Index: branches/5.0.x/core/kernel/db/db_tag_processor.php
===================================================================
diff -u -r12497 -r12511
--- branches/5.0.x/core/kernel/db/db_tag_processor.php (.../db_tag_processor.php) (revision 12497)
+++ branches/5.0.x/core/kernel/db/db_tag_processor.php (.../db_tag_processor.php) (revision 12511)
@@ -1,6 +1,6 @@
Application->getUnitOption('c', 'TableName') . '
- WHERE ' . $this->Application->getUnitOption('c', 'IDField') . ' = ' . $page_id;
+ WHERE ' . $this->Application->getUnitOption('c', 'IDField') . ' = ' . (int)$page_id;
$template = strtolower( $this->Conn->GetOne($sql) );
$url_params = Array ('m_cat_id' => $page_id, 'no_amp' => 1, 'editing_mode' => EDITING_MODE_CONTENT, 'pass' => 'm');
Index: branches/5.0.x/core/units/custom_fields/custom_fields_event_handler.php
===================================================================
diff -u -r12299 -r12511
--- branches/5.0.x/core/units/custom_fields/custom_fields_event_handler.php (.../custom_fields_event_handler.php) (revision 12299)
+++ branches/5.0.x/core/units/custom_fields/custom_fields_event_handler.php (.../custom_fields_event_handler.php) (revision 12511)
@@ -1,6 +1,6 @@
Application->GetVar('cf_type');
+ WHERE ItemType = ' . $this->Conn->qstr( $this->Application->GetVar('cf_type') );
$prefix = $this->Conn->GetOne($sql);
}
Index: branches/5.0.x/core/kernel/db/cat_tag_processor.php
===================================================================
diff -u -r12497 -r12511
--- branches/5.0.x/core/kernel/db/cat_tag_processor.php (.../cat_tag_processor.php) (revision 12497)
+++ branches/5.0.x/core/kernel/db/cat_tag_processor.php (.../cat_tag_processor.php) (revision 12511)
@@ -1,6 +1,6 @@
0) {
// scan only current category & it's children
$sql = 'SELECT TreeLeft, TreeRight
- FROM '.TABLE_PREFIX.'Category
- WHERE CategoryId = '.$category_id;
+ FROM ' . TABLE_PREFIX . 'Category
+ WHERE CategoryId = ' . (int)$category_id;
$tree_info = $this->Conn->GetRow($sql);
$sql = 'SELECT MAX(item_table.Modified) AS ModDate, MAX(item_table.CreatedOn) AS NewDate
Index: branches/5.0.x/core/kernel/utility/http_query.php
===================================================================
diff -u -r12401 -r12511
--- branches/5.0.x/core/kernel/utility/http_query.php (.../http_query.php) (revision 12401)
+++ branches/5.0.x/core/kernel/utility/http_query.php (.../http_query.php) (revision 12511)
@@ -1,6 +1,6 @@
Get['t']) && $this->Get['t']) {
+ if (array_key_exists('t', $this->Get) && $this->Get['t']) {
// template name is passed directly in url (GET method)
$t = $this->Get['t'];
}
@@ -513,13 +513,6 @@
$t = $this->Get('t');
}
- if (is_numeric($t)) {
- $sql = 'SELECT CONCAT(FilePath, \'/\', FileName)
- FROM '.TABLE_PREFIX.'ThemeFiles
- WHERE FileId = '.$t;
- $t = $this->Conn->GetOne($sql);
- }
-
return preg_replace('/\.tpl$/', '', $t);
}
Index: branches/5.0.x/core/units/permissions/permissions_tag_processor.php
===================================================================
diff -u -r12382 -r12511
--- branches/5.0.x/core/units/permissions/permissions_tag_processor.php (.../permissions_tag_processor.php) (revision 12382)
+++ branches/5.0.x/core/units/permissions/permissions_tag_processor.php (.../permissions_tag_processor.php) (revision 12511)
@@ -1,6 +1,6 @@
Conn->GetCol($sql, 'Perm');
@@ -139,7 +139,7 @@
IF(p.PermissionValue IS NOT NULL, p.PermissionValue, 0) AS InheritedValue
FROM '.TABLE_PREFIX.'PermissionConfig pc
LEFT JOIN '.$perm_live_table.' p
- ON (p.Permission = pc.PermissionName) AND ('.str_replace('#TABLE_PREFIX#', 'p', $pos_sql).') AND (p.GroupId = '.$group_id.')
