General cleanup

class2.php

@@ -882,13 +882,13 @@ $e_deltaTime=0;
 if (isset($_COOKIE['e107_tdOffset']))
 {
 	// Actual seconds of delay. See e107.js and footer_default.php
-	$e_deltaTime = (15*floor(($_COOKIE['e107_tdOffset']/60)/15))*60; // Delay in seconds rounded to the lowest quarter hour
+	$e_deltaTime = (15*floor((intval($_COOKIE['e107_tdOffset']) /60)/15))*60; // Delay in seconds rounded to the lowest quarter hour
 }
 
 if (isset($_COOKIE['e107_tzOffset']))
 {
 	// Relative client-to-server time zone offset in seconds.
-	$e_deltaTime += (-($_COOKIE['e107_tzOffset'] * 60 + date("Z")));
+	$e_deltaTime += (-(intval($_COOKIE['e107_tzOffset']) * 60 + date("Z")));
 }
 
 define('TIMEOFFSET', $e_deltaTime);

e107_admin/sql/core_sql.php

@@ -309,7 +309,7 @@ CREATE TABLE news (
   news_start int(10) unsigned NOT NULL default '0',
   news_end int(10) unsigned NOT NULL default '0',
   news_class varchar(255) NOT NULL default '0',
-  news_render_type tinyint(3) unsigned NOT NULL default '0',
+  news_render_type varchar(20) NOT NULL default '0',
   news_comment_total int(10) unsigned NOT NULL default '0',
   news_summary text NOT NULL,
   news_thumbnail text NOT NULL,

e107_handlers/e107_class.php

@@ -2808,7 +2808,7 @@ class e107
 		}
 
 		if ($no_cbrace)	$e_QUERY = str_replace(array('{', '}', '%7B', '%7b', '%7D', '%7d'), '', rawurldecode($e_QUERY));
-		$e_QUERY = str_replace("&","&", self::getParser()->post_toForm($e_QUERY));
+		$e_QUERY = htmlentities(self::getParser()->post_toForm($e_QUERY));
 		
 		if(!deftrue("e_SINGLE_ENTRY"))
 		{

e107_plugins/banner/banner.php

@@ -32,6 +32,7 @@ if (!defined('e107_INIT'))
 if (!e107::isInstalled('banner'))
 {
 	header("location:".e_BASE."index.php"); 
+	exit;
 }
 
 e107::includeLan(e_PLUGIN."banner/languages/".e_LANGUAGE."_banner.php");

e107_plugins/links_page/links_page_sql.php

@@ -14,7 +14,7 @@
  * $Author$
  */
 
-header("location:../index.php");
+header("location:../../index.php");
 exit;
 ?>
 # Table structure for table `links_page_cat`

e107_plugins/rss_menu/admin_prefs.php

@@ -27,6 +27,7 @@ require_once("../../class2.php");
 if(!getperms("P") || !e107::isInstalled('rss_menu'))
 { 
 	header("location:".e_BASE."index.php"); 
+	exit;
 }
 
 include_lan(e_PLUGIN."rss_menu/languages/".e_LANGUAGE."_admin_rss_menu.php");

e107_themes/templates/footer_default.php

@@ -286,7 +286,7 @@ e107::getJs()->renderJs('footer_inline', true);
 // see e107.js and class2.php
 // This must be done as late as possible in page processing.
 $_serverTime = time();
-$lastSet = isset($_COOKIE['e107_tdSetTime']) ? $_COOKIE['e107_tdSetTime'] : 0;
+$lastSet = isset($_COOKIE['e107_tdSetTime']) ? intval($_COOKIE['e107_tdSetTime']) : 0;
 $_serverPath = e_HTTP;
 $_serverDomain = deftrue('MULTILANG_SUBDOMAIN') ? '.'.e_DOMAIN : '';
 if (abs($_serverTime - $lastSet) > 120)

signup.php

@@ -379,7 +379,7 @@ if (e_QUERY)
 // 		Initial signup (registration)
 //----------------------------------------
 
-if (isset($_POST['register']) ) //&& $pref['user_reg'] == 1 add later. 
+if (isset($_POST['register']) && $pref['user_reg'] == 1) 
 {	
 	$e107cache->clear("online_menu_totals");
 	require_once(e_HANDLER."message_handler.php");