[SASHA-Code] SF.net SVN: sasha:[93] trunk/SASHA/inc
Brought to you by:
gphemsley
Menu
▾
▴
[SASHA-Code] SF.net SVN: sasha:[93] trunk/SASHA/inc
|
From: <gph...@us...> - 2011-10-04 19:51:26
|
Revision: 93
http://sasha.svn.sourceforge.net/sasha/?rev=93&view=rev
Author: gphemsley
Date: 2011-10-04 19:51:20 +0000 (Tue, 04 Oct 2011)
Log Message:
-----------
Committing a bunch of changes from over a year ago.
Improve support for UTF-8 in some places.
Add 'upload'/'file' and 'boolean' form types.
Patch a few security concerns.
Miscellaneous formatting changes.
Modified Paths:
--------------
trunk/SASHA/inc/database/database.mysql.php
trunk/SASHA/inc/lib/lib.assignments.php
trunk/SASHA/inc/lib/lib.base.php
trunk/SASHA/inc/lib/lib.forms.php
trunk/SASHA/inc/lib/lib.schedule.php
trunk/SASHA/inc/lib/lib.sessions.php
trunk/SASHA/inc/lib/lib.tests.php
trunk/SASHA/inc/lib/lib.user.php
Modified: trunk/SASHA/inc/database/database.mysql.php
===================================================================
--- trunk/SASHA/inc/database/database.mysql.php 2010-06-12 07:39:33 UTC (rev 92)
+++ trunk/SASHA/inc/database/database.mysql.php 2011-10-04 19:51:20 UTC (rev 93)
@@ -238,7 +238,7 @@
*/
function has_result( $result )
{
- if( $this->num_rows( $result ) > 0 )
+ if( $result && ( $this->num_rows( $result ) > 0 ) )
{
return TRUE;
}
Modified: trunk/SASHA/inc/lib/lib.assignments.php
===================================================================
--- trunk/SASHA/inc/lib/lib.assignments.php 2010-06-12 07:39:33 UTC (rev 92)
+++ trunk/SASHA/inc/lib/lib.assignments.php 2011-10-04 19:51:20 UTC (rev 93)
@@ -152,7 +152,7 @@
}
elseif( $due_date < $assigned_date )
{
- print_message( 'bad', 'Due date cannot be before assigned date.', 'Update failed.' );
+ print_message( 'bad', 'Due date cannot be before assigned date.', 'Update failed.' );
}
else
{
@@ -183,7 +183,7 @@
WHERE a.schedule_id = s.schedule_id
AND s.user_id = {$User->user_info['id']}
AND s.semester = '$semester'
- AND a.assignment_id = $assignment_id";
+ AND a.assignment_id = $assignment_id";
$result = $Database->query( $sql );
$assignment = $Database->fetch_assoc( $result );
Modified: trunk/SASHA/inc/lib/lib.base.php
===================================================================
--- trunk/SASHA/inc/lib/lib.base.php 2010-06-12 07:39:33 UTC (rev 92)
+++ trunk/SASHA/inc/lib/lib.base.php 2011-10-04 19:51:20 UTC (rev 93)
@@ -991,7 +991,7 @@
*/
public function print_sub_navigation( $sub_nav )
{
- if( !is_array( $sub_nav ) )
+ if( empty( $sub_nav ) || !is_array( $sub_nav ) )
{
return FALSE;
}
Modified: trunk/SASHA/inc/lib/lib.forms.php
===================================================================
--- trunk/SASHA/inc/lib/lib.forms.php 2010-06-12 07:39:33 UTC (rev 92)
+++ trunk/SASHA/inc/lib/lib.forms.php 2011-10-04 19:51:20 UTC (rev 93)
@@ -418,7 +418,7 @@
{
$selected = ( ( $row['instructor_id'] == @$current_instructor_ids[$i] ) || ( $row['instructor_key'] == @$current_instructor_ids[$i] ) ) ? ' selected="selected"' : '';
- print "\t\t\t\t\t" . '<option value="' . $row['instructor_id'] . '"' . $selected . '>' . htmlentities( $row['last_name'] ) . ', ' . htmlentities( $row['first_name'] ) . ' ' . htmlentities( $row['middle_name'] ) . ' — ' . $SASHA->format_instructor_type( $row['type'], $row['type_description'] ) . '</option>' . "\n";
+ print "\t\t\t\t\t" . '<option value="' . $row['instructor_id'] . '"' . $selected . '>' . htmlentities( $row['last_name'], ENT_QUOTES, 'UTF-8' ) . ', ' . htmlentities( $row['first_name'], ENT_QUOTES, 'UTF-8' ) . ' ' . htmlentities( $row['middle_name'], ENT_QUOTES, 'UTF-8' ) . ' — ' . $SASHA->format_instructor_type( $row['type'], $row['type_description'] ) . '</option>' . "\n";
}
$Database->reset_result( $result );
@@ -662,9 +662,10 @@
* @param string $form_name Form name
* @param string $form_action URL to send form data
* @param array $form_data Parameters used to propagate form
+ * @param bool $form_multipart Multipart form?
