From onokazu ¡÷ users.sourceforge.jp  Sat Jul  2 23:27:16 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Sat, 2 Jul 2005 23:27:16 +0900
Subject: [xoops-cvslog 239] CVS update: xoops2jp/html
Message-ID: <20050702142716.856812AC01C@users.sourceforge.jp>

Index: xoops2jp/html/search.php
diff -u xoops2jp/html/search.php:1.2.6.2.2.1 xoops2jp/html/search.php:1.2.6.2.2.2
--- xoops2jp/html/search.php:1.2.6.2.2.1	Sun Jun 19 00:51:11 2005
+++ xoops2jp/html/search.php	Sat Jul  2 23:27:16 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: search.php,v 1.2.6.2.2.1 2005/06/18 15:51:11 nobunobu Exp $
+// $Id: search.php,v 1.2.6.2.2.2 2005/07/02 14:27:16 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -255,9 +255,9 @@
           <tr>
         ';
         $search_url = XOOPS_URL.'/search.php?query='.urlencode(stripslashes(implode(' ', $queries)));
-        $search_url .= "&amp;mid=$mid&amp;action=$action&amp;andor=$andor";
+        $search_url .= "&mid=$mid&action=$action&andor=$andor";
         if ($action=='showallbyuser') {
-            $search_url .= "&amp;uid=$uid";
+            $search_url .= "&uid=$uid";
         }
         if ( $start > 0 ) {
             $prev = $start - 20;
@@ -271,7 +271,7 @@
         ';
         if (false != $has_next) {
             $next = $start + 20;
-            $search_url_next = $search_url."&amp;start=$next";
+            $search_url_next = $search_url."&start=$next";
             echo '<td align="right"><a href="'.htmlspecialchars($search_url_next).'">'._SR_NEXT.'</a></td>
             ';
         }

From onokazu ¡÷ users.sourceforge.jp  Sat Jul  2 23:40:23 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Sat, 2 Jul 2005 23:40:23 +0900
Subject: [xoops-cvslog 240] CVS update: xoops2jp/html
Message-ID: <20050702144023.7382B2AC01C@users.sourceforge.jp>

Index: xoops2jp/html/search.php
diff -u xoops2jp/html/search.php:1.2.6.2.2.2 xoops2jp/html/search.php:1.2.6.2.2.3
--- xoops2jp/html/search.php:1.2.6.2.2.2	Sat Jul  2 23:27:16 2005
+++ xoops2jp/html/search.php	Sat Jul  2 23:40:23 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: search.php,v 1.2.6.2.2.2 2005/07/02 14:27:16 onokazu Exp $
+// $Id: search.php,v 1.2.6.2.2.3 2005/07/02 14:40:23 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -193,8 +193,8 @@
                 }
                 if ( $count == 5 ) {
                     $search_url = XOOPS_URL.'/search.php?query='.urlencode(stripslashes(implode(' ', $queries)));
-                    $search_url .= "&amp;mid=$mid&amp;action=showall&amp;andor=$andor";
-                    echo '<br /><a href="'.$search_url.'">'._SR_SHOWALLR.'</a></p>';
+                    $search_url .= "&mid=$mid&action=showall&andor=$andor";
+                    echo '<br /><a href="'.htmlspecialchars($search_url).'">'._SR_SHOWALLR.'</a></p>';
                 }
             }
         }
@@ -263,7 +263,7 @@
             $prev = $start - 20;
             echo '<td align="left">
             ';
-            $search_url_prev = $search_url."&amp;start=$prev";
+            $search_url_prev = $search_url."&start=$prev";
             echo '<a href="'.htmlspecialchars($search_url_prev).'">'._SR_PREVIOUS.'</a></td>
             ';
         }

From onokazu ¡÷ users.sourceforge.jp  Sat Jul  2 23:44:29 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Sat, 2 Jul 2005 23:44:29 +0900
Subject: [xoops-cvslog 241] CVS update: xoops2jp/html
Message-ID: <20050702144429.ECC262AC01C@users.sourceforge.jp>

Index: xoops2jp/html/header.php
diff -u xoops2jp/html/header.php:1.2.6.4.2.1 xoops2jp/html/header.php:1.2.6.4.2.2
--- xoops2jp/html/header.php:1.2.6.4.2.1	Sat Jun 11 11:50:10 2005
+++ xoops2jp/html/header.php	Sat Jul  2 23:44:29 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: header.php,v 1.2.6.4.2.1 2005/06/11 02:50:10 onokazu Exp $
+// $Id: header.php,v 1.2.6.4.2.2 2005/07/02 14:44:29 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -87,7 +87,7 @@
     // get all blocks and assign to smarty
     $xoopsblock = new XoopsBlock();
     $block_arr = array();
-    if ($xoopsUser != '') {
+    if (is_object($xoopsUser)) {
         $xoopsTpl->assign(array('xoops_isuser' => true, 'xoops_userid' => $xoopsUser->getVar('uid'), 'xoops_uname' => $xoopsUser->getVar('uname'), 'xoops_isadmin' => $xoopsUserIsAdmin));
         if (!empty($xoopsModule)) {
             // set page title
@@ -109,7 +109,7 @@
         $xoopsTpl->assign(array('xoops_isuser' => false, 'xoops_isadmin' => false));
         if (!empty($xoopsModule)) {
             // set page title
-            $xoopsTpl->assign(array('xoops_pagetitle' => $xoopsModule->getVar('name'), 'xoops_modulename' => $xoopsModule->getVar('name'), 'xoops_moduledir' => $xoopsModule->getVar('dirname')));
+            $xoopsTpl->assign(array('xoops_pagetitle' => $xoopsModule->getVar('name'), 'xoops_modulename' => $xoopsModule->getVar('name'), 'xoops_dirname' => $xoopsModule->getVar('dirname')));
             if (preg_match("/index\.php$/i", xoops_getenv('PHP_SELF')) && $xoopsConfig['startpage'] == $xoopsModule->getVar('dirname')) {
                 $block_arr =& $xoopsblock->getAllByGroupModule(XOOPS_GROUP_ANONYMOUS, $xoopsModule->getVar('mid'), true, XOOPS_BLOCK_VISIBLE);
             } else {

