[SASHA-Code] SF.net SVN: sasha:[95] branches/SASHA_0.2/SASHA/inc
Brought to you by:
gphemsley
Menu
▾
▴
[SASHA-Code] SF.net SVN: sasha:[95] branches/SASHA_0.2/SASHA/inc
|
From: <gph...@us...> - 2011-12-20 00:01:15
|
Revision: 95
http://sasha.svn.sourceforge.net/sasha/?rev=95&view=rev
Author: gphemsley
Date: 2011-12-20 00:01:08 +0000 (Tue, 20 Dec 2011)
Log Message:
-----------
Backport changes from r93 regarding UTF-8 support, security fixes, and miscellaneous changes.
Revision Links:
--------------
http://sasha.svn.sourceforge.net/sasha/?rev=93&view=rev
Modified Paths:
--------------
branches/SASHA_0.2/SASHA/inc/database/database.mysql.php
branches/SASHA_0.2/SASHA/inc/lib/lib.assignments.php
branches/SASHA_0.2/SASHA/inc/lib/lib.base.php
branches/SASHA_0.2/SASHA/inc/lib/lib.forms.php
branches/SASHA_0.2/SASHA/inc/lib/lib.schedule.php
branches/SASHA_0.2/SASHA/inc/lib/lib.sessions.php
branches/SASHA_0.2/SASHA/inc/lib/lib.tests.php
branches/SASHA_0.2/SASHA/inc/lib/lib.user.php
Modified: branches/SASHA_0.2/SASHA/inc/database/database.mysql.php
===================================================================
--- branches/SASHA_0.2/SASHA/inc/database/database.mysql.php 2011-12-19 23:50:07 UTC (rev 94)
+++ branches/SASHA_0.2/SASHA/inc/database/database.mysql.php 2011-12-20 00:01:08 UTC (rev 95)
@@ -238,7 +238,7 @@
*/
function has_result( $result )
{
- if( $this->num_rows( $result ) > 0 )
+ if( $result && ( $this->num_rows( $result ) > 0 ) )
{
return TRUE;
}
Modified: branches/SASHA_0.2/SASHA/inc/lib/lib.assignments.php
===================================================================
--- branches/SASHA_0.2/SASHA/inc/lib/lib.assignments.php 2011-12-19 23:50:07 UTC (rev 94)
+++ branches/SASHA_0.2/SASHA/inc/lib/lib.assignments.php 2011-12-20 00:01:08 UTC (rev 95)
@@ -152,7 +152,7 @@
}
elseif( $due_date < $assigned_date )
{
- print_message( 'bad', 'Due date cannot be before assigned date.', 'Update failed.' );
+ print_message( 'bad', 'Due date cannot be before assigned date.', 'Update failed.' );
}
else
{
@@ -183,7 +183,7 @@
WHERE a.schedule_id = s.schedule_id
AND s.user_id = {$User->user_info['id']}
AND s.semester = '$semester'
- AND a.assignment_id = $assignment_id";
+ AND a.assignment_id = $assignment_id";
$result = $Database->query( $sql );
$assignment = $Database->fetch_assoc( $result );
Modified: branches/SASHA_0.2/SASHA/inc/lib/lib.base.php
===================================================================
--- branches/SASHA_0.2/SASHA/inc/lib/lib.base.php 2011-12-19 23:50:07 UTC (rev 94)
+++ branches/SASHA_0.2/SASHA/inc/lib/lib.base.php 2011-12-20 00:01:08 UTC (rev 95)
@@ -991,7 +991,7 @@
*/
public function print_sub_navigation( $sub_nav )
{
- if( !is_array( $sub_nav ) )
+ if( empty( $sub_nav ) || !is_array( $sub_nav ) )
{
return FALSE;
}
Modified: branches/SASHA_0.2/SASHA/inc/lib/lib.forms.php
===================================================================
--- branches/SASHA_0.2/SASHA/inc/lib/lib.forms.php 2011-12-19 23:50:07 UTC (rev 94)
+++ branches/SASHA_0.2/SASHA/inc/lib/lib.forms.php 2011-12-20 00:01:08 UTC (rev 95)
@@ -418,7 +418,7 @@
{
