diff --git a/catalog/admin/action_recorder.php b/catalog/admin/action_recorder.php index 6cac0da73..2a9c8ccb9 100644 --- a/catalog/admin/action_recorder.php +++ b/catalog/admin/action_recorder.php @@ -174,7 +174,7 @@ - +
display_count($actions_query_numrows, MAX_DISPLAY_SEARCH_RESULTS, $HTTP_GET_VARS['page'], TEXT_DISPLAY_NUMBER_OF_ENTRIES); ?>display_links($actions_query_numrows, MAX_DISPLAY_SEARCH_RESULTS, MAX_DISPLAY_PAGE_LINKS, $HTTP_GET_VARS['page'], (isset($HTTP_GET_VARS['module']) && in_array($HTTP_GET_VARS['module'], $modules_array) && is_object(${$HTTP_GET_VARS['module']}) ? 'module=' . $HTTP_GET_VARS['module'] : null) . '&' . (isset($HTTP_GET_VARS['search']) && !empty($HTTP_GET_VARS['search']) ? 'search=' . $HTTP_GET_VARS['search'] : null)); ?>display_links($actions_query_numrows, MAX_DISPLAY_SEARCH_RESULTS, MAX_DISPLAY_PAGE_LINKS, $HTTP_GET_VARS['page'], (isset($HTTP_GET_VARS['module']) && in_array($HTTP_GET_VARS['module'], $modules_array) && is_object(${$HTTP_GET_VARS['module']}) ? 'module=' . $HTTP_GET_VARS['module'] : null) . (isset($HTTP_GET_VARS['search']) && !empty($HTTP_GET_VARS['search']) ? '&search=' . $HTTP_GET_VARS['search'] : null)); ?>
diff --git a/catalog/admin/administrators.php b/catalog/admin/administrators.php index a399ddbd3..1a9c3bd52 100644 --- a/catalog/admin/administrators.php +++ b/catalog/admin/administrators.php @@ -5,7 +5,7 @@ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com - Copyright (c) 2010 osCommerce + Copyright (c) 2013 osCommerce Released under the GNU General Public License */ @@ -54,44 +54,48 @@ $username = tep_db_prepare_input($HTTP_POST_VARS['username']); $password = tep_db_prepare_input($HTTP_POST_VARS['password']); - $check_query = tep_db_query("select id from " . TABLE_ADMINISTRATORS . " where user_name = '" . tep_db_input($username) . "' limit 1"); + if (ctype_alnum($password)) { + $check_query = tep_db_query("select id from " . TABLE_ADMINISTRATORS . " where user_name = '" . tep_db_input($username) . "' limit 1"); - if (tep_db_num_rows($check_query) < 1) { - tep_db_query("insert into " . TABLE_ADMINISTRATORS . " (user_name, user_password) values ('" . tep_db_input($username) . "', '" . tep_db_input(tep_encrypt_password($password)) . "')"); + if (tep_db_num_rows($check_query) < 1) { + tep_db_query("insert into " . TABLE_ADMINISTRATORS . " (user_name, user_password) values ('" . tep_db_input($username) . "', '" . tep_db_input(tep_encrypt_password($password)) . "')"); - if (is_array($htpasswd_array)) { - for ($i=0, $n=sizeof($htpasswd_array); $i<$n; $i++) { - list($ht_username, $ht_password) = explode(':', $htpasswd_array[$i], 2); + if (is_array($htpasswd_array)) { + for ($i=0, $n=sizeof($htpasswd_array); $i<$n; $i++) { + list($ht_username, $ht_password) = explode(':', $htpasswd_array[$i], 2); - if ($ht_username == $username) { - unset($htpasswd_array[$i]); + if ($ht_username == $username) { + unset($htpasswd_array[$i]); + } } - } - if (isset($HTTP_POST_VARS['htaccess']) && ($HTTP_POST_VARS['htaccess'] == 'true')) { - $htpasswd_array[] = $username . ':' . tep_crypt_apr_md5($password); - } - - $fp = fopen(DIR_FS_ADMIN . '.htpasswd_oscommerce', 'w'); - fwrite($fp, implode("\n", $htpasswd_array)); - fclose($fp); + if (isset($HTTP_POST_VARS['htaccess']) && ($HTTP_POST_VARS['htaccess'] == 'true')) { + $htpasswd_array[] = $username . ':' . tep_crypt_apr_md5($password); + } - if (!in_array('AuthUserFile ' . DIR_FS_ADMIN . '.htpasswd_oscommerce', $htaccess_array) && !empty($htpasswd_array)) { - array_splice($htaccess_array, sizeof($htaccess_array), 0, $authuserfile_array); - } elseif (empty($htpasswd_array)) { - for ($i=0, $n=sizeof($htaccess_array); $i<$n; $i++) { - if (in_array($htaccess_array[$i], $authuserfile_array)) { - unset($htaccess_array[$i]); + $fp = fopen(DIR_FS_ADMIN . '.htpasswd_oscommerce', 