From nobunobu ¡÷ users.sourceforge.jp  Fri Jul  8 18:19:14 2005
From: nobunobu ¡÷ users.sourceforge.jp (NobuNobu)
Date: Fri, 8 Jul 2005 18:19:14 +0900
Subject: [xoops-cvslog 242] CVS update: xoops2jp/html/class
Message-ID: <20050708091914.362B02AC017@users.sourceforge.jp>

Index: xoops2jp/html/class/criteria.php
diff -u xoops2jp/html/class/criteria.php:1.2.6.1.2.4 xoops2jp/html/class/criteria.php:1.2.6.1.2.5
--- xoops2jp/html/class/criteria.php:1.2.6.1.2.4	Thu Jun 30 17:14:49 2005
+++ xoops2jp/html/class/criteria.php	Fri Jul  8 18:19:13 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: criteria.php,v 1.2.6.1.2.4 2005/06/30 08:14:49 onokazu Exp $
+// $Id: criteria.php,v 1.2.6.1.2.5 2005/07/08 09:19:13 nobunobu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -344,7 +344,7 @@
         } else {
             if ( (substr($value, 0, 1) != '`') && (substr($value, -1) != '`') ) {
                 $db =& XoopsDatabaseFactory::getDatabaseConnection();
-                $value = $db->quoteString($value);
+                $value = $db->quoteString($this->value);
             }
         }
         $clause = (!empty($this->prefix) ? "{$this->prefix}." : "") . $this->column;

From nobunobu ¡÷ users.sourceforge.jp  Fri Jul  8 18:53:32 2005
From: nobunobu ¡÷ users.sourceforge.jp (NobuNobu)
Date: Fri, 8 Jul 2005 18:53:32 +0900
Subject: [xoops-cvslog 243] CVS update: xoops2jp/html/class
Message-ID: <20050708095332.1C2E02AC017@users.sourceforge.jp>

Index: xoops2jp/html/class/criteria.php
diff -u xoops2jp/html/class/criteria.php:1.2.6.1.2.5 xoops2jp/html/class/criteria.php:1.2.6.1.2.6
--- xoops2jp/html/class/criteria.php:1.2.6.1.2.5	Fri Jul  8 18:19:13 2005
+++ xoops2jp/html/class/criteria.php	Fri Jul  8 18:53:31 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: criteria.php,v 1.2.6.1.2.5 2005/07/08 09:19:13 nobunobu Exp $
+// $Id: criteria.php,v 1.2.6.1.2.6 2005/07/08 09:53:31 nobunobu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -339,12 +339,11 @@
      * @return  string
      **/
     function render() {
-        if (in_array(strtoupper($this->operator), array('IN', 'NOT IN'))) {
-            $value = $this->value;
-        } else {
+        $value = $this->value;
+        if (!in_array(strtoupper($this->operator), array('IN', 'NOT IN'))) {
             if ( (substr($value, 0, 1) != '`') && (substr($value, -1) != '`') ) {
                 $db =& XoopsDatabaseFactory::getDatabaseConnection();
-                $value = $db->quoteString($this->value);
+                $value = $db->quoteString($value);
             }
         }
         $clause = (!empty($this->prefix) ? "{$this->prefix}." : "") . $this->column;

From minahito ¡÷ users.sourceforge.jp  Mon Jul 18 15:31:21 2005
From: minahito ¡÷ users.sourceforge.jp (Minahito)
Date: Mon, 18 Jul 2005 15:31:21 +0900
Subject: [xoops-cvslog 244] CVS update: xoops2jp/html/class
Message-ID: <20050718063121.ECF5E2AC07E@users.sourceforge.jp>

Index: xoops2jp/html/class/criteria.php
diff -u xoops2jp/html/class/criteria.php:1.2.6.1.2.6 xoops2jp/html/class/criteria.php:1.2.6.1.2.7
--- xoops2jp/html/class/criteria.php:1.2.6.1.2.6	Fri Jul  8 18:53:31 2005
+++ xoops2jp/html/class/criteria.php	Mon Jul 18 15:31:21 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: criteria.php,v 1.2.6.1.2.6 2005/07/08 09:53:31 nobunobu Exp $
+// $Id: criteria.php,v 1.2.6.1.2.7 2005/07/18 06:31:21 minahito Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -342,8 +342,7 @@
         $value = $this->value;
         if (!in_array(strtoupper($this->operator), array('IN', 'NOT IN'))) {
             if ( (substr($value, 0, 1) != '`') && (substr($value, -1) != '`') ) {
-                $db =& XoopsDatabaseFactory::getDatabaseConnection();
-                $value = $db->quoteString($value);
+                $value = "'".$value."'";
             }
         }
         $clause = (!empty($this->prefix) ? "{$this->prefix}." : "") . $this->column;

From onokazu ¡÷ users.sourceforge.jp  Mon Jul 18 15:49:06 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Mon, 18 Jul 2005 15:49:06 +0900
Subject: [xoops-cvslog 245] CVS update: xoops2jp/html/include
Message-ID: <20050718064906.F294C2AC019@users.sourceforge.jp>

