From e0dc711c2b2dc4e2ec397d7f53910f11e1ca4ade Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Mon, 02 Sep 2013 04:14:56 -0400
Subject: [PATCH] - Changed previous commit to check for read permissions only on download action
---
interface/lib/classes/searchform.inc.php | 28 ++++++++++++----------------
1 files changed, 12 insertions(+), 16 deletions(-)
diff --git a/interface/lib/classes/searchform.inc.php b/interface/lib/classes/searchform.inc.php
index 25a9412..e87547a 100644
--- a/interface/lib/classes/searchform.inc.php
+++ b/interface/lib/classes/searchform.inc.php
@@ -1,7 +1,7 @@
<?php
/*
-Copyright (c) 2005, Till Brehm, projektfarm Gmbh
+Copyright (c) 2007, Till Brehm, projektfarm Gmbh
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
@@ -26,14 +26,6 @@
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/**
-* Listenbehandlung
-*
-* @package searchform
-* @author Till Brehm
-* @version 1.1
*/
class searchform {
@@ -185,7 +177,7 @@
$sql_von = $_SESSION['search'][$list_name]['page'] * $records_per_page;
$record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM $table WHERE $sql_where");
- $pages = intval(($record_count['anzahl'] - 1) / $records_per_page);
+ $pages = $app->functions->intval(($record_count['anzahl'] - 1) / $records_per_page);
$vars['list_file'] = $this->listDef['file'];
$vars['page'] = $_SESSION['search'][$list_name]['page'];
@@ -216,6 +208,8 @@
$content .= ' '.$app->lng('Page').' '.$vars['next_page'].' '.$app->lng('of').' '.$vars['max_pages'].' ';
if($vars['show_page_next'] == 1){
$content .= '<a href="'.$list_file.'?page='.$vars['next_page'].$page_params.'"><img src="../themes/iprg/images/btn_next.png" border="0"></a> ';
+ } else{
+ $content .= ' ';
}
$content .= '<a href="'.$list_file.'?page='.$vars['pages'].$page_params.'"> <img src="../themes/iprg/images/btn_right.png" border="0"></a>';
return $content;
@@ -252,7 +246,7 @@
$list_name = $this->listDef['name'];
$settings = $_SESSION['search'][$list_name];
unset($settings['page']);
- $data = mysql_real_escape_string(serialize($settings));
+ $data = $app->db->quote(serialize($settings));
$userid = $_SESSION['s']['user']['userid'];
$groupid = $_SESSION['s']['user']['default_group'];
@@ -272,6 +266,7 @@
public function decode($record)
{
+ global $app;
if(is_array($record)) {
foreach($this->listDef['item'] as $field) {
$key = $field['field'];
@@ -284,7 +279,7 @@
break;
case 'INTEGER':
- $record[$key] = intval($record[$key]);
+ $record[$key] = $app->functions->intval($record[$key]);
break;
case 'DOUBLE':
@@ -309,6 +304,7 @@
public function encode($record)
{
+ global $app;
if(is_array($record)) {
foreach($this->listDef['item'] as $field) {
$key = $field['field'];
@@ -317,7 +313,7 @@
case 'VARCHAR':
case 'TEXT':
if(!is_array($record[$key])) {
- $record[$key] = mysql_real_escape_string($record[$key]);
+ $record[$key] = $app->db->quote($record[$key]);
} else {
$record[$key] = implode($this->tableDef[$key]['separator'],$record[$key]);
}
@@ -331,11 +327,11 @@
break;
case 'INTEGER':
- $record[$key] = intval($record[$key]);
+ $record[$key] = $app->functions->intval($record[$key]);
break;
case 'DOUBLE':
- $record[$key] = mysql_real_escape_string($record[$key]);
+ $record[$key] = $app->db->quote($record[$key]);
break;
case 'CURRENCY':
@@ -348,4 +344,4 @@
}
}
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1