* @return void Prints a complete HTML form
*/
- public static function create_form( $form_name, $form_action, $form_data )
+ public static function create_form( $form_name, $form_action, $form_data, $form_multipart = FALSE )
{
global $SASHA;
@@ -673,10 +674,17 @@
return FALSE;
}
- print "\t" . '<form id="' . $form_name . '" action="' . $form_action . '" method="post" accept-charset="UTF-8" style="text-align: left;">' . "\n";
+ $enctype = ( $form_multipart ) ? ' enctype="multipart/form-data"' : '';
+ print "\t" . '<form id="' . $form_name . '" action="' . $form_action . '" method="post"' . $enctype . ' accept-charset="UTF-8" style="text-align: left;">' . "\n";
+
foreach( $form_data as $id => $id_data )
{
+ if( empty( $id_data ) )
+ {
+ continue;
+ }
+
$form_data[$id]['name'] = $id_data['name'] = ( isset( $id_data['name'] ) ) ? $id_data['name'] : 'r_' . md5( rand() . microtime() );
$form_data[$id]['id'] = $id_data['id'] = ( isset( $id_data['id'] ) ) ? $id_data['id'] : $id_data['name']; //'r_' . md5( rand() . microtime() );
@@ -726,6 +734,37 @@
print "</p>\n";
break;
+ case 'upload':
+ case 'file':
+ print "\t\t<p>";
+
+ if( isset( $id_data['label'] ) )
+ {
+ print '<label>' . htmlentities( $id_data['label'], ENT_QUOTES, 'UTF-8' ) . ':<br />';
+ }
+
+ print '<input id="' . $id_data['id'] . '" name="' . $id_data['name'] . '" type="file"';
+
+ if( isset( $id_data['data']['accept'] ) )
+ {
+ print ' accept="' . htmlentities( implode( $id_data['data']['accept'], ',' ), ENT_QUOTES, 'UTF-8' ) . '"';
+ }
+
+ if( isset( $id_data['data']['multiple'] ) && $id_data['data']['multiple'] )
+ {
+ print ' multiple="multiple"';
+ }
+
+ print ' />';
+
+ if( isset( $id_data['label'] ) )
+ {
+ print '</label>';
+ }
+
+ print "</p>\n";
+ break;
+
case 'hidden':
print "\t\t<p>";
@@ -799,6 +838,12 @@
print "</p>\n";
break;
+ case 'boolean':
+ print "\t\t<p>";
+ print '<label><input id="' . $id_data['id'] . '" name="' . $id_data['name'] . '" type="checkbox" value="1" />' . htmlentities( $id_data['label'], ENT_QUOTES, 'UTF-8' ) . '</label>';
+ print "</p>\n";
+ break;
+
case 'date':
print "\t\t" . '<p>' . htmlentities( $id_data['label'], ENT_QUOTES, 'UTF-8' ) . ': ' . "\n";
Forms::_create_date_selector( $id_data['name'], @$id_data['data'][0] );
Modified: trunk/SASHA/inc/lib/lib.schedule.php
===================================================================
--- trunk/SASHA/inc/lib/lib.schedule.php 2010-06-12 07:39:33 UTC (rev 92)
+++ trunk/SASHA/inc/lib/lib.schedule.php 2011-10-04 19:51:20 UTC (rev 93)
@@ -98,7 +98,7 @@
print "\t" . '<p style="text-align: left;"><strong>Institution:</strong> ' . $this->format_institution( $institution ) . '<br />' . "\n";
print "\t" . '<strong>Semester:</strong> ' . $this->format_semester( $semester ) . '<br />' . "\n";
print "\t" . '<strong>Course:</strong> ' . $this->format_course( $this->subject, $this->course, $institution, ' ' ) . ' (' . $this->section . ')<br />' . "\n";
- print "\t" . '<strong>Course Title:</strong> ' . htmlentities( $this->get_course_title( $institution, $this->subject, $this->course ) ) . '<br />' . "\n";
+ print "\t" . '<strong>Course Title:</strong> ' . htmlentities( $this->get_course_title( $institution, $this->subject, $this->course ), ENT_QUOTES, 'UTF-8' ) . '<br />' . "\n";
print "\t" . '<strong>Schedule Type:</strong> ' . $this->format_schedule_type( $this->schedule_type ) . '<br />' . "\n";
print "\t" . '<strong>Days:</strong> ' . $this->format_days( $this->schedule_days, 'array', 'html' ) . '<br />' . "\n";