'w'); + fwrite($fp, implode("\n", $htpasswd_array)); + fclose($fp); + + if (!in_array('AuthUserFile ' . DIR_FS_ADMIN . '.htpasswd_oscommerce', $htaccess_array) && !empty($htpasswd_array)) { + array_splice($htaccess_array, sizeof($htaccess_array), 0, $authuserfile_array); + } elseif (empty($htpasswd_array)) { + for ($i=0, $n=sizeof($htaccess_array); $i<$n; $i++) { + if (in_array($htaccess_array[$i], $authuserfile_array)) { + unset($htaccess_array[$i]); + } } } - } - $fp = fopen(DIR_FS_ADMIN . '.htaccess', 'w'); - fwrite($fp, implode("\n", $htaccess_array)); - fclose($fp); + $fp = fopen(DIR_FS_ADMIN . '.htaccess', 'w'); + fwrite($fp, implode("\n", $htaccess_array)); + fclose($fp); + } + } else { + $messageStack->add_session(ERROR_ADMINISTRATOR_EXISTS, 'error'); } } else { - $messageStack->add_session(ERROR_ADMINISTRATOR_EXISTS, 'error'); + $messageStack->add_session(ERROR_PASSWORD_CHARACTERS, 'error'); } tep_redirect(tep_href_link(FILENAME_ADMINISTRATORS)); @@ -102,75 +106,79 @@ $username = tep_db_prepare_input($HTTP_POST_VARS['username']); $password = tep_db_prepare_input($HTTP_POST_VARS['password']); - $check_query = tep_db_query("select id, user_name from " . TABLE_ADMINISTRATORS . " where id = '" . (int)$HTTP_GET_VARS['aID'] . "'"); - $check = tep_db_fetch_array($check_query); + if (ctype_alnum($password)) { + $check_query = tep_db_query("select id, user_name from " . TABLE_ADMINISTRATORS . " where id = '" . (int)$HTTP_GET_VARS['aID'] . "'"); + $check = tep_db_fetch_array($check_query); -// update username in current session if changed - if ( ($check['id'] == $admin['id']) && ($check['user_name'] != $admin['username']) ) { - $admin['username'] = $username; - } - -// update username in htpasswd if changed - if (is_array($htpasswd_array)) { - for ($i=0, $n=sizeof($htpasswd_array); $i<$n; $i++) { - list($ht_username, $ht_password) = explode(':', $htpasswd_array[$i], 2); - - if ( ($check['user_name'] == $ht_username) && ($check['user_name'] != $username) ) { - $htpasswd_array[$i] = $username . ':' . $ht_password; - } + // update username in current session if changed + if ( ($check['id'] == $admin['id']) && ($check['user_name'] != $admin['username']) ) { + $admin['username'] = $username; } - } - tep_db_query("update " . TABLE_ADMINISTRATORS . " set user_name = '" . tep_db_input($username) . "' where id = '" . (int)$HTTP_GET_VARS['aID'] . "'"); - - if (tep_not_null($password)) { -// update password in htpasswd + // update username in htpasswd if changed if (is_array($htpasswd_array)) { for ($i=0, $n=sizeof($htpasswd_array); $i<$n; $i++) { list($ht_username, $ht_password) = explode(':', $htpasswd_array[$i], 2); - if ($ht_username == $username) { - unset($htpasswd_array[$i]); + if ( ($check['user_name'] == $ht_username) && ($check['user_name'] != $username) ) { + $htpasswd_array[$i] = $username . ':' . $ht_password; } } + } + + tep_db_query("update " . TABLE_ADMINISTRATORS . " set user_name = '" . tep_db_input($username) . "' where id = '" . (int)$HTTP_GET_VARS['aID'] . "'"); + + if (tep_not_null($password)) { + // update password in htpasswd + if (is_array($htpasswd_array)) { + for ($i=0, $n=sizeof($htpasswd_array); $i<$n; $i++) { + list($ht_username, $ht_password) = explode(':', $htpasswd_array[$i], 2); - if (isset($HTTP_POST_VARS['htaccess']) && ($HTTP_POST_VARS['htaccess'] == 'true')) { - $htpasswd_array[] = $username . ':' . tep_crypt_apr_md5($password); + if ($ht_username == $username) { + unset($htpasswd_array[$i]); + } + } + + if (isset($HTTP_POST_VARS['htaccess']) && ($HTTP_POST_VARS['htaccess'] == 'true')) { + $htpasswd_array[] = $username . ':' . tep_crypt_apr_md5($password); + } } - } - tep_db_query("update " . TABLE_ADMINISTRATORS . " set user_password = '" . tep_db_input(tep_encrypt_password($password)) . "' where id = '" . (int)$HTTP_GET_VARS['aID'] . "'"); - } elseif (!isset($HTTP_POST_VARS['htaccess']) || ($HTTP_POST_VARS['htaccess'] != 'true')) { - if (is_array($htpasswd_array)) { - for ($i=0, $n=sizeof($htpasswd_array); $i<$n; $i++) { - list($ht_username, $ht_password) = explode(':', $htpasswd_array[$i], 2); + tep_db_query("update " . TABLE_ADMINISTRATORS . " set user_password = '" . tep_db_input(tep_encrypt_password($password)) . "' where id = '" . (int)$HTTP_GET_VARS['aID'] . "'"); + } elseif (!isset($HTTP_POST_VARS['htaccess']) || ($HTTP_POST_VARS['htaccess'] != 'true')) { + if (is_array($htpasswd_array)) { + for ($i=0, $n=sizeof($htpasswd_array); $i<$n; $i++) { + list($ht_username, $ht_password) = explode(':', $htpasswd_array[$i], 2); - if ($ht_username == $username) { - unset($htpasswd_array[$i]); + if ($ht_username == $username) { + unset($htpasswd_array[$i]); + } } } } - } -// write new htpasswd file - if (is_array($htpasswd_array)) { - $fp = fopen(DIR_FS_ADMIN . '.htpasswd_oscommerce', 'w'); - fwrite($fp, implode("\n", $htpasswd_array)); - fclose($fp); + // write new htpasswd file + if (is_array($htpasswd_array)) { + $fp = fopen(DIR_FS_ADMIN . '.htpasswd_oscommerce', 'w'); + fwrite($fp, implode("\n", $htpasswd_array)); + fclose($fp); - if (!in_array('AuthUserFile ' . DIR_FS_ADMIN . '.htpasswd_oscommerce', $htaccess_array) && !empty($htpasswd_array)) { - array_splice($htaccess_array, sizeof($htaccess_array), 0, $authuserfile_array); - } elseif (empty($htpasswd_array)) { - for ($i=0, $n=sizeof($htaccess_array); $i<$n; $i++) { - if (in_array($htaccess_array[$i], $authuserfile_array)) { - unset($htaccess_array[$i]); + if (!in_array('AuthUserFile ' . DIR_FS_ADMIN . '.htpasswd_oscommerce', $htaccess_array) && !empty($htpasswd_array)) { + array_splice($htaccess_array, sizeof($htaccess_array), 0, $authuserfile_array); + } elseif (empty($htpasswd_array)) { + for ($i=0, $n=sizeof($htaccess_array); $i<$n; $i++) { + if (in_array($htaccess_array[$i], $authuserfile_array)) { + unset($htaccess_array[$i]); + } } } - } - $fp = fopen(DIR_FS_ADMIN . '.htaccess', 'w'); - fwrite($fp, implode("\n", $htaccess_array)); - fclose($fp); + $fp = fopen(DIR_FS_ADMIN . '.htaccess', 'w'); + fwrite($fp, implode("\n", $htaccess_array)); + fclose($fp); + } + } else { + $messageStack->add_session(ERROR_PASSWORD_CHARACTERS, 'error'); } tep_redirect(tep_href_link(FILENAME_ADMINISTRATORS, 'aID=' . (int)$HTTP_GET_VARS['aID'])); diff --git a/catalog/admin/backup.php b/catalog/admin/backup.php index fa80a6135..8214f6396 100644 --- a/catalog/admin/backup.php +++ b/catalog/admin/backup.php @@ -40,9 +40,14 @@ '# Backup Date: ' . date(PHP_DATE_TIME_FORMAT) . "\n\n"; fputs($fp, $schema); - $tables_query = tep_db_query('show tables'); + $tables_query = tep_db_query('show full tables where Table_type = "BASE TABLE"'); while ($tables = tep_db_fetch_array($tables_query)) { - list(,$table) = each($tables); + + foreach ($tables as $tables_in_database) { + if ($tables_in_database != 'BASE TABLE') { + $table = $tables_in_database; + } + } $schema = 'drop table if exists ' . $table . ';' . "\n" . 'create table ' . $table . ' (' . "\n"; diff --git a/catalog/admin/banner_manager.php b/catalog/admin/banner_manager.php index dcbfde030..2e162a033 100644 --- a/catalog/admin/banner_manager.php +++ b/catalog/admin/banner_manager.php @@ -268,7 +268,7 @@ function popupImageWindow(url) { - banners_html_text); ?> + banners_html_text); ?