50" value="<?php echo $priority?>" /></div> ! </div> ! <div class="labelfieldpair"> ! <div class="name"> ! <label for="class"><?php echo gettext('Tag Colour')?>:</label> ! </div> ! <div class="field"> ! <select name="class" id="class"> ! <option value="2"><?php echo gettext('Red')?></option> ! <option value="1"><?php echo gettext('Yellow')?></option> ! <option value="0" selected="selected"><?php echo gettext('Green')?></option> ! </select> ! </div> ! </div> ! <div class="buttonpanel"> ! <input name="submit" type="submit" id="submit" value="<?php echo gettext('Add Priority')?>" /> ! <input name="reset" type="reset" id="reset" value="<?php echo gettext('Reset')?>" /> ! <input name="cancel" type="button" id="cancel" value="<?php echo gettext('Cancel')?>" onclick="document.location='priorities.php?priorities=<?php echo $priorities?>'" /> ! </div> ! </form> ! </div> ! ! <?php ! } ! ! // Action: Edit a priority ! if ($act == 'editpriorityaction') { ! $act = 'editpriority'; ! // Make sure the priority has a name ! if ($priority == '') { ! $message = gettext("CORRECTION: You must give this priority a name."); ! } else { ! // Edit the priority ! db_send("UPDATE tbl_Priorities SET priority='" . $priority . "',class=" . $class . " WHERE id=$priorities"); ! $message = gettext("NOTE: Priority successfully updated."); ! $act = ''; ! } ! } ! ! // Action: Move a priority up ! if ($act == 'up') { ! // Find this priority's sort order ! $priority = db_recordset("SELECT sortorder,active FROM tbl_Priorities WHERE id=$priorities"); ! ! // Only change the ordering of active priorities ! if ($priority[0][active] == 1) { ! // Only move a priority up if it isn't at the top already ! if ($priority[0][sortorder] > 0) { ! // Find the priority that is one in line above it ! $newpriority = db_recordset("SELECT id FROM tbl_Priorities WHERE domain=$_SESSION[_domain] AND active=1 AND sortorder=" . ($priority[0][sortorder]-1)); ! // Swap the sort orders for the two priorities ! db_send("UPDATE tbl_Priorities SET sortorder=" . ($priority[0][sortorder]-1) . " WHERE id=$priorities"); ! db_send("UPDATE tbl_Priorities SET sortorder=" . $priority[0][sortorder] . " WHERE id=" . $newpriority[0][id]); ! } ! } else { ! $message = gettext("CORRECTION: You cannot change the precedence of an inactive item."); ! } ! ! $act = ''; ! } ! ! // Action: Move a priority down ! if ($act == 'down') { ! // Find the lowest priority ! $prioritiesRS = db_recordset("SELECT * FROM tbl_Priorities WHERE domain=$_SESSION[_domain] AND active=1"); ! // Find this priority's sort order ! $priority = db_recordset("SELECT sortorder,active FROM tbl_Priorities WHERE id=$priorities"); ! ! // Only change the ordering of active priorities ! if ($priority[0][active] == 1) { ! // Only move a priority down if it isn't at the bottom already ! if ($priority[0][sortorder] < (count($prioritiesRS)-1)) { ! // Find the priority that is one in line below it ! $newpriority = db_recordset("SELECT id FROM tbl_Priorities WHERE domain=$_SESSION[_domain] AND active=1 AND sortorder=" . ($priority[0][sortorder]+1)); ! // Swap the sort orders for the two priorities ! db_send("UPDATE tbl_Priorities SET sortorder=" . ($priority[0][sortorder]+1) . " WHERE id=$priorities"); ! db_send("UPDATE tbl_Priorities SET sortorder=" . $priority[0][sortorder] . " WHERE id=" . $newpriority[0][id]); ! } ! } else { ! $message = gettext("CORRECTION: You cannot change the precedence of an inactive item."); ! } ! ! $act = ''; ! } ! ! // Action: Remove a priority from the system ! if ($act == 'removepriority') { ! // Find the sort order of this priority ! $priority = db_recordset("SELECT sortorder FROM tbl_Priorities WHERE id=$priorities"); ! // deactivate it and negate the sort order ! db_send("UPDATE tbl_Priorities SET active=0,sortorder=-1 WHERE id=$priorities"); ! // change all the higher sort orders in order to fill the gap that has now been made ! db_send("UPDATE tbl_Priorities SET sortorder=sortorder-1 WHERE domain=$_SESSION[_domain] AND active=1 AND sortorder>" . $priority[0][sortorder]); ! $act = ''; ! $priorities = ''; ! $message = gettext("NOTE: Priority successfully removed."); ! } ! ! // Action: Request details to edit a priority ! if ($act == 'editpriority') { ! ! // Retrieve Priority information ! $prioritiesRS = db_recordset("SELECT * FROM tbl_Priorities WHERE id=" . $priorities); ! ! if ($message) { display($message); } ! ?