+ ON (p.Permission = pc.PermissionName) AND ('.str_replace('#TABLE_PREFIX#', 'p', $pos_sql).') AND (p.GroupId = '.(int)$group_id.')
LEFT JOIN '.$perm_temp_table.' tmp_p
ON (tmp_p.Permission = pc.PermissionName) AND (tmp_p.CatId = '.$this_cat.') AND (tmp_p.GroupId = '.$group_id.')
WHERE ModuleId = "'.$module.'"';
Index: branches/5.0.x/core/units/users/users_event_handler.php
===================================================================
diff -u -r12483 -r12511
--- branches/5.0.x/core/units/users/users_event_handler.php (.../users_event_handler.php) (revision 12483)
+++ branches/5.0.x/core/units/users/users_event_handler.php (.../users_event_handler.php) (revision 12511)
@@ -1,6 +1,6 @@
Application->GetTempName(TABLE_PREFIX.'UserGroup', 'prefix:g');
$sql = 'SELECT PortalUserId
- FROM '.$table_name.'
- WHERE GroupId = '.$group_id;
+ FROM ' . $table_name . '
+ WHERE GroupId = ' . (int)$group_id;
$user_ids = $this->Conn->GetCol($sql);
// array_push($user_ids); // Guest & Everyone groups are set dynamically
if ($user_ids) {
Index: branches/5.0.x/core/units/phrases/phrases_event_handler.php
===================================================================
diff -u -r12299 -r12511
--- branches/5.0.x/core/units/phrases/phrases_event_handler.php (.../phrases_event_handler.php) (revision 12299)
+++ branches/5.0.x/core/units/phrases/phrases_event_handler.php (.../phrases_event_handler.php) (revision 12511)
@@ -1,6 +1,6 @@
Conn->qstr($label).' AND LanguageId = '.$language_id;
+ WHERE Phrase = '.$this->Conn->qstr($label).' AND LanguageId = '.(int)$language_id;
$this->Application->SetVar($event->getPrefixSpecial() . '_id', $this->Conn->GetOne($sql));
$event->redirect = false;
Index: branches/5.0.x/core/units/form_submissions/form_submissions_eh.php
===================================================================
diff -u -r12357 -r12511
--- branches/5.0.x/core/units/form_submissions/form_submissions_eh.php (.../form_submissions_eh.php) (revision 12357)
+++ branches/5.0.x/core/units/form_submissions/form_submissions_eh.php (.../form_submissions_eh.php) (revision 12511)
@@ -1,6 +1,6 @@
Application->recallObject('InpCustomFieldsHelper');
- $fields = $this->Conn->Query('SELECT * FROM '.TABLE_PREFIX.'FormFields WHERE FormId = '.$form_id.' ORDER BY Priority DESC', 'FormFieldId');
+ $sql = 'SELECT *
+ FROM ' . TABLE_PREFIX . 'FormFields
+ WHERE FormId = ' . (int)$form_id . '
+ ORDER BY Priority DESC';
+ $fields = $this->Conn->Query($sql, 'FormFieldId');
+
foreach ($fields as $field_id => $options) {
$conf_fields['fld_'.$field_id] = Array('type'=>'string', 'default'=>$options['DefaultValue']);
if ($options['Required']) {
Index: branches/5.0.x/core/units/helpers/permissions_helper.php
===================================================================
diff -u -r12306 -r12511
--- branches/5.0.x/core/units/helpers/permissions_helper.php (.../permissions_helper.php) (revision 12306)
+++ branches/5.0.x/core/units/helpers/permissions_helper.php (.../permissions_helper.php) (revision 12511)
@@ -1,6 +1,6 @@
Application->getUnitOption($prefix, 'TableName');
$id = $this->Application->GetVar($prefix.'_id');
- if (!$id) return $this->Application->GetVar('m_cat_id');
+ if (!$id) {
+ return $this->Application->GetVar('m_cat_id');
+ }
$sql = 'SELECT ResourceId
FROM '.$table_name.'
