remove_magic_quotes_gpc($birthday); remove_magic_quotes_gpc($firm); remove_magic_quotes_gpc($position); remove_magic_quotes_gpc($firm_street); remove_magic_quotes_gpc($firm_street_alt); remove_magic_quotes_gpc($firm_zip); remove_magic_quotes_gpc($firm_location); remove_magic_quotes_gpc($firm_state); remove_magic_quotes_gpc($firm_country); remove_magic_quotes_gpc($firm_email); remove_magic_quotes_gpc($firm_phone); remove_magic_quotes_gpc($firm_fax); remove_magic_quotes_gpc($firm_mobile); remove_magic_quotes_gpc($firm_pager); remove_magic_quotes_gpc($firm_homepage); remove_magic_quotes_gpc($comment); $tmp['FORM_OLDUSERNAME'] = htmlspecialchars($oldusername, ENT_COMPAT, 'UTF-8'); $tmp['FORM_USERNAME'] = htmlspecialchars($username, ENT_COMPAT, 'UTF-8'); $tmp['FORM_PASSWORD'] = htmlspecialchars($password, ENT_COMPAT, 'UTF-8'); $tmp['FORM_PASSWORDVALIDATE'] = htmlspecialchars($password_validate, ENT_COMPAT, 'UTF-8'); $tmp['FORM_NAME'] = htmlspecialchars($name, ENT_COMPAT, 'UTF-8'); $tmp['FORM_SURNAME'] = htmlspecialchars($surname, ENT_COMPAT, 'UTF-8'); $tmp['FORM_EMAIL'] = htmlspecialchars($email, ENT_COMPAT, 'UTF-8'); $tmp['FORM_DELETABLE'] = $deletable; $tmp['FORM_SALUTATION'] = htmlspecialchars($salutation, ENT_COMPAT, 'UTF-8'); $tmp['FORM_TITLE'] = htmlspecialchars($title, ENT_COMPAT, 'UTF-8'); $tmp['FORM_STREET'] = htmlspecialchars($street, ENT_COMPAT, 'UTF-8'); $tmp['FORM_STREET_ALT'] = htmlspecialchars($street_alt, ENT_COMPAT, 'UTF-8'); $tmp['FORM_ZIP'] = htmlspecialchars($zip, ENT_COMPAT, 'UTF-8'); $tmp['FORM_LOCATION'] = htmlspecialchars($location, ENT_COMPAT, 'UTF-8'); $tmp['FORM_STATE'] = htmlspecialchars($state, ENT_COMPAT, 'UTF-8');
$tmp['CELLSPACING'] = $cellspacing; $tmp['BORDER'] = $border; $tmp['LANG_NAME'] = $cms_lang['group_name']; $tmp['LANG_DESCRIPTION'] = $cms_lang['group_description']; // Formulareinstellungen $tmp['FORM_URL'] = $sess->url('main.php'); if (!isset($name) && !empty($idgroup)) { $sql = "SELECT name, description FROM " . $cms_db['groups'] . " WHERE idgroup='{$idgroup}' LIMIT 0, 1"; $db->query($sql); $db->next_record(); $tmp['FORM_NAME'] = htmlspecialchars($db->f('name'), ENT_COMPAT, 'UTF-8'); $tmp['FORM_OLDNAME'] = htmlspecialchars($db->f('name'), ENT_COMPAT, 'UTF-8'); $tmp['FORM_DESCRIPTION'] = htmlspecialchars($db->f('description'), ENT_COMPAT, 'UTF-8'); } else { remove_magic_quotes_gpc($name); remove_magic_quotes_gpc($description); $tmp['FORM_NAME'] = htmlspecialchars($name, ENT_COMPAT, 'UTF-8'); $tmp['FORM_DESCRIPTION'] = htmlspecialchars($description, ENT_COMPAT, 'UTF-8'); $tmp['FORM_OLDNAME'] = htmlspecialchars($oldname, ENT_COMPAT, 'UTF-8'); } if (!is_array($group)) { $group['0'] = $idgroup; } $tmp['BUTTON_SUBMIT_VALUE'] = $cms_lang['gen_save']; $tmp['BUTTON_SUBMIT_TEXT'] = $cms_lang['gen_save_titletext']; $tmp['BUTTON_APPLY_VALUE'] = $cms_lang['gen_apply']; $tmp['BUTTON_APPLY_TEXT'] = $cms_lang['gen_apply_titletext']; $tmp['BUTTON_CANCEL_URL'] = $sess->url("main.php?area=group&order={$order}&ascdesc={$ascdesc}"); $tmp['BUTTON_CANCEL_VALUE'] = $cms_lang['gen_cancel']; $tmp['BUTTON_CANCEL_TEXT'] = $cms_lang['gen_cancel_titletext']; $tmp['IDGROUP'] = $idgroup;