> ! ! <h1><?php echo gettext('Priority Admin')?></h1> ! <h2><?php echo gettext('Please enter the following information to edit a priority:')?></h2> ! ! <div class="block"> ! <form name="mainform" method="post" action=""> ! <input type="hidden" name="act" value="editpriorityaction" /> ! <input type="hidden" name="priorities" value="<?php echo $priorities?>" /> ! <div class="labelfieldpair"> ! <div class="name"><label for="priority"><?php echo gettext('Priority Name')?></label></div> ! <div class="field"><input type="text" name="priority" id="priority" size="35" maxlength="50" value="<?php echo $prioritiesRS[0][priority]?>"></div> ! </div> ! <div class="labelfieldpair"> ! <div class="name"> ! <label for="class"><?php echo gettext('Tag Colour')?>:</label> ! </div> ! <div class="field"> ! <?php ! if ($prioritiesRS[0]['class'] == 0) $class_green=' selected="selected"'; ! if ($prioritiesRS[0]['class'] == 1) $class_yellow=' selected="selected"'; ! if ($prioritiesRS[0]['class'] == 2) $class_red=' selected="selected"'; ! ?> ! <select name="class" id="class"> ! <option value="2"<?php echo $class_red?>><?php echo gettext('Red')?></option> ! <option value="1"<?php echo $class_yellow?>><?php echo gettext('Yellow')?></option> ! <option value="0"<?php echo $class_green?>><?php echo gettext('Green')?></option> ! </select> ! </div> ! </div> ! <div class="buttonpanel"> ! <input name="submit" type="submit" id="submit" value="<?php echo gettext('Submit Changes')?>" /> ! <input name="reset" type="reset" id="reset" value="<?php echo gettext('Reset')?>" /> ! <input name="cancel" type="button" id="cancel" value="<?php echo gettext('Cancel')?>" onclick="document.location='priorities.php?priorities=<?php echo $priorities?>'" /> ! </div> ! </form> ! </div> ! ! <?php ! } ! ! // Default action: Show priorities and invite user to choose action... ! if ($act == '') { ! // Retrieve priorities ! $sql = "SELECT * FROM tbl_Priorities WHERE domain=$_SESSION[_domain]"; ! if ($_SESSION['_usertype'] != 'Root') { ! $sql .= " AND active=1"; ! } ! $sql .= " ORDER BY active DESC,sortorder"; ! $prioritiesRS = db_recordset($sql); ! $num_priorities = count($prioritiesRS); ! ! if (!$priorities) $priorities=$prioritiesRS[0][id]; ! ! if ($message) { display($message); } ! ?> ! ! <script language="javascript" type="text/javascript"> ! //<![CDATA[ ! <!-- ! ! function mainSubmit (act) { ! var flag = true; ! if ((act == 'removepriority' || act == 'editpriority') && document.mainform.priorities.value == 0) { ! alert('<?php echo gettext('There are no priorities on which to action your request.')?>'); ! flag = false; ! } ! if (act == 'removepriority' && flag && !confirm('<?php echo gettext('Are you sure you wish to delete this priority?')?>')) flag = false; ! if (flag) { ! document.mainform.act.value=act; ! document.mainform.submit(); ! } ! } ! ! //--> ! //]]> ! </script> ! ! <h1><?php echo gettext('Priority Admin')?></h1> ! <h2><?php echo gettext('Please use the lists below to administer the priorities of issues in this system:')?></h2> ! ! <div class="block"> ! <p><?php echo gettext('The first priority in this list is of lowest priority, and movement through the list would be synonymous with an increase in severity.')?></p> ! <form name="mainform" id="mainform" method="post" action=""> ! <input type="hidden" name="act" value="" /> ! <div class="columnleft"> ! <div class="labelright"><label for="priorities"><?php echo gettext('Priorities')?></label></div> ! <div class="columnright"> ! <input type="button" value="<?php echo gettext('New')?