Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
Browse files

Closes #186

  • Loading branch information...
NorbertNader committed May 29, 2017
1 parent fd442e8 commit 48fb5e81cd7a47d98bade092a5a72d8177621dbd
Showing with 12 additions and 12 deletions.
  1. +4 −4 modules/Utils/CommonData/CommonDataCommon_0.php
  2. +8 −8 modules/Utils/CurrencyField/CurrencyField_0.php
@@ -59,7 +59,7 @@ public static function new_id($name,$readonly=false) {
$current_array .= '/';
if($id2===false || $id2===null) {
$pos=self::get_array_count($current_array) + 1;
DB::Execute('INSERT INTO utils_commondata_tree(parent_id,akey,readonly,position) VALUES(%d,%s,%b,%d)',array($id,$v,$readonly,$pos));
DB::Execute('INSERT INTO utils_commondata_tree(parent_id,akey,readonly,position) VALUES(%d,%s,%b,%d)',array($id,htmlspecialchars($v),$readonly,$pos));
$id = DB::Insert_ID('utils_commondata_tree','id');
} else
$id=$id2;
@@ -83,7 +83,7 @@ public static function set_value($name,$value,$overwrite=true,$readonly=false){
} else {
if (!$overwrite) return false;
}
DB::Execute('UPDATE utils_commondata_tree SET value=%s,readonly=%b WHERE id=%d',array($value,$readonly,$id));
DB::Execute('UPDATE utils_commondata_tree SET value=%s,readonly=%b WHERE id=%d',array(htmlspecialchars($value),$readonly,$id));
return true;
}
@@ -160,8 +160,8 @@ public static function new_array($name,$array,$overwrite=false,$readonly=false,$
$pos=1;
foreach($array as $k=>$v) {
$qvals[] = $id;
$qvals[] = $k;
$qvals[] = $v;
$qvals[] = htmlspecialchars($k);
$qvals[] = htmlspecialchars($v);
$qvals[] = $readonly;
$qvals[] = $pos;
$pos++;
@@ -92,14 +92,14 @@ public function edit_currency($id) {
if ($form->validate()) {
$vals = $form->exportValues();
if(isset($vals['default_currency']) && $vals['default_currency']) DB::Execute('UPDATE utils_currency SET default_currency=0');
$vals = array( $vals['code'],
$vals['symbol'],
$vals['pos_before'],
$vals['decimal_sign'],
$vals['thousand_sign'],
$vals['decimals'],
$vals['active'],
isset($vals['default_currency'])?$vals['default_currency']:1);
$vals = array( htmlspecialchars($vals['code']),
htmlspecialchars($vals['symbol']),
htmlspecialchars($vals['pos_before']),
htmlspecialchars($vals['decimal_sign']),
htmlspecialchars($vals['thousand_sign']),
htmlspecialchars($vals['decimals']),
htmlspecialchars($vals['active']),
isset($vals['default_currency'])?htmlspecialchars($vals['default_currency']):1);
if ($id!==null) {
$vals[] = $id;
$sql = 'UPDATE utils_currency SET '.

0 comments on commit 48fb5e8

Please sign in to comment.
You can’t perform that action at this time.