> diff --git a/catalog/admin/categories.php b/catalog/admin/categories.php index 4c26a1553..9eb6ee881 100644 --- a/catalog/admin/categories.php +++ b/catalog/admin/categories.php @@ -79,6 +79,7 @@ $categories_image = new upload('categories_image'); $categories_image->set_destination(DIR_FS_CATALOG_IMAGES); + $categories_image->set_output_messages('session'); if ($categories_image->parse() && $categories_image->save()) { tep_db_query("update " . TABLE_CATEGORIES . " set categories_image = '" . tep_db_input($categories_image->filename) . "' where categories_id = '" . (int)$categories_id . "'"); @@ -223,6 +224,7 @@ $products_image = new upload('products_image'); $products_image->set_destination(DIR_FS_CATALOG_IMAGES); + $products_image->set_output_messages('session'); if ($products_image->parse() && $products_image->save()) { $sql_data_array['products_image'] = tep_db_prepare_input($products_image->filename); } @@ -277,6 +279,7 @@ $t = new upload($key); $t->set_destination(DIR_FS_CATALOG_IMAGES); + $t->set_output_messages('session'); if ($t->parse() && $t->save()) { $sql_data_array['image'] = tep_db_prepare_input($t->filename); } @@ -291,6 +294,7 @@ $t = new upload($key); $t->set_destination(DIR_FS_CATALOG_IMAGES); + $t->set_output_messages('session'); if ($t->parse() && $t->save()) { $pi_sort_order++; @@ -490,6 +494,11 @@ function updateNet() { document.forms["new_product"].products_price.value = doRound(netValue, 4); } //--> + @@ -504,109 +513,149 @@ function updateNet() { - @@ -824,7 +860,7 @@ function showPiDelConfirm(piId) { if (isset($HTTP_GET_VARS['search'])) { $search = tep_db_prepare_input($HTTP_GET_VARS['search']); - $categories_query = tep_db_query("select c.categories_id, cd.categories_name, c.categories_image, c.parent_id, c.sort_order, c.date_added, c.last_modified from " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where c.categories_id = cd.categories_id and cd.language_id = '" . (int)$languages_id . "' and cd.categories_name like '%" . tep_db_input($search) . "%' order by c.sort_order, cd.categories_name"); + $categories_query = tep_db_query("select c.categories_id, cd.categories_name, c.categories_image, c.parent_id, c.sort_order, c.date_added, c.last_modified from " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where c.categories_id = cd.categories_id and cd.language_id = '" . (int)$languages_id . "' and cd.categories_name like '%" . tep_db_input($search) . "%'" . ((defined('DB_DATABASE_CHARSET') && DB_DATABASE_CHARSET == 'utf8') ? " COLLATE utf8_bin" : "") . " order by c.sort_order, cd.categories_name"); } else { $categories_query = tep_db_query("select c.categories_id, cd.categories_name, c.categories_image, c.parent_id, c.sort_order, c.date_added, c.last_modified from " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where c.parent_id = '" . (int)$current_category_id . "' and c.categories_id = cd.categories_id and cd.language_id = '" . (int)$languages_id . "' order by c.sort_order, cd.categories_name"); } @@ -858,7 +894,7 @@ function showPiDelConfirm(piId) { $products_count = 0; if (isset($HTTP_GET_VARS['search'])) { - $products_query = tep_db_query("select p.products_id, pd.products_name, p.products_quantity, p.products_image, p.products_price, p.products_date_added, p.products_last_modified, p.products_date_available, p.products_status, p2c.categories_id from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where p.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "' and p.products_id = p2c.products_id and pd.products_name like '%" . tep_db_input($search) . "%' order by pd.products_name"); + $products_query = tep_db_query("select p.products_id, pd.products_name, p.products_quantity, p.products_image, p.products_price, p.products_date_added, p.products_last_modified, p.products_date_available, p.products_status, p2c.categories_id from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where p.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "' and p.products_id = p2c.products_id and pd.products_name like '%" . tep_db_input($search) . "%'" . ((defined('DB_DATABASE_CHARSET') && DB_DATABASE_CHARSET == 'utf8') ? " COLLATE utf8_bin" : "") . " order by pd.products_name"); } else { $products_query = tep_db_query("select p.products_id, pd.products_name, p.products_quantity, p.products_image, p.products_price, p.products_date_added, p.products_last_modified, p.products_date_available, p.products_status from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where p.