function plug_save($idplug, $name, $description, $plugversion, $plugcat, $idclient, $repid = '', $sql_install = '', $sql_uninstall = '', $sql_update = '', $root_name = 'hold_old_data', $index_file = 'hold_old_data') { global $db, $auth, $cms_db, $cfg_cms, $cms_lang, $cfg_client, $rep, $perm; //ATTENTION!!! make idplug global / necessary for apply header global $idplug; // Eintrag in 'plug' Tabelle if ($name == '') { $name = $cms_lang['plug_defaultname']; } set_magic_quotes_gpc($name); set_magic_quotes_gpc($description); set_magic_quotes_gpc($plugversion); set_magic_quotes_gpc($plugcat); set_magic_quotes_gpc($root_name); set_magic_quotes_gpc($index_file); remove_magic_quotes_gpc($sql_install); remove_magic_quotes_gpc($sql_uninstall); remove_magic_quotes_gpc($sql_update); $root_name = str_replace('plugins/', '', $root_name); if ($root_name == 'name_des_verzeichnisses') { $root_name = strtolower($name); } $repositoryid = $repid == '' ? $rep->gen_new_plug($name) : $repid; if (!$idplug) { // plugin existiert noch nicht // todo:formcheck name, version usw. $root_name = $root_name == 'hold_old_data' ? '' : $root_name; $index_file = $index_file == 'hold_old_data' ? '' : $index_file; $sql = "INSERT INTO\n\t\t\t " . $cms_db['plug'] . "\n\t\t\t (name, description, version, cat, author, created, lastmodified, repository_id, root_name, index_file,\n\t\t\t idclient)\n\t\t\t VALUES\n\t\t\t ('{$name}', '{$description}', '{$plugversion}', '{$plugcat}', '" . $auth->auth['uid'] . "', '" . time() . "', '\n\t\t\t " . time() . "', '{$repositoryid}', '{$root_name}', '{$index_file}', '{$idclient}')"; $db->query($sql); $idplug = $last_id = $db->insert_id(); if ($rep->_plug_init($idplug)) { $return = '1612'; } else { $return = true !== (plug_new($root_name, $index_file) && $rep->_plug_init($idplug)) ? '1613' : '1612'; } // Event fire_event('plug_new', array('idplug' => $idplug, 'name' => $name)); } else { $rep->plug_execute($idplug, 'this', 'update', 'install', $rep->decode_sql($sql_install)); $rep->plug_execute($idplug, 'this', 'update', 'uninstall', $rep->decode_sql($sql_uninstall)); $rep->plug_execute($idplug, 'this', 'update', 'update', $rep->decode_sql($sql_update)); $root_name = $root_name == 'hold_old_data' ? 'root_name' : "'{$root_name}'"; $index_file = $index_file == 'hold_old_data' ? 'index_file' : "'{$index_file}'"; $sql = "UPDATE\n\t\t\t " . $cms_db['plug'] . "\n\t\t\t SET\n\t\t\t name='{$name}', description='{$description}', version = '{$plugversion}', cat = '{$plugcat}', author='\n\t\t\t " . $auth->auth['uid'] . "', lastmodified='" . time() . "', root_name={$root_name}, repository_id = '{$repositoryid}',\n\t\t\t index_file={$index_file} WHERE idplug={$idplug} OR source_id={$idplug}"; $db->query($sql); //todo:checken in wie weit die rechte der installierten Plugins betroffen sind! // Rechte setzen if ($perm->have_perm('6', 'plug', $idplug)) { global $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben; $perm->set_group_rights('plug', $idplug, $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben, '', 0x38afd); } // Event fire_event('plug_edit', array('idplug' => $idplug, 'name' => $name)); $return = '1612'; } return $return; }