$selected = ( ( $row['instructor_id'] == @$current_instructor_ids[$i] ) || ( $row['instructor_key'] == @$current_instructor_ids[$i] ) ) ? ' selected="selected"' : '';
- print "\t\t\t\t\t" . '<option value="' . $row['instructor_id'] . '"' . $selected . '>' . htmlentities( $row['last_name'] ) . ', ' . htmlentities( $row['first_name'] ) . ' ' . htmlentities( $row['middle_name'] ) . ' — ' . $SASHA->format_instructor_type( $row['type'], $row['type_description'] ) . '</option>' . "\n";
+ print "\t\t\t\t\t" . '<option value="' . $row['instructor_id'] . '"' . $selected . '>' . htmlentities( $row['last_name'], ENT_QUOTES, 'UTF-8' ) . ', ' . htmlentities( $row['first_name'], ENT_QUOTES, 'UTF-8' ) . ' ' . htmlentities( $row['middle_name'], ENT_QUOTES, 'UTF-8' ) . ' — ' . $SASHA->format_instructor_type( $row['type'], $row['type_description'] ) . '</option>' . "\n";
}
$Database->reset_result( $result );
@@ -677,6 +677,11 @@
foreach( $form_data as $id => $id_data )
{
+ if( empty( $id_data ) )
+ {
+ continue;
+ }
+
$form_data[$id]['name'] = $id_data['name'] = ( isset( $id_data['name'] ) ) ? $id_data['name'] : 'r_' . md5( rand() . microtime() );
$form_data[$id]['id'] = $id_data['id'] = ( isset( $id_data['id'] ) ) ? $id_data['id'] : $id_data['name']; //'r_' . md5( rand() . microtime() );
Modified: branches/SASHA_0.2/SASHA/inc/lib/lib.schedule.php
===================================================================
--- branches/SASHA_0.2/SASHA/inc/lib/lib.schedule.php 2011-12-19 23:50:07 UTC (rev 94)
+++ branches/SASHA_0.2/SASHA/inc/lib/lib.schedule.php 2011-12-20 00:01:08 UTC (rev 95)
@@ -98,7 +98,7 @@
print "\t" . '<p style="text-align: left;"><strong>Institution:</strong> ' . $this->format_institution( $institution ) . '<br />' . "\n";
print "\t" . '<strong>Semester:</strong> ' . $this->format_semester( $semester ) . '<br />' . "\n";
print "\t" . '<strong>Course:</strong> ' . $this->format_course( $this->subject, $this->course, $institution, ' ' ) . ' (' . $this->section . ')<br />' . "\n";
- print "\t" . '<strong>Course Title:</strong> ' . htmlentities( $this->get_course_title( $institution, $this->subject, $this->course ) ) . '<br />' . "\n";
+ print "\t" . '<strong>Course Title:</strong> ' . htmlentities( $this->get_course_title( $institution, $this->subject, $this->course ), ENT_QUOTES, 'UTF-8' ) . '<br />' . "\n";
print "\t" . '<strong>Schedule Type:</strong> ' . $this->format_schedule_type( $this->schedule_type ) . '<br />' . "\n";
print "\t" . '<strong>Days:</strong> ' . $this->format_days( $this->schedule_days, 'array', 'html' ) . '<br />' . "\n";
print "\t" . '<strong>Time:</strong> ' . $this->format_time( $this->start_time, TRUE, 'array', 'html' ) . '–' . $this->format_time( $this->end_time, TRUE, 'array', 'html' ) . '</p>' . "\n";
@@ -512,7 +512,7 @@
print "\t" . '<p style="text-align: left;"><strong>Institution:</strong> ' . $this->format_institution( $institution ) . '<br />' . "\n";
print "\t" . '<strong>Semester:</strong> ' . $this->format_semester( $semester ) . '<br />' . "\n";
print "\t" . '<strong>Course:</strong> ' . $this->format_course( $this->subject, $this->course, $institution, ' ' ) . ' (' . $this->section . ')<br />' . "\n";
- print "\t" . '<strong>Course Title:</strong> ' . htmlentities( $this->get_course_title( $institution, $this->subject, $this->course ) ) . '<br />' . "\n";
+ print "\t" . '<strong>Course Title:</strong> ' . htmlentities( $this->get_course_title( $institution, $this->subject, $this->course ), ENT_QUOTES, 'UTF-8' ) . '<br />' . "\n";
print "\t" . '<strong>Schedule Type:</strong> ' . $this->format_schedule_type( $this->schedule_type ) . '<br />' . "\n";
print "\t" . '<strong>Days:</strong> ' . $this->format_days( $this->schedule_days, 'array', 'html' ) . '<br />' . "\n";
print "\t" . '<strong>Time:</strong> ' . $this->format_time( $this->start_time, TRUE, 'array', 'html' ) . '–' . $this->format_time( $this->end_time, TRUE, 'array', 'html' ) . '</p>' . "\n";
Modified: branches/SASHA_0.2/SASHA/inc/lib/lib.sessions.php
===================================================================
--- branches/SASHA_0.2/SASHA/inc/lib/lib.sessions.php 2011-12-19 23:50:07 UTC (rev 94)
+++ branches/SASHA_0.2/SASHA/inc/lib/lib.sessions.php 2011-12-20 00:01:08 UTC (rev 95)
@@ -359,10 +359,10 @@
while( $row = $Database->fetch_assoc( $result ) )
{
// Hash of given password must match password hash in user table.
- if( sha1( $password ) == $row['password'] )
+ if( sha1( $password ) === $row['password'] )
{
// The current user's session must be updated to match their new user ID.
- if( $this->update_session( $this->get_session(), $row['user_id'], (bool) $secure ) )
+ if( $this->update_session( $this->get_session(), (int) $row['user_id'], (bool) $secure ) )
{
$this->logged_in = TRUE;
}
Modified: branches/SASHA_0.2/SASHA/inc/lib/lib.tests.php
===================================================================
--- branches/SASHA_0.2/SASHA/inc/lib/lib.tests.php 2011-12-19 23:50:07 UTC (rev 94)
+++ branches/SASHA_0.2/SASHA/inc/lib/lib.tests.php 2011-12-20 00:01:08 UTC (rev 95)
@@ -156,7 +156,7 @@
if( $end_date <= $start_date )
{
- print_message( 'bad', 'End date must come after start date.', 'Update failed.' );
+ print_message( 'bad', 'End date must come after start date.', 'Update failed.' );
}
elseif( $test_name )
{
Modified: branches/SASHA_0.2/SASHA/inc/lib/lib.user.php
===================================================================
--- branches/SASHA_0.2/SASHA/inc/lib/lib.user.php 2011-12-19 23:50:07 UTC (rev 94)
+++ branches/SASHA_0.2/SASHA/inc/lib/lib.user.php 2011-12-20 00:01:08 UTC (rev 95)
@@ -89,9 +89,9 @@
{
global $Database;
- $sql = "SELECT username
- FROM users
- WHERE username = '" . $Database->escape( $username ) . "'";
+ $sql = "SELECT u.username
+ FROM u.users
+ WHERE u.username = '" . $Database->escape( $username ) . "'";
$result = $Database->query( $sql );
$username = $Database->fetch_assoc( $result );
@@ -162,9 +162,9 @@
{
global $Database;
- $sql = "SELECT email_address
- FROM users
- WHERE email_address = '" . $Database->escape( $email_address ) . "'";
+ $sql = "SELECT u.email_address
+ FROM u.users
+ WHERE u.email_address = '" . $Database->escape( $email_address ) . "'";
$result = $Database->query( $sql );
$email_address = $Database->fetch_assoc( $result );
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