- WHERE '.$id_field.' = '.$id;
+ WHERE '.$id_field.' = '.(int)$id;
$resource_id = $this->Conn->GetOne($sql);
$sql = 'SELECT CategoryId
@@ -540,7 +542,7 @@
$sql = 'SELECT PermId
FROM '.TABLE_PREFIX.'PermCache
- WHERE (PermId = '.$perm_id.') AND (CategoryId = '.$cat_id.')';
+ WHERE (PermId = '.$perm_id.') AND (CategoryId = '.(int)$cat_id.')';
$view_filters = Array();
foreach ($groups as $group) {
Index: branches/5.0.x/core/units/fck/fck_eh.php
===================================================================
diff -u -r12299 -r12511
--- branches/5.0.x/core/units/fck/fck_eh.php (.../fck_eh.php) (revision 12299)
+++ branches/5.0.x/core/units/fck/fck_eh.php (.../fck_eh.php) (revision 12511)
@@ -1,6 +1,6 @@
array('self' => true),
- 'OnLoadResources' => array('self' => true),
- 'OnRenameFile' => array('self' => true),
- 'OnDeleteFiles' => array('self' => true),
- 'OnGetFoldersFilesList' => array('self' => true),
- 'OnCreateFolder' => array('self' => true),
- 'OnUploadFile' => array('self' => true),
- );
-
- $this->permMapping = array_merge($this->permMapping, $permissions);
- }
-
/**
* Checks permissions of user
*
@@ -42,6 +24,7 @@
function CheckPermission(&$event)
{
if ($this->Application->LoggedIn() && $this->Application->IsAdmin()) {
+ // this limits all event execution only to logged-in users in admin
return true;
}
Index: branches/5.0.x/core/kernel/db/cat_dbitem.php
===================================================================
diff -u -r12466 -r12511
--- branches/5.0.x/core/kernel/db/cat_dbitem.php (.../cat_dbitem.php) (revision 12466)
+++ branches/5.0.x/core/kernel/db/cat_dbitem.php (.../cat_dbitem.php) (revision 12511)
@@ -1,6 +1,6 @@
GetDBField($title_field);
- $cat_id = $this->Application->GetVar('m_cat_id');
+ $cat_id = (int)$this->Application->GetVar('m_cat_id');
$original_checked = false;
do {
if ( preg_match('/Copy ([0-9]*) *of (.*)/', $new_name, $regs) ) {
@@ -203,7 +203,7 @@
// check if the item already exists in destination category
$sql = 'SELECT PrimaryCat
FROM ' . $table_name . '
- WHERE (CategoryId = ' . $category_id . ') AND (ItemResourceId = ' . $this->GetDBField('ResourceId') . ')';
+ WHERE (CategoryId = ' . (int)$category_id . ') AND (ItemResourceId = ' . $this->GetDBField('ResourceId') . ')';
$is_primary = $this->Conn->GetOne($sql);
// if it's not found is_primary will be FALSE, if it's found but not primary it will be int 0
@@ -218,13 +218,13 @@
// if it's not primary - delete it from destination category, as we will move it from current primary below
$sql = 'DELETE FROM ' . $table_name . '
- WHERE (CategoryId = ' . $category_id . ') AND (ItemResourceId = ' . $this->GetDBField('ResourceId') . ')';
+ WHERE (CategoryId = ' . (int)$category_id . ') AND (ItemResourceId = ' . $this->GetDBField('ResourceId') . ')';
$this->Conn->Query($sql);
}
// change category id in existing primary category record
$sql = 'UPDATE ' . $table_name . '
- SET CategoryId = ' . $category_id . '
+ SET CategoryId = ' . (int)$category_id . '
WHERE (ItemResourceId = ' . $this->GetDBField('ResourceId') . ') AND (PrimaryCat = 1)';
$this->Conn->Query($sql);