>..." onclick="mainSubmit('addpriority')" /><br /> ! <input type="button" value="<?php echo gettext('Edit')?>" onclick="mainSubmit('editpriority')" /><br /> ! <input type="button" value="<?php echo gettext('Delete')?>" onclick="mainSubmit('removepriority')" /> ! </div> ! <div class="columnleft"> ! <select name="priorities" id="priorities" size="10"> ! <?php ! if ($num_priorities == 0) { ! print (" <option value=\"0\" selected=\"selected\">[".gettext('No Priorities')."]</option>\n"); ! } ! foreach ($prioritiesRS as $record) { ! // Set as default if this was previously chosen ! if ($record[id] == $priorities) {$checked = " selected=\"selected\"";} else {$checked = '';}; ! if ($record[active] == 0) {$style = " class=\"inactive\"";} else {$style = '';}; ! print (" <option value=\"${record[id]}\"${checked}${style}>${record[priority]}</option>\n"); ! } ! ?> ! </select> ! </div> ! </div> ! <div class="columnleft"> ! <div class="labelleft"> </div> ! <div class="columnleft"> ! <input type="button" value="<?php echo gettext('Up')?>" onclick="mainSubmit('up')" /><br /> ! <input type="button" value="<?php echo gettext('Down')?>" onclick="mainSubmit('down')" /><br /> ! </div> ! </div> ! </form> ! <hr class="hide" /> ! </div> ! ! <?php ! } ! ! // Include ! require 'footer.php'; ! ?> --- 1,395 ---- ! <?php ! ! /* ! ! priorities.php ! ! Priority Admin. Allows the user to administer the list of priorities ! for this domain an put them in order. The order given is from lowest ! severity to highest. [Commented] ! ! Changelog: ! 2006-01-14 dave: Cleaned up code for v1.0 release ! ! ## PAGE CONTAINS HANDYANDY MYSQL MODS ## ! ## Copyright (C) 2005 Andy Deakin (handyandy.org.uk) ## ! ! ---- ! ! Copyright (C) 2003 Central Manchester CLC ! Copyright (C) 2003 David Thorne (dav...@gm...) ! ! This program is free software; you can redistribute it and/or ! modify it under the terms of the GNU General Public License ! as published by the Free Software Foundation version 2. ! ! This program is distributed in the hope that it will be useful, ! but WITHOUT ANY WARRANTY; without even the implied warranty of ! MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ! GNU General Public License for more details. ! ! You should have received a copy of the GNU General Public License ! along with this program; if not, write to the Free Software ! Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ! ! */ ! ! // Start session and populate it with data ! session_start(); ! ! // Page security ! if (isset($_SESSION['_usertype'])) { ! if ($_SESSION['_usertype'] != 'Administrator' ! && $_SESSION['_usertype'] != 'Domain Administrator' ! && $_SESSION['_usertype'] != 'Root') { ! require_once 'system/security.php'; ! ThrowOut(); ! } ! } ! else { ! require_once 'system/security.php'; ! ThrowOut(); ! } ! ! // Page Title ! $ptitle = 'Priorities'; ! ! // Includes ! require_once 'system/db.php'; ! require_once 'system/lang.php'; ! require_once 'system/message.php'; ! require 'header.php'; ! ! global $act, $message, $priority, $priorities, $class_green, $class_red, $class_yellow; ! // Language selection ! set_text_domain("priorities"); ! ! // Retrieve Get/Post variables ! foreach($_POST as $key => $val) { ! // scrubbing the field NAME... ! if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.'); ! if(is_array($_POST[$key])) { ! foreach ($_POST[$key] as $key2 => $val2) { ! if (get_magic_quotes_gpc()) { ! $_POST[$key2][$val2] = addslashes(htmlentities(strip_tags($val2), ENT_QUOTES)); ! } ! else { ! $_POST[$key2][$val2] = htmlentities(strip_tags($val2), ENT_QUOTES); ! } ! } ! } ! else { ! if (get_magic_quotes_gpc()) { ! $_POST[$key] = addslashes(htmlentities(strip_tags($val), ENT_QUOTES)); ! } ! else { ! $_POST[$key] = htmlentities(strip_tags($val), ENT_QUOTES); ! } ! } ! } ! foreach($_REQUEST as $key => $val) { ! // scrubbing the field NAME... ! if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.'); ! if(is_array($_REQUEST[$key])) { ! foreach ($_REQUEST[$key] as $key2 => $val2) { ! if (get_magic_quotes_gpc()) { ! $_REQUEST[$key2][$val2] = addslashes(htmlentities(strip_tags($val2), ENT_QUOTES)); ! } ! else { ! $_REQUEST[$key2][$val2] = htmlentities(strip_tags($val2), ENT_QUOTES); ! } ! } ! } ! else { ! if (get_magic_quotes_gpc()) { ! $_REQUEST[$key] = addslashes(htmlentities(strip_tags($val), ENT_QUOTES)); ! } ! else { ! $_REQUEST[$key] = htmlentities(strip_tags($val), ENT_QUOTES); ! } ! } ! } ! ! $postarg = Array( ! 