function js_editfile() { global $fm, $idclient, $client, $idjsfile, $jsfilename, $jsfiledescription, $jsfilecontent, $js_directory, $js_filetype, $perm, $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben; if (!$perm->have_perm(2, 'area_js', '0') && !$perm->have_perm(3, 'js_file', $idjsfile) && !$perm->have_perm(3, 'area_js', '0')) { return '1701'; } $fileclient = empty($idclient) ? 0 : $client; // check necessary values if (empty($idjsfile) && empty($jsfilename) || !$fm->validate_filename($jsfilename)) { return '1201'; } // filename is missing //take care for extentions $pos = strpos($jsfilename, "." . $js_filetype); if ($pos === false) { $jsfilename .= "." . $js_filetype; } // check if the filename is already in use // since there is no way to change a js-filename we have to check the duplicate only for new files if (empty($idjsfile) && is_duplicate_filename($fileclient, $jsfilename, $js_directory, $idjsfile)) { return '1202'; } $status = 1; // create a db-entry for a js-file // uses cms_upl to store the information needed if (!empty($idjsfile)) { // js-file is existing, so update it update_jscontent($idjsfile, $jsfilecontent, $status); // update js-file record, if not in import area if (!empty($fileclient)) { $tmp_data = get_jscontent_data($idjsfile, 0); $fm->update_file2((int) $tmp_data['idupl'], (int) $tmp_data['idclient'], $tmp_data['filename'], (int) $tmp_data['iddirectory'], (int) $tmp_data['idfiletype'], 5, $jsfiledescription, ''); if (!empty($fm->errno)) { return '1218'; } // update file data failed, if this happens we have a big problem ... :( // perms to be set, check if user got the perms to change perms if ($perm->have_perm('6', 'js_file', $idjsfile)) { $perm->set_group_rights('js_file', $idjsfile, $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben, '', 4294967295.0, '0'); } } } else { // js-file is new, so create an entry in cms_upl $idupl = $fm->insert_file((int) $fileclient, $jsfilename, $js_directory, $js_filetype, (int) 5, $jsfiledescription); // insert js-file-content in cms_js if (empty($idupl)) { return '1203'; } $idjsfile = insert_jscontent($idupl, $fileclient, $jsfilecontent, 1, '', 0); if (!empty($idjsfile)) { $perm->set_owner_rights('js_file', $idjsfile, 0x31b7); // set ownerrights for current language and user } else { // insert js-file content failed, ensure db integrity and return errno $fm->delete_file($idupl, $fileclient, false, 'path'); return '1203'; } } if (!empty($idclient)) { remove_magic_quotes_gpc($jsfilecontent); $fm->write_file_fs($js_directory, $jsfilename, $jsfilecontent, 'path'); } return !empty($fm->errno) ? '1417' : ''; // write js-file failed, file could not be written else no errno }
$db->next_record(); $name = $db->f('name'); $description = $db->f('description'); $rewrite_use_automatic = $db->f('rewrite_use_automatic'); $rewrite_alias = $db->f('rewrite_alias'); } else { remove_magic_quotes_gpc($name); remove_magic_quotes_gpc($description); if (!$idcat && !$action) { // new page $rewrite_use_automatic = 1; } else { //on change remove_magic_quotes_gpc($rewrite_use_automatic); } remove_magic_quotes_gpc($rewrite_alias); } // URL REWRITE $have_rewrite_perm = is_numeric($idcat) ? $perm->have_perm(15, 'cat', $idcat) : $perm->have_perm(15, 'area_con', 0); if ($cfg_client['url_rewrite'] == '2' && $have_rewrite_perm) { $tpl->setCurrentBlock('URL_REWRITE'); $tpl_data['REWRITE_USE_AUTOMATIC_CHECKED'] = $rewrite_use_automatic == 1 ? 'checked="checked" ' : ''; $tpl_data['REWRITE_URL_DISABLED'] = $rewrite_use_automatic == 1 ? 'disabled="disabled" ' : ''; $tpl_data['LNG_REWRITE_PAGE-URL'] = $cms_lang['con_cat_page_url']; $tpl_data['LNG_REWRITE_URL-OF-THIS-PAGE'] = $cms_lang['con_cat_urlofthiscat']; $tpl_data['LNG_REWRITE_AUTO-URL'] = $cms_lang['con_cat_rwpath_autourl']; $tpl_data['REWRITE_ALIAS'] = htmlentities($rewrite_alias, ENT_COMPAT, 'UTF-8'); $tpl_data['REWRITE_ERROR'] = $rewrite_error = $sf_is_rewrite_error ? '<p class="errormsg">' . $sf_rewrite_error_message . '</p>' : ''; $tpl_data['REWRITE_CURRENT_URL'] = $rewrite_alias == '' ? rewriteGetPath($idcat, $lang, true) . '<em>' . $cms_lang['con_cat_rwpath_thiscat'] . '</em>/' : rewriteGetPath($idcat, $lang, true); $tpl_data['REWRITE_CURRENT_URL'] = 'http://<em>{domain.xyz}</em>/' . $tpl_data['REWRITE_CURRENT_URL']; $tpl->setVariable($tpl_data);
