From b889edb33e4a09cc1f65d2fb9ad9f9ea16b1eae9 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Tue, 04 Sep 2012 11:42:42 -0400
Subject: [PATCH] - Ported changes from Apache plugin to nginx plugin. - Fixed errors in system.inc.php-
---
interface/lib/classes/listform.inc.php | 37 ++++++++++++++++++++++---------------
1 files changed, 22 insertions(+), 15 deletions(-)
diff --git a/interface/lib/classes/listform.inc.php b/interface/lib/classes/listform.inc.php
index ffa37c1..96c39f1 100644
--- a/interface/lib/classes/listform.inc.php
+++ b/interface/lib/classes/listform.inc.php
@@ -126,7 +126,7 @@
public function getSearchSQL($sql_where = '')
{
- global $db;
+ global $app, $db;
//* Get config variable
$list_name = $this->listDef['name'];
@@ -151,9 +151,10 @@
}
//* Store field in session
- if(isset($_REQUEST[$search_prefix.$field])){
+ if(isset($_REQUEST[$search_prefix.$field]) && !stristr($_REQUEST[$search_prefix.$field],"'")){
$_SESSION['search'][$list_name][$search_prefix.$field] = $_REQUEST[$search_prefix.$field];
- }
+ if(preg_match("/['\\\\]/", $_SESSION['search'][$list_name][$search_prefix.$field])) $_SESSION['search'][$list_name][$search_prefix.$field] = '';
+ }
if(isset($i['formtype']) && $i['formtype'] == 'SELECT'){
if(is_array($i['value'])) {
@@ -181,7 +182,7 @@
$field = $i['field'];
// if($_REQUEST[$search_prefix.$field] != '') $sql_where .= " $field ".$i["op"]." '".$i["prefix"].$_REQUEST[$search_prefix.$field].$i["suffix"]."' and";
if(isset($_SESSION['search'][$list_name][$search_prefix.$field]) && $_SESSION['search'][$list_name][$search_prefix.$field] != ''){
- $sql_where .= " $field ".$i['op']." '".$i['prefix'].$_SESSION['search'][$list_name][$search_prefix.$field].$i['suffix']."' and";
+ $sql_where .= " $field ".$i['op']." '".$app->db->quote($i['prefix'].$_SESSION['search'][$list_name][$search_prefix.$field].$i['suffix'])."' and";
}
}
}
@@ -191,11 +192,16 @@
public function getPagingSQL($sql_where = '1')
{
global $app, $conf;
+
+ //* Add Global Limit from selectbox
+ if(!empty($_POST['search_limit']) AND intval($_POST['search_limit'])){
+ $_SESSION['search']['limit'] = intval($_POST['search_limit']);
+ }
//* Get Config variables
$list_name = $this->listDef['name'];
$search_prefix = $this->listDef['search_prefix'];
- $records_per_page = $this->listDef['records_per_page'];
+ $records_per_page = (empty($_SESSION['search']['limit']) ? intval($this->listDef['records_per_page']) : intval($_SESSION['search']['limit'])) ;
$table = $this->listDef['table'];
//* set PAGE to zero, if in session not set
@@ -204,12 +210,12 @@
}
//* set PAGE to worth request variable "PAGE" - ? setze page auf wert der request variablen "page"
- if(isset($_REQUEST["page"])) $_SESSION["search"][$list_name]["page"] = $_REQUEST["page"];
+ if(isset($_REQUEST["page"])) $_SESSION["search"][$list_name]["page"] = intval($_REQUEST["page"]);
//* PAGE to 0 set, if look for themselves ? page auf 0 setzen, wenn suche sich ge�ndert hat.