'priority', ! 'class' ! ); ! ! $requestarg = Array( ! 'act', ! 'priorities' ! ); ! ! foreach ($postarg as $post) { ! if (isset($_POST[$post])) { ! $$post = $_POST[$post]; ! } ! } ! ! foreach ($requestarg as $request) { ! if (isset($_REQUEST[$request])) { ! $$request = $_REQUEST[$request]; ! } ! } ! ! // Action: Add a priority to the system ! if ($act == 'addpriorityaction') { ! $act = 'addpriority'; ! // Make sure the priority has a name ! if ($priority == '') { ! $message = gettext("CORRECTION: You must give this priority a name."); ! } else { ! $prioritycount = db_recordset("SELECT * FROM tbl_Priorities WHERE active=1 AND domain=$_SESSION[_domain] AND id>0"); ! $priorities = ''; ! // Add the priority ! db_send("INSERT INTO tbl_Priorities (priority,class,domain,sortorder) VALUES ('" . $priority . "'," . $class . "," . $_SESSION['_domain'] . ',' . count($prioritycount) . ")"); ! ! $act = ''; ! $message = gettext("NOTE: Priority successfully added to system."); ! } ! } ! ! // Action: Request details to add a priority to the system ! if ($act == 'addpriority') { ! ! if ($message) { display($message); } ! ?> ! ! <h1><?php echo gettext('Priority Admin')?></h1> ! <h2><?php echo gettext('Please enter the following information to add a priority:')?></h2> ! ! <div class="block"> ! <form name="mainform" method="post" action=""> ! <input type="hidden" name="act" value="addpriorityaction" /> ! <div class="labelfieldpair"> ! <div class="name"><label for="priority"><?php echo gettext('Priority Name')?></label></div> ! <div class="field"><input type="text" name="priority" id="priority" size="35" maxlength="50" value="<?php echo $priority?>" /></div> ! </div> ! <div class="labelfieldpair"> ! <div class="name"> ! <label for="class"><?php echo gettext('Tag Colour')?>:</label> ! </div> ! <div class="field"> ! <select name="class" id="class"> ! <option value="2"><?php echo gettext('Red')?></option> ! <option value="1"><?php echo gettext('Yellow')?></option> ! <option value="0" selected="selected"><?php echo gettext('Green')?></option> ! </select> ! </div> ! </div> ! <div class="buttonpanel"> ! <input name="submit" type="submit" id="submit" value="<?php echo gettext('Add Priority')?>" /> ! <input name="reset" type="reset" id="reset" value="<?php echo gettext('Reset')?>" /> ! <input name="cancel" type="button" id="cancel" value="<?php echo gettext('Cancel')?>" onclick="document.location='priorities.php?priorities=<?php echo $priorities?>'" /> ! </div> ! </form> ! </div> ! ! <?php ! } ! ! // Action: Edit a priority ! if ($act == 'editpriorityaction') { ! $act = 'editpriority'; ! // Make sure the priority has a name ! if ($priority == '') { ! $message = gettext("CORRECTION: You must give this priority a name."); ! } else { ! // Edit the priority ! db_send("UPDATE tbl_Priorities SET priority='" . $priority . "',class=" . $class . " WHERE id=$priorities"); ! $message = gettext("NOTE: Priority successfully updated."); ! $act = ''; ! } ! } ! ! // Action: Move a priority up ! if ($act == 'up') { ! // Find this priority's sort order ! $priority = db_recordset("SELECT sortorder,active FROM tbl_Priorities WHERE id=$priorities"); ! ! // Only change the ordering of active priorities ! if ($priority[0]['active'] == 1) { ! // Only move a priority up if it isn't at the top already ! if ($priority[0]['sortorder'] > 0) { ! // Find the priority that is one in line above it ! $newpriority = db_recordset("SELECT id FROM tbl_Priorities WHERE domain=$_SESSION[_domain] AND active=1 AND sortorder=" . ($priority[0]['sortorder']-1)); ! // Swap