Index: branches/5.0.x/core/admin_templates/users/users_list.tpl
===================================================================
diff -u -r12506 -r12511
--- branches/5.0.x/core/admin_templates/users/users_list.tpl (.../users_list.tpl) (revision 12506)
+++ branches/5.0.x/core/admin_templates/users/users_list.tpl (.../users_list.tpl) (revision 12511)
@@ -15,7 +15,7 @@
}
var a_toolbar = new ToolBar();
- a_toolbar.AddButton( new ToolBarButton('new_item, '::',
+ a_toolbar.AddButton( new ToolBarButton('new_item', '::',
function() {
set_hidden_field('remove_specials[u.regular]', 1);
std_precreate_item('u.regular', 'users/users_edit')
Index: branches/5.0.x/core/units/groups/groups_event_handler.php
===================================================================
diff -u -r12299 -r12511
--- branches/5.0.x/core/units/groups/groups_event_handler.php (.../groups_event_handler.php) (revision 12299)
+++ branches/5.0.x/core/units/groups/groups_event_handler.php (.../groups_event_handler.php) (revision 12511)
@@ -1,6 +1,6 @@
Special) {
case 'user':
$user_id = $this->Application->GetVar('u_id');
+
if ($user_id !== false) {
// show only groups, that user doesn't belong to
$table_name = $this->Application->GetTempName(TABLE_PREFIX.'UserGroup', 'prefix:u');
+
$sql = 'SELECT GroupId
- FROM '.$table_name.'
- WHERE PortalUserId = '.$user_id;
+ FROM ' . $table_name . '
+ WHERE PortalUserId = ' . (int)$user_id;
$group_ids = $this->Conn->GetCol($sql);
array_push($group_ids, 14, 15); // Guest & Everyone groups are set dynamically
Index: branches/5.0.x/core/kernel/application.php
===================================================================
diff -u -r12368 -r12511
--- branches/5.0.x/core/kernel/application.php (.../application.php) (revision 12368)
+++ branches/5.0.x/core/kernel/application.php (.../application.php) (revision 12511)
@@ -1,6 +1,6 @@
setCache('category_tree', $id, $category_data['TreeLeft'] . ';' . $category_data['TreeRight']);
}
else {
- $resource_id = $this->Conn->GetOne('SELECT ResourceId FROM '.$table.' WHERE '.$id_field.' = '.$this->Conn->qstr($id));
- if (is_null($category_id)) $category_id = $this->GetVar('m_cat_id');
- $sql = 'SELECT Filename FROM '.TABLE_PREFIX.'CategoryItems WHERE ItemResourceId = '.$resource_id.' AND CategoryId = '.$category_id;
+ $sql = 'SELECT ResourceId
+ FROM ' . $table . '
+ WHERE ' . $id_field . ' = ' . $this->Conn->qstr($id);
+ $resource_id = $this->Conn->GetOne($sql);
+
+ if (is_null($category_id)) {
+ $category_id = $this->GetVar('m_cat_id');
+ }
+
+ $sql = 'SELECT Filename
+ FROM ' . TABLE_PREFIX . 'CategoryItems
+ WHERE (ItemResourceId = ' . $resource_id . ') AND (CategoryId = ' . (int)$category_id . ')';
$filename = $this->Conn->GetOne($sql);
/*if (!$filename) {
- $sql = 'SELECT Filename FROM '.TABLE_PREFIX.'CategoryItems WHERE ItemResourceId = '.$resource_id.' AND PrimaryCat = 1';
+ $sql = 'SELECT Filename
+ FROM ' . TABLE_PREFIX . 'CategoryItems
+ WHERE ItemResourceId = ' . $resource_id . ' AND PrimaryCat = 1';
$filename = $this->Conn->GetOne($sql);
- }*/
+ }
- /*$sql = 'SELECT Filename
- FROM '.$table.'
