[Webnotes-cvs] webnotes/core api.php,1.11,1.12 database_api.php,1.1,1.2 note_api.php,1.2,1.3

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/webnotes/webnotes/core
In directory usw-pr-cvs1:/tmp/cvs-serv9944/core

Modified Files:
	api.php database_api.php note_api.php 
Log Message:
- Added db_clean/unclean APIs to database_api.php
- Renamed note_api.php APIs to note_*.

Index: api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/api.php,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12

--- api.php	4 Sep 2002 13:36:57 -0000	1.11
+++ api.php	4 Sep 2002 15:03:50 -0000	1.12
@@ -85,7 +85,7 @@
 				PRINT "<td>";
 				PRINT "</td>";
 			PRINT "</tr>";
-			print_notes( $p_file );
+			note_print_all( $p_file );
 			PRINT "<tr bgcolor=\"$g_primary_dark_color\">";
 				PRINT "<td align=\"right\">";
 					PRINT "<a href=\"$g_note_add_page?f_page_id=$t_page_id&amp;f_url=$c_url\">$s_add_note_link</a>";

Index: database_api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/database_api.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- database_api.php	3 Sep 2002 22:30:07 -0000	1.1
+++ database_api.php	4 Sep 2002 15:03:50 -0000	1.2
@@ -85,6 +85,56 @@
 		$t_result = mysql_close();
 	}
 	### --------------------
+	# --------------------
+	# prepare a string before DB insertion
+	function db_prepare_string( $p_string ) {
+		return mysql_escape_string( $p_string );
+	}
+	# --------------------
+	# prepare an integer before DB insertion
+	function db_prepare_int( $p_int ) {
+		return (integer)$p_int;
+	}
+	# --------------------
+	# prepare a boolean before DB insertion
+	function db_prepare_bool( $p_bool ) {
+		return (int)(bool)$p_bool;
+	}
+	# --------------------
+	# generic unprepare if type is unknown
+	function db_unprepare( $p_string ) {
+		return stripslashes( $p_string );
+	}
+	# --------------------
+	# unprepare a string after taking it out of the DB
+	function db_unprepare_string( $p_string ) {
+		return db_unprepare( $p_string );
+	}
+	# --------------------
+	# unprepare an integer after taking it out of the DB
+	function db_unprepare_int( $p_int ) {
+		return (integer)db_unprepare( $p_int );
+	}
+	# --------------------
+	# unprepare a boolean after taking it out of the DB
+	function db_unprepare_bool( $p_bool ) {
+		return (bool)db_unprepare( $p_bool );
+	}
+	# --------------------
+	# calls db_unprepare() on every item in a row
+	function db_unprepare_row( $p_row ) {
+		if ( false == $p_row ) {
+			return false;
+		}
+
+		$t_new_row = array();
+
+		while ( list( $t_key, $t_val ) = each( $p_row ) ) {
+			$t_new_row[$t_key] = db_unprepare( $t_val );
+		}
+
+		return $t_new_row;
+	}
 
 	###########################################################################
 	### CODE TO EXECUTE                                                     ###

Index: note_api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/note_api.php,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- note_api.php	4 Sep 2002 13:36:58 -0000	1.2
+++ note_api.php	4 Sep 2002 15:03:50 -0000	1.3
@@ -10,7 +10,7 @@
 	# --------------------------------------------------------
 
 	### --------------------
-	function queue_count() {
+	function note_queue_count() {
 		global $g_phpWN_note_table;
 
 		$query = "SELECT COUNT(*)
@@ -20,13 +20,13 @@
 		return db_result( $result, 0, 0 );
 	}
 	### --------------------
-	function note_add( $p_page_id, $p_email, $p_REMOTE_ADDR, $p_note ) {
+	function note_add( $p_page_id, $p_email, $p_remote_addr, $p_note ) {
 		global $g_phpWN_note_table;
 
-		$c_page_id = (integer)$p_page_id;
-		$c_email = string_safe ( $p_email ); # addslashes( htmlspecialchars( $p_email ) );
-		$c_note = string_safe ( $p_note ); # addslashes( nl2br( htmlspecialchars( $p_note ) ) );
-		$c_remote_address = string_safe( $p_REMOTE_ADDR );
+		$c_page_id = db_prepare_int( $p_page_id );
+		$c_email = db_prepare_string( $p_email );
+		$c_note = db_prepare_string( $p_note );
+		$c_remote_address = db_prepare_string( $p_remote_addr );
 	    $query = "INSERT
 	    		INTO $g_phpWN_note_table
 	    		( id, page_id, email, ip, date_submitted, note )
@@ -35,20 +35,22 @@
 	    return db_query( $query );
 	}
 	### --------------------
-	function delete_note( $p_id ) {
+	function note_delete( $p_id ) {
 		global $g_phpWN_note_table;
 
+		$c_id = db_prepare_int( $p_id );
+
 		$query = "DELETE FROM $g_phpWN_note_table
-				WHERE id='$p_id'";
+				WHERE id='$c_id'";
 		$result = db_query( $query );
 	}
 	### --------------------
-	function update_note( $p_id, $p_email, $p_note ) {
+	function note_update( $p_id, $p_email, $p_note ) {
 		global $g_phpWN_note_table;
 
-		$c_id = (integer)$p_id;
-		$c_email = string_safe ( $p_email );
-		$c_note = string_safe ( $p_note );
+		$c_id = db_prepare_int( $p_id );
+		$c_email = db_prepare_string( $p_email );
+		$c_note = db_prepare_string( $p_note );
 
 		$query = "UPDATE $g_phpWN_note_table
 				SET email='$c_email', note='$c_note'
@@ -56,33 +58,33 @@
 		$result = db_query( $query );
 	}
 	### --------------------
-	function accept_note( $p_id ) {
+	function note_accept( $p_id ) {
 		global $g_phpWN_note_table;
 
-		$c_id = (integer) $p_id;
+		$c_id = db_prepare_int( $p_id );
 		$query = "UPDATE $g_phpWN_note_table
 				SET visible='1'
 				WHERE id='$c_id'";
 		$result = db_query( $query );
 	}
 	### --------------------
-	function decline_note( $p_id ) {
+	function note_decline( $p_id ) {
 		global $g_phpWN_note_table;
 
-		$c_id = (integer) $p_id;
+		$c_id = db_prepare_int( $p_id );
 		$query = "DELETE FROM $g_phpWN_note_table
 				WHERE id='$c_id'";
 		$result = db_query( $query );
 	}
 	### --------------------
-	function print_notes( $p_page_name ) {
+	function note_print_all( $p_page_name ) {
 		global  $g_hostname, $g_db_username, $g_db_password, $g_database_name,
 				$g_table_border_color, $g_primary_dark_color,
 				$g_primary_light_color, $g_white_color,
 				$g_phpWN_note_table, $g_phpWN_page_table,
 				$g_note_order;
 
-		$c_page_name = string_safe ( $p_page_name );
+		$c_page_name = db_prepare_string( $p_page_name );
 
 		$query = "SELECT *
 				FROM $g_phpWN_page_table p,
@@ -93,27 +95,26 @@
 		$result = db_query( $query );
 		$entry_count = db_num_rows( $result );
 		if ( $entry_count>0 ) {
-			for ($i=0;$i<$entry_count;$i++) {
+			for ( $i = 0; $i < $entry_count; $i++ ) {
 				$row = db_fetch_array( $result );
 				extract( $row, EXTR_PREFIX_ALL, "v" );
-				$v_email = stripslashes( $v_email );
-				$v_note = nl2br( string_preserve_spaces ( string_unsafe( $v_note ) ) );
+
+				$v_email = db_unprepare_string( $v_email );
+				$v_note = nl2br( string_preserve_spaces ( db_unprepare_string( $v_note ) ) );
 				$date = date( "M, d Y H:i", sql_to_unix_time( $v_date_submitted ) );
 
-				PRINT "<tr bgcolor=\"$g_primary_dark_color\">";
-					PRINT "<td>";
-						PRINT "&nbsp;<i><a href=\"mailto:$v_email\">$v_email</a></i> - $v_date_submitted";
-					PRINT "</td>";
-				PRINT "</tr>";
-				PRINT "<tr bgcolor=$g_primary_light_color>";
-					PRINT "<td><pre>";
-						echo $v_note;
-					PRINT "</pre></td>";
-				PRINT "</tr>";
-				PRINT "<tr bgcolor=\"$g_white_color\" height=\"2\">";
-					PRINT "<td>";
-					PRINT "</td>";
-				PRINT "</tr>";
+				echo <<<EOT
+					<tr bgcolor="$g_primary_dark_color">
+						<td>&nbsp;<em><a href="mailto:$v_email">$v_email</a></em> - $v_date_submitted</td>
+					</tr>
+					<tr bgcolor="$g_primary_light_color">
+						<td><pre>$v_note</pre></td>
+					</tr>
+					<tr bgcolor="$g_white_color" height="2">
+						<td></td>
+					</tr>
+
+EOT;
 			}
 		}
 	}