the sort orders for the two priorities ! db_send("UPDATE tbl_Priorities SET sortorder=" . ($priority[0]['sortorder']-1) . " WHERE id=$priorities"); ! db_send("UPDATE tbl_Priorities SET sortorder=" . $priority[0]['sortorder'] . " WHERE id=" . $newpriority[0]['id']); ! } ! } else { ! $message = gettext("CORRECTION: You cannot change the precedence of an inactive item."); ! } ! ! $act = ''; ! } ! ! // Action: Move a priority down ! if ($act == 'down') { ! // Find the lowest priority ! $prioritiesRS = db_recordset("SELECT * FROM tbl_Priorities WHERE domain=$_SESSION[_domain] AND active=1"); ! // Find this priority's sort order ! $priority = db_recordset("SELECT sortorder,active FROM tbl_Priorities WHERE id=$priorities"); ! ! // Only change the ordering of active priorities ! if ($priority[0]['active'] == 1) { ! // Only move a priority down if it isn't at the bottom already ! if ($priority[0]['sortorder'] < (count($prioritiesRS)-1)) { ! // Find the priority that is one in line below it ! $newpriority = db_recordset("SELECT id FROM tbl_Priorities WHERE domain=$_SESSION[_domain] AND active=1 AND sortorder=" . ($priority[0]['sortorder']+1)); ! // Swap the sort orders for the two priorities ! db_send("UPDATE tbl_Priorities SET sortorder=" . ($priority[0]['sortorder']+1) . " WHERE id=$priorities"); ! db_send("UPDATE tbl_Priorities SET sortorder=" . $priority[0]['sortorder'] . " WHERE id=" . $newpriority[0]['id']); ! } ! } else { ! $message = gettext("CORRECTION: You cannot change the precedence of an inactive item."); ! } ! ! $act = ''; ! } ! ! // Action: Remove a priority from the system ! if ($act == 'removepriority') { ! // Find the sort order of this priority ! $priority = db_recordset("SELECT sortorder FROM tbl_Priorities WHERE id=$priorities"); ! // deactivate it and negate the sort order ! db_send("UPDATE tbl_Priorities SET active=0,sortorder=-1 WHERE id=$priorities"); ! // change all the higher sort orders in order to fill the gap that has now been made ! db_send("UPDATE tbl_Priorities SET sortorder=sortorder-1 WHERE domain=$_SESSION[_domain] AND active=1 AND sortorder>" . $priority[0]['sortorder']); ! $act = ''; ! $priorities = ''; ! $message = gettext("NOTE: Priority successfully removed."); ! } ! ! // Action: Request details to edit a priority ! if ($act == 'editpriority') { ! ! // Retrieve Priority information ! $prioritiesRS = db_recordset("SELECT * FROM tbl_Priorities WHERE id=" . $priorities); ! ! if ($message) { display($message); } ! ?> ! ! <h1><?php echo gettext('Priority Admin')?></h1> ! <h2><?php echo gettext('Please enter the following information to edit a priority:')?></h2> ! ! <div class="block"> ! <form name="mainform" method="post" action=""> ! <input type="hidden" name="act" value="editpriorityaction" /> ! <input type="hidden" name="priorities" value="<?php echo $priorities?>" /> ! <div class="labelfieldpair"> ! <div class="name"><label for="priority"><?php echo gettext('Priority Name')?></label></div> ! <div class="field"><input type="text" name="priority" id="priority" size="35" maxlength="50" value="<?php echo $prioritiesRS[0]['priority']?>"></div> ! </div> ! <div class="labelfieldpair"> ! <div class="name"> ! <label for="class"><?php echo gettext('Tag Colour')?>:</label> ! </div> ! <div class="field"> ! <?php ! if ($prioritiesRS[0]['class'] == 0) $class_green=' selected="selected"'; ! if ($prioritiesRS[0]['class'] == 1) $class_yellow=' selected="selected"'; ! if ($prioritiesRS[0]['class'] == 2) $class_red=' selected="selected"'; ! ?> ! <select name="class" id="class"> ! <option value="2"<?php echo $class_red?>><?php echo gettext('Red')?></option> ! <option value="1"<?php echo $class_yellow?>><?php echo gettext('Yellow')?></option> ! <option value="0"<?php echo $class_green?>><?php echo gettext('Green')?></option> ! </select> ! </div> ! </div> ! <div class="buttonpanel"> ! <input name="submit" type="submit" id="submit" value="<?php echo gettext('Submit Changes')?