From onokazu ¡÷ users.sourceforge.jp Sat Jul 2 23:27:16 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Sat, 2 Jul 2005 23:27:16 +0900
Subject: [xoops-cvslog 239] CVS update: xoops2jp/html
Message-ID: <20050702142716.856812AC01C@users.sourceforge.jp>
Index: xoops2jp/html/search.php
diff -u xoops2jp/html/search.php:1.2.6.2.2.1 xoops2jp/html/search.php:1.2.6.2.2.2
--- xoops2jp/html/search.php:1.2.6.2.2.1 Sun Jun 19 00:51:11 2005
+++ xoops2jp/html/search.php Sat Jul 2 23:27:16 2005
@@ -1,5 +1,5 @@
';
$search_url = XOOPS_URL.'/search.php?query='.urlencode(stripslashes(implode(' ', $queries)));
- $search_url .= "&mid=$mid&action=$action&andor=$andor";
+ $search_url .= "&mid=$mid&action=$action&andor=$andor";
if ($action=='showallbyuser') {
- $search_url .= "&uid=$uid";
+ $search_url .= "&uid=$uid";
}
if ( $start > 0 ) {
$prev = $start - 20;
@@ -271,7 +271,7 @@
';
if (false != $has_next) {
$next = $start + 20;
- $search_url_next = $search_url."&start=$next";
+ $search_url_next = $search_url."&start=$next";
echo '
'._SR_NEXT.' |
';
}
From onokazu ¡÷ users.sourceforge.jp Sat Jul 2 23:40:23 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Sat, 2 Jul 2005 23:40:23 +0900
Subject: [xoops-cvslog 240] CVS update: xoops2jp/html
Message-ID: <20050702144023.7382B2AC01C@users.sourceforge.jp>
Index: xoops2jp/html/search.php
diff -u xoops2jp/html/search.php:1.2.6.2.2.2 xoops2jp/html/search.php:1.2.6.2.2.3
--- xoops2jp/html/search.php:1.2.6.2.2.2 Sat Jul 2 23:27:16 2005
+++ xoops2jp/html/search.php Sat Jul 2 23:40:23 2005
@@ -1,5 +1,5 @@
'._SR_SHOWALLR.'';
+ $search_url .= "&mid=$mid&action=showall&andor=$andor";
+ echo '
'._SR_SHOWALLR.'';
}
}
}
@@ -263,7 +263,7 @@
$prev = $start - 20;
echo '
';
- $search_url_prev = $search_url."&start=$prev";
+ $search_url_prev = $search_url."&start=$prev";
echo ''._SR_PREVIOUS.' |
';
}
From onokazu ¡÷ users.sourceforge.jp Sat Jul 2 23:44:29 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Sat, 2 Jul 2005 23:44:29 +0900
Subject: [xoops-cvslog 241] CVS update: xoops2jp/html
Message-ID: <20050702144429.ECC262AC01C@users.sourceforge.jp>
Index: xoops2jp/html/header.php
diff -u xoops2jp/html/header.php:1.2.6.4.2.1 xoops2jp/html/header.php:1.2.6.4.2.2
--- xoops2jp/html/header.php:1.2.6.4.2.1 Sat Jun 11 11:50:10 2005
+++ xoops2jp/html/header.php Sat Jul 2 23:44:29 2005
@@ -1,5 +1,5 @@
assign(array('xoops_isuser' => true, 'xoops_userid' => $xoopsUser->getVar('uid'), 'xoops_uname' => $xoopsUser->getVar('uname'), 'xoops_isadmin' => $xoopsUserIsAdmin));
if (!empty($xoopsModule)) {
// set page title
@@ -109,7 +109,7 @@
$xoopsTpl->assign(array('xoops_isuser' => false, 'xoops_isadmin' => false));
if (!empty($xoopsModule)) {
// set page title
- $xoopsTpl->assign(array('xoops_pagetitle' => $xoopsModule->getVar('name'), 'xoops_modulename' => $xoopsModule->getVar('name'), 'xoops_moduledir' => $xoopsModule->getVar('dirname')));
+ $xoopsTpl->assign(array('xoops_pagetitle' => $xoopsModule->getVar('name'), 'xoops_modulename' => $xoopsModule->getVar('name'), 'xoops_dirname' => $xoopsModule->getVar('dirname')));
if (preg_match("/index\.php$/i", xoops_getenv('PHP_SELF')) && $xoopsConfig['startpage'] == $xoopsModule->getVar('dirname')) {