- WHERE '.$id_field.' = '.$this->Conn->qstr($id);
+ $sql = 'SELECT Filename
+ FROM ' . $table . '
+ WHERE ' . $id_field . ' = ' . $this->Conn->qstr($id);
$filename = $this->Conn->GetOne($sql);*/
}
$this->setCache('filenames', $prefix.'_'.$id, $filename);
@@ -934,7 +945,7 @@
$sql = 'SELECT *
FROM ' . TABLE_PREFIX . 'StatisticsCapture
- WHERE TemplateName = "' . $this->GetVar('t') . '"';
+ WHERE TemplateName = ' . $this->Conn->qstr( $this->GetVar('t') );
$data = $this->Conn->GetRow($sql);
if ($data) {
@@ -2786,25 +2797,29 @@
function getUserGroups($user_id)
{
- switch($user_id)
- {
+ switch ($user_id) {
case -1:
$user_groups = $this->ConfigValue('User_LoggedInGroup');
break;
+
case -2:
- $user_groups = $this->ConfigValue('User_LoggedInGroup');
- $user_groups .= ','.$this->ConfigValue('User_GuestGroup');
+ $user_groups = $this->ConfigValue('User_LoggedInGroup') . ',' . $this->ConfigValue('User_GuestGroup');
break;
+
default:
- $sql = 'SELECT GroupId FROM '.TABLE_PREFIX.'UserGroup WHERE PortalUserId = '.$user_id;
+ $sql = 'SELECT GroupId
+ FROM ' . TABLE_PREFIX . 'UserGroup
+ WHERE PortalUserId = ' . (int)$user_id;
$res = $this->Conn->GetCol($sql);
+
$user_groups = Array( $this->ConfigValue('User_LoggedInGroup') );
- if(is_array($res))
- {
+ if ($res) {
$user_groups = array_merge($user_groups, $res);
}
+
$user_groups = implode(',', $user_groups);
}
+
return $user_groups;
}
Index: branches/5.0.x/core/units/helpers/country_states_helper.php
===================================================================
diff -u -r12306 -r12511
--- branches/5.0.x/core/units/helpers/country_states_helper.php (.../country_states_helper.php) (revision 12306)
+++ branches/5.0.x/core/units/helpers/country_states_helper.php (.../country_states_helper.php) (revision 12511)
@@ -1,6 +1,6 @@
Application->GetVar('m_lang'), $this->Conn->qstr($country_code), $this->Conn->qstr($state_name) );
+ $sql = sprintf($sql, (int)$this->Application->GetVar('m_lang'), $this->Conn->qstr($country_code), $this->Conn->qstr($state_name) );
+
return $this->Conn->GetOne($sql);
}
Index: branches/5.0.x/core/units/helpers/cat_dbitem_export_helper.php
===================================================================
diff -u -r12343 -r12511
--- branches/5.0.x/core/units/helpers/cat_dbitem_export_helper.php (.../cat_dbitem_export_helper.php) (revision 12343)
+++ branches/5.0.x/core/units/helpers/cat_dbitem_export_helper.php (.../cat_dbitem_export_helper.php) (revision 12511)
@@ -1,6 +1,6 @@
exportOptions['IsBaseCategory'] ) {
$sql = 'SELECT ParentPath
FROM '.TABLE_PREFIX.'Category
- WHERE CategoryId = '.$this->Application->GetVar('m_cat_id');
+ WHERE CategoryId = ' . (int)$this->Application->GetVar('m_cat_id');
$parent_path = $this->Conn->GetOne($sql);
$parent_path = explode('|', substr($parent_path, 1, -1));