>" /> ! <input name="reset" type="reset" id="reset" value="<?php echo gettext('Reset')?>" /> ! <input name="cancel" type="button" id="cancel" value="<?php echo gettext('Cancel')?>" onclick="document.location='priorities.php?priorities=<?php echo $priorities?>'" /> ! </div> ! </form> ! </div> ! ! <?php ! } ! ! // Default action: Show priorities and invite user to choose action... ! if ($act == '') { ! // Retrieve priorities ! $sql = "SELECT * FROM tbl_Priorities WHERE domain=$_SESSION[_domain]"; ! if ($_SESSION['_usertype'] != 'Root') { ! $sql .= " AND active=1"; ! } ! $sql .= " ORDER BY active DESC,sortorder"; ! $prioritiesRS = db_recordset($sql); ! $num_priorities = count($prioritiesRS); ! ! if (!$priorities) $priorities=$prioritiesRS[0]['id']; ! ! if ($message) { display($message); } ! ?> ! ! <script language="javascript" type="text/javascript"> ! //<![CDATA[ ! <!-- ! ! function mainSubmit (act) { ! var flag = true; ! if ((act == 'removepriority' || act == 'editpriority') && document.mainform.priorities.value == 0) { ! alert('<?php echo gettext('There are no priorities on which to action your request.')?>'); ! flag = false; ! } ! if (act == 'removepriority' && flag && !confirm('<?php echo gettext('Are you sure you wish to delete this priority?')?>')) flag = false; ! if (flag) { ! document.mainform.act.value=act; ! document.mainform.submit(); ! } ! } ! ! //--> ! //]]> ! </script> ! ! <h1><?php echo gettext('Priority Admin')?></h1> ! <h2><?php echo gettext('Please use the lists below to administer the priorities of issues in this system:')?></h2> ! ! <div class="block"> ! <p><?php echo gettext('The first priority in this list is of lowest priority, and movement through the list would be synonymous with an increase in severity.')?></p> ! <form name="mainform" id="mainform" method="post" action=""> ! <input type="hidden" name="act" value="" /> ! <div class="columnleft"> ! <div class="labelright"><label for="priorities"><?php echo gettext('Priorities')?></label></div> ! <div class="columnright"> ! <input type="button" value="<?php echo gettext('New')?>..." onclick="mainSubmit('addpriority')" /><br /> ! <input type="button" value="<?php echo gettext('Edit')?>" onclick="mainSubmit('editpriority')" /><br /> ! <input type="button" value="<?php echo gettext('Delete')?>" onclick="mainSubmit('removepriority')" /> ! </div> ! <div class="columnleft"> ! <select name="priorities" id="priorities" size="10"> ! <?php ! if ($num_priorities == 0) { ! print (" <option value=\"0\" selected=\"selected\">[".gettext('No Priorities')."]</option>\n"); ! } ! foreach ($prioritiesRS as $record) { ! // Set as default if this was previously chosen ! if ($record['id'] == $priorities) {$checked = " selected=\"selected\"";} else {$checked = '';}; ! if ($record['active'] == 0) {$style = " class=\"inactive\"";} else {$style = '';}; ! print (" <option value=\"${record['id']}\"${checked}${style}>${record['priority']}</option>\n"); ! } ! ?> ! </select> ! </div> ! </div> ! <div class="columnleft"> ! <div class="labelleft"> </div> ! <div class="columnleft"> ! <input type="button" value="<?php echo gettext('Up')?>" onclick="mainSubmit('up')" /><br /> ! <input type="button" value="<?php echo gettext('Down')?>" onclick="mainSubmit('down')" /><br /> ! </div> ! </div> ! </form> ! <hr class="hide" /> ! </div> ! ! <?php ! } ! ! // Include ! require 'footer.php'; ! ?> Index: problemcategories.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/problemcategories.php,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** problemcategories.php 8 Sep 2007 23:56:50 -0000 1.6 --- problemcategories.php 11 Sep 2007 20:21:01 -0000 1.7 *************** *** 54,106 **** require_once 'system/message.php'; require 'header.php'; global $act, $categories, $message, $description; // Language selection set_text_domain("problemcategories"); foreach($_POST as $key => $val) { // scrubbing the field NAME... if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.'); ! $_POST[$key] = strip_tags($val); ! } ! foreach($_GET