diff --git a/e107_admin/image.php b/e107_admin/image.php index 76d5157a3..b54dd9042 100644 --- a/e107_admin/image.php +++ b/e107_admin/image.php @@ -38,7 +38,7 @@ if($_GET['action'] == 'youtube' ) } - +// TODO use library manager e107::js('core', 'plupload/plupload.full.js', 'jquery', 2); e107::css('core', 'plupload/jquery.plupload.queue/css/jquery.plupload.queue.css', 'jquery'); e107::js('core', 'plupload/jquery.plupload.queue/jquery.plupload.queue.min.js', 'jquery', 2); @@ -272,7 +272,7 @@ class media_cat_ui extends e_admin_ui // XXX temporary disable when there is no owners, discuss if(!$new_data['media_cat_owner']) { - e107::getMessage()->addError(IMALAN_173); // FIXME LAN + e107::getMessage()->addError(IMALAN_173); return false; } //$replace = array("_"," ","'",'"',"."); //FIXME Improve @@ -1671,13 +1671,13 @@ class media_admin_ui extends e_admin_ui list($fileName,$bla) = explode("?", $fileName); } - + $uploadCaption = !empty($_POST['upload_caption']) ? $tp->filter($_POST['upload_caption'],'str') : ''; $fileName = str_replace(array('%','+'),'',$fileName); // remove script extensions. if(substr($fileName,-4) == ".php" || substr($fileName,-4) == ".htm" || substr($fileName,-5) == ".html" || substr($fileName,-4) == ".asp") { - $fileName = empty($_POST['upload_caption']) ? str_replace(array(".php",".html",".asp",".htm"),'',$fileName)."_".time() : eHelper::dasherize(strtolower($_POST['upload_caption'])); + $fileName = empty($uploadCaption) ? str_replace(array(".php",".html",".asp",".htm"),'',$fileName)."_".time() : eHelper::dasherize(strtolower($uploadCaption)); } if(!$fl->getRemoteFile($tp->filter($_POST['upload_url'], 'file'), $fileName, 'import')) @@ -1686,8 +1686,8 @@ class media_admin_ui extends e_admin_ui } elseif($import == true) { - $data = array('media_caption' => e107::getParser()->filter($_POST['upload_caption'],'str')); - $result = e107::getMedia()->importFile($fileName,$cat, null, $data); + $data = array('media_caption' => $uploadCaption); + e107::getMedia()->importFile($fileName,$cat, null, $data); } } } @@ -2576,6 +2576,8 @@ class media_admin_ui extends e_admin_ui function batchDelete() { + $tp = e107::getParser(); + foreach($_POST['batch_selected'] as $key=>$file) { if(trim($file) == '') @@ -2584,7 +2586,7 @@ class media_admin_ui extends e_admin_ui } // $oldpath = e_MEDIA."temp/".$file; - $oldpath = e_IMPORT.e107::getParser()->filter($file, 'file'); + $oldpath = e_IMPORT . $tp->filter($file, 'file'); if(file_exists($oldpath)) { unlink($oldpath); @@ -2890,14 +2892,18 @@ if (isset($_POST['submit_avdelete_multi'])) $avList = array(); $tmp = array(); $uids = array(); + + $tp = e107::getParser(); + $sql = e107::getDb(); + //Sanitize - $_POST['multiaction'] = $tp->filter($_POST['multiaction'], 'int'); + $multiaction = $tp->filter($_POST['multiaction'], 'int'); //sql queries significant reduced - if(!empty($_POST['multiaction']) && $sql->db_Select("user", 'user_id, user_name, user_image', "user_id IN (".implode(',', $_POST['multiaction']).")")) + if(!empty($multiaction) && $sql->db_Select("user", 'user_id, user_name, user_image', "user_id IN (".implode(',', $multiaction).")")) { $search_users = $sql->db_getList('ALL', FALSE, FALSE, 'user_id'); - foreach($_POST['multiaction'] as $uid) + foreach($multiaction as $uid) { if (vartrue($search_users[$uid])) { diff --git a/e107_admin/plugin.php b/e107_admin/plugin.php index 11347fb61..240baf011 100644 --- a/e107_admin/plugin.php +++ b/e107_admin/plugin.php @@ -686,6 +686,7 @@ class pluginManager{ define('e_IFRAME', true); $frm = e107::getForm(); $mes = e107::getMessage(); + $tp = e107::getParser(); // print_a($_GET); @@ -703,10 +704,14 @@ class pluginManager{ return false; } + $pluginFolder = !empty($data['plugin_folder']) ? $tp->filter($data['plugin_folder']) : ''; + $pluginUrl = !empty($data['plugin_url']) ? $tp->filter($data['plugin_url']) : ''; + $pluginID = !empty($data['plugin_id']) ? $tp->filter($data['plugin_id']) : ''; + $pluginMode = !empty($data['plugin_mode']) ? $tp->filter($data['plugin_mode']) : ''; if(!empty($data['plugin_price'])) { - e107::getRedirect()->go($data['plugin_url']); + e107::getRedirect()->go($pluginUrl); return true; } @@ -718,10 +723,10 @@ class pluginManager{ // Server flush useless. It's ajax ready state 4, we can't flush (sadly) before that (at least not for all browsers) $mes->addSuccess(EPL_ADLAN_94); - if($mp->download($data['plugin_id'], $data['plugin_mode'], 'plugin')) + if($mp->download($pluginID, $pluginMode, 'plugin')) { $this -> pluginCheck(true); // rescan the plugin directory - $text = e107::getPlugin()->install($data['plugin_folder']); + $text = e107::getPlugin()->install($pluginFolder); $mes->addInfo($text); echo $mes->render('default', 'success'); @@ -737,7 +742,7 @@ class pluginManager{ - $text =""; + $text =""; // print_a($data); $text .= $frm->open('upload-url-form','post'); diff --git a/e107_admin/users_extended.php b/e107_admin/users_extended.php index 165772d08..afbffbb5f 100755 --- a/e107_admin/users_extended.php +++ b/e107_admin/users_extended.php @@ -32,14 +32,16 @@ if(varset($_GET['mode']) == "ajax") if($tableName) { $sql = e107::getDb(); + $tp = e107::getParser(); $sub_action = ''; if(e_QUERY) { $tmp = explode(".", e_QUERY); - $action = $tmp[0]; + $action = $tp->filter($tmp[0]); $sub_action = varset($tmp[1], ''); + $sub_action = $tp->filter($sub_action); $id = varset($tmp[2], 0); unset($tmp); } @@ -1147,6 +1149,7 @@ $user = new users_ext; $frm = e107::getForm(); $mes = e107::getMessage(); +$tp = e107::getParser(); require_once(e_HANDLER.'user_extended_class.php'); require_once(e_HANDLER.'userclass_class.php'); @@ -1159,15 +1162,17 @@ $message_type = E_MESSAGE_SUCCESS; if (e_QUERY) { $tmp = explode(".", e_QUERY); - $action = $tmp[0]; + $action = $tp->filter($tmp[0]); $sub_action = varset($tmp[1],''); + $sub_action = $tp->filter($sub_action); $id = varset($tmp[2],0); unset($tmp); } // TODO $_POST['up_x'] check for the evil IE -$tmp = isset($_POST['up']) ? $_POST['up'] : false; -if ($tmp) +$tmp = isset($_POST['up']) ? $tp->filter($_POST['up']) : false; + +if (is_array($tmp)) { $tmp = array_values($tmp); $qs = explode(".", $tmp[0]); @@ -1184,8 +1189,9 @@ if ($tmp) } // TODO $_POST['down_x'] check for the evil IE -$tmp = isset($_POST['down']) ? $_POST['down'] : false; -if ($tmp) +$tmp = isset($_POST['down']) ? $tp->filter($_POST['down']) : false; + +if (is_array($tmp)) { $tmp = array_values($tmp); $qs = explode(".", $tmp[0]); @@ -1240,7 +1246,12 @@ if (isset($_POST['add_field'])) { if($_POST['user_type']==EUF_DB_FIELD) { - $_POST['user_values'] = array($_POST['table_db'],$_POST['field_id'],$_POST['field_value'],$_POST['field_order']); + $_POST['user_values'] = array( + $tp->filter($_POST['table_db']), + $tp->filter($_POST['field_id']), + $tp->filter($_POST['field_value']), + $tp->filter($_POST['field_order']), + ); } if(!empty($_POST['sort_user_values'])) @@ -1287,7 +1298,12 @@ if (isset($_POST['update_field'])) { if($_POST['user_type']==EUF_DB_FIELD) { - $_POST['user_values'] = array($_POST['table_db'],$_POST['field_id'],$_POST['field_value'],$_POST['field_order']); + $_POST['user_values'] = array( + $tp->filter($_POST['table_db']), + $tp->filter($_POST['field_id']), + $tp->filter($_POST['field_value']), + $tp->filter($_POST['field_order']), + ); } if(!empty($_POST['sort_user_values'])) @@ -1412,10 +1428,10 @@ if($message) if(isset($_POST['table_db']) && !$_POST['add_field'] && !$_POST['update_field']) { $action = "continue"; - $current['user_extended_struct_name'] = $_POST['user_field']; - $current['user_extended_struct_parms'] = $_POST['user_include']."^,^".$_POST['user_regex']."^,^".$_POST['user_regexfail']."^,^".$_POST['user_hide']; - $current['user_extended_struct_text'] = $_POST['user_text']; - $current['user_extended_struct_type'] = $_POST['user_type']; + $current['user_extended_struct_name'] = $tp->filter($_POST['user_field']); + $current['user_extended_struct_parms'] = $tp->filter($_POST['user_include']."^,^".$_POST['user_regex']."^,^".$_POST['user_regexfail']."^,^".