Skip to content

Commit

Permalink
OSClass 2.3.5
Browse files Browse the repository at this point in the history
  • Loading branch information
@juanramon
juanramon committed Jan 16, 2012
2 parents 5933d48 + 33a4b1a commit ff7ef8a
Show file tree
Hide file tree
Showing 87 changed files with 2,691 additions and 2,103 deletions.
20 changes: 20 additions & 0 deletions CHANGELOG.txt
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,23 @@
OSClass 2.3.5 2012-01-16
------------------------
- Escape quotes in attr values of input tags using a new helper: osc_esc_html
- PHP Warning if the user doesn't have a description in his profile
- PHP Warning in Search model
- Modified behavior in add/edit form of custom fields
- Style of radio buttons in custom fields
- JS error in add/edit page in oc-admin
- XSS vulnerabilities in search page
- SQL injections in search page and AJAX request in oc-admin (need to be logged as an admin)

OSClass 2.3.4 2012-01-03
------------------------
- Deleting all admins bug fixed
- Multiple installs bug fixed
- Feeds url using permalinks
- SQL error using picture only items bug fixed
- Some hooks were added on admin
- SQL optimized a little more

OSClass 2.3.3 2011-12-17
------------------------
- Removed upgrade and upgrade-plugins files
Expand Down
163 changes: 86 additions & 77 deletions oc-admin/ajax/ajax.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,13 +100,15 @@ function doModel()

foreach ($aIds as $id => $parent) {
if ($parent == 'root') {
if (!$catManager->updateOrder($id, $orderParent)) {
$res = $catManager->updateOrder($id, $orderParent);
if (is_bool($res) && !$res) {
$error = 1;
}
// set parent category
$conditions = array('pk_i_id' => $id);
$array['fk_i_parent_id'] = NULL;
if (!$catManager->update($array, $conditions) > 0) {
$res = $catManager->update($array, $conditions);
if (is_bool($res) && !$res) {
$error = 1;
}
$orderParent++;
Expand All @@ -115,31 +117,31 @@ function doModel()
$catParent = $parent;
$orderSub = 0;
}
if (!$catManager->updateOrder($id, $orderSub)) {

$res = $catManager->updateOrder($id, $orderSub);
if (is_bool($res) && !$res ) {
$error = 1;
}

// set parent category
$conditions = array('pk_i_id' => $id);
$array['fk_i_parent_id'] = $catParent;
if (!$catManager->update($array, $conditions) > 0) {

$res = $catManager->update($array, $conditions);
if (is_bool($res) && !$res) {
$error = 1;
}
$orderSub++;
}
}

$result = "{";
$error = 0;

if ($error) {
$result .= '"error" : "' . __("Some error ocurred") . '"';
if($error) {
$result = array( 'error' => __("Some error ocurred") ) ;
} else {
$result .= '"ok" : "' . __("Order saved") . '"';
$result = array( 'ok' => __("Order saved") ) ;
}
$result .= "}";

echo $result;
echo json_encode($result) ;

break;
case 'category_edit_iframe':
$this->_exportVariableToView( 'category', Category::newInstance()->findByPrimaryKey( Params::getParam("id") ) ) ;
Expand All @@ -158,66 +160,73 @@ function doModel()
break;
case 'field_categories_post':
$error = 0;
if (!$error) {
try {
$field = Field::newInstance()->findByName(Params::getParam("s_name"));
if (!isset($field['pk_i_id']) || (isset($field['pk_i_id']) && $field['pk_i_id'] == Params::getParam("id"))) {
Field::newInstance()->cleanCategoriesFromField(Params::getParam("id"));
$slug = Params::getParam("field_slug") != '' ? Params::getParam("field_slug") : Params::getParam("id");
$slug = preg_replace('|([-]+)|', '-', preg_replace('|[^a-z0-9_-]|', '-', strtolower($slug)));
Field::newInstance()->update(array('s_name' => Params::getParam("s_name"), 'e_type' => Params::getParam("field_type"), 's_slug' => $slug, 'b_required' => Params::getParam("field_required") == "1" ? 1 : 0, 's_options' => Params::getParam('s_options')), array('pk_i_id' => Params::getParam("id")));
Field::newInstance()->insertCategories(Params::getParam("id"), Params::getParam("categories"));
} else {
$field = Field::newInstance()->findByName(Params::getParam("s_name"));