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "' and p.products_id = p2c.products_id and p2c.categories_id = '" . (int)$current_category_id . "' order by pd.products_name"); } @@ -898,7 +934,7 @@ function showPiDelConfirm(piId) { } $cPath_back = ''; - if (sizeof($cPath_array) > 0) { + if (isset($cPath_array) && sizeof($cPath_array) > 0) { for ($i=0, $n=sizeof($cPath_array)-1; $i<$n; $i++) { if (empty($cPath_back)) { $cPath_back .= $cPath_array[$i]; @@ -914,7 +950,7 @@ function showPiDelConfirm(piId) { diff --git a/catalog/admin/configuration.php b/catalog/admin/configuration.php index 92d541255..bf3942543 100644 --- a/catalog/admin/configuration.php +++ b/catalog/admin/configuration.php @@ -85,9 +85,10 @@ } else { echo ' ' . "\n"; } + $cfgValueLocalised = tep_localise_select($cfgValue); ?> - + - + diff --git a/catalog/admin/error_log.php b/catalog/admin/error_log.php new file mode 100644 index 000000000..5b4531e32 --- /dev/null +++ b/catalog/admin/error_log.php @@ -0,0 +1,140 @@ +add_session(sprintf(ERROR_FILE_NOT_DELETED, STORE_ERROR_LOG_FILE), 'error'); + } else { + $fh = fopen(STORE_ERROR_LOG_FILE, 'a'); + fclose($fh); + } + tep_redirect(tep_href_link(FILENAME_ERROR_LOG)); + } + } + +// check if the error file exists + if (is_file(STORE_ERROR_LOG_FILE)) { + if (!tep_is_writable(dirname(STORE_ERROR_LOG_FILE))) { + $messageStack->add(ERROR_DIRECTORY_NOT_WRITEABLE, 'error'); + } + } else { + $messageStack->add(ERROR_DIRECTORY_DOES_NOT_EXIST, 'error'); + } + + require(DIR_WS_INCLUDES . 'template_top.php'); +?> + +
- - - - - - - - - - - - - - - - - - - - - + + + + + + +
products_date_available, 'id="products_date_available"') . ' (YYYY-MM-DD)'; ?>
manufacturers_id); ?>
+
+
    +
    • +
    • +
    • +
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
products_date_available, 'id="products_date_available"') . ' (YYYY-MM-DD)'; ?>
manufacturers_id); ?>
products_tax_class_id, 'onchange="updateGross()"'); ?>
products_price, 'onkeyup="updateGross()"'); ?>
products_price, 'onkeyup="updateNet()"'); ?>
products_quantity); ?>
products_model); ?>
products_weight); ?>
+
+ +
+ + - - - - + + + + - - - - - - - - - - - - - - - - - - - + + + - - - - + + + + - - - - - - - - - - - - - - - - - - - - + + + + + + + + +
products_id) ? '' : tep_get_products_name($pInfo->products_id, $languages[$i]['id']))); ?>
products_id) ? '' : tep_get_products_name($pInfo->products_id, $languages[$i]['id'])), ' maxlenght="64" size="64"'); ?>
products_tax_class_id, 'onchange="updateGross()"'); ?>
products_price, 'onkeyup="updateGross()"'); ?>
products_price, 'onkeyup="updateNet()"'); ?>
- - - - -
 products_id) ? '' : tep_get_products_description($pInfo->products_id, $languages[$i]['id']))); ?>
' . TEXT_PRODUCTS_URL_WITHOUT_HTTP . ''; ?>products_id, $languages[$i]['id'])), ' maxlenght="255" size="64"'); ?>
products_quantity); ?>
products_model); ?>
-
' . TEXT_PRODUCTS_MAIN_IMAGE . ' (' . SMALL_IMAGE_WIDTH . ' x ' . SMALL_IMAGE_HEIGHT . 'px)
' . (tep_not_null($pInfo->products_image) ? '' . $pInfo->products_image . ' | ' : '') . tep_draw_file_field('products_image'); ?>
+
+ + + + +
 products_id) ? '' : tep_get_products_description($pInfo->products_id, $languages[$i]['id']))); ?>
+
+ +
+ + + + - - - - - - - - - - - - - - - - - -
+
' . TEXT_PRODUCTS_MAIN_IMAGE . ' (' . SMALL_IMAGE_WIDTH . ' x ' . SMALL_IMAGE_HEIGHT . 'px)
' . (tep_not_null($pInfo->products_image) ? '' . $pInfo->products_image . ' | ' : '') . tep_draw_file_field('products_image'); ?>
-
    +
      products_larger_images as $pi) { $pi_counter++; - echo '
    • ' . TEXT_PRODUCTS_LARGE_IMAGE . '
      ' . tep_draw_file_field('products_image_large_' . $pi['id']) . '