$_POST['user_hide']); + $current['user_extended_struct_text'] = $tp->filter($_POST['user_text']); + $current['user_extended_struct_type'] = $tp->filter($_POST['user_type']); $user->show_extended($current); } diff --git a/e107_handlers/menumanager_class.php b/e107_handlers/menumanager_class.php index 9d0972cdc..c8d3d8bc6 100644 --- a/e107_handlers/menumanager_class.php +++ b/e107_handlers/menumanager_class.php @@ -29,6 +29,7 @@ class e_menuManager { { global $HEADER,$FOOTER, $NEWSHEADER; $pref = e107::getPref(); + $tp = e107::getParser(); $this->debug = FALSE; @@ -61,6 +62,8 @@ class e_menuManager { $this->curLayout = vartrue($_GET['configure'], $pref['sitetheme_deflayout']); } + $this->curLayout = $tp->filter($this->curLayout); + $this->dbLayout = ($this->curLayout != $pref['sitetheme_deflayout']) ? $this->curLayout : ""; //menu_layout is left blank when it's default. if(isset($_POST['menu_id']) || vartrue($_GET['id'])) @@ -109,20 +112,21 @@ class e_menuManager { if(vartrue($_POST['menuActivate'])) { - $this->menuActivateLoc = key($_POST['menuActivate']); - $this->menuActivateIds = $_POST['menuselect']; + $menuActivate = $tp->filter($_POST['menuActivate']); + $this->menuActivateLoc = key($menuActivate); + $this->menuActivateIds = $tp->filter($_POST['menuselect']); $this->menuActivate(); } if(vartrue($_POST['menuSetCustomPages'])) { - $this->menuSetCustomPages($_POST['custompages']); + $custompages = $tp->filter($_POST['custompages']); + $this->menuSetCustomPages($custompages); } if(isset($_POST['menuUsePreset']) && $_POST['curLayout']) { - $this->menuSetPreset(); } @@ -241,34 +245,30 @@ class e_menuManager { function menuModify() { - global $admin_log; - $pref = e107::getPref(); $sql = e107::getDb(); - $ns = e107::getRender(); + $tp = e107::getParser(); $menu_act = ""; - if (isset($_POST['menuAct'])) + if(isset($_POST['menuAct'])) { - foreach ($_POST['menuAct'] as $k => $v) - { - if (trim($v)) + foreach($_POST['menuAct'] as $k => $v) + { + if(trim($v)) { - $this->menuId = intval($k); - list($menu_act, $location, $position, $this->menuNewLoc) = explode(".", $_POST['menuAct'][$k]); + $value = $tp->filter($_POST['menuAct'][$k]); + $this->menuId = intval($k); + list($menu_act, $location, $position, $this->menuNewLoc) = explode(".", $value); } - } + } } - if ($menu_act == "move") { $this->menuMove(); } - - - if ($menu_act == "bot") + if (isset($location) && isset($position) && $menu_act == "bot") { $menu_count = $sql->count("menus", "(*)", " WHERE menu_location='{$location}' AND menu_layout = '".$this->dbLayout."' "); $sql->db_Update("menus", "menu_order=".($menu_count+1)." WHERE menu_order='{$position}' AND menu_location='{$location}' AND menu_layout = '$this->dbLayout' "); @@ -276,21 +276,21 @@ class e_menuManager { e107::getLog()->add('MENU_06',$location.'[!br!]'.$position.'[!br!]'.$this->menuId,E_LOG_INFORMATIVE,''); } - if ($menu_act == "top") + if (isset($location) && isset($position) && $menu_act == "top") { $sql->db_Update("menus", "menu_order=menu_order+1 WHERE menu_location='{$location}' AND menu_order < {$position} AND menu_layout = '".$this->dbLayout."' ",$this->debug); $sql->db_Update("menus", "menu_order=1 WHERE menu_id='{$this->menuId}' "); e107::getLog()->add('MENU_05',$location.'[!br!]'.$position.'[!br!]'.$this->menuId,E_LOG_INFORMATIVE,''); } - if ($menu_act == "dec") + if (isset($location) && isset($position) && $menu_act == "dec") { $sql->db_Update("menus", "menu_order=menu_order-1 WHERE menu_order='".($position+1)."' AND menu_location='{$location}' AND menu_layout = '".$this->dbLayout."' ",$this->debug); $sql->db_Update("menus", "menu_order=menu_order+1 WHERE menu_id='{$this->menuId}' AND menu_location='{$location}' AND menu_layout = '".$this->dbLayout."' "); e107::getLog()->add('MENU_08',$location.'[!br!]'.$position.'[!br!]'.$this->menuId,E_LOG_INFORMATIVE,''); } - if ($menu_act == "inc") + if (isset($location) && isset($position) && $menu_act == "inc") { $sql->db_Update("menus", "menu_order=menu_order+1 WHERE menu_order='".($position-1)."' AND menu_location='{$location}' AND menu_layout = '".