Index: xoops2jp/html/include/checklogin.php
diff -u xoops2jp/html/include/checklogin.php:1.2.6.1.2.1 xoops2jp/html/include/checklogin.php:1.2.6.1.2.2
--- xoops2jp/html/include/checklogin.php:1.2.6.1.2.1	Thu Jun 30 01:40:23 2005
+++ xoops2jp/html/include/checklogin.php	Mon Jul 18 15:49:06 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: checklogin.php,v 1.2.6.1.2.1 2005/06/29 16:40:23 onokazu Exp $
+// $Id: checklogin.php,v 1.2.6.1.2.2 2005/07/18 06:49:06 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -33,15 +33,15 @@
     exit();
 }
 include_once XOOPS_ROOT_PATH.'/language/'.$xoopsConfig['language'].'/user.php';
-$myts =& MyTextsanitizer::getInstance();
-$uname = !isset($_POST['uname']) ? '' : $myts->stripSlashesGPC(trim($_POST['uname']));
-$pass = !isset($_POST['pass']) ? '' : $myts->stripSlashesGPC(trim($_POST['pass']));
+$uname = !isset($_POST['uname']) ? '' : trim($_POST['uname']);
+$pass = !isset($_POST['pass']) ? '' : trim($_POST['pass']);
 if ($uname == '' || $pass == '') {
     redirect_header(XOOPS_URL.'/user.php', 1, _US_INCORRECTLOGIN);
     exit();
 }
 $member_handler =& xoops_gethandler('member');
-$user =& $member_handler->loginUser($uname, $pass);
+$myts =& MyTextsanitizer::getInstance();
+$user =& $member_handler->loginUser(addslashes($myts->stripSlashesGPC($uname)), addslashes($myts->stripSlashesGPC($pass)));
 if (false != $user) {
     if (0 == $user->getVar('level')) {
         redirect_header(XOOPS_URL.'/index.php', 5, _US_NOACTTPADM);

From onokazu ¡÷ users.sourceforge.jp  Mon Jul 18 15:49:07 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Mon, 18 Jul 2005 15:49:07 +0900
Subject: [xoops-cvslog 246] CVS update: xoops2jp/html
Message-ID: <20050718064907.40D992AC07E@users.sourceforge.jp>

Index: xoops2jp/html/lostpass.php
diff -u xoops2jp/html/lostpass.php:1.2.10.1 xoops2jp/html/lostpass.php:1.2.10.2
--- xoops2jp/html/lostpass.php:1.2.10.1	Thu Jun 30 01:40:24 2005
+++ xoops2jp/html/lostpass.php	Mon Jul 18 15:49:07 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: lostpass.php,v 1.2.10.1 2005/06/29 16:40:24 onokazu Exp $
+// $Id: lostpass.php,v 1.2.10.2 2005/07/18 06:49:07 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -27,72 +27,73 @@
 
 $xoopsOption['pagetype'] = "user";
 include "mainfile.php";
-$myts =& MyTextSanitizer::getInstance();
-$email = isset($_GET['email']) ? $myts->stripSlashesGPC(trim($_GET['email'])) : '';
-$email = isset($_POST['email']) ? $myts->stripSlashesGPC(trim($_POST['email'])) : $email;
+$email = isset($_GET['email']) ? trim($_GET['email']) : '';
+$email = isset($_POST['email']) ? trim($_POST['email']) : $email;
 if ($email == '') {
-    redirect_header("user.php",2,_US_SORRYNOTFOUND);
-    exit();
+	redirect_header("user.php",2,_US_SORRYNOTFOUND);
+	exit();
 }
+
+$myts =& MyTextSanitizer::getInstance();
 $member_handler =& xoops_gethandler('member');
-$getuser =& $member_handler->getUsers(new Criteria('email', $email));
+$getuser =& $member_handler->getUsers(new Criteria('email', $myts->addSlashes($email)));
 
 if (empty($getuser)) {
-    redirect_header("user.php",2,_US_SORRYNOTFOUND);
-    exit();
+	redirect_header("user.php",2,_US_SORRYNOTFOUND);
+	exit();
 } else {
-    $code = isset($_GET['code']) ? trim($_GET['code']) : '';
-    $areyou = substr($getuser[0]->getVar("pass"), 0, 5);
-    if ($code != '' && $areyou == $code) {
-        $newpass = xoops_makepass();
-        $xoopsMailer =& getMailer();
-        $xoopsMailer->useMail();
-        $xoopsMailer->setTemplate("lostpass2.tpl");
-        $xoopsMailer->assign("SITENAME", $xoopsConfig['sitename']);
-        $xoopsMailer->assign("ADMINMAIL", $xoopsConfig['adminmail']);
-        $xoopsMailer->assign("SITEURL", XOOPS_URL."/");
-        $xoopsMailer->assign("IP", $_SERVER['REMOTE_ADDR']);
-        $xoopsMailer->assign("NEWPWD", $newpass);
-        $xoopsMailer->setToUsers($getuser[0]);
-        $xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
-        $xoopsMailer->setFromName($xoopsConfig['sitename']);
-        $xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ,XOOPS_URL));
-        if ( !$xoopsMailer->send() ) {
-            echo $xoopsMailer->getErrors();
-        }
+	$code = isset($_GET['code']) ? trim($_GET['code']) : '';
+	$areyou = substr($getuser[0]->getVar("pass"), 0, 5);
+	if ($code != '' && $areyou == $code) {
+		$newpass = xoops_makepass();
+		$xoopsMailer =& getMailer();
+		$xoopsMailer->useMail();
+		$xoopsMailer->setTemplate("lostpass2.tpl");
+		$xoopsMailer->assign("SITENAME", $xoopsConfig['sitename']);
+		$xoopsMailer->assign("ADMINMAIL", $xoopsConfig['adminmail']);
+		$xoopsMailer->assign("SITEURL", XOOPS_URL."/");
+		$xoopsMailer->assign("IP", $_SERVER['REMOTE_ADDR']);
+		$xoopsMailer->assign("NEWPWD", $newpass);
+		$xoopsMailer->setToUsers($getuser[0]);
+		$xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
+		$xoopsMailer->setFromName($xoopsConfig['sitename']);
+		$xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ,XOOPS_URL));
+		if ( !$xoopsMailer->send() ) {
+			echo $xoopsMailer->getErrors();
+		}
 
