From f038c0a4cecc7a7a56b6d175c3ec42c1f80a4ac7 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Mon, 13 Feb 2012 09:00:09 -0500
Subject: [PATCH] Implemented: FS#2024 - Sanity check zones with named-checkzone
---
interface/lib/classes/remoting_lib.inc.php | 33 ++++++++++++++++++++++++---------
1 files changed, 24 insertions(+), 9 deletions(-)
diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index 8f001cd..1d732af 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -208,7 +208,13 @@
break;
case 'INTEGER':
- $new_record[$key] = intval($record[$key]);
+ //* We use + 0 to force the string to be a number as
+ //* intval return value is too limited on 32bit systems
+ if(intval($record[$key]) == 2147483647) {
+ $new_record[$key] = $record[$key] + 0;
+ } else {
+ $new_record[$key] = intval($record[$key]);
+ }
break;
case 'DOUBLE':
@@ -294,7 +300,7 @@
* @return record
*/
function encode($record) {
-
+ global $app;
if(is_array($record)) {
foreach($this->formDef['fields'] as $key => $field) {
@@ -303,14 +309,14 @@
switch ($field['datatype']) {
case 'VARCHAR':
if(!@is_array($record[$key])) {
- $new_record[$key] = (isset($record[$key]))?mysql_real_escape_string($record[$key]):'';
+ $new_record[$key] = (isset($record[$key]))?$app->db->quote($record[$key]):'';
} else {
$new_record[$key] = implode($field['separator'],$record[$key]);
}
break;
case 'TEXT':
if(!is_array($record[$key])) {
- $new_record[$key] = mysql_real_escape_string($record[$key]);
+ $new_record[$key] = $app->db->quote($record[$key]);
} else {
$new_record[$key] = implode($field['separator'],$record[$key]);
}
@@ -347,7 +353,7 @@
//if($key == 'refresh') die($record[$key]);
break;
case 'DOUBLE':
- $new_record[$key] = mysql_real_escape_string($record[$key]);
+ $new_record[$key] = $app->db->quote($record[$key]);
break;
case 'CURRENCY':
$new_record[$key] = str_replace(",",".",$record[$key]);
@@ -530,11 +536,16 @@
if($field['formtype'] == 'PASSWORD') {
$sql_insert_key .= "`$key`, ";
if($field['encryption'] == 'CRYPT') {
- $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
+ $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
+ $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
+ } elseif ($field['encryption'] == 'MYSQL') {
+ $sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";
+ } elseif ($field['encryption'] == 'CLEARTEXT') {
+ $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} else {
- $record[$key] = md5($record[$key]);
+ $record[$key] = md5(stripslashes($record[$key]));
+ $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
}
- $sql_insert_val .= "'".$record[$key]."', ";
} elseif ($field['formtype'] == 'CHECKBOX') {
$sql_insert_key .= "`$key`, ";
if($record[$key] == '') {
@@ -639,7 +650,11 @@
foreach($primary_id as $key => $val) {
$key = $app->db->quote($key);
$val = $app->db->quote($val);
- $sql_where .= "$key = '$val' AND ";
+ if(stristr($val,'%')) {
+ $sql_where .= "$key like '$val' AND ";
+ } else {
+ $sql_where .= "$key = '$val' AND ";
+ }
}
$sql_where = substr($sql_where,0,-5);
$sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$sql_where;
--
Gitblit v1.9.1