print "\t" . '<strong>Time:</strong> ' . $this->format_time( $this->start_time, TRUE, 'array', 'html' ) . '–' . $this->format_time( $this->end_time, TRUE, 'array', 'html' ) . '</p>' . "\n";
@@ -512,7 +512,7 @@
print "\t" . '<p style="text-align: left;"><strong>Institution:</strong> ' . $this->format_institution( $institution ) . '<br />' . "\n";
print "\t" . '<strong>Semester:</strong> ' . $this->format_semester( $semester ) . '<br />' . "\n";
print "\t" . '<strong>Course:</strong> ' . $this->format_course( $this->subject, $this->course, $institution, ' ' ) . ' (' . $this->section . ')<br />' . "\n";
- print "\t" . '<strong>Course Title:</strong> ' . htmlentities( $this->get_course_title( $institution, $this->subject, $this->course ) ) . '<br />' . "\n";
+ print "\t" . '<strong>Course Title:</strong> ' . htmlentities( $this->get_course_title( $institution, $this->subject, $this->course ), ENT_QUOTES, 'UTF-8' ) . '<br />' . "\n";
print "\t" . '<strong>Schedule Type:</strong> ' . $this->format_schedule_type( $this->schedule_type ) . '<br />' . "\n";
print "\t" . '<strong>Days:</strong> ' . $this->format_days( $this->schedule_days, 'array', 'html' ) . '<br />' . "\n";
print "\t" . '<strong>Time:</strong> ' . $this->format_time( $this->start_time, TRUE, 'array', 'html' ) . '–' . $this->format_time( $this->end_time, TRUE, 'array', 'html' ) . '</p>' . "\n";
Modified: trunk/SASHA/inc/lib/lib.sessions.php
===================================================================
--- trunk/SASHA/inc/lib/lib.sessions.php 2010-06-12 07:39:33 UTC (rev 92)
+++ trunk/SASHA/inc/lib/lib.sessions.php 2011-10-04 19:51:20 UTC (rev 93)
@@ -359,10 +359,10 @@
while( $row = $Database->fetch_assoc( $result ) )
{
// Hash of given password must match password hash in user table.
- if( sha1( $password ) == $row['password'] )
+ if( sha1( $password ) === $row['password'] )
{
// The current user's session must be updated to match their new user ID.
- if( $this->update_session( $this->get_session(), $row['user_id'], (bool) $secure ) )
+ if( $this->update_session( $this->get_session(), (int) $row['user_id'], (bool) $secure ) )
{
$this->logged_in = TRUE;
}
Modified: trunk/SASHA/inc/lib/lib.tests.php
===================================================================
--- trunk/SASHA/inc/lib/lib.tests.php 2010-06-12 07:39:33 UTC (rev 92)
+++ trunk/SASHA/inc/lib/lib.tests.php 2011-10-04 19:51:20 UTC (rev 93)
@@ -156,7 +156,7 @@
if( $end_date <= $start_date )
{
- print_message( 'bad', 'End date must come after start date.', 'Update failed.' );
+ print_message( 'bad', 'End date must come after start date.', 'Update failed.' );
}
elseif( $test_name )
{
Modified: trunk/SASHA/inc/lib/lib.user.php
===================================================================
--- trunk/SASHA/inc/lib/lib.user.php 2010-06-12 07:39:33 UTC (rev 92)
+++ trunk/SASHA/inc/lib/lib.user.php 2011-10-04 19:51:20 UTC (rev 93)
@@ -89,9 +89,9 @@
{
global $Database;
- $sql = "SELECT username
- FROM users
- WHERE username = '" . $Database->escape( $username ) . "'";
+ $sql = "SELECT u.username
+ FROM u.users
+ WHERE u.username = '" . $Database->escape( $username ) . "'";
$result = $Database->query( $sql );
$username = $Database->fetch_assoc( $result );
@@ -162,9 +162,9 @@
{
global $Database;
- $sql = "SELECT email_address
- FROM users
- WHERE email_address = '" . $Database->escape( $email_address ) . "'";
+ $sql = "SELECT u.email_address
+ FROM u.users
+ WHERE u.email_address = '" . $Database->escape( $email_address ) . "'";
$result = $Database->query( $sql );
$email_address = $Database->fetch_assoc( $result );
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