-        // Next step: add the new password to the database
-        $sql = sprintf("UPDATE %s SET pass = '%s' WHERE uid = %u", $xoopsDB->prefix("users"), md5($newpass), $getuser[0]->getVar('uid'));
-        if ( !$xoopsDB->queryF($sql) ) {
-            include "header.php";
-            echo _US_MAILPWDNG;
-            include "footer.php";
-            exit();
-        }
-        redirect_header("user.php", 3, sprintf(_US_PWDMAILED,$getuser[0]->getVar("uname")), false);
-        exit();
-    // If no Code, send it
-    } else {
-        $xoopsMailer =& getMailer();
-        $xoopsMailer->useMail();
-        $xoopsMailer->setTemplate("lostpass1.tpl");
-        $xoopsMailer->assign("SITENAME", $xoopsConfig['sitename']);
-        $xoopsMailer->assign("ADMINMAIL", $xoopsConfig['adminmail']);
-        $xoopsMailer->assign("SITEURL", XOOPS_URL."/");
-        $xoopsMailer->assign("IP", $_SERVER['REMOTE_ADDR']);
-        $xoopsMailer->assign("NEWPWD_LINK", XOOPS_URL."/lostpass.php?email=".$email."&code=".$areyou);
-        $xoopsMailer->setToUsers($getuser[0]);
-        $xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
-        $xoopsMailer->setFromName($xoopsConfig['sitename']);
-        $xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ,$xoopsConfig['sitename']));
-        include "header.php";
-        if ( !$xoopsMailer->send() ) {
-            echo $xoopsMailer->getErrors();
-        }
-        echo "<h4>";
-        printf(_US_CONFMAIL,$getuser[0]->getVar("uname"));
-        echo "</h4>";
-        include "footer.php";
-    }
+		// Next step: add the new password to the database
+		$sql = sprintf("UPDATE %s SET pass = '%s' WHERE uid = %u", $xoopsDB->prefix("users"), md5($newpass), $getuser[0]->getVar('uid'));
+		if ( !$xoopsDB->queryF($sql) ) {
+			include "header.php";
+			echo _US_MAILPWDNG;
+			include "footer.php";
+			exit();
+		}
+		redirect_header("user.php", 3, sprintf(_US_PWDMAILED,$getuser[0]->getVar("uname")), false);
+		exit();
+	// If no Code, send it
+	} else {
+		$xoopsMailer =& getMailer();
+		$xoopsMailer->useMail();
+		$xoopsMailer->setTemplate("lostpass1.tpl");
+		$xoopsMailer->assign("SITENAME", $xoopsConfig['sitename']);
+		$xoopsMailer->assign("ADMINMAIL", $xoopsConfig['adminmail']);
+		$xoopsMailer->assign("SITEURL", XOOPS_URL."/");
+		$xoopsMailer->assign("IP", $_SERVER['REMOTE_ADDR']);
+		$xoopsMailer->assign("NEWPWD_LINK", XOOPS_URL."/lostpass.php?email=".$email."&code=".$areyou);
+		$xoopsMailer->setToUsers($getuser[0]);
+		$xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
+		$xoopsMailer->setFromName($xoopsConfig['sitename']);
+		$xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ,$xoopsConfig['sitename']));
+		include "header.php";
+		if ( !$xoopsMailer->send() ) {
+			echo $xoopsMailer->getErrors();
+		}
+		echo "<h4>";
+		printf(_US_CONFMAIL,$getuser[0]->getVar("uname"));
+		echo "</h4>";
+		include "footer.php";
+	}
 }
 ?>
\ No newline at end of file

From onokazu ¡÷ users.sourceforge.jp  Mon Jul 18 15:49:07 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Mon, 18 Jul 2005 15:49:07 +0900
Subject: [xoops-cvslog 247] CVS update:
	xoops2jp/html/modules/system/admin/findusers
Message-ID: <20050718064907.8A40F2AC019@users.sourceforge.jp>