$block_arr =& $xoopsblock->getAllByGroupModule(XOOPS_GROUP_ANONYMOUS, $xoopsModule->getVar('mid'), true, XOOPS_BLOCK_VISIBLE);
} else {
From nobunobu ¡÷ users.sourceforge.jp Fri Jul 8 18:19:14 2005
From: nobunobu ¡÷ users.sourceforge.jp (NobuNobu)
Date: Fri, 8 Jul 2005 18:19:14 +0900
Subject: [xoops-cvslog 242] CVS update: xoops2jp/html/class
Message-ID: <20050708091914.362B02AC017@users.sourceforge.jp>
Index: xoops2jp/html/class/criteria.php
diff -u xoops2jp/html/class/criteria.php:1.2.6.1.2.4 xoops2jp/html/class/criteria.php:1.2.6.1.2.5
--- xoops2jp/html/class/criteria.php:1.2.6.1.2.4 Thu Jun 30 17:14:49 2005
+++ xoops2jp/html/class/criteria.php Fri Jul 8 18:19:13 2005
@@ -1,5 +1,5 @@
quoteString($value);
+ $value = $db->quoteString($this->value);
}
}
$clause = (!empty($this->prefix) ? "{$this->prefix}." : "") . $this->column;
From nobunobu ¡÷ users.sourceforge.jp Fri Jul 8 18:53:32 2005
From: nobunobu ¡÷ users.sourceforge.jp (NobuNobu)
Date: Fri, 8 Jul 2005 18:53:32 +0900
Subject: [xoops-cvslog 243] CVS update: xoops2jp/html/class
Message-ID: <20050708095332.1C2E02AC017@users.sourceforge.jp>
Index: xoops2jp/html/class/criteria.php
diff -u xoops2jp/html/class/criteria.php:1.2.6.1.2.5 xoops2jp/html/class/criteria.php:1.2.6.1.2.6
--- xoops2jp/html/class/criteria.php:1.2.6.1.2.5 Fri Jul 8 18:19:13 2005
+++ xoops2jp/html/class/criteria.php Fri Jul 8 18:53:31 2005
@@ -1,5 +1,5 @@
operator), array('IN', 'NOT IN'))) {
- $value = $this->value;
- } else {
+ $value = $this->value;
+ if (!in_array(strtoupper($this->operator), array('IN', 'NOT IN'))) {
if ( (substr($value, 0, 1) != '`') && (substr($value, -1) != '`') ) {
$db =& XoopsDatabaseFactory::getDatabaseConnection();
- $value = $db->quoteString($this->value);
+ $value = $db->quoteString($value);
}
}
$clause = (!empty($this->prefix) ? "{$this->prefix}." : "") . $this->column;
From minahito ¡÷ users.sourceforge.jp Mon Jul 18 15:31:21 2005
From: minahito ¡÷ users.sourceforge.jp (Minahito)
Date: Mon, 18 Jul 2005 15:31:21 +0900
Subject: [xoops-cvslog 244] CVS update: xoops2jp/html/class
Message-ID: <20050718063121.ECF5E2AC07E@users.sourceforge.jp>
Index: xoops2jp/html/class/criteria.php
diff -u xoops2jp/html/class/criteria.php:1.2.6.1.2.6 xoops2jp/html/class/criteria.php:1.2.6.1.2.7
--- xoops2jp/html/class/criteria.php:1.2.6.1.2.6 Fri Jul 8 18:53:31 2005
+++ xoops2jp/html/class/criteria.php Mon Jul 18 15:31:21 2005
@@ -1,5 +1,5 @@
value;
if (!in_array(strtoupper($this->operator), array('IN', 'NOT IN'))) {
if ( (substr($value, 0, 1) != '`') && (substr($value, -1) != '`') ) {
- $db =& XoopsDatabaseFactory::getDatabaseConnection();
- $value = $db->quoteString($value);
+ $value = "'".$value."'";
}
}
$clause = (!empty($this->prefix) ? "{$this->prefix}." : "") . $this->column;
From onokazu ¡÷ users.sourceforge.jp Mon Jul 18 15:49:06 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Mon, 18 Jul 2005 15:49:06 +0900
Subject: [xoops-cvslog 245] CVS update: xoops2jp/html/include
Message-ID: <20050718064906.F294C2AC019@users.sourceforge.jp>
Index: xoops2jp/html/include/checklogin.php
diff -u xoops2jp/html/include/checklogin.php:1.2.6.1.2.1 xoops2jp/html/include/checklogin.php:1.2.6.1.2.2