if ($parent_path && $parent_path[0] == $this->Application->findModule('Name', 'Core', 'RootCat')) {
@@ -760,7 +760,7 @@
// get category id from database by name
$sql = 'SELECT CategoryId
FROM '.TABLE_PREFIX.'Category
- WHERE ('.$lang_prefix.'Name = '.$this->Conn->qstr($category_name).') AND (ParentId = '.$current_category_id.')';
+ WHERE ('.$lang_prefix.'Name = '.$this->Conn->qstr($category_name).') AND (ParentId = '.(int)$current_category_id.')';
$category_id = $this->Conn->GetOne($sql);
if ($category_id === false) {
@@ -824,10 +824,16 @@
if (count($load_keys)) {
$where_clause = '';
+ $language_id = (int)$this->Application->GetVar('m_lang');
+
+ if (!$language_id) {
+ $language_id = 1;
+ }
+
foreach ($load_keys as $field_name => $field_value) {
if (preg_match('/^cust_(.*)/', $field_name, $regs)) {
$custom_id = array_search($regs[1], $this->customFields);
- $field_name = 'l'.$this->Application->GetVar('m_lang').'_cust_'.$custom_id;
+ $field_name = 'l'.$language_id.'_cust_'.$custom_id;
$where_clause .= '(custom_data.`'.$field_name.'` = '.$this->Conn->qstr($field_value).') AND ';
}
else {
Index: branches/5.0.x/core/units/user_groups/user_groups_eh.php
===================================================================
diff -u -r12299 -r12511
--- branches/5.0.x/core/units/user_groups/user_groups_eh.php (.../user_groups_eh.php) (revision 12299)
+++ branches/5.0.x/core/units/user_groups/user_groups_eh.php (.../user_groups_eh.php) (revision 12511)
@@ -1,6 +1,6 @@
Application->GetTempName(TABLE_PREFIX.'UserGroup', 'prefix:u');
$sql = 'SELECT GroupId
FROM '.$table_name.'
- WHERE PortalUserId = '.$user_id;
+ WHERE PortalUserId = '.(int)$user_id;
$old_groups = $this->Conn->GetCol($sql);
$new_groups = array_diff($new_groups, $old_groups);
@@ -63,8 +63,8 @@
$group_id = $this->Application->GetVar('g_id');
$table_name = $this->Application->GetTempName(TABLE_PREFIX.'UserGroup', 'prefix:g');
$sql = 'SELECT PortalUserId
- FROM '.$table_name.'
- WHERE GroupId = '.$group_id;
+ FROM ' . $table_name . '
+ WHERE GroupId = ' . (int)$group_id;
$old_users = $this->Conn->GetCol($sql);
$new_users = array_diff($new_users, $old_users);
@@ -97,14 +97,14 @@
$object =& $event->getObject( Array('skip_autoload' => true) );
$user_id = $this->Application->GetVar('u_id');
- $sql = 'UPDATE '.$object->TableName.'
+ $sql = 'UPDATE ' . $object->TableName . '
SET PrimaryGroup = 0
- WHERE PortalUserId = '.$user_id;
+ WHERE PortalUserId = ' . (int)$user_id;
$this->Conn->Query($sql);
- $sql = 'UPDATE '.$object->TableName.'
+ $sql = 'UPDATE ' . $object->TableName . '
SET PrimaryGroup = 1
- WHERE '.$object->IDField.' = '.$id.' AND PortalUserId = '.$user_id;
+ WHERE ' . $object->IDField . ' = ' . $id . ' AND PortalUserId = ' . (int)$user_id;
$this->Conn->Query($sql);
}
@@ -127,14 +127,14 @@
$user_id = $this->Application->GetVar('u_id');
$sql = 'SELECT '.$object->IDField.'