Index: xoops2jp/html/modules/system/admin/findusers/main.php
diff -u xoops2jp/html/modules/system/admin/findusers/main.php:1.2.6.2.2.2 xoops2jp/html/modules/system/admin/findusers/main.php:1.2.6.2.2.3
--- xoops2jp/html/modules/system/admin/findusers/main.php:1.2.6.2.2.2	Thu Jun 30 01:40:24 2005
+++ xoops2jp/html/modules/system/admin/findusers/main.php	Mon Jul 18 15:49:07 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: main.php,v 1.2.6.2.2.2 2005/06/29 16:40:24 onokazu Exp $
+// $Id: main.php,v 1.2.6.2.2.3 2005/07/18 06:49:07 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -154,16 +154,16 @@
         $match = (!empty($_POST['user_uname_match'])) ? intval($_POST['user_uname_match']) : XOOPS_MATCH_START;
         switch ($match) {
         case XOOPS_MATCH_START:
-            $criteria->add(new Criteria('uname', $myts->stripSlashesGPC(trim($_POST['user_uname'])).'%', 'LIKE'));
+            $criteria->add(new Criteria('uname', $myts->addSlashes(trim($_POST['user_uname'])).'%', 'LIKE'));
             break;
         case XOOPS_MATCH_END:
-            $criteria->add(new Criteria('uname', '%'.$myts->stripSlashesGPC(trim($_POST['user_uname'])), 'LIKE'));
+            $criteria->add(new Criteria('uname', '%'.$myts->addSlashes(trim($_POST['user_uname'])), 'LIKE'));
             break;
         case XOOPS_MATCH_EQUAL:
-            $criteria->add(new Criteria('uname', $myts->stripSlashesGPC(trim($_POST['user_uname']))));
+            $criteria->add(new Criteria('uname', $myts->addSlashes(trim($_POST['user_uname']))));
             break;
         case XOOPS_MATCH_CONTAIN:
-            $criteria->add(new Criteria('uname', '%'.$myts->stripSlashesGPC(trim($_POST['user_uname'])).'%', 'LIKE'));
+            $criteria->add(new Criteria('uname', '%'.$myts->addSlashes(trim($_POST['user_uname'])).'%', 'LIKE'));
             break;
         }
     }
@@ -171,16 +171,16 @@
         $match = (!empty($_POST['user_name_match'])) ? intval($_POST['user_name_match']) : XOOPS_MATCH_START;
         switch ($match) {
         case XOOPS_MATCH_START:
-            $criteria->add(new Criteria('name', $myts->stripSlashesGPC(trim($_POST['user_name'])).'%', 'LIKE'));
+            $criteria->add(new Criteria('name', $myts->addSlashes(trim($_POST['user_name'])).'%', 'LIKE'));
             break;
         case XOOPS_MATCH_END:
-            $criteria->add(new Criteria('name', '%'.$myts->stripSlashesGPC(trim($_POST['user_name'])), 'LIKE'));
+            $criteria->add(new Criteria('name', '%'.$myts->addSlashes(trim($_POST['user_name'])), 'LIKE'));
             break;
         case XOOPS_MATCH_EQUAL:
-            $criteria->add(new Criteria('name', $myts->stripSlashesGPC(trim($_POST['user_name']))));
+            $criteria->add(new Criteria('name', $myts->addSlashes(trim($_POST['user_name']))));
             break;
         case XOOPS_MATCH_CONTAIN:
-            $criteria->add(new Criteria('name', '%'.$myts->stripSlashesGPC(trim($_POST['user_name'])).'%', 'LIKE'));
+            $criteria->add(new Criteria('name', '%'.$myts->addSlashes(trim($_POST['user_name'])).'%', 'LIKE'));
             break;
         }
     }
@@ -188,16 +188,16 @@
         $match = (!empty($_POST['user_email_match'])) ? intval($_POST['user_email_match']) : XOOPS_MATCH_START;
         switch ($match) {
         case XOOPS_MATCH_START:
-            $criteria->add(new Criteria('email', $myts->stripSlashesGPC(trim($_POST['user_email'])).'%', 'LIKE'));
+            $criteria->add(new Criteria('email', $myts->addSlashes(trim($_POST['user_email'])).'%', 'LIKE'));
             break;
         case XOOPS_MATCH_END:
-            $criteria->add(new Criteria('email', '%'.$myts->stripSlashesGPC(trim($_POST['user_email'])), 'LIKE'));
+            $criteria->add(new Criteria('email', '%'.$myts->addSlashes(trim($_POST['user_email'])), 'LIKE'));
             break;
         case XOOPS_MATCH_EQUAL:
-            $criteria->add(new Criteria('email', $myts->stripSlashesGPC(trim($_POST['user_email']))));
+            $criteria->add(new Criteria('email', $myts->addSlashes(trim($_POST['user_email']))));
             break;
         case XOOPS_MATCH_CONTAIN:
-            $criteria->add(new Criteria('email', '%'.$myts->stripSlashesGPC(trim($_POST['user_email'])).'%', 'LIKE'));
+            $criteria->add(new Criteria('email', '%'.$myts->addSlashes(trim($_POST['user_email'])).'%', 'LIKE'));
             break;
         }
     }
@@ -209,16 +209,16 @@
         $match = (!empty($_POST['user_icq_match'])) ? intval($_POST['user_icq_match']) : XOOPS_MATCH_START;
         switch ($match) {
         case XOOPS_MATCH_START:
-            $criteria->add(new Criteria('user_icq', $myts->stripSlashesGPC(trim($_POST['user_icq'])).'%', 'LIKE'));
+            $criteria->add(new Criteria('user_icq', $myts->addSlashes(trim($_POST['user_icq'])).'%', 'LIKE'));
             break;
         case XOOPS_MATCH_END:
-            $criteria->add(new Criteria('user_icq', '%'.$myts->stripSlashesGPC(trim($_POST['user_icq'])), 'LIKE'));
+            $criteria->add(new Criteria('user_icq', '%'.$myts->addSlashes(trim($_POST['user_icq'])), 'LIKE'));
             break;
         case XOOPS_MATCH_EQUAL:
-            $criteria->add(new Criteria('user_icq', '%'.$myts->stripSlashesGPC(trim($_POST['user_icq']))));