if($this->searchChanged == 1) $_SESSION['search'][$list_name]['page'] = 0;
- $sql_von = $_SESSION['search'][$list_name]['page'] * $records_per_page;
+ $sql_von = intval($_SESSION['search'][$list_name]['page'] * $records_per_page);
$record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM $table WHERE $sql_where");
$pages = intval(($record_count['anzahl'] - 1) / $records_per_page);
@@ -242,9 +248,9 @@
//* Show Back
if(isset($vars['show_page_back']) && $vars['show_page_back'] == 1){
$content .= '<a href="'."javascript:loadContent('".$vars['list_file'].'?page='.$vars['last_page'].$vars['page_params']."');".'">'
- .'<img src="themes/'.$_SESSION['s']['theme'].'/icons/x16/arrow_180.png"></a> ';
+ .'<img src="themes/'.$_SESSION['s']['theme'].'/icons/x16/arrow_180.png"></a> ';
}
- $content .= ' '.$this->lng('page_txt').' '.$vars['next_page'].' '.$this->lng('page_of_txt').' '.$vars['max_pages'].' ';
+ $content .= ' '.$this->lng('page_txt').' '.$vars['next_page'].' '.$this->lng('page_of_txt').' '.$vars['max_pages'].' ';
//* Show Next
if(isset($vars['show_page_next']) && $vars['show_page_next'] == 1){
$content .= '<a href="'."javascript:loadContent('".$vars['list_file'].'?page='.$vars['next_page'].$vars['page_params']."');".'">'
@@ -282,7 +288,7 @@
public function decode($record)
{
global $conf, $app;
- if(is_array($record)) {
+ if(is_array($record) && count($record) > 0 && is_array($this->listDef['item'])) {
foreach($this->listDef['item'] as $field){
$key = $field['field'];
if(isset($record[$key])) {
@@ -295,7 +301,7 @@
case 'DATETSTAMP':
if ($record[$key] > 0) {
// is value int?
- if (ereg("^[0-9]+[.]?[0-9]*$", $record[$key], $p)) {
+ if (preg_match("/^[0-9]+[\.]?[0-9]*$/", $record[$key], $p)) {
$record[$key] = date($this->lng('conf_format_dateshort'), $record[$key]);
} else {
$record[$key] = date($this->lng('conf_format_dateshort'), strtotime($record[$key]));
@@ -305,7 +311,7 @@
case 'DATE':
if ($record[$key] > 0) {
// is value int?
- if (ereg("^[0-9]+[.]?[0-9]*$", $record[$key], $p)) {
+ if (preg_match("/^[0-9]+[\.]?[0-9]*$/", $record[$key], $p)) {
$record[$key] = date($this->lng('conf_format_dateshort'), $record[$key]);
} else {
$record[$key] = date($this->lng('conf_format_dateshort'), strtotime($record[$key]));
@@ -316,7 +322,7 @@
case 'DATETIME':
if ($record[$key] > 0) {
// is value int?
- if (ereg("^[0-9]+[.]?[0-9]*$", $record[$key], $p)) {
+ if (preg_match("/^[0-9]+[\.]?[0-9]*$/", $record[$key], $p)) {
$record[$key] = date($this->lng('conf_format_datetime'), $record[$key]);
} else {
$record[$key] = date($this->lng('conf_format_datetime'), strtotime($record[$key]));
@@ -347,6 +353,7 @@
public function encode($record)
{
+ global $app;
if(is_array($record)) {
foreach($this->listDef['item'] as $field){
$key = $field['field'];
@@ -355,7 +362,7 @@
case 'VARCHAR':
case 'TEXT':
if(!is_array($record[$key])) {
- $record[$key] = mysql_real_escape_string($record[$key]);
+ $record[$key] = $app->db->quote($record[$key]);
} else {
$record[$key] = implode($this->tableDef[$key]['separator'],$record[$key]);
}
@@ -384,7 +391,7 @@
break;
case 'DOUBLE':
- $record[$key] = mysql_real_escape_string($record[$key]);
+ $record[$key] = $app->db->quote($record[$key]);
break;
case 'CURRENCY':
--
Gitblit v1.9.1