FROM '.$object->TableName.'
- WHERE '.$object->IDField.' IN ('.implode(',', $ids).') AND PortalUserId = '.$user_id.' AND PrimaryGroup = 0';
+ WHERE '.$object->IDField.' IN ('.implode(',', $ids).') AND PortalUserId = '.(int)$user_id.' AND PrimaryGroup = 0';
$ids = $this->Conn->GetCol($sql);
}
elseif ($event->Prefix == 'g-ug') {
$group_id = $this->Application->GetVar('g_id');
$sql = 'SELECT '.$object->IDField.'
FROM '.$object->TableName.'
- WHERE '.$object->IDField.' IN ('.implode(',', $ids).') AND GroupId = '.$group_id.' AND PrimaryGroup = 0';
+ WHERE '.$object->IDField.' IN ('.implode(',', $ids).') AND GroupId = '.(int)$group_id.' AND PrimaryGroup = 0';
$ids = $this->Conn->GetCol($sql);
}
$event->setEventParam('ids', $ids);
Index: branches/5.0.x/core/kernel/db/db_event_handler.php
===================================================================
diff -u -r12368 -r12511
--- branches/5.0.x/core/kernel/db/db_event_handler.php (.../db_event_handler.php) (revision 12368)
+++ branches/5.0.x/core/kernel/db/db_event_handler.php (.../db_event_handler.php) (revision 12511)
@@ -1,6 +1,6 @@
Array('self' => 'view', 'subitem' => 'view'),
'OnItemBuild' => Array('self' => 'view', 'subitem' => 'view'),
+ 'OnSuggestValues' => Array('self' => 'view', 'subitem' => 'view'),
'OnBuild' => Array('self' => true),
@@ -2446,35 +2447,44 @@
*/
function OnSuggestValues(&$event)
{
- $this->Application->XMLHeader();
+ if (!$this->Application->IsAdmin() || !$this->Application->LoggedIn()) {
+ // very careful here, because this event allows to
+ // view every object field -> limit only to logged-in admins
+ return ;
+ }
+ $event->status = erSTOP;
+
$field = $this->Application->GetVar('field');
$cur_value = $this->Application->GetVar('cur_value');
- if (!$field || !$cur_value) {
- exit;
+
+ $object =& $event->getObject();
+
+ if (!$field || !$cur_value || !array_key_exists($field, $object->Fields)) {
+ return ;
}
$limit = $this->Application->GetVar('limit');
if (!$limit) {
$limit = 20;
}
- $object =& $event->getObject();
$sql = 'SELECT DISTINCT '.$field.'
FROM '.$object->TableName.'
WHERE '.$field.' LIKE '.$this->Conn->qstr($cur_value.'%').'
ORDER BY '.$field.'
LIMIT 0,' . $limit;
-
$data = $this->Conn->GetCol($sql);
+ $this->Application->XMLHeader();
+
echo '';
+
foreach ($data as $item) {
echo '- ' . htmlspecialchars($item) . '
';
}
- echo '';
- $event->status = erSTOP;
+ echo '';
}
/**
Index: branches/5.0.x/core/units/categories/categories_item.php
===================================================================
diff -u -r12299 -r12511
--- branches/5.0.x/core/units/categories/categories_item.php (.../categories_item.php) (revision 12299)
+++ branches/5.0.x/core/units/categories/categories_item.php (.../categories_item.php) (revision 12511)
@@ -1,6 +1,6 @@
TableName.'