$jsfileauthor = ''; $idjsfile = 0; } // Speziell für JS-Dateien wegen maskierten Zeichen notwendig if (get_magic_quotes_gpc() != 0) { $jsfilecontent = str_replace('\\', '\\\\', $jsfilecontent); } if (get_magic_quotes_gpc() == 0) { $jsfilecontent = str_replace('\\', '\\\\', $jsfilecontent); } } else { // Speziell für JS-Dateien wegen maskierten Zeichen notwendig if (get_magic_quotes_gpc() == 0) { $jsfilecontent = str_replace('\\', '\\\\', $jsfilecontent); } else { remove_magic_quotes_gpc($jsfilecontent); } } /* ** start form */ $tmp['FORM_ACTION'] = $sess->url("main.php"); $tmp['IDJS'] = $idjsfile; $tmp['IDCLIENT'] = $idclient; $tmp['FOOTER_LICENSE'] = $cms_lang['login_licence']; /* ** name of the js-file */ $tmp['EDIT_JSFILENAME'] = $cms_lang["js_filename"]; $tmp['EDIT_JSFILE'] = $jsfilename && $idjsfile != 0 ? $jsfilename . '<input type="hidden" name="jsfilename" value="' . $jsfilename . '">' : '<input class="w800" type="text" maxlength="255" id="jsfilename" name="jsfilename" size="120" value="' . $jsfilename . '">'; /*
$perm->check(3, 'area_mod', 0); } $modname2 = $modname; $modverbose2 = $modverbose; $description2 = $description; $modversion2 = $modversion; $modcat2 = $modcat; $input2 = $input; $output2 = $output; remove_magic_quotes_gpc($modname2); remove_magic_quotes_gpc($modverbose2); remove_magic_quotes_gpc($description2); remove_magic_quotes_gpc($modversion2); remove_magic_quotes_gpc($modcat2); remove_magic_quotes_gpc($input2); remove_magic_quotes_gpc($output2); if ((($errno = $rep->mod_test($input2, $idmod) || $rep->mod_test($output2, $idmod) ? '0423' : false) || ($errno = empty($input2) && empty($output2) ? '0424' : false)) && !$s_overide || '0412' != ($errno = mod_save($idmod, $modname, $modverbose, $description, $modversion, $modcat, $input, $output, $idclient, $repository_id, $install_sql, $uninstall_sql, $update_sql, $mod_rebuild_sql, $source, $mod_no_wedding, false, $mod_config_takeover))) { if (empty($modname) || $modname == '') { $modname = $cms_lang['mod_defaultname']; } if (empty($modversion) || $modversion == '') { $modversion = '1.0'; } $s_modul = array('name' => $modname2, 'verbose' => $modverbose2, 'description' => $description2, 'version' => $modversion2, 'cat' => $modcat2, 'input' => $input2, 'output' => $output2); $sess->register('s_modul'); // merke:erst ein value kann gespeichert werden ;) $sess->freeze(); header('Location:' . $sess->urlRaw("main.php?area=mod_edit&idmod=" . $idmod . "&idclient=" . $idclient . "&errno=" . $errno)); exit; } else { if (isset($_REQUEST['sf_apply'])) {
function extract_plugconfig($in) { $keyandvalues = preg_split("/&/", $in); foreach ($keyandvalues as $kandv) { $extracted_pairs = explode('=', $kandv); $key = $extracted_pairs['0']; $value = $extracted_pairs['1']; $out[$key] = urldecode($value); remove_magic_quotes_gpc($out[$key]); } return $out; }
function quoteSaveText(&$code) { remove_magic_quotes_gpc($code); $code = str_replace('"', '"', $code); }