--- xoops2jp/html/include/checklogin.php:1.2.6.1.2.1 Thu Jun 30 01:40:23 2005
+++ xoops2jp/html/include/checklogin.php Mon Jul 18 15:49:06 2005
@@ -1,5 +1,5 @@
stripSlashesGPC(trim($_POST['uname']));
-$pass = !isset($_POST['pass']) ? '' : $myts->stripSlashesGPC(trim($_POST['pass']));
+$uname = !isset($_POST['uname']) ? '' : trim($_POST['uname']);
+$pass = !isset($_POST['pass']) ? '' : trim($_POST['pass']);
if ($uname == '' || $pass == '') {
redirect_header(XOOPS_URL.'/user.php', 1, _US_INCORRECTLOGIN);
exit();
}
$member_handler =& xoops_gethandler('member');
-$user =& $member_handler->loginUser($uname, $pass);
+$myts =& MyTextsanitizer::getInstance();
+$user =& $member_handler->loginUser(addslashes($myts->stripSlashesGPC($uname)), addslashes($myts->stripSlashesGPC($pass)));
if (false != $user) {
if (0 == $user->getVar('level')) {
redirect_header(XOOPS_URL.'/index.php', 5, _US_NOACTTPADM);
From onokazu ¡÷ users.sourceforge.jp Mon Jul 18 15:49:07 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Mon, 18 Jul 2005 15:49:07 +0900
Subject: [xoops-cvslog 246] CVS update: xoops2jp/html
Message-ID: <20050718064907.40D992AC07E@users.sourceforge.jp>
Index: xoops2jp/html/lostpass.php
diff -u xoops2jp/html/lostpass.php:1.2.10.1 xoops2jp/html/lostpass.php:1.2.10.2
--- xoops2jp/html/lostpass.php:1.2.10.1 Thu Jun 30 01:40:24 2005
+++ xoops2jp/html/lostpass.php Mon Jul 18 15:49:07 2005
@@ -1,5 +1,5 @@
stripSlashesGPC(trim($_GET['email'])) : '';
-$email = isset($_POST['email']) ? $myts->stripSlashesGPC(trim($_POST['email'])) : $email;
+$email = isset($_GET['email']) ? trim($_GET['email']) : '';
+$email = isset($_POST['email']) ? trim($_POST['email']) : $email;
if ($email == '') {
- redirect_header("user.php",2,_US_SORRYNOTFOUND);
- exit();
+ redirect_header("user.php",2,_US_SORRYNOTFOUND);
+ exit();
}
+
+$myts =& MyTextSanitizer::getInstance();
$member_handler =& xoops_gethandler('member');
-$getuser =& $member_handler->getUsers(new Criteria('email', $email));
+$getuser =& $member_handler->getUsers(new Criteria('email', $myts->addSlashes($email)));
if (empty($getuser)) {
- redirect_header("user.php",2,_US_SORRYNOTFOUND);
- exit();
+ redirect_header("user.php",2,_US_SORRYNOTFOUND);
+ exit();
} else {
- $code = isset($_GET['code']) ? trim($_GET['code']) : '';
- $areyou = substr($getuser[0]->getVar("pass"), 0, 5);
- if ($code != '' && $areyou == $code) {
- $newpass = xoops_makepass();
- $xoopsMailer =& getMailer();
- $xoopsMailer->useMail();
- $xoopsMailer->setTemplate("lostpass2.tpl");
- $xoopsMailer->assign("SITENAME", $xoopsConfig['sitename']);
- $xoopsMailer->assign("ADMINMAIL", $xoopsConfig['adminmail']);
- $xoopsMailer->assign("SITEURL", XOOPS_URL."/");
- $xoopsMailer->assign("IP", $_SERVER['REMOTE_ADDR']);
- $xoopsMailer->assign("NEWPWD", $newpass);
- $xoopsMailer->setToUsers($getuser[0]);
- $xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
- $xoopsMailer->setFromName($xoopsConfig['sitename']);
- $xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ,XOOPS_URL));
- if ( !$xoopsMailer->send() ) {
- echo $xoopsMailer->getErrors();
- }
+ $code = isset($_GET['code']) ? trim($_GET['code']) : '';