- WHERE ParentId = '.$cat_id.' AND '.$title_field.' = '.$this->Conn->qstr($new_name);
+ $query = ' SELECT ' . $title_field . '
+ FROM ' . $this->TableName . '
+ WHERE ParentId = ' . (int)$cat_id . ' AND ' . $title_field . ' = ' . $this->Conn->qstr($new_name);
$foreign_key_field = getArrayValue($master, 'ForeignKey');
$foreign_key_field = is_array($foreign_key_field) ? $foreign_key_field[ $master['ParentPrefix'] ] : $foreign_key_field;
Index: branches/5.0.x/core/units/categories/categories_tag_processor.php
===================================================================
diff -u -r12497 -r12511
--- branches/5.0.x/core/units/categories/categories_tag_processor.php (.../categories_tag_processor.php) (revision 12497)
+++ branches/5.0.x/core/units/categories/categories_tag_processor.php (.../categories_tag_processor.php) (revision 12511)
@@ -1,6 +1,6 @@
Application->recallObject($this->getPrefixSpecial(), $this->Prefix.'_List');
$sql = 'SELECT '.$this->getTitleField().'
FROM '.$cat_object->TableName.'
- WHERE CategoryId = '.$this->Application->GetVar('m_cat_id');
+ WHERE CategoryId = '.(int)$this->Application->GetVar('m_cat_id');
return $this->Conn->GetOne($sql);
}
@@ -696,7 +696,7 @@
if (!isset($current_path)) {
$sql = 'SELECT ParentPath
FROM ' . TABLE_PREFIX . 'Category
- WHERE CategoryId = ' . $this->Application->GetVar('m_cat_id');
+ WHERE CategoryId = ' . (int)$this->Application->GetVar('m_cat_id');
$current_path = $this->Conn->GetOne($sql);
}
@@ -1056,7 +1056,12 @@
}
else {
// no relation with current category object -> query from db
- $sql = 'SELECT l' . $this->Application->GetVar('m_lang') . '_CachedNavbar
+ $language_id = (int)$this->Application->GetVar('m_lang');
+ if (!$language_id) {
+ $language_id = 1;
+ }
+
+ $sql = 'SELECT l' . $language_id . '_CachedNavbar
FROM ' . $object->TableName . '
WHERE ' . $object->IDField . ' = ' . $category_id;
$cached_navbar = $this->Conn->GetOne($sql);
@@ -2022,8 +2027,12 @@
$id_field = $this->Application->getUnitOption($this->Prefix, 'IDField');
$table_name = $this->Application->getUnitOption($this->Prefix, 'TableName');
- $language = $this->Application->GetVar('m_lang');
+ $language = (int)$this->Application->GetVar('m_lang');
+ if (!$language) {
+ $language = 1;
+ }
+
$sql = 'SELECT l'.$language.'_Name AS Name, NamedParentPath
FROM '.$table_name.'
WHERE '.$id_field.' IN ('.implode(',', $category_ids).')';
Index: branches/5.0.x/core/units/helpers/mod_rewrite_helper.php
===================================================================
diff -u -r12357 -r12511
--- branches/5.0.x/core/units/helpers/mod_rewrite_helper.php (.../mod_rewrite_helper.php) (revision 12357)
+++ branches/5.0.x/core/units/helpers/mod_rewrite_helper.php (.../mod_rewrite_helper.php) (revision 12511)
@@ -1,6 +1,6 @@
Conn->qstr($item_filename) . ')';
+ WHERE (ci.CategoryId = ' . (int)$vars['m_cat_id'] . ') AND (ci.Filename = ' . $this->Conn->qstr($item_filename) . ')';
$cat_item = $this->Conn->GetRow($sql);
if ($cat_item !== false) {
@@ -764,7 +764,7 @@
{
$sql = 'SELECT c.ParentPath, c.CategoryId
FROM ' . TABLE_PREFIX . 'Category AS c
- WHERE c.CategoryId = ' . $vars['m_cat_id'];
+ WHERE c.CategoryId = ' . (int)$vars['m_cat_id'];
$cat_item = $this->Conn->GetRow($sql);
$item_template = $this->GetItemTemplate($cat_item, 'bb');