      ' . $pi['image'] . '

      ' . TEXT_PRODUCTS_LARGE_IMAGE_HTML_CONTENT . '
      ' . tep_draw_textarea_field('products_image_htmlcontent_' . $pi['id'], 'soft', '70', '3', $pi['htmlcontent']) . '
      • '; + echo '
    • ' . TEXT_PRODUCTS_LARGE_IMAGE . '
      ' . tep_draw_file_field('products_image_large_' . $pi['id']) . '
      ' . $pi['image'] . '

      ' . TEXT_PRODUCTS_LARGE_IMAGE_HTML_CONTENT . '
      ' . tep_draw_textarea_field('products_image_htmlcontent_' . $pi['id'], '70', '3', $pi['htmlcontent']) . '
      • '; } ?> -
    +
- +

@@ -655,29 +704,16 @@ function showPiDelConfirm(piId) { } -
' . TEXT_PRODUCTS_URL_WITHOUT_HTTP . ''; ?>products_id, $languages[$i]['id']))); ?>
products_weight); ?>
+ + + +
- +
' . TEXT_PRODUCTS . ' ' . $products_count; ?> 0) echo tep_draw_button(IMAGE_BACK, 'triangle-1-w', tep_href_link(FILENAME_CATEGORIES, $cPath_back . 'cID=' . $current_category_id)); if (!isset($HTTP_GET_VARS['search'])) echo tep_draw_button(IMAGE_NEW_CATEGORY, 'plus', tep_href_link(FILENAME_CATEGORIES, 'cPath=' . $cPath . '&action=new_category')) . tep_draw_button(IMAGE_NEW_PRODUCT, 'plus', tep_href_link(FILENAME_CATEGORIES, 'cPath=' . $cPath . '&action=new_product')); ?>  0) echo tep_draw_button(IMAGE_BACK, 'triangle-1-w', tep_href_link(FILENAME_CATEGORIES, $cPath_back . 'cID=' . $current_category_id)); if (!isset($HTTP_GET_VARS['search'])) echo tep_draw_button(IMAGE_NEW_CATEGORY, 'plus', tep_href_link(FILENAME_CATEGORIES, 'cPath=' . $cPath . '&action=new_category')) . tep_draw_button(IMAGE_NEW_PRODUCT, 'plus', tep_href_link(FILENAME_CATEGORIES, 'cPath=' . $cPath . '&action=new_product')); ?> 
configuration_id) ) { echo tep_image(DIR_WS_IMAGES . 'icon_arrow_right.gif', ''); } else { echo '' . tep_image(DIR_WS_IMAGES . 'icon_info.gif', IMAGE_ICON_INFO) . ''; } ?> 
+ + + + + + +
+ + + + +
+ + +
+ + + + + + + + + array(), + 'total' => sizeof($messages)+1); + + if ( $page !== -1 ) { + $messages = array_slice($messages, (MAX_DISPLAY_SEARCH_RESULTS * ($page - 1)), MAX_DISPLAY_SEARCH_RESULTS); + } + + foreach ( $messages as $key => $message ) { +?> + + + + + + + + + + + + + + + + + +
+
1 ) ? (($result['total']-1)) : INFO_NO_ERRORS_IN_FILE ) . ' ' . tep_draw_button(EMPTY_FILE, 'trash', tep_href_link(FILENAME_ERROR_LOG, 'action=delete')); ?>
+ 1) { + echo '' . PREVNEXT_BUTTON_PREV . ''; + } else { + echo '|>'; + } + echo $page . '/' . ceil(($result['total']-1)/MAX_DISPLAY_SEARCH_RESULTS); + if ( ($page < (($result['total']-1)/MAX_DISPLAY_SEARCH_RESULTS)) && ((($result['total']-1)/MAX_DISPLAY_SEARCH_RESULTS) != 1) ) { + echo '' . PREVNEXT_BUTTON_NEXT . ''; + } else { + echo '<|'; + } +?> +
+ + diff --git a/catalog/admin/includes/application_bottom.php b/catalog/admin/includes/application_bottom.php index 6da5d548f..5e40b01a7 100644 --- a/catalog/admin/includes/application_bottom.php +++ b/catalog/admin/includes/application_bottom.php @@ -14,7 +14,7 @@ tep_session_close(); if (STORE_PAGE_PARSE_TIME == 'true') { - if (!is_object($logger)) $logger = new logger; + if (!isset($logger) || !is_object($logger)) $logger = new logger; echo $logger->timer_stop(DISPLAY_PAGE_PARSE_TIME); } ?> \ No newline at end of file diff --git a/catalog/admin/includes/application_top.php b/catalog/admin/includes/application_top.php index 0e823b214..e9fa5d936 100644 --- a/catalog/admin/includes/application_top.php +++ b/catalog/admin/includes/application_top.php @@ -14,7 +14,7 @@ define('PAGE_PARSE_START_TIME', microtime()); // Set the level of error reporting - error_reporting(E_ALL & ~E_NOTICE); + error_reporting(-1); // check support for register_globals if (function_exists('ini_get') && (ini_get('register_globals') == false) && (PHP_VERSION < 4.3) ) { diff --git a/catalog/admin/includes/classes/email.php b/catalog/admin/includes/classes/email.php index e67a327d9..3280dad06 100644 --- a/catalog/admin/includes/classes/email.php +++ b/catalog/admin/includes/classes/email.php @@ -56,7 +56,9 @@ function email($headers = '') { 'tiff' => 'image/tiff', 'swf' => 'application/x-shockwave-flash'); - $this->build_params['html_encoding'] = 'quoted-printable'; +/* Gergely utf-8 charset compatibility 2012 */ +// $this->build_params['html_encoding'] = 'quoted-printable'; + $this->build_params['html_encoding'] = 'base64'; $this->build_params['text_encoding'] = '7bit'; $this->build_params['html_charset'] = constant('CHARSET'); $this->build_params['text_charset'] = constant('CHARSET'); @@ -491,8 +493,14 @@ function send($to_name, $to_addr, $from_name, $from_addr, $subject = '', $header return false; } - $to = (($to_name != '') ? '"' . $to_name . '" <' . $to_addr . '>' : $to_addr); - $from = (($from_name != '') ? '"' . $from_name . '" <' . $from_addr . '>' : $from_addr); +/* Gergely utf-8 compatibility 2012 */ +/* $to = (($to_name != '') ? '"' . $to_name . '" <' . $to_addr . '>' : $to_addr); + $from = (($from_name != '') ? '"' . $from_name . '" <' . $from_addr . '>' : $from_addr); */ + + $to = (($to_name != '') ? '"' . '=?' . CHARSET . '?B?' . base64_encode($to_name) . '?=" <' . $to_addr . '>' : $to_addr); + $from = (($from_name != '') ? '"' . '=?' . CHARSET . '?B?' . base64_encode($from_name) . '?=" <' . $from_addr . '>' : $from_addr); + $subject = '=?' . CHARSET . '?B?' . base64_encode($subject) . '?='; +/* default charset encoding */ if (is_string($headers)) { $headers = explode($this->lf, trim($headers)); diff --git a/catalog/admin/includes/classes/passwordhash.php b/catalog/admin/includes/classes/passwordhash.php index f30ab3997..5887dd84a 100644 --- a/catalog/admin/includes/classes/passwordhash.php +++ b/catalog/admin/includes/classes/passwordhash.php @@ -53,14 +53,7 @@ function PasswordHash($iteration_count_log2, $portable_hashes) function get_random_bytes($count) { $output = ''; - if (@is_readable('/dev/urandom') && - ($fh = @fopen('/dev/urandom', 'rb'))) { - if (function_exists('stream_set_read_buffer')) { - stream_set_read_buffer($fh, 0); - } - $output = fread($fh, $count); - fclose($fh); - } elseif ( function_exists('openssl_random_pseudo_bytes') ) { + if ( function_exists('openssl_random_pseudo_bytes') ) { $output = openssl_random_pseudo_bytes($count, $orpb_secure); if ( $orpb_secure != true ) { diff --git a/catalog/admin/includes/column_left.php b/catalog/admin/includes/column_left.php index 17a2f840a..d70bfb683 100644 --- a/catalog/admin/includes/column_left.php +++ b/catalog/admin/includes/column_left.php @@ -53,13 +53,19 @@ foreach ($cl_box_groups as $groups) { foreach ($groups['apps'] as $app) { if ($app['code'] == $PHP_SELF) { - echo ',active: ' . $counter; + $active_value = $counter; break; } } $counter++; } + + if (isset($active_value)) { + echo ',active: ' . $active_value; + } else { + echo ',active: ' . $counter; + } ?> }); diff --git a/catalog/admin/includes/configure.php b/catalog/admin/includes/configure.php index 05b6853c8..eab38c70e 100644 --- a/catalog/admin/includes/configure.php +++ b/catalog/admin/includes/configure.php @@ -44,6 +44,7 @@ define('DB_SERVER_USERNAME', 'mysql'); define('DB_SERVER_PASSWORD', ''); define('DB_DATABASE', 'osCommerce'); + define('DB_DATABASE_CHARSET', ''); define('USE_PCONNECT', 'false'); define('STORE_SESSIONS', ''); ?> \ No newline at end of file diff --git a/catalog/admin/includes/functions/database.php b/catalog/admin/includes/functions/database.php index bf8aed11d..4b962b468 100644 --- a/catalog/admin/includes/functions/database.php +++ b/catalog/admin/includes/functions/database.php @@ -19,6 +19,10 @@ function tep_db_connect($server = DB_SERVER, $username = DB_SERVER_USERNAME, $pa $$link = mysqli_connect($server, $username, $password, $database); + if (defined('DB_DATABASE_CHARSET') && DB_DATABASE_CHARSET !