From d82de9c3b06b3b4e845330be57f7f69ce06bef0a Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Sun, 31 Jan 2016 10:51:25 -0500
Subject: [PATCH] - fixed upload form problem (CSRF and message)

---
 server/lib/classes/db_mysql.inc.php |   15 +++++++++------
 1 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/server/lib/classes/db_mysql.inc.php b/server/lib/classes/db_mysql.inc.php
index 67bf7c4..52a5e50 100644
--- a/server/lib/classes/db_mysql.inc.php
+++ b/server/lib/classes/db_mysql.inc.php
@@ -55,7 +55,9 @@
 	private $autoCommit = 1;    // Autocommit Transactions
 	private $currentRow;  // current row number
 	public $errorNumber = 0; // last error number
+	*/
 	public $errorMessage = ''; // last error message
+	/*
 	private $errorLocation = '';// last error location
 	private $isConnected = false; // needed to know if we have a valid mysqli object from the constructor
 	////
@@ -74,13 +76,13 @@
 		$this->dbNewLink = $conf['db_new_link'];
 		$this->dbClientFlags = $conf['db_client_flags'];
 
-		$this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass, (int)$this->dbPort);
+		$this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass, '', (int)$this->dbPort);
 		$try = 0;
 		while((!is_object($this->_iConnId) || mysqli_connect_error()) && $try < 5) {
 			if($try > 0) sleep(1);
 
 			$try++;
-			$this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass, (int)$this->dbPort);
+			$this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass, '', (int)$this->dbPort);
 		}
 
 		if(!is_object($this->_iConnId) || mysqli_connect_error()) {
@@ -225,7 +227,7 @@
 
 		$this->_iQueryId = mysqli_query($this->_iConnId, $sQuery);
 		if (!$this->_iQueryId) {
-			$this->_sqlerror('Falsche Anfrage / Wrong Query', false, 'SQL-Query = ' . $sQuery);
+			$this->_sqlerror('Falsche Anfrage / Wrong Query', 'SQL-Query = ' . $sQuery);
 			return false;
 		}
 
@@ -445,7 +447,7 @@
 		$cur_encoding = mb_detect_encoding($sString);
 		if($cur_encoding != "UTF-8") {
 			if($cur_encoding != 'ASCII') {
-				$app->log('String ' . substr($sString, 0, 25) . '... is ' . $cur_encoding . '.', LOGLEVEL_INFO);
+				if(is_object($app) && method_exists($app, 'log')) $app->log('String ' . substr($sString, 0, 25) . '... is ' . $cur_encoding . '.', LOGLEVEL_INFO);
 				if($cur_encoding) $sString = mb_convert_encoding($sString, 'UTF-8', $cur_encoding);
 				else $sString = mb_convert_encoding($sString, 'UTF-8');
 			}
@@ -467,6 +469,7 @@
 
 		$mysql_error = (is_object($this->_iConnId) ? mysqli_error($this->_iConnId) : mysqli_connect_error());
 		$mysql_errno = (is_object($this->_iConnId) ? mysqli_errno($this->_iConnId) : mysqli_connect_errno());
+		$this->errorMessage = $mysql_error;
 
 		//$sAddMsg .= getDebugBacktrace();
 
@@ -635,7 +638,7 @@
 			$key_str = substr($key_str, 0, -1);
 			$val_str = substr($val_str, 0, -1);
 			$insert_data_str = '('.$key_str.') VALUES ('.$val_str.')';
-			$this->query("INSERT INTO ?? $insert_data_str", true, $params + $v_params);
+			$this->query("INSERT INTO ?? $insert_data_str", true, array_merge($params, $v_params));
 		} else {
 			/* TODO: deprecate this method! */
 			$insert_data_str = $insert_data;
@@ -645,7 +648,7 @@
 		
 		$old_rec = array();
 		$index_value = $this->insertID();
-		$new_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ? = ?", $tablename, $index_field, $index_value);
+		$new_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
 		$this->datalogSave($tablename, 'INSERT', $index_field, $index_value, $old_rec, $new_rec);
 
 		return $index_value;

--
Gitblit v1.9.1