if (!isset($field['pk_i_id']) || (isset($field['pk_i_id']) && $field['pk_i_id'] == Params::getParam("id"))) {
// remove categories from a field
Field::newInstance()->cleanCategoriesFromField(Params::getParam("id"));
// no error... continue updating fields
if($error == 0) {
$slug = Params::getParam("field_slug") != '' ? Params::getParam("field_slug") : Params::getParam("id");
$slug = preg_replace('|([-]+)|', '-', preg_replace('|[^a-z0-9_-]|', '-', strtolower($slug)));
$res = Field::newInstance()->update(array('s_name' => Params::getParam("s_name"), 'e_type' => Params::getParam("field_type"), 's_slug' => $slug, 'b_required' => Params::getParam("field_required") == "1" ? 1 : 0, 's_options' => Params::getParam('s_options')), array('pk_i_id' => Params::getParam("id")));
if(is_bool($res) && !$res) {
$error = 1;
$message = __("Sorry, you already have one field with that name");
}
} catch (Exception $e) {
$error = 1;
}
// no error... continue inserting categories-field
if($error == 0) {
$aCategories = Params::getParam("categories");
if( is_array($aCategories) && count($aCategories) > 0) {
$res = Field::newInstance()->insertCategories(Params::getParam("id"), $aCategories);
if(!$res) {
$error = 1;
}
}
}
// error while updating?
if($error == 1) {
$message = __("Error while updating.");
}
} else {
$error = 1;
$message = __("Sorry, you already have one field with that name");
}

$result = "{";
if ($error) {
$result .= '"error" : "';
$result .= $message;
$result .= '"';
if($error) {
$result = array( 'error' => $message) ;
} else {
$result .= '"ok" : "' . __("Saved") . '", "text" : "' . Params::getParam("s_name") . '"';
$result = array( 'ok' => __("Saved") , 'text' => Params::getParam("s_name")) ;
}
$result .= "}";

echo $result;

echo json_encode($result) ;

break;
case 'delete_field':
$id = Params::getParam("id");
$error = 0;

try {
$fieldManager = Field::newInstance();
$fieldManager->deleteByPrimaryKey($id);

$fieldManager = Field::newInstance();
$res = $fieldManager->deleteByPrimaryKey($id);

if($res > 0) {
$message = __('The custom field have been deleted');
} catch (Exception $e) {
} else {
$error = 1;
$message = __('Error while deleting');
}

$result = "{";
if ($error) {
$result .= '"error" : "';
$result .= $message;
$result .= '"';
if($error) {
$result = array( 'error' => $message) ;
} else {
$result .= '"ok" : "Saved." ';
$result = array( 'ok' => __("Saved") ) ;
}
$result .= "}";
echo json_encode($result) ;

echo $result;
break;
case 'enable_category':
$id = Params::getParam("id") ;
$enabled = (Params::getParam("enabled") != '') ? Params::getParam("enabled") : 0 ;
$id = strip_tags( Params::getParam('id') ) ;
$enabled = (Params::getParam('enabled') != '') ? Params::getParam('enabled') : 0 ;
$error = 0 ;
$result = array() ;
$aUpdated = array() ;
Expand Down Expand Up @@ -277,36 +286,32 @@ function doModel()
}
$result['affectedIds'] = array( array('id' => $id) ) ;
echo json_encode($result) ;

break ;
case 'delete_category':
$id = Params::getParam("id");
$error = 0;

try {
$categoryManager = Category::newInstance();
$categoryManager->deleteByPrimaryKey($id);

$categoryManager = Category::newInstance();
$res = $categoryManager->deleteByPrimaryKey($id);

if($res > 0) {
$message = __('The categories have been deleted');
} catch (Exception $e) {
} else {
$error = 1;
$message = __('Error while deleting');
}

$result = "{";
if ($error) {
$result .= '"error" : "';
$result .= $message;
$result .= '"';
if($error) {
$result = array( 'error' => $message) ;
} else {
$result .= '"ok" : "Saved." ';
$result = array( 'ok' => __("Saved") ) ;
}
$result .= "}";

echo $result;
echo json_encode($result) ;

break;
case 'edit_category_post':
$id = Params::getParam("id");

$fields['i_expiration_days'] = (Params::getParam("i_expiration_days") != '') ? Params::getParam("i_expiration_days") : 0;

$error = 0;
Expand All @@ -331,10 +336,10 @@ function doModel()

$l = osc_language();
if ($error==0 || ($error==1 && $has_one_title==1)) {
try {
$categoryManager = Category::newInstance();
$categoryManager->updateByPrimaryKey(array('fields' => $fields, 'aFieldsDescription' => $aFieldsDescription), $id);
} catch (Exception $e) {
$categoryManager = Category::newInstance();
$res = $categoryManager->updateByPrimaryKey(array('fields' => $fields, 'aFieldsDescription' => $aFieldsDescription), $id);

if( is_bool($res) ) {
$error = 2;
}
}
Expand All @@ -352,6 +357,7 @@ function doModel()
$msg = __('Error while updating');
}
echo json_encode(array('error' => $error, 'msg' => $msg, 'text' => $aFieldsDescription[$l]['s_name']));

break;
case 'custom': // Execute via AJAX custom file
$ajaxfile = Params::getParam("ajaxfile");
Expand Down Expand Up @@ -403,6 +409,7 @@ function doModel()
$new_order = $actual_order+1;
}
}

if($new_order != $actual_order) {
$auxpage = $mPages->findByOrder($new_order);