$this->dbLayout."' ",$this->debug); $sql->db_Update("menus", "menu_order=menu_order-1 WHERE menu_id='{$this->menuId}' AND menu_location='{$location}' AND menu_layout = '".$this->dbLayout."' "); @@ -301,6 +301,7 @@ class e_menuManager { { // Scan plugin directories to see if menus to add $this->menuScanMenus(); } + } @@ -312,48 +313,46 @@ class e_menuManager { function menuSetPreset() { - global $location,$admin_log; - $pref = e107::getPref(); - $sql = e107::getDb(); + global $location; - if(!$menuAreas = $this->getMenuPreset()) + $sql = e107::getDb(); + $tp = e107::getParser(); + + if(!$menuAreas = $this->getMenuPreset()) { e107::getMessage()->addDebug("No Menu Preset Found"); - return FALSE; + return false; } + $sql->db_Update("menus", "menu_location='0' WHERE menu_layout = '" . $this->dbLayout . "' "); // Clear All existing. - $sql->db_Update("menus", "menu_location='0' WHERE menu_layout = '".$this->dbLayout."' "); // Clear All existing. foreach($menuAreas as $val) { - - if($sql->select("menus", 'menu_name, menu_path' , "menu_name = '".$val['menu_name']."' LIMIT 1")) + if($sql->select("menus", 'menu_name, menu_path', "menu_name = '" . $tp->filter($val['menu_name']) . "' LIMIT 1")) { - $row=$sql->fetch(); + $row = $sql->fetch(); - if(!$sql->db_Update('menus', "menu_order='{$val['menu_order']}', menu_location = ".$val['menu_location'].", menu_class= ".$val['menu_class']." WHERE menu_name='".$val['menu_name']."' AND menu_layout = '".$this->dbLayout."' LIMIT 1 ")) + if(!$sql->db_Update('menus', "menu_order='" . (int) $val['menu_order'] . "', menu_location = " . (int) $val['menu_location'] . ", menu_class= " . $val['menu_class'] . " WHERE menu_name='" . $tp->filter($val['menu_name']) . "' AND menu_layout = '" . $this->dbLayout . "' LIMIT 1 ")) { - $insert = array( - 'menu_id' => 0, - 'menu_name' => $val['menu_name'], - 'menu_location' => $val['menu_location'], - 'menu_order' => $val['menu_order'], - 'menu_class' => intval($val['menu_class']), - 'menu_pages' => '', - 'menu_path' => $row['menu_path'], - 'menu_layout' => $this->dbLayout, - 'menu_parms' => '' - ); - - $sql->insert("menus",$insert); - e107::getLog()->add('MENU_01',$row['menu_name'].'[!br!]'.$location.'[!br!]'.$menu_count.'[!br!]'.$row['menu_path'],E_LOG_INFORMATIVE,''); + $insert = array( + 'menu_id' => 0, + 'menu_name' => $tp->filter($val['menu_name']), + 'menu_location' => (int) $val['menu_location'], + 'menu_order' => (int) $val['menu_order'], + 'menu_class' => $tp->filter($val['menu_class']), + 'menu_pages' => '', + 'menu_path' => $tp->filter($row['menu_path']), + 'menu_layout' => $this->dbLayout, + 'menu_parms' => '', + ); + $sql->insert("menus", $insert); + e107::getLog()->add('MENU_01', $tp->filter($row['menu_name']) . '[!br!]' . $location . '[!br!]' . varset($menu_count, 0) . '[!br!]' . $tp->filter($row['menu_path']), E_LOG_INFORMATIVE, ''); } - } + } } return $menuAreas; - } @@ -364,149 +363,149 @@ class e_menuManager { global $sql2; $sql = e107::getDb(); - $efile = new e_file; - $efile->dirFilter = array('/', 'CVS', '.svn', 'languages'); - $efile->fileFilter[] = '^e_menu\.php$'; + $efile = new e_file; + $efile->dirFilter = array('/', 'CVS', '.svn', 'languages'); + $efile->fileFilter[] = '^e_menu\.php$'; + + $fileList = $efile->get_files(e_PLUGIN, "_menu\.php$", 'standard', 2); - $fileList = $efile->get_files(e_PLUGIN,"_menu\.php$",'standard',2); - // $this->menuAddMessage('Scanning for new menus', E_MESSAGE_DEBUG); - e107::getDebug()->log("Scanning for new menus",E107_DBG_BASIC); + e107::getDebug()->log("Scanning for new menus", E107_DBG_BASIC); - $menuList = array(); // existing menus in table. - if($result = $sql->retrieve('menus', 'menu_name', null, true)) + $menuList = array(); // existing menus in table. + if($result = $sql->retrieve('menus', 'menu_name', null, true)) + { + foreach($result as $mn) { - foreach($result as $mn) + if($mn['menu_name']) { - if($mn['menu_name']) - { - $menuList[] = $mn['menu_name']; - } + $menuList[] = $mn['menu_name']; + } + } + } + + + //v2.x Scan Custom Page Menus. + + $pageMenus = $sql->retrieve('page', 'page_id, menu_name, menu_title', "menu_name !='' ", true); + foreach($pageMenus as $row) + { + if(!in_array($row['menu_name'], $menuList)) + { + $insert = array( + 'menu_id' => 0, + 'menu_name' => $row['menu_name'], + 'menu_location' => 0, + 'menu_order' => 0, + 'menu_class' => 0, + 'menu_pages' => '', + 'menu_path' => $row['page_id'], + 'menu_layout' => '', + 'menu_parms' => '' + ); + + if($sql->insert("menus", $insert)) + { + $this->menuAddMessage(MENLAN_10 . " - " . $row['menu_name'], E_MESSAGE_DEBUG); } } + } - //v2.x Scan Custom Page Menus. - $pageMenus = $sql->retrieve('page','page_id, menu_name, menu_title',"menu_name !='' ", true); - foreach($pageMenus as $row) + $menustr = varset($menustr); + $message = varset($message); + + + foreach($fileList as $file) + { + + list($parent_dir) = explode('/', str_replace(e_PLUGIN, "", $file['path'])); + $file['path'] = str_replace(e_PLUGIN, "", $file['path']); + $file['fname'] = str_replace(".php", "", $file['fname']); + $valid_menu = false; + + $existing_menu = in_array($file['fname'], $menuList); // $sql->count("menus", "(*)", "WHERE menu_name='{$file['fname']}'"); + if(file_exists(e_PLUGIN . $parent_dir . '/plugin.xml') || file_exists(e_PLUGIN . $parent_dir . '/plugin.php')) { - if(!in_array($row['menu_name'],$menuList)) + if(e107::isInstalled($parent_dir)) + { // Its a 'new style' plugin with a plugin.php file, or an even newer one with plugin.xml file - only include if plugin installed + $valid_menu = true; // Whether new or existing, include in list +// echo "Include {$parent_dir}:{$file['fname']}
"; + } + } + else // Just add the menu anyway + { + $valid_menu = true; +// echo "Default Include {$parent_dir}:{$file['fname']}
"; + } + if($valid_menu) + { + $menustr .= "&" . str_replace(".php", "", $file['fname']); + + if(!$existing_menu) // New menu to add to list { $insert = array( - 'menu_id' => 0, - 'menu_name' => $row['menu_name'], - 'menu_location' => 0, - 'menu_order' => 0, - 'menu_class' => 0, - 'menu_pages' => '', - 'menu_path' => $row['page_id'], - 'menu_layout' => '', - 'menu_parms' => '' + 'menu_id' => 0, + 'menu_name' => $file['fname'], + 'menu_location' => 0, + 'menu_order' => 0, + 'menu_class' => 0, + 'menu_pages' => '', + 'menu_path' => $file['path'], + 'menu_layout' => '', + 'menu_parms' => '' ); - if($sql->insert("menus",$insert)) + if($sql->insert("menus", $insert)) { - $this->menuAddMessage(MENLAN_10." - ".$row['menu_name'], E_MESSAGE_DEBUG); + // Could do admin logging here - but probably not needed + $message .= MENLAN_10 . " - " . $file['fname'] . "
"; //FIXME } - } - - } - - - - - - - - - - - - - foreach($fileList as $file) - { - - list($parent_dir) = explode('/',str_replace(e_PLUGIN,"",$file['path'])); - $file['path'] = str_replace(e_PLUGIN,"",$file['path']); - $file['fname'] = str_replace(".php","",$file['fname']); - $valid_menu = FALSE; - - $existing_menu = in_array($file['fname'], $menuList); // $sql->count("menus", "(*)", "WHERE menu_name='{$file['fname']}'"); - if (file_exists(e_PLUGIN.$parent_dir.'/plugin.xml') || file_exists(e_PLUGIN.$parent_dir.'/plugin.php')) - { - if (e107::isInstalled($parent_dir)) - { // Its a 'new style' plugin with a plugin.php file, or an even newer one with plugin.xml file - only include if plugin installed - $valid_menu = TRUE; // Whether new or existing, include in list -// echo "Include {$parent_dir}:{$file['fname']}
"; - } - } - else // Just add the menu anyway - { - $valid_menu = TRUE; -// echo "Default Include {$parent_dir}:{$file['fname']}
"; - } - if ($valid_menu) - { - $menustr .= "&".str_replace(".php", "", $file['fname']); - if (!$existing_menu) // New menu to add to list + else { - $insert = array( - 'menu_id' => 0, - 'menu_name' => $file['fname'], - 'menu_location' => 0, - 'menu_order' => 0, - 'menu_class' => 0, - 'menu_pages' => '', - 'menu_path' => $file['path'], - 'menu_layout' => '', - 'menu_parms' => '' - ); - - if($sql->insert("menus",$insert)) - { - // Could do admin logging here - but probably not needed - $message .= MENLAN_10." - ".$file['fname']."
"; //FIXME - } - else - { - $this->menuAddMessage("Couldn't add menu: ".$file['fname']." to table ", E_MESSAGE_DEBUG); - } + $this->menuAddMessage("Couldn't add menu: " . $file['fname'] . " to table ", E_MESSAGE_DEBUG); } } } + } - //Reorder all menus into 1...x order - if (!is_object($sql2)) $sql2 = new db; // Shouldn't be needed - if (!is_object($sql3)) $sql3 = new db; + //Reorder all menus into 1...x order + if(!is_object($sql2)) + { + $sql2 = new db; + } // Shouldn't be needed + if(!isset($sql3) || !is_object($sql3)) + { + $sql3 = new db; + } - $location_count = $sql3->select("menus", "menu_location", "menu_location>0 GROUP BY menu_location"); - while ($location_count) + $location_count = $sql3->select("menus", "menu_location", "menu_location>0 GROUP BY menu_location"); + while($location_count) + { + if($sql->select("menus", "menu_id", "menu_location={$location_count} ORDER BY menu_order ASC")) { - if ($sql->select("menus", "menu_id", "menu_location={$location_count} ORDER BY menu_order ASC")) + $c = 1; + while($row = $sql->fetch()) { - $c = 1; - while ($row = $sql->fetch()) - { - $sql2->db_Update("menus", "menu_order={$c} WHERE menu_id=".$row['menu_id']); - $c++; - } - } - $location_count--; - } - $sql->select("menus", "*", "menu_path NOT REGEXP('[0-9]+') "); - while (list($menu_id, $menu_name, $menu_location, $menu_order) = $sql->fetch('num')) - { - if (stristr($menustr, $menu_name) === FALSE) - { - $sql2->db_Delete("menus", "menu_name='$menu_name'"); - $message .= MENLAN_11." - ".$menu_name."
"; + $sql2->db_Update("menus", "menu_order={$c} WHERE menu_id=" . $row['menu_id']); + $c++; } } + $location_count--; + } + $sql->select("menus", "*", "menu_path NOT REGEXP('[0-9]+') "); + while(list($menu_id, $menu_name, $menu_location, $menu_order) = $sql->fetch('num')) + { + if(stristr($menustr, $menu_name) === false) + { + $sql2->db_Delete("menus", "menu_name='$menu_name'"); + $message .= MENLAN_11 . " - " . $menu_name . "
"; + } + } - $this->menuAddMessage(vartrue($message), E_MESSAGE_DEBUG); - + $this->menuAddMessage(vartrue($message), E_MESSAGE_DEBUG); } // --------------------------------------------------------------------------- @@ -559,7 +558,6 @@ class e_menuManager { if(file_exists(e_PLUGIN.$row['menu_path']."e_menu.php")) // v2.x new e_menu.php { $plug = rtrim($row['menu_path'],'/'); - $obj = e107::getAddon($plug,'e_menu'); if(!is_object($obj)) @@ -568,11 +566,10 @@ class e_menuManager { } else { - $menuName = substr($row['menu_name'],0,-5); } - + $menuName = varset($menuName); $fields = e107::callMethod($obj,'config',$menuName); if(!$form = e107::getAddon($plug,'e_menu',$plug."_menu_form")) @@ -656,7 +653,6 @@ class e_menuManager { if(!vartrue($_GET['vis'])) return; $sql = e107::getDb(); - $ns = e107::getRender(); $frm = e107::getForm(); $tp = e107::getParser(); @@ -691,12 +687,12 @@ class e_menuManager { "; $checked = ($listtype == 1) ? " checked='checked' " : ""; - $text .= $frm->radio('listtype', 1, $checked, array('label'=>$tp->toHtml(MENLAN_26,true), 'class'=> 'e-save')); + $text .= $frm->radio('listtype', 1, $checked, array('label'=>$tp->toHTML(MENLAN_26,true), 'class'=> 'e-save')); $text .= "
"; // $text .= " ".MENLAN_26."
"; $checked = ($listtype == 2) ? " checked='checked' " : ""; - $text .= $frm->radio('listtype', 2, $checked, array('label'=> $tp->toHtml(MENLAN_27,true), 'class'=> 'e-save')); + $text .= $frm->radio('listtype', 2, $checked, array('label'=> $tp->toHTML(MENLAN_27,true), 'class'=> 'e-save')); // $text .= " ".MENLAN_27."
"; @@ -706,7 +702,7 @@ class e_menuManager {
- +
".MENLAN_28."
@@ -742,8 +738,6 @@ class e_menuManager { function menuActivate() // Activate Multiple Menus. { - global $admin_log; - $pref = e107::getPref(); $sql = e107::getDb(); $location = $this->menuActivateLoc; @@ -833,7 +827,7 @@ class e_menuManager { } - return $menuArea; + return varset($menuArea, array()); } @@ -862,18 +856,21 @@ class e_menuManager { function menuSaveParameters() { $sql = e107::getDb(); + $tp = e107::getParser(); $id = intval($_POST['menu_id']); if(isset($_POST['menu_parms'])) { - $parms = $sql->escape(strip_tags($_POST['menu_parms'])); + $parms = $tp->filter($_POST['menu_parms']); + $parms = $sql->escape(strip_tags($parms)); } else { unset($_POST['menu_id'], $_POST['mode'], $_POST['menuActivate'], $_POST['menuSetCustomPages']); - $parms = $sql->escape(e107::serialize($_POST)); + $parms = $tp->filter($_POST); + $parms = $sql->escape(e107::serialize($parms)); if(e_DEBUG == true) { @@ -907,18 +904,22 @@ class e_menuManager { function menuSaveVisibility() // Used by Ajax { - + $tp = e107::getParser(); $sql = e107::getDb(); - $pagelist = explode("\r\n", $_POST['pagelist']); + $pageList = $tp->filter($_POST['pagelist']); + $listType = $tp->filter($_POST['listtype']); + + $pagelist = explode("\r\n", $pageList); + for ($i = 0 ; $i < count($pagelist) ; $i++) { $pagelist[$i] = trim($pagelist[$i]); } $plist = implode("|", $pagelist); - $pageparms = $_POST['listtype'].'-'.$plist; + $pageparms = $listType.'-'.$plist; $pageparms = preg_replace("#\|$#", "", $pageparms); - $pageparms = (trim($_POST['pagelist']) == '') ? '' : $pageparms; + $pageparms = (trim($pageList) == '') ? '' : $pageparms; if($sql->update("menus", "menu_class='".intval($_POST['menu_class'])."', menu_pages='{$pageparms}' WHERE menu_id=".intval($_POST['menu_id']))) { @@ -1008,7 +1009,11 @@ class e_menuManager { { $menu_count = $sql->count("menus", "(*)", " WHERE menu_location=".$this->menuNewLoc); $sql->db_Update("menus", "menu_location='{$this->menuNewLoc}', menu_order=".($menu_count+1)." WHERE menu_id=".$this->menuId); - $sql->db_Update("menus", "menu_order=menu_order-1 WHERE menu_location='{$location}' AND menu_order > {$position} AND menu_layout='".$this->dbLayout ."' "); + + if(isset($location) && isset($position)) + { + $sql->db_Update("menus", "menu_order=menu_order-1 WHERE menu_location='{$location}' AND menu_order > {$position} AND menu_layout='".$this->dbLayout ."' "); + } } e107::getLog()->add('MENU_03',$row['menu_name'].'[!br!]'.$this->menuNewLoc.'[!br!]'.$this->menuId,E_LOG_INFORMATIVE,''); } @@ -1020,22 +1025,20 @@ class e_menuManager { function renderOptionRow($row) { - $sql = e107::getDb(); - $tp = e107::getParser(); - $ns = e107::getRender(); $frm = e107::getForm(); $text = ""; $pdeta = ""; - $color = ($color == "white") ? "#DDDDDD" : "white"; + $color = (varset($color) == "white") ? "#DDDDDD" : "white"; if($row['menu_pages'] == "dbcustom") { $pdeta = MENLAN_42; } else { + $menuPreset = varset($menuPreset); $row['menu_name'] = preg_replace("#_menu$#i", "", $row['menu_name']); if($pnum = $this->checkMenuPreset($menuPreset,$row['menu_name'].'_menu')) { @@ -1060,6 +1063,7 @@ class e_menuManager { } else { + $menu_count = varset($menu_count); // Menu Choices box. $text .= "
"; $text .= $this->menuRenderMenu($row, $menu_count,true); @@ -1079,9 +1083,7 @@ class e_menuManager { global $HEADER, $FOOTER, $rs; $pref = e107::getPref(); $sql = e107::getDb(); - $tp = e107::getParser(); - $ns = e107::getRender(); - $frm = e107::getForm(); + $tp = e107::getParser(); @@ -1090,7 +1092,7 @@ class e_menuManager { $this->parseheader($HEADER); // $layouts_str; $layout = ($this->curLayout); - $menuPreset = $this->getMenuPreset($layout); + $menuPreset = $this->getMenuPreset(); echo "
"; @@ -1119,8 +1121,7 @@ class e_menuManager { // $text .= "
\n"; } - $color = ""; - + $pageMenu = array(); $pluginMenu = array(); @@ -1190,7 +1191,7 @@ class e_menuManager { $text = "
"; $text .= "This layout does NOT contain any dynamic {MENU} areas.
"; - if(count($this->customMenu)) + if(isset($this->customMenu) && count($this->customMenu)) { $text .= "

It DOES contain the following custom menus:

  • ".implode("
  • ",$this->customMenu)."

"; $text .= "

Go to Custom-Menu area

"; @@ -1220,7 +1221,6 @@ class e_menuManager { //------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------// function menuSelectLayout() { - global $rs; $pref = e107::getPref(); // onchange=\"urljump(this.options[selectedIndex].value);\" @@ -1236,7 +1236,6 @@ class e_menuManager { foreach($pref['sitetheme_layouts'] as $key=>$val) { - $url = ""; $layoutName = str_replace($search,$replace,$key); $layoutName .=($key==$pref['sitetheme_deflayout']) ? " (".MENLAN_31.")" : ""; $selected = ($this->curLayout == $key || ($key==$pref['sitetheme_deflayout'] && $this->curLayout=='')) ? "selected='selected'" : FALSE; @@ -1376,7 +1375,10 @@ class e_menuManager { elseif(strstr($str, "CMENU")) { $cust = preg_replace("/\W*\{CMENU=(.*?)(\+.*)?\}\W*/si", "\\1", $str); - $this->customMenu[] = $cust; + if(isset($this->customMenu)) + { + $this->customMenu[] = $cust; + } echo $tp->parseTemplate("{CMENU=".$cust."}",true); // echo $this->renderPanel('Embedded Custom Menu',$cust); } @@ -1413,7 +1415,7 @@ class e_menuManager { // $plugtext = "
"; // $plugtext .= "
".$plug."
"; - $plugtext = ($link) ? "(" . MENLAN_34 . ":" . LAN_CONFIGURE . ")" : ""; + $plugtext = (varset($link)) ? "(" . MENLAN_34 . ":" . LAN_CONFIGURE . ")" : ""; // $plugtext .= "
"; echo "
"; echo $this->renderPanel($plug, $plugtext); @@ -1448,8 +1450,6 @@ class e_menuManager { unset($text); $menuText .= $rs->form_open("post", e_SELF . "?configure=" . $this->curLayout, "frm_menu_" . intval($menu)); - $MODE = 1; - $sql9->select("menus", "*", "menu_location='$menu' AND menu_layout='" . $this->dbLayout . "' ORDER BY menu_order"); $menu_count = $sql9->db_Rows(); @@ -1495,7 +1495,7 @@ class e_menuManager { } - $ns->tablerender('', $menuText); + $ns->tablerender('', varset($menuText)); } //. else if(strstr($str, "SITEDISCLAIMER")) @@ -1513,17 +1513,17 @@ class e_menuManager { { global $rs,$menu,$menu_info,$menu_act, $style; - $ns = e107::getRender(); $style = $this->style; // $menu_count is empty in here //FIXME extract extract($row); - if(!$menu_id){ return; } + if(empty($menu_id)){ return; } + $menu_name = varset($menu_name); $menu_name = preg_replace("#_menu#i", "", $menu_name); //TODO we need a CSS class for this - $vis = ($menu_class || strlen($menu_pages) > 1) ? " " : ""; + $vis = (varset($menu_class) || strlen(varset($menu_pages)) > 1) ? " " : ""; //DEBUG div not allowed in final tags $caption = "
{$menu_name}{$vis}
"; // use theme render style instead @@ -1540,11 +1540,11 @@ class e_menuManager { } else $caption = $menu_name.$vis; - $menu_info = "{$menu_location}.{$menu_order}"; + $menu_info = varset($menu_location).varset($menu_order); $text = ""; $conf = ''; - if (file_exists(e_PLUGIN.$menu_path.$menu_name.'_menu_config.php')) + if (file_exists(e_PLUGIN.varset($menu_path).$menu_name.'_menu_config.php')) { $conf = $menu_path.$menu_name.'_menu_config'; } @@ -1592,7 +1592,7 @@ class e_menuManager { if($rep == true) { - $text .= "
".$menu_id." {$pdeta}
+ $text .= "
".$menu_id." " . varset($pdeta) . "