+ $areyou = substr($getuser[0]->getVar("pass"), 0, 5);
+ if ($code != '' && $areyou == $code) {
+ $newpass = xoops_makepass();
+ $xoopsMailer =& getMailer();
+ $xoopsMailer->useMail();
+ $xoopsMailer->setTemplate("lostpass2.tpl");
+ $xoopsMailer->assign("SITENAME", $xoopsConfig['sitename']);
+ $xoopsMailer->assign("ADMINMAIL", $xoopsConfig['adminmail']);
+ $xoopsMailer->assign("SITEURL", XOOPS_URL."/");
+ $xoopsMailer->assign("IP", $_SERVER['REMOTE_ADDR']);
+ $xoopsMailer->assign("NEWPWD", $newpass);
+ $xoopsMailer->setToUsers($getuser[0]);
+ $xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
+ $xoopsMailer->setFromName($xoopsConfig['sitename']);
+ $xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ,XOOPS_URL));
+ if ( !$xoopsMailer->send() ) {
+ echo $xoopsMailer->getErrors();
+ }
- // Next step: add the new password to the database
- $sql = sprintf("UPDATE %s SET pass = '%s' WHERE uid = %u", $xoopsDB->prefix("users"), md5($newpass), $getuser[0]->getVar('uid'));
- if ( !$xoopsDB->queryF($sql) ) {
- include "header.php";
- echo _US_MAILPWDNG;
- include "footer.php";
- exit();
- }
- redirect_header("user.php", 3, sprintf(_US_PWDMAILED,$getuser[0]->getVar("uname")), false);
- exit();
- // If no Code, send it
- } else {
- $xoopsMailer =& getMailer();
- $xoopsMailer->useMail();
- $xoopsMailer->setTemplate("lostpass1.tpl");
- $xoopsMailer->assign("SITENAME", $xoopsConfig['sitename']);
- $xoopsMailer->assign("ADMINMAIL", $xoopsConfig['adminmail']);
- $xoopsMailer->assign("SITEURL", XOOPS_URL."/");
- $xoopsMailer->assign("IP", $_SERVER['REMOTE_ADDR']);
- $xoopsMailer->assign("NEWPWD_LINK", XOOPS_URL."/lostpass.php?email=".$email."&code=".$areyou);
- $xoopsMailer->setToUsers($getuser[0]);
- $xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
- $xoopsMailer->setFromName($xoopsConfig['sitename']);
- $xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ,$xoopsConfig['sitename']));
- include "header.php";
- if ( !$xoopsMailer->send() ) {
- echo $xoopsMailer->getErrors();
- }
- echo "";
- printf(_US_CONFMAIL,$getuser[0]->getVar("uname"));
- echo "
";
- include "footer.php";
- }
+ // Next step: add the new password to the database
+ $sql = sprintf("UPDATE %s SET pass = '%s' WHERE uid = %u", $xoopsDB->prefix("users"), md5($newpass), $getuser[0]->getVar('uid'));
+ if ( !$xoopsDB->queryF($sql) ) {
+ include "header.php";
+ echo _US_MAILPWDNG;
+ include "footer.php";
+ exit();
+ }
+ redirect_header("user.php", 3, sprintf(_US_PWDMAILED,$getuser[0]->getVar("uname")), false);
+ exit();
+ // If no Code, send it
+ } else {
+ $xoopsMailer =& getMailer();
+ $xoopsMailer->useMail();
+ $xoopsMailer->setTemplate("lostpass1.tpl");
+ $xoopsMailer->assign("SITENAME", $xoopsConfig['sitename']);
+ $xoopsMailer->assign("ADMINMAIL", $xoopsConfig['adminmail']);
+ $xoopsMailer->assign("SITEURL", XOOPS_URL."/");
+ $xoopsMailer->assign("IP", $_SERVER['REMOTE_ADDR']);
+ $xoopsMailer->assign("NEWPWD_LINK", XOOPS_URL."/lostpass.php?email=".$email."&code=".$areyou);
+ $xoopsMailer->setToUsers($getuser[0]);
+ $xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
+ $xoopsMailer->setFromName($xoopsConfig['sitename']);