+            $criteria->add(new Criteria('user_icq', '%'.$myts->addSlashes(trim($_POST['user_icq']))));
             break;
         case XOOPS_MATCH_CONTAIN:
-            $criteria->add(new Criteria('user_icq', '%'.$myts->stripSlashesGPC(trim($_POST['user_icq'])).'%', 'LIKE'));
+            $criteria->add(new Criteria('user_icq', '%'.$myts->addSlashes(trim($_POST['user_icq'])).'%', 'LIKE'));
             break;
         }
     }
@@ -226,16 +226,16 @@
         $match = (!empty($_POST['user_aim_match'])) ? intval($_POST['user_aim_match']) : XOOPS_MATCH_START;
         switch ($match) {
         case XOOPS_MATCH_START:
-            $criteria->add(new Criteria('user_aim', $myts->stripSlashesGPC(trim($_POST['user_aim'])).'%', 'LIKE'));
+            $criteria->add(new Criteria('user_aim', $myts->addSlashes(trim($_POST['user_aim'])).'%', 'LIKE'));
             break;
         case XOOPS_MATCH_END:
-            $criteria->add(new Criteria('user_aim', '%'.$myts->stripSlashesGPC(trim($_POST['user_aim'])), 'LIKE'));
+            $criteria->add(new Criteria('user_aim', '%'.$myts->addSlashes(trim($_POST['user_aim'])), 'LIKE'));
             break;
         case XOOPS_MATCH_EQUAL:
-            $criteria->add(new Criteria('user_aim', $myts->stripSlashesGPC(trim($_POST['user_aim']))));
+            $criteria->add(new Criteria('user_aim', $myts->addSlashes(trim($_POST['user_aim']))));
             break;
         case XOOPS_MATCH_CONTAIN:
-            $criteria->add(new Criteria('user_aim', '%'.$myts->stripSlashesGPC(trim($_POST['user_aim'])).'%', 'LIKE'));
+            $criteria->add(new Criteria('user_aim', '%'.$myts->addSlashes(trim($_POST['user_aim'])).'%', 'LIKE'));
             break;
         }
     }
@@ -243,16 +243,16 @@
         $match = (!empty($_POST['user_yim_match'])) ? intval($_POST['user_yim_match']) : XOOPS_MATCH_START;
         switch ($match) {
         case XOOPS_MATCH_START:
-            $criteria->add(new Criteria('user_yim', $myts->stripSlashesGPC(trim($_POST['user_yim'])).'%', 'LIKE'));
+            $criteria->add(new Criteria('user_yim', $myts->addSlashes(trim($_POST['user_yim'])).'%', 'LIKE'));
             break;
         case XOOPS_MATCH_END:
-            $criteria->add(new Criteria('user_yim', '%'.$myts->stripSlashesGPC(trim($_POST['user_yim'])), 'LIKE'));
+            $criteria->add(new Criteria('user_yim', '%'.$myts->addSlashes(trim($_POST['user_yim'])), 'LIKE'));
             break;
         case XOOPS_MATCH_EQUAL:
-            $criteria->add(new Criteria('user_yim', $myts->stripSlashesGPC(trim($_POST['user_yim']))));
+            $criteria->add(new Criteria('user_yim', $myts->addSlashes(trim($_POST['user_yim']))));
             break;
         case XOOPS_MATCH_CONTAIN:
-            $criteria->add(new Criteria('user_yim', '%'.$myts->stripSlashesGPC(trim($_POST['user_yim'])).'%', 'LIKE'));
+            $criteria->add(new Criteria('user_yim', '%'.$myts->addSlashes(trim($_POST['user_yim'])).'%', 'LIKE'));
             break;
         }
     }
@@ -260,27 +260,27 @@
         $match = (!empty($_POST['user_msnm_match'])) ? intval($_POST['user_msnm_match']) : XOOPS_MATCH_START;
         switch ($match) {
         case XOOPS_MATCH_START:
-            $criteria->add(new Criteria('user_msnm', $myts->stripSlashesGPC(trim($_POST['user_msnm'])).'%', 'LIKE'));
+            $criteria->add(new Criteria('user_msnm', $myts->addSlashes(trim($_POST['user_msnm'])).'%', 'LIKE'));
             break;
         case XOOPS_MATCH_END:
-            $criteria->add(new Criteria('user_msnm', '%'.$myts->stripSlashesGPC(trim($_POST['user_msnm'])), 'LIKE'));
+            $criteria->add(new Criteria('user_msnm', '%'.$myts->addSlashes(trim($_POST['user_msnm'])), 'LIKE'));
             break;
         case XOOPS_MATCH_EQUAL:
-            $criteria->add(new Criteria('user_msnm', '%'.$myts->stripSlashesGPC(trim($_POST['user_msnm']))));
+            $criteria->add(new Criteria('user_msnm', '%'.$myts->addSlashes(trim($_POST['user_msnm']))));
             break;
         case XOOPS_MATCH_CONTAIN:
-            $criteria->add(new Criteria('user_msnm', '%'.$myts->stripSlashesGPC(trim($_POST['user_msnm'])).'%', 'LIKE'));
+            $criteria->add(new Criteria('user_msnm', '%'.$myts->addSlashes(trim($_POST['user_msnm'])).'%', 'LIKE'));
             break;
         }
     }
     if ( !empty($_POST['user_from']) ) {
-        $criteria->add(new Criteria('user_from', '%'.$myts->stripSlashesGPC(trim($_POST['user_from'])).'%', 'LIKE'));
+        $criteria->add(new Criteria('user_from', '%'.$myts->addSlashes(trim($_POST['user_from'])).'%', 'LIKE'));
     }
     if ( !empty($_POST['user_intrest']) ) {
-        $criteria->add(new Criteria('user_intrest', '%'.$myts->stripSlashesGPC(trim($_POST['user_intrest'])).'%', 'LIKE'));
+        $criteria->add(new Criteria('user_intrest', '%'.$myts->addSlashes(trim($_POST['user_intrest'])).'%', 'LIKE'));
     }
     if ( !empty($_POST['user_occ']) ) {
-        $criteria->add(new Criteria('user_occ', '%'.$myts->stripSlashesGPC(trim($_POST['user_occ'])).'%', 'LIKE'));
+        $criteria->add(new Criteria('user_occ', '%'.$myts->addSlashes(trim($_POST['user_occ'])).'%', 'LIKE'));
     }
 
