$packages = array(); if (file_exists("install/package/install/steps.inc.php")) { $packages['install'] = array('title' => 'Installation', 'description' => 'Choose this if you want to install a new copy of this software.'); } else { $packages[] = array('title' => 'Installation', 'description' => 'For a fresh installation you need to download the Install-Package for Viscacha ' . VISCACHA_VERSION . '!'); } if (count($old_versions) > 0) { foreach ($old_versions as $dir => $old_version) { $packages[$dir] = array('title' => 'Update ' . $old_version . ' to ' . VISCACHA_VERSION, 'description' => 'Already running Viscacha? Choose this option to update from ' . $old_version . ' to the new version!'); } } else { $packages[] = array('title' => 'Update', 'description' => 'For an update you need to download the Update-Package for Viscacha 0.8 RC7!'); } $package = null; if (isset($_REQUEST['package']) && isset($packages[$_REQUEST['package']])) { $package = GPC_escape($_REQUEST['package'], GPC_ALNUM); $package_data = $packages[$_REQUEST['package']]; } if (!empty($package)) { require_once 'install/package/' . $package . '/steps.inc.php'; if (isset($_REQUEST['step'])) { $step = intval($_REQUEST['step']); if (!isset($steps[$step])) { $step = 1; } } else { $step = 1; } $nextstep = $step + 1; } }
function GPC_escape($var, $type = GPC_HTML) { global $config, $lang, $db; if (is_numeric($var) || empty($var)) { // Do nothing to save time } elseif (is_array($var)) { foreach ($var as $key => $value) { $var[$key] = GPC_escape($value); } } elseif (is_string($var)) { $var = str_replace("", '', $var); if ($type == GPC_HTML) { $var = preg_replace('#(script|about|applet|activex|chrome|mocha):#is', "\\1:", $var); $var = str_replace("", '', $var); if (version_compare(PHP_VERSION, '5.2.3', '>=')) { $var = htmlentities($var, ENT_QUOTES, 'ISO-8859-1', false); } else { $var = htmlentities($var, ENT_QUOTES, 'ISO-8859-1'); $var = str_replace('&#', '&#', $var); } } if ($type == GPC_DB && isset($db) && is_object($db)) { $var = $db->escape_string($var); } elseif ($type != GPC_ALNUM) { $var = addslashes($var); } if ($type == GPC_ALNUM) { $var = preg_replace("~[^a-z0-9_\\-]+~i", '', $var); } } return $var; }
function GPC_escape($var) { global $config, $lang; if (is_numeric($var) || empty($var)) { // Do nothing to save time } elseif (is_array($var)) { foreach ($var as $key => $value) { $var[$key] = GPC_escape($value); } } elseif (is_string($var)) { $var = preg_replace('#(script|about|applet|activex|chrome|mocha):#is', "\\1:", $var); $var = str_replace("", '', $var); if (version_compare(PHP_VERSION, '5.2.3', '>=')) { $var = htmlentities($var, ENT_QUOTES, 'ISO-8859-1', false); } else { $var = htmlentities($var, ENT_QUOTES, 'ISO-8859-1'); $var = str_replace('&#', '&#', $var); } $var = addslashes($var); } return $var; }
$_REQUEST['name'] = GPC_escape($_REQUEST['name']); } if (!isset($_REQUEST['pw'])) { $_REQUEST['pw'] = ''; } else { $_REQUEST['pw'] = GPC_escape($_REQUEST['pw']); } if (!isset($_REQUEST['email'])) { $_REQUEST['email'] = ''; } else { $_REQUEST['email'] = GPC_escape($_REQUEST['email'], GPC_DB); } if (!isset($_REQUEST['pwx'])) { $_REQUEST['pwx'] = ''; } else { $_REQUEST['pwx'] = GPC_escape($_REQUEST['pwx']); } if (strlen($_REQUEST['name']) > 50) { $error[] = 'Name is too long (max. 50 chars)'; } if (strlen($_REQUEST['name']) < 3) { $error[] = 'Name is too short (min. 3 chars)'; } if (strlen($_REQUEST['pw']) > 64) { $error[] = 'Password is too long (max. 64 chars)'; } if (strlen($_REQUEST['pw']) < 4) { $error[] = 'Passwort is too short (min. 4 chars)'; } if (strlen($_REQUEST['email']) > 200) { $error[] = 'Email address is too long (max. 200 chars)';
} if (isset($_REQUEST['database'])) { $config['database'] = $_REQUEST['database']; } if (isset($_REQUEST['pconnect']) && isset($_REQUEST['dbsystem']) && $_REQUEST['dbsystem'] == 'mysql') { $config['pconnect'] = $_REQUEST['pconnect']; } else { $config['pconnect'] = 0; } if (isset($_REQUEST['dbprefix'])) { $config['dbprefix'] = $_REQUEST['dbprefix']; } else { $config['dbprefix'] = ''; } if (isset($_REQUEST['dbsystem'])) { $config['dbsystem'] = GPC_escape($_REQUEST['dbsystem'], GPC_ALNUM); } else { $config['dbsystem'] = 'mysql'; } $c = new manageconfig(); $c->getdata('data/config.inc.php'); $c->updateconfig('host', str); $c->updateconfig('dbuser', str); $c->updateconfig('dbpw', str); $c->updateconfig('database', str); $c->updateconfig('pconnect', int); $c->updateconfig('dbprefix', str); $c->updateconfig('dbsystem', str); $c->savedata(); $errlog = 'data/errlog_' . $config['dbsystem'] . '.inc.php'; if (!file_exists($errlog)) {
function updateconfig($key, $type = str, $val = null) { if (is_array($key)) { $key = array_map('trim', $key); $group = $key[0]; $key = $key[1]; } else { $key = trim($key); } if ($val == null) { if (isset($_REQUEST[$key])) { if ($type == int) { $val = intval($_REQUEST[$key]); } elseif ($type == html_enc) { $val = GPC_escape($_REQUEST[$key]); } else { $val = $_REQUEST[$key]; } } else { if ($type == str || $type == html_enc) { $val = ''; } elseif ($type == int) { $val = 0; } } } else { if ($type == int) { $val = intval($val); } elseif ($type == html_enc) { $val = GPC_escape($val); } } if (isset($group)) { $this->opt[$group][$key] = $type; $this->data[$group][$key] = $val; } else { $this->opt[$key] = $type; $this->data[$key] = $val; } }