+ $xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ,$xoopsConfig['sitename']));
+ include "header.php";
+ if ( !$xoopsMailer->send() ) {
+ echo $xoopsMailer->getErrors();
+ }
+ echo "";
+ printf(_US_CONFMAIL,$getuser[0]->getVar("uname"));
+ echo "
";
+ include "footer.php";
+ }
}
?>
\ No newline at end of file
From onokazu ¡÷ users.sourceforge.jp Mon Jul 18 15:49:07 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Mon, 18 Jul 2005 15:49:07 +0900
Subject: [xoops-cvslog 247] CVS update:
xoops2jp/html/modules/system/admin/findusers
Message-ID: <20050718064907.8A40F2AC019@users.sourceforge.jp>
Index: xoops2jp/html/modules/system/admin/findusers/main.php
diff -u xoops2jp/html/modules/system/admin/findusers/main.php:1.2.6.2.2.2 xoops2jp/html/modules/system/admin/findusers/main.php:1.2.6.2.2.3
--- xoops2jp/html/modules/system/admin/findusers/main.php:1.2.6.2.2.2 Thu Jun 30 01:40:24 2005
+++ xoops2jp/html/modules/system/admin/findusers/main.php Mon Jul 18 15:49:07 2005
@@ -1,5 +1,5 @@
add(new Criteria('uname', $myts->stripSlashesGPC(trim($_POST['user_uname'])).'%', 'LIKE'));
+ $criteria->add(new Criteria('uname', $myts->addSlashes(trim($_POST['user_uname'])).'%', 'LIKE'));
break;
case XOOPS_MATCH_END:
- $criteria->add(new Criteria('uname', '%'.$myts->stripSlashesGPC(trim($_POST['user_uname'])), 'LIKE'));
+ $criteria->add(new Criteria('uname', '%'.$myts->addSlashes(trim($_POST['user_uname'])), 'LIKE'));
break;
case XOOPS_MATCH_EQUAL:
- $criteria->add(new Criteria('uname', $myts->stripSlashesGPC(trim($_POST['user_uname']))));
+ $criteria->add(new Criteria('uname', $myts->addSlashes(trim($_POST['user_uname']))));
break;
case XOOPS_MATCH_CONTAIN:
- $criteria->add(new Criteria('uname', '%'.$myts->stripSlashesGPC(trim($_POST['user_uname'])).'%', 'LIKE'));
+ $criteria->add(new Criteria('uname', '%'.$myts->addSlashes(trim($_POST['user_uname'])).'%', 'LIKE'));
break;
}
}
@@ -171,16 +171,16 @@
$match = (!empty($_POST['user_name_match'])) ? intval($_POST['user_name_match']) : XOOPS_MATCH_START;
switch ($match) {
case XOOPS_MATCH_START:
- $criteria->add(new Criteria('name', $myts->stripSlashesGPC(trim($_POST['user_name'])).'%', 'LIKE'));
+ $criteria->add(new Criteria('name', $myts->addSlashes(trim($_POST['user_name'])).'%', 'LIKE'));
break;
case XOOPS_MATCH_END:
- $criteria->add(new Criteria('name', '%'.$myts->stripSlashesGPC(trim($_POST['user_name'])), 'LIKE'));
+ $criteria->add(new Criteria('name', '%'.$myts->addSlashes(trim($_POST['user_name'])), 'LIKE'));
break;
case XOOPS_MATCH_EQUAL:
- $criteria->add(new Criteria('name', $myts->stripSlashesGPC(trim($_POST['user_name']))));
+ $criteria->add(new Criteria('name', $myts->addSlashes(trim($_POST['user_name']))));
break;
case XOOPS_MATCH_CONTAIN:
- $criteria->add(new Criteria('name', '%'.$myts->stripSlashesGPC(trim($_POST['user_name'])).'%', 'LIKE'));
+ $criteria->add(new Criteria('name', '%'.$myts->addSlashes(trim($_POST['user_name'])).'%', 'LIKE'));
break;
}
}
@@ -188,16 +188,16 @@
$match = (!empty($_POST['user_email_match'])) ? intval($_POST['user_email_match']) : XOOPS_MATCH_START;
switch ($match) {
case XOOPS_MATCH_START:
- $criteria->add(new Criteria('email', $myts->stripSlashesGPC(trim($_POST['user_email'])).'%', 'LIKE'));
+ $criteria->add(new Criteria('email', $myts->addSlashes(trim($_POST['user_email'])).'%', 'LIKE'));
break;
case XOOPS_MATCH_END:
- $criteria->add(new Criteria('email', '%'.$myts->stripSlashesGPC(trim($_POST['user_email'])), 'LIKE'));
+ $criteria->add(new Criteria('email', '%'.$myts->addSlashes(trim($_POST['user_email'])), 'LIKE'));
break;
case XOOPS_MATCH_EQUAL:
- $criteria->add(new Criteria('email', $myts->stripSlashesGPC(trim($_POST['user_email']))));
+ $criteria->add(new Criteria('email', $myts->addSlashes(trim($_POST['user_email']))));
break;
case XOOPS_MATCH_CONTAIN:
- $criteria->add(new Criteria('email', '%'.$myts->stripSlashesGPC(trim($_POST['user_email'])).'%', 'LIKE'));
+ $criteria->add(new Criteria('email', '%'.$myts->addSlashes(trim($_POST['user_email'])).'%', 'LIKE'));
break;
}
}
@@ -209,16 +209,16 @@
$match = (!empty($_POST['user_icq_match'])) ? intval($_POST['user_icq_match']) : XOOPS_MATCH_START;
switch ($match) {
case XOOPS_MATCH_START:
- $criteria->add(new Criteria('user_icq', $myts->stripSlashesGPC(trim($_POST['user_icq'])).'%', 'LIKE'));
+ $criteria->add(new Criteria('user_icq', $myts->addSlashes(trim($_POST['user_icq'])).'%', 'LIKE'));
break;
case XOOPS_MATCH_END:
- $criteria->add(new Criteria('user_icq', '%'.$myts->stripSlashesGPC(trim($_POST['user_icq'])), 'LIKE'));
+ $criteria->add(new Criteria('user_icq', '%'.$myts->addSlashes(trim($_POST['user_icq'])), 'LIKE'));
break;
case XOOPS_MATCH_EQUAL:
- $criteria->add(new Criteria('user_icq', '%'.$myts->stripSlashesGPC(trim($_POST['user_icq']))));
+ $criteria->add(new Criteria('user_icq', '%'.$myts->addSlashes(trim($_POST['user_icq']))));
break;
case XOOPS_MATCH_CONTAIN:
- $criteria->add(new Criteria('user_icq', '%'.$myts->stripSlashesGPC(trim($_POST['user_icq'])).'%', 'LIKE'));
+ $criteria->add(new Criteria('user_icq', '%'.$myts->addSlashes(trim($_POST['user_icq'])).'%', 'LIKE'));
break;
}
}
@@ -226,16 +226,16 @@
$match = (!empty($_POST['user_aim_match'])) ? intval($_POST['user_aim_match']) : XOOPS_MATCH_START;
switch ($match) {
case XOOPS_MATCH_START:
- $criteria->add(new Criteria('user_aim', $myts->stripSlashesGPC(trim($_POST['user_aim'])).'%', 'LIKE'));
+ $criteria->add(new Criteria('user_aim', $myts->addSlashes(trim($_POST['user_aim'])).'%', 'LIKE'));
break;
case XOOPS_MATCH_END:
- $criteria->add(new Criteria('user_aim', '%'.$myts->stripSlashesGPC(trim($_POST['user_aim'])), 'LIKE'));
+ $criteria->add(new Criteria('user_aim', '%'.$myts->addSlashes(trim($_POST['user_aim'])), 'LIKE'));
break;
case XOOPS_MATCH_EQUAL:
- $criteria->add(new Criteria('user_aim', $myts->stripSlashesGPC(trim($_POST['user_aim']))));
+ $criteria->add(new Criteria('user_aim', $myts->addSlashes(trim($_POST['user_aim']))));
break;
case XOOPS_MATCH_CONTAIN:
- $criteria->add(new Criteria('user_aim', '%'.$myts->stripSlashesGPC(trim($_POST['user_aim'])).'%', 'LIKE'));
+ $criteria->add(new Criteria('user_aim', '%'.$myts->addSlashes(trim($_POST['user_aim'])).'%', 'LIKE'));
break;
}
}
@@ -243,16 +243,16 @@
$match = (!empty($_POST['user_yim_match'])) ? intval($_POST['user_yim_match']) : XOOPS_MATCH_START;
switch ($match) {
case XOOPS_MATCH_START:
- $criteria->add(new Criteria('user_yim', $myts->stripSlashesGPC(trim($_POST['user_yim'])).'%', 'LIKE'));
+ $criteria->add(new Criteria('user_yim', $myts->addSlashes(trim($_POST['user_yim'])).'%', 'LIKE'));
break;
case XOOPS_MATCH_END:
- $criteria->add(new Criteria('user_yim', '%'.$myts->stripSlashesGPC(trim($_POST['user_yim'])), 'LIKE'));
+ $criteria->add(new Criteria('user_yim', '%'.$myts->addSlashes(trim($_POST['user_yim'])), 'LIKE'));
break;
case XOOPS_MATCH_EQUAL:
- $criteria->add(new Criteria('user_yim', $myts->stripSlashesGPC(trim($_POST['user_yim']))));
+ $criteria->add(new Criteria('user_yim', $myts->addSlashes(trim($_POST['user_yim']))));
break;
case XOOPS_MATCH_CONTAIN:
- $criteria->add(new Criteria('user_yim', '%'.$myts->stripSlashesGPC(trim($_POST['user_yim'])).'%', 'LIKE'));
+ $criteria->add(new Criteria('user_yim', '%'.$myts->addSlashes(trim($_POST['user_yim'])).'%', 'LIKE'));
break;
}
}
@@ -260,27 +260,27 @@
$match = (!empty($_POST['user_msnm_match'])) ? intval($_POST['user_msnm_match']) : XOOPS_MATCH_START;
switch ($match) {
case XOOPS_MATCH_START:
- $criteria->add(new Criteria('user_msnm', $myts->stripSlashesGPC(trim($_POST['user_msnm'])).'%', 'LIKE'));
+ $criteria->add(new Criteria('user_msnm', $myts->addSlashes(trim($_POST['user_msnm'])).'%', 'LIKE'));
break;
case XOOPS_MATCH_END:
- $criteria->add(new Criteria('user_msnm', '%'.$myts->stripSlashesGPC(trim($_POST['user_msnm'])), 'LIKE'));
+ $criteria->add(new Criteria('user_msnm', '%'.$myts->addSlashes(trim($_POST['user_msnm'])), 'LIKE'));
break;
case XOOPS_MATCH_EQUAL:
- $criteria->add(new Criteria('user_msnm', '%'.$myts->stripSlashesGPC(trim($_POST['user_msnm']))));
+ $criteria->add(new Criteria('user_msnm', '%'.$myts->addSlashes(trim($_POST['user_msnm']))));
break;
case XOOPS_MATCH_CONTAIN:
- $criteria->add(new Criteria('user_msnm', '%'.$myts->stripSlashesGPC(trim($_POST['user_msnm'])).'%', 'LIKE'));
+ $criteria->add(new Criteria('user_msnm', '%'.$myts->addSlashes(trim($_POST['user_msnm'])).'%', 'LIKE'));
break;
}
}
if ( !empty($_POST['user_from']) ) {
- $criteria->add(new Criteria('user_from', '%'.$myts->stripSlashesGPC(trim($_POST['user_from'])).'%', 'LIKE'));
+ $criteria->add(new Criteria('user_from', '%'.$myts->addSlashes(trim($_POST['user_from'])).'%', 'LIKE'));
}
if ( !empty($_POST['user_intrest']) ) {
- $criteria->add(new Criteria('user_intrest', '%'.$myts->stripSlashesGPC(trim($_POST['user_intrest'])).'%', 'LIKE'));
+ $criteria->add(new Criteria('user_intrest', '%'.$myts->addSlashes(trim($_POST['user_intrest'])).'%', 'LIKE'));
}
if ( !empty($_POST['user_occ']) ) {
- $criteria->add(new Criteria('user_occ', '%'.$myts->stripSlashesGPC(trim($_POST['user_occ'])).'%', 'LIKE'));
+ $criteria->add(new Criteria('user_occ', '%'.$myts->addSlashes(trim($_POST['user_occ'])).'%', 'LIKE'));
}
if ( !empty($_POST['user_lastlog_more']) && is_numeric($_POST['user_lastlog_more']) ) {
From onokazu ¡÷ users.sourceforge.jp Mon Jul 18 15:49:07 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Mon, 18 Jul 2005 15:49:07 +0900
Subject: [xoops-cvslog 248] CVS update:
xoops2jp/html/modules/system/admin/users