     if ( !empty($_POST['user_lastlog_more']) && is_numeric($_POST['user_lastlog_more']) ) {

From onokazu ¡÷ users.sourceforge.jp  Mon Jul 18 15:49:07 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Mon, 18 Jul 2005 15:49:07 +0900
Subject: [xoops-cvslog 248] CVS update:
	xoops2jp/html/modules/system/admin/users
Message-ID: <20050718064907.D41752AC07E@users.sourceforge.jp>

Index: xoops2jp/html/modules/system/admin/users/main.php
diff -u xoops2jp/html/modules/system/admin/users/main.php:1.2.6.4.2.2 xoops2jp/html/modules/system/admin/users/main.php:1.2.6.4.2.3
--- xoops2jp/html/modules/system/admin/users/main.php:1.2.6.4.2.2	Thu Jun 30 01:40:25 2005
+++ xoops2jp/html/modules/system/admin/users/main.php	Mon Jul 18 15:49:07 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: main.php,v 1.2.6.4.2.2 2005/06/29 16:40:25 onokazu Exp $
+// $Id: main.php,v 1.2.6.4.2.3 2005/07/18 06:49:07 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -59,7 +59,7 @@
         $member_handler =& xoops_gethandler('member');
         $edituser =& $member_handler->getUser($uid);
         $myts =& MyTextSanitizer::getInstance();
-        if ($edituser->getVar('uname') != $username && $member_handler->getUserCount(new Criteria('uname', $username)) > 0) {
+        if ($edituser->getVar('uname') != $username && $member_handler->getUserCount(new Criteria('uname', addslashes($username))) > 0) {
             xoops_cp_header();
             echo 'User name '.htmlspecialchars($username).' already exists';
             xoops_cp_footer();
@@ -235,7 +235,7 @@
     } else {
         $member_handler =& xoops_gethandler('member');
         // make sure the username doesnt exist yet
-        if ($member_handler->getUserCount(new Criteria('uname', $username)) > 0) {
+        if ($member_handler->getUserCount(new Criteria('uname', addslashes($username))) > 0) {
             $adduser_errormsg = 'User name '.$username.' already exists';
         } else {
             $newuser =& $member_handler->createUser();

From onokazu ¡÷ users.sourceforge.jp  Mon Jul 18 16:50:56 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Mon, 18 Jul 2005 16:50:56 +0900
Subject: [xoops-cvslog 247] CVS update: xoops2jp/html/class/xml/rpc
Message-ID: <20050718075056.77B572AC022@users.sourceforge.jp>

Index: xoops2jp/html/class/xml/rpc/xmlrpcapi.php
diff -u xoops2jp/html/class/xml/rpc/xmlrpcapi.php:1.2.6.1 xoops2jp/html/class/xml/rpc/xmlrpcapi.php:1.2.6.1.2.1
--- xoops2jp/html/class/xml/rpc/xmlrpcapi.php:1.2.6.1	Mon Apr 25 13:59:07 2005
+++ xoops2jp/html/class/xml/rpc/xmlrpcapi.php	Mon Jul 18 16:50:56 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: xmlrpcapi.php,v 1.2.6.1 2005/04/25 04:59:07 onokazu Exp $
+// $Id: xmlrpcapi.php,v 1.2.6.1.2.1 2005/07/18 07:50:56 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -73,7 +73,7 @@
             return true;
         }
         $member_handler =& xoops_gethandler('member');
-        $this->user =& $member_handler->loginUser($username, $password);
+        $this->user =& $member_handler->loginUser(addslashes($username), addslashes($password));
         if (!is_object($this->user)) {
             unset($this->user);
             return false;

From onokazu ¡÷ users.sourceforge.jp  Mon Jul 18 17:23:40 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Mon, 18 Jul 2005 17:23:40 +0900
Subject: [xoops-cvslog 248] CVS update: xoops2jp/html/modules/news/admin
Message-ID: <20050718082340.0598D2AC022@users.sourceforge.jp>

Index: xoops2jp/html/modules/news/admin/storyform.inc.php
diff -u xoops2jp/html/modules/news/admin/storyform.inc.php:1.2.6.3 xoops2jp/html/modules/news/admin/storyform.inc.php:1.2.6.3.2.1
--- xoops2jp/html/modules/news/admin/storyform.inc.php:1.2.6.3	Fri May 13 20:18:28 2005
+++ xoops2jp/html/modules/news/admin/storyform.inc.php	Mon Jul 18 17:23:39 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: storyform.inc.php,v 1.2.6.3 2005/05/13 11:18:28 minahito Exp $
+// $Id: storyform.inc.php,v 1.2.6.3.2.1 2005/07/18 08:23:39 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -57,10 +57,11 @@
 }
 
 echo "<br /><b>"._AM_TOPICDISPLAY."</b>&nbsp;&nbsp;<input type='radio' name='topicdisplay' value='1'";
-if ( !isset($topicdisplay) || $topicdisplay==1 ) {
+$topicdisplay = !isset($topicdisplay) ? 1 : $topicdisplay;
+if ($topicdisplay == 1) {
     echo " checked='checked'";
 }
-ECHO " />"._AM_YES."&nbsp;<input type='radio' name='topicdisplay' value='0'";
+echo " />"._AM_YES."&nbsp;<input type='radio' name='topicdisplay' value='0'";
 if (empty($topicdisplay)) {
     echo " checked='checked'";
 }