== '') { + mysqli_query($$link, 'SET CHARACTER SET ' . DB_DATABASE_CHARSET . ''); + } + return $$link; } @@ -180,6 +184,10 @@ function mysqli_connect($server, $username, $password, $database) { mysql_select_db($database, $link); } + if (defined('DB_DATABASE_CHARSET') && DB_DATABASE_CHARSET !== '') { + mysql_query('SET CHARACTER SET ' . DB_DATABASE_CHARSET . '', $link); + } + return $link; } diff --git a/catalog/admin/includes/functions/general.php b/catalog/admin/includes/functions/general.php index f34129e8f..218ecd878 100644 --- a/catalog/admin/includes/functions/general.php +++ b/catalog/admin/includes/functions/general.php @@ -282,8 +282,8 @@ function tep_info_image($image, $alt, $width = '', $height = '') { function tep_break_string($string, $len, $break_char = '-') { $l = 0; $output = ''; - for ($i=0, $n=strlen($string); $i<$n; $i++) { - $char = substr($string, $i, 1); + for ($i=0, $n=mb_strlen($string, CHARSET); $i<$n; $i++) { + $char = mb_substr($string, $i, 1, CHARSET); if ($char != ' ') { $l++; } else { @@ -474,7 +474,7 @@ function tep_get_zone_code($country, $zone, $def_state) { $state_prov_values = tep_db_fetch_array($state_prov_query); $state_prov_code = $state_prov_values['zone_code']; } - + return $state_prov_code; } @@ -718,7 +718,7 @@ function tep_cfg_pull_down_tax_classes($tax_class_id, $key = '') { //// // Function to read in text area in admin function tep_cfg_textarea($text) { - return tep_draw_textarea_field('configuration_value', false, 35, 5, $text); + return tep_draw_textarea_field('configuration_value', 35, 5, $text); } function tep_cfg_get_zone_name($zone_id) { @@ -789,6 +789,14 @@ function tep_set_time_limit($limit) { } } +//// +// Alias name for function for Store configuration values in the Administration Tool + function tep_localise_select($select){ + $ValueIn = array('`^true$`i', '`^false$`i', '`^desc$`', '`^asc$`', '`^date_expected$`', '`^products_name$`', '`^Left Column$`i', '`^Right Column$`i', '`^weight$`i', '`^price$`i', '`^national$`i', '`^international$`i', '`^both$`i'); + $ValueOut = array(TEXT_TRUE_CONFIG, TEXT_FALSE_CONFIG, TEXT_DESC_CONFIG, TEXT_ASC_CONFIG, TEXT_DATE_EXPECTED_CONFIG, TEXT_PRODUCT_NAME_CONFIG, TEXT_LEFT_COLUMN_CONFIG, TEXT_RIGHT_COLUMN_CONFIG, TEXT_WEIGHT_CONFIG, TEXT_PRICE_CONFIG, TEXT_NATIONAL, TEXT_INTERNATIONAL, TEXT_BOTH); + return preg_replace($ValueIn, $ValueOut, htmlspecialchars($select) ); + } + //// // Alias function for Store configuration values in the Administration Tool function tep_cfg_select_option($select_array, $key_value, $key = '') { @@ -796,12 +804,13 @@ function tep_cfg_select_option($select_array, $key_value, $key = '') { for ($i=0, $n=sizeof($select_array); $i<$n; $i++) { $name = ((tep_not_null($key)) ? 'configuration[' . $key . ']' : 'configuration_value'); + $txt = tep_localise_select($select_array[$i]); $string .= '
date('Y-m-d H:i:s O T'), 'os' => PHP_OS, 'kernel' => $kernel, - 'uptime' => @exec('uptime'), + 'uptime' => $uptime, 'http_server' => $HTTP_SERVER_VARS['SERVER_SOFTWARE']); $data['mysql'] = array('version' => tep_db_get_server_info(), diff --git a/catalog/admin/includes/functions/html_output.php b/catalog/admin/includes/functions/html_output.php index 377b0ac29..ce1bda8cf 100644 --- a/catalog/admin/includes/functions/html_output.php +++ b/catalog/admin/includes/functions/html_output.php @@ -245,8 +245,7 @@ function tep_draw_radio_field($name, $value = '', $checked = false, $compare = ' //// // Output a form textarea field -// The $wrap parameter is no longer used in the core xhtml template - function tep_draw_textarea_field($name, $wrap, $width, $height, $text = '', $parameters = '', $reinsert_value = true) { + function tep_draw_textarea_field($name, $width, $height, $text = '', $parameters = '', $reinsert_value = true) { global $HTTP_GET_VARS, $HTTP_POST_VARS; $field = '