Skip to content
Permalink
Browse files

CKE editor Fix (mysql_real_excape_string, require->require_once)

I did not remove WB Classic compatibility.

https://forum.wbce.org/viewtopic.php?pid=8295#p8295

The code used mysql_real_escape_string() that will fail inf the server has no
mysql module installed.

Many servers only support mysqli and PDO.

Another issue is that WBCE has an autoloader so all core classes are available
as soon as you required config.php. If you try to require class admin that is
already loaded at this point the code may fail because of double declaration.
So please use require _once.
  • Loading branch information...
NorHei committed Jan 21, 2017
1 parent 70604ad commit e9c4415748de6af82244324f83d90ad78fff2a0f
@@ -22,7 +22,7 @@
require('../../../../../config.php');
// Create new admin object
require(WB_PATH.'/framework/class.admin.php');
require_once(WB_PATH.'/framework/class.admin.php');
$admin = new admin('Pages', 'pages_modify', false);
if(!function_exists('cleanup')) {
@@ -35,9 +35,9 @@ function cleanup ($string) {
$string = stripslashes($string);
}
if (is_object($database->db_handle) && (get_class($database->db_handle) === 'mysqli'))
return preg_replace("/\r?\n/", "\\n", mysqli_real_escape_string($database->db_handle, $string));
return preg_replace("/\r?\n/", "\\n", $database->escapeString($string));
else
return preg_replace("/\r?\n/", "\\n", mysql_real_escape_string($string));
return preg_replace("/\r?\n/", "\\n", $database->escapeString($string));
} // end function cleanup
}
@@ -71,3 +71,4 @@ function cleanup ($string) {
echo $DropletSelectBox .= " );\n";
echo $description .= " );\n";
echo $usage .= " );\n";
@@ -26,7 +26,7 @@
$wb284 = (file_exists('../../../../../setup.ini.php')) ? true : false;
// Create new admin object
require(WB_PATH.'/framework/class.admin.php');
require_once(WB_PATH.'/framework/class.admin.php');
$admin = new admin('Pages', 'pages_modify', false);
if(!function_exists('cleanup')) {
@@ -39,9 +39,9 @@ function cleanup ($string) {
$string = stripslashes($string);
}
if (is_object($database->db_handle) && (get_class($database->db_handle) === 'mysqli'))
return preg_replace("/\r?\n/", "\\n", mysqli_real_escape_string($database->db_handle, $string));
return preg_replace("/\r?\n/", "\\n", $database->escapeString( $string));
else
return preg_replace("/\r?\n/", "\\n", mysql_real_escape_string($string));
return preg_replace("/\r?\n/", "\\n", $database->escapeString($string));
} // end function cleanup
}
@@ -132,4 +132,4 @@ function getPageTree($parent)
}
echo $NewsItemsSelectBox;
echo $ModuleList;
echo $ModuleList;

0 comments on commit e9c4415

Please sign in to comment.
You can’t perform that action at this time.