as $key => $val) { ! // scrubbing the field NAME... ! if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.'); ! $_GET[$key] = htmlentities(strip_tags($val), ENT_QUOTES); } foreach($_REQUEST as $key => $val) { // scrubbing the field NAME... if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.'); ! $_REQUEST[$key] = htmlentities(strip_tags($val), ENT_QUOTES); ! } ! ! // Retrieve Get/Post variables ! if (!get_magic_quotes_gpc()) { ! if (isset($_REQUEST['act'])) { ! $act = addslashes($_REQUEST['act']); ! } ! if (isset($_POST['description'])) { ! $description = addslashes($_POST['description']); ! } ! if (isset($_REQUEST['details'])) { ! $details = addslashes($_REQUEST['details']); } ! if (isset($_REQUEST['categories'])) { ! $categories = addslashes($_REQUEST['categories']); } } ! else { ! if (isset($_REQUEST['act'])) { ! $act = $_REQUEST['act']; ! } ! if (isset($_POST['description'])) { ! $description = $_POST['description']; ! } ! if (isset($_REQUEST['details'])) { ! $details = $_REQUEST['details']; } ! if (isset($_REQUEST['categories'])) { ! $categories = $_REQUEST['categories']; } } // Action: Add a category to the system if ($act == 'addcategoryaction') { --- 54,132 ---- require_once 'system/message.php'; require 'header.php'; + global $act, $categories, $message, $description; + // Language selection set_text_domain("problemcategories"); + + // Retrieve Get/Post variables foreach($_POST as $key => $val) { // scrubbing the field NAME... if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.'); ! if(is_array($_POST[$key])) { ! foreach ($_POST[$key] as $key2 => $val2) { ! if (get_magic_quotes_gpc()) { ! $_POST[$key2][$val2] = addslashes(htmlentities(strip_tags($val2), ENT_QUOTES)); ! } ! else { ! $_POST[$key2][$val2] = htmlentities(strip_tags($val2), ENT_QUOTES); ! } ! } ! } ! else { ! if (get_magic_quotes_gpc()) { ! $_POST[$key] = addslashes(htmlentities(strip_tags($val), ENT_QUOTES)); ! } ! else { ! $_POST[$key] = htmlentities(strip_tags($val), ENT_QUOTES); ! } ! } } foreach($_REQUEST as $key => $val) { // scrubbing the field NAME... if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.'); ! if(is_array($_REQUEST[$key])) { ! foreach ($_REQUEST[$key] as $key2 => $val2) { ! if (get_magic_quotes_gpc()) { ! $_REQUEST[$key2][$val2] = addslashes(htmlentities(strip_tags($val2), ENT_QUOTES)); ! } ! else { ! $_REQUEST[$key2][$val2] = htmlentities(strip_tags($val2), ENT_QUOTES); ! } ! } } ! else { ! if (get_magic_quotes_gpc()) { ! $_REQUEST[$key] = addslashes(htmlentities(strip_tags($val), ENT_QUOTES)); ! } ! else { ! $_REQUEST[$key] = htmlentities(strip_tags($val), ENT_QUOTES); ! } } } ! ! $postarg = Array( ! 'description' ! ); ! ! $requestarg = Array( ! 'act', ! 'details', ! 'categories' ! ); ! ! foreach ($postarg as $post) { ! if (isset($_POST[$post])) { ! $$post = $_POST[$post]; } ! } ! ! foreach ($requestarg as $request) { ! if (isset($_REQUEST[$request])) { ! $$request = $_REQUEST[$request]; } } + // Action: Add a category to the system if ($act == 'addcategoryaction') { *************** *** 185,189 **** <div class="labelfieldpair"> <div class="name"><label for="description"><?php echo gettext('Category Name')?></label></div> ! <div class="field"><input type="text" name="description" id="description" size="35" maxlength="50" value="<?php echo $categoriesRS[0]['description']?>"></div> </div> <div class="buttonpanel"> --- 211,215 ---- <div class="labelfieldpair"> <div class="name"><label for="description"><?php echo gettext('Category Name')?></label></div> ! <div class="field"><input type="text" name="description" id="description" size="35" maxlength="50" value="<?php echo html_entity_decode($categoriesRS[0]['description'])?>"></div> </div> <div class="buttonpanel"> *************** *** 340,344 **** print ("','"); } ! print ($res_record['id'] . "','" . addslashes($res_record['description'])); } } --- 366,370 ---- print ("','"); } ! print ($res_record['id'] . "','" . html_entity_decode($res_record['description'])); } } *************** *** 409,413 **** // Set as default if this was previously chosen if ($record['id'] == $categories) {$checked = " selected=\"selected\"";} else {$checked = "";}; ! print (" <option value=\"${record['id']}\"${checked}>${record['description']}</option>\n"); } ?