Message-ID: <20050718064907.D41752AC07E@users.sourceforge.jp>
Index: xoops2jp/html/modules/system/admin/users/main.php
diff -u xoops2jp/html/modules/system/admin/users/main.php:1.2.6.4.2.2 xoops2jp/html/modules/system/admin/users/main.php:1.2.6.4.2.3
--- xoops2jp/html/modules/system/admin/users/main.php:1.2.6.4.2.2 Thu Jun 30 01:40:25 2005
+++ xoops2jp/html/modules/system/admin/users/main.php Mon Jul 18 15:49:07 2005
@@ -1,5 +1,5 @@
getUser($uid);
$myts =& MyTextSanitizer::getInstance();
- if ($edituser->getVar('uname') != $username && $member_handler->getUserCount(new Criteria('uname', $username)) > 0) {
+ if ($edituser->getVar('uname') != $username && $member_handler->getUserCount(new Criteria('uname', addslashes($username))) > 0) {
xoops_cp_header();
echo 'User name '.htmlspecialchars($username).' already exists';
xoops_cp_footer();
@@ -235,7 +235,7 @@
} else {
$member_handler =& xoops_gethandler('member');
// make sure the username doesnt exist yet
- if ($member_handler->getUserCount(new Criteria('uname', $username)) > 0) {
+ if ($member_handler->getUserCount(new Criteria('uname', addslashes($username))) > 0) {
$adduser_errormsg = 'User name '.$username.' already exists';
} else {
$newuser =& $member_handler->createUser();
From onokazu ¡÷ users.sourceforge.jp Mon Jul 18 16:50:56 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Mon, 18 Jul 2005 16:50:56 +0900
Subject: [xoops-cvslog 247] CVS update: xoops2jp/html/class/xml/rpc
Message-ID: <20050718075056.77B572AC022@users.sourceforge.jp>
Index: xoops2jp/html/class/xml/rpc/xmlrpcapi.php
diff -u xoops2jp/html/class/xml/rpc/xmlrpcapi.php:1.2.6.1 xoops2jp/html/class/xml/rpc/xmlrpcapi.php:1.2.6.1.2.1
--- xoops2jp/html/class/xml/rpc/xmlrpcapi.php:1.2.6.1 Mon Apr 25 13:59:07 2005
+++ xoops2jp/html/class/xml/rpc/xmlrpcapi.php Mon Jul 18 16:50:56 2005
@@ -1,5 +1,5 @@
user =& $member_handler->loginUser($username, $password);
+ $this->user =& $member_handler->loginUser(addslashes($username), addslashes($password));
if (!is_object($this->user)) {
unset($this->user);
return false;
From onokazu ¡÷ users.sourceforge.jp Mon Jul 18 17:23:40 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Mon, 18 Jul 2005 17:23:40 +0900
Subject: [xoops-cvslog 248] CVS update: xoops2jp/html/modules/news/admin
Message-ID: <20050718082340.0598D2AC022@users.sourceforge.jp>
Index: xoops2jp/html/modules/news/admin/storyform.inc.php
diff -u xoops2jp/html/modules/news/admin/storyform.inc.php:1.2.6.3 xoops2jp/html/modules/news/admin/storyform.inc.php:1.2.6.3.2.1
--- xoops2jp/html/modules/news/admin/storyform.inc.php:1.2.6.3 Fri May 13 20:18:28 2005
+++ xoops2jp/html/modules/news/admin/storyform.inc.php Mon Jul 18 17:23:39 2005
@@ -1,5 +1,5 @@
"._AM_TOPICDISPLAY." "._AM_YES." "._AM_YES."
Index: xoops2jp/html/modules/news/admin/storyform.inc.php
diff -u xoops2jp/html/modules/news/admin/storyform.inc.php:1.2.6.3.2.1 xoops2jp/html/modules/news/admin/storyform.inc.php:1.2.6.3.2.2
--- xoops2jp/html/modules/news/admin/storyform.inc.php:1.2.6.3.2.1 Mon Jul 18 17:23:39 2005
+++ xoops2jp/html/modules/news/admin/storyform.inc.php Mon Jul 18 17:26:17 2005
@@ -1,5 +1,5 @@
"._AM_NO." ";
echo ""._AM_TOPICALIGN."