Expand All @@ -414,10 +421,8 @@ function doModel()
$conditions = array('pk_i_id' => $id);
$mPages->update($array, $conditions);

} else {

}

// TO BE IMPROVED
// json for datatables
$prefLocale = osc_current_admin_locale();
$aPages = $mPages->listAll(0);
Expand All @@ -434,7 +439,7 @@ function doModel()
$p_body = str_replace("'", "\'", trim(strip_tags($body['s_title']), "\x22\x27"));

$json .= "[\"<input type='checkbox' name='id[]' value='". $page['pk_i_id'] ."' />\",";
$json .= "\"".$page['s_internal_name']."<div id='datatables_quick_edit'>";
$json .= "\"".osc_esc_html($page['s_internal_name'])."<div id='datatables_quick_edit'>";
$json .= "<a href='". osc_static_page_url() ."'>". __('View page') ."</a> | ";
$json .= "<a href='". osc_admin_base_url(true) ."?page=pages&action=edit&id=". $page['pk_i_id'] ."'>";
$json .= __('Edit') ."</a>";
Expand All @@ -454,6 +459,7 @@ function doModel()
$json .= "]";
echo $json;
}

break;

/******************************
Expand All @@ -475,11 +481,14 @@ function doModel()
/***********************
**** DOWNLOAD FILE ****
***********************/
if (Params::getParam('file') != '') {
$data = osc_file_get_contents("http://osclass.org/latest_version.php");
$data = json_decode(substr($data, 1, strlen($data)-3), true);
$source_file = $data['url'];
if ($source_file != '') {

$tmp = explode("/", Params::getParam('file'));
$tmp = explode("/", $source_file);
$filename = end($tmp);
$result = osc_downloadFile(Params::getParam('file'), $filename);
$result = osc_downloadFile($source_file, $filename);

if ($result) { // Everything is OK, continue
/**********************
Expand Down
14 changes: 7 additions & 7 deletions oc-admin/ajax/items_processing.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -250,7 +250,7 @@ private function toDatatablesFormat() {
if($title != $aRow['s_title']) {
$title .= "...";
}
$this->sOutput .= '"'.addslashes(preg_replace('|\s+|',' ',$title)).' <br/>';
$this->sOutput .= '"'.addslashes(osc_esc_html(preg_replace('|\s+|',' ',$title))).' <br/>';
$this->sOutput .= '<div id=\'datatable_wrapper\'><div id=\'datatables_quick_edit\' ';
if($count % 2) {
$this->sOutput .= ' class=\'even\' ';
Expand Down Expand Up @@ -293,12 +293,12 @@ private function toDatatablesFormat() {
$this->sOutput .= '</div></div>",';
}

$this->sOutput .= '"'.addslashes($aRow['s_user_name']).'",';
$this->sOutput .= '"'.addslashes($aRow['s_category_name']).'",';
$this->sOutput .= '"'.$aRow['s_country'].'",';
$this->sOutput .= '"'.$aRow['s_region'].'",';
$this->sOutput .= '"'.$aRow['s_city'].'",';
$this->sOutput .= '"'.addslashes($aRow['dt_pub_date']).'"';
$this->sOutput .= '"'.addslashes(osc_esc_html($aRow['s_user_name'])).'",';
$this->sOutput .= '"'.addslashes(osc_esc_html($aRow['s_category_name'])).'",';
$this->sOutput .= '"'.addslashes(osc_esc_html($aRow['s_country'])).'",';
$this->sOutput .= '"'.addslashes(osc_esc_html($aRow['s_region'])).'",';
$this->sOutput .= '"'.addslashes(osc_esc_html($aRow['s_city'])).'",';
$this->sOutput .= '"'.addslashes(osc_esc_html($aRow['dt_pub_date'])).'"';
if($this->extraCols > 0) $this->sOutput .= ',';

if(isset($aRow['i_num_spam'])) {
Expand Down
4 changes: 2 additions & 2 deletions oc-admin/appearance.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ function doModel() {
$res = Widget::newInstance()->update(
array(
's_description' => Params::getParam('description')
,'s_content' => Params::getParam('content')
,'s_content' => Params::getParam('content', false, false)
),
array('pk_i_id' => Params::getParam('id') )
);
Expand All @@ -114,7 +114,7 @@ function doModel() {
's_location' => Params::getParam('location')
,'e_kind' => 'html'
,'s_description' => Params::getParam('description')
,'s_content' => Params::getParam('content')
,'s_content' => Params::getParam('content', false, false)
)
);
osc_add_flash_ok_message( _m('Widget added correctly'), 'admin');
Expand Down
Loading

0 comments on commit ff7ef8a

Please sign in to comment.