> --- 435,439 ---- // Set as default if this was previously chosen if ($record['id'] == $categories) {$checked = " selected=\"selected\"";} else {$checked = "";}; ! print (" <option value=\"${record['id']}\"${checked}>".html_entity_decode($record['description'])."</option>\n"); } ?> Index: details.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/details.php,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** details.php 7 Feb 2007 01:20:03 -0000 1.10 --- details.php 11 Sep 2007 20:21:00 -0000 1.11 *************** *** 50,64 **** require_once 'system/user_preferences.php'; // Language selection set_text_domain("details"); // Retrieve Get/Post variables ! $act = $_REQUEST['act']; ! $name = $_POST['name']; ! $email = $_POST['email']; ! $password = $_POST['password']; ! $password1 = $_POST['password1']; ! $password2 = $_POST['password2']; ! $defaultdomain = $_POST['defaultdomain']; $user_prefs = get_user_prefs($_SESSION['_id']); --- 50,128 ---- require_once 'system/user_preferences.php'; + global $act, $message, $defaultdomain; + // Language selection set_text_domain("details"); // Retrieve Get/Post variables ! foreach($_POST as $key => $val) { ! // scrubbing the field NAME... ! if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.'); ! if(is_array($_POST[$key])) { ! foreach ($_POST[$key] as $key2 => $val2) { ! if (get_magic_quotes_gpc()) { ! $_POST[$key2][$val2] = addslashes(htmlentities(strip_tags($val2), ENT_QUOTES)); ! } ! else { ! $_POST[$key2][$val2] = htmlentities(strip_tags($val2), ENT_QUOTES); ! } ! } ! } ! else { ! if (get_magic_quotes_gpc()) { ! $_POST[$key] = addslashes(htmlentities(strip_tags($val), ENT_QUOTES)); ! } ! else { ! $_POST[$key] = htmlentities(strip_tags($val), ENT_QUOTES); ! } ! } ! } ! ! foreach($_REQUEST as $key => $val) { ! // scrubbing the field NAME... ! if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.'); ! if(is_array($_REQUEST[$key])) { ! foreach ($_REQUEST[$key] as $key2 => $val2) { ! if (get_magic_quotes_gpc()) { ! $_REQUEST[$key2][$val2] = addslashes(htmlentities(strip_tags($val2), ENT_QUOTES)); ! } ! else { ! $_REQUEST[$key2][$val2] = htmlentities(strip_tags($val2), ENT_QUOTES); ! } ! } ! } ! else { ! if (get_magic_quotes_gpc()) { ! $_REQUEST[$key] = addslashes(htmlentities(strip_tags($val), ENT_QUOTES)); ! } ! else { ! $_REQUEST[$key] = htmlentities(strip_tags($val), ENT_QUOTES); ! } ! } ! } ! ! $requestarg = Array( ! 'act' ! ); ! ! $postarg = Array( ! 'name', ! 'email', ! 'password', ! 'password1', ! 'password2', ! 'defaultdomain' ! ); ! foreach ($requestarg as $request) { ! if (isset($_REQUEST[$request])) { ! $$request = $_REQUEST[$request]; ! } ! } ! ! foreach ($postarg as $post) { ! if (isset($_POST[$post])) { ! $$post = $_POST[$post]; ! } ! } $user_prefs = get_user_prefs($_SESSION['_id']); *************** *** 80,84 **** // Is the entered password correct? ! if ($password != '' && $pass[0][pass] != md5($password)) { $message = gettext('ERROR: Incorrect password.'); } else { --- 144,148 ---- // Is the entered password correct? ! if ($password != '' && $pass[0]['pass'] != md5($password)) { $message = gettext('ERROR: Incorrect password.'); } else { *************** *** 194,198 **** <?php foreach ($domainsRS as $record) { ! if ($record[defaultflag] == 1) {$checked = " selected=\"selected\"";} else {$checked = "";}; print " <option value=\"${record[domain]}\"$checked>${record[domainname]}</option>"; } --- 258,262 ---- <?php foreach ($domainsRS as $record) { ! if ($record['defaultflag'] == 1) {$checked = " selected=\"selected\"";} else {$checked = "";}; print " <option value=\"${record[domain]}\"$checked>${record[domainname]}</option>"; } |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X