<?php require_once 'nucommon.php'; if (isset($_GET['p'])) { $values = array($_GET['p']); $sql = "SELECT zzzsys_php_id, slp_php FROM zzzsys_php WHERE slp_code = ? AND slp_nonsecure = '1' "; $rs = nuRunQuery($sql, $values); $num = db_num_rows($rs); if ($num == 1) { $r = db_fetch_object($rs); $r->slp_php = nuGetSafePHP('slp_php', $r->zzzsys_php_id, $r->slp_php); $e = nuReplaceHashes($r->slp_php, $_GET); eval($e); } else { echo "Request is not allowed"; } } else { echo "Request format is invalid"; }
function nuCheckSafePHPMode($id, $r) { $fieldsToCheck = array('sfo_custom_code_run_after_delete', 'sfo_custom_code_run_after_save', 'sfo_custom_code_run_before_browse', 'sfo_custom_code_run_before_open', 'sfo_custom_code_run_before_save'); if ($_SESSION['SafeMode'] === true) { for ($x = 0; $x < count($fieldsToCheck); $x++) { $field = $fieldsToCheck[$x]; if (array_key_exists($field, $r)) { $r[$field] = nuGetSafePHP($field, $id, $r[$field]); } } } return $r; }
<?php require_once 'nucommon.php'; $jsonID = $_GET['i']; $t = nuRunQuery("SELECT deb_message AS json FROM zzzsys_debug WHERE zzzsys_debug_id = ? ", array($jsonID)); $r = db_fetch_object($t); $JSON = json_decode($r->json); $DATA = $JSON->slp_php; $ID = $JSON->zzzsys_php_id; $DATA = nuGetSafePHP('slp_php', $ID, $DATA); $TABLE_ID = nuTT(); $hashData = nuBuildHashData($JSON, $TABLE_ID); $php = nuReplaceHashes($DATA, $hashData); eval($php); //-- run php code nuRunQuery("DELETE FROM zzzsys_debug WHERE zzzsys_debug_id = ? ", array($jsonID));
function nuGetLookupValues($f, $o, $recordID, $hashData, $default) { //--get value to lookup eg. customer_id if ($default) { $fieldValue = $recordID; } else { if (in_array($o->sob_all_name, db_columns($f->parent_table))) { $s = "SELECT `{$o->sob_all_name}` FROM `{$f->parent_table}` WHERE `{$f->parent_primary_key}` = '{$recordID}'"; $s = nuReplaceHashes($s, $hashData); $t = nuRunQuery($s); if (nuErrorFound()) { return; } $r = db_fetch_row($t); $fieldValue = $r[0]; } else { $fieldValue = ''; } } //-- get id of browse form to look in $luForm = $o->sob_lookup_zzzsys_form_id; $t = nuRunQuery("SELECT * FROM zzzsys_form WHERE `zzzsys_form_id` = '{$luForm}'"); if (nuErrorFound()) { return; } $r = db_fetch_object($t); $r->sfo_custom_code_run_before_browse = nuGetSafePHP('sfo_custom_code_run_before_browse', $r->zzzsys_form_id, $r->sfo_custom_code_run_before_browse); $bb = nuReplaceHashes($r->sfo_custom_code_run_before_browse, $hashData); eval($bb); $SQL = new nuSqlString($r->sfo_sql); $s = "\n SELECT \n {$o->sob_lookup_id_field}, \n {$o->sob_lookup_code_field}, \n {$o->sob_lookup_description_field} \n {$SQL->from} \n WHERE {$r->sfo_primary_key} = '{$fieldValue}'\n "; $s = nuReplaceHashes($s, $hashData); $t = nuRunQuery($s); if (nuErrorFound()) { return; } $r = db_fetch_row($t); if ($r[0] == '') { $r[0] = ''; $r[1] = ''; $r[2] = ''; } return json_encode($r); }