From onokazu ¡÷ users.sourceforge.jp  Mon Jul 18 17:26:17 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Mon, 18 Jul 2005 17:26:17 +0900
Subject: [xoops-cvslog 249] CVS update: xoops2jp/html/modules/news/admin
Message-ID: <20050718082617.D86532AC022@users.sourceforge.jp>

Index: xoops2jp/html/modules/news/admin/storyform.inc.php
diff -u xoops2jp/html/modules/news/admin/storyform.inc.php:1.2.6.3.2.1 xoops2jp/html/modules/news/admin/storyform.inc.php:1.2.6.3.2.2
--- xoops2jp/html/modules/news/admin/storyform.inc.php:1.2.6.3.2.1	Mon Jul 18 17:23:39 2005
+++ xoops2jp/html/modules/news/admin/storyform.inc.php	Mon Jul 18 17:26:17 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: storyform.inc.php,v 1.2.6.3.2.1 2005/07/18 08:23:39 onokazu Exp $
+// $Id: storyform.inc.php,v 1.2.6.3.2.2 2005/07/18 08:26:17 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -67,7 +67,7 @@
 }
 echo " />"._AM_NO."&nbsp;&nbsp;&nbsp;";
 echo "<b>"._AM_TOPICALIGN."</b>&nbsp;<select name='topicalign'>\n";
-    if ( "L" == $topicalign) {
+    if (isset($topicalign) && "L" == $topicalign) {
             $sel = " selected='selected'";
     } else {
             $sel = "";

From onokazu ¡÷ users.sourceforge.jp  Mon Jul 18 17:35:55 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Mon, 18 Jul 2005 17:35:55 +0900
Subject: [xoops-cvslog 250] CVS update:
	xoops2jp/html/modules/system/admin/modulesadmin
Message-ID: <20050718083555.0F8AE2AC022@users.sourceforge.jp>

Index: xoops2jp/html/modules/system/admin/modulesadmin/modulesadmin.php
diff -u xoops2jp/html/modules/system/admin/modulesadmin/modulesadmin.php:1.2.6.4 xoops2jp/html/modules/system/admin/modulesadmin/modulesadmin.php:1.2.6.4.2.1
--- xoops2jp/html/modules/system/admin/modulesadmin/modulesadmin.php:1.2.6.4	Tue May 31 14:03:47 2005
+++ xoops2jp/html/modules/system/admin/modulesadmin/modulesadmin.php	Mon Jul 18 17:35:54 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: modulesadmin.php,v 1.2.6.4 2005/05/31 05:03:47 onokazu Exp $
+// $Id: modulesadmin.php,v 1.2.6.4.2.1 2005/07/18 08:35:54 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -293,7 +293,7 @@
                         if ((isset($block['template']) && trim($block['template']) != '')) {
                             $content =& xoops_module_gettemplate($dirname, $block['template'], true);
                         }
-                        if (!$content) {
+                        if (!isset($content)) {
                             $content = '';
                         } else {
                             $template = trim($block['template']);

From onokazu ¡÷ users.sourceforge.jp  Mon Jul 18 17:46:30 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Mon, 18 Jul 2005 17:46:30 +0900
Subject: [xoops-cvslog 251] CVS update: xoops2jp/html/modules/xoopsfaq/admin
Message-ID: <20050718084630.780C52AC022@users.sourceforge.jp>

Index: xoops2jp/html/modules/xoopsfaq/admin/index.php
diff -u xoops2jp/html/modules/xoopsfaq/admin/index.php:1.2.6.2 xoops2jp/html/modules/xoopsfaq/admin/index.php:1.2.6.2.2.1
--- xoops2jp/html/modules/xoopsfaq/admin/index.php:1.2.6.2	Thu Apr 21 17:08:17 2005
+++ xoops2jp/html/modules/xoopsfaq/admin/index.php	Mon Jul 18 17:46:30 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: index.php,v 1.2.6.2 2005/04/21 08:08:17 onokazu Exp $
+// $Id: index.php,v 1.2.6.2.2.1 2005/07/18 08:46:30 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -196,11 +196,14 @@
 if ($op == "addcontentsgo") {
     $category_id = !empty($_POST['category_id']) ? intval($_POST['category_id']) : 0;
     if ($category_id > 0) {
+        foreach (array('contents_order', 'contents_visible', 'contents_nohtml', 'contents_nosmiley', 'contents_noxcode') as $toint) {
+            ${$toint} = !empty($_POST[$toint]) ? intval($_POST[$toint]) : 0;
+        }
         $myts =& MyTextSanitizer::getInstance();
         $title = $myts->stripSlashesGPC($_POST['contents_title']);
         $contents = $myts->makeTareaData4Save($_POST['contents_contents']);
         $newid = $xoopsDB->genId($xoopsDB->prefix("xoopsfaq_contents")."_contents_id_seq");
-        $sql = "INSERT INTO ".$xoopsDB->prefix("xoopsfaq_contents")." (contents_id, category_id, contents_title, contents_contents, contents_time, contents_order, contents_visible, contents_nohtml, contents_nosmiley, contents_noxcode) VALUES ($newid, $category_id, ".$xoopsDB->quoteString($title).", ".$xoopsDB->quoteString($contents).", ".time().", ".intval($_POST['contents_order']).", ".intval($_POST['contents_visible']).", ".intval($_POST['contents_nohtml']).", ".intval($_POST['contents_nosmiley']).", ".intval($_POST['contents_noxcode']).")";
+        $sql = "INSERT INTO ".$xoopsDB->prefix("xoopsfaq_contents")." (contents_id, category_id, contents_title, contents_contents, contents_time, contents_order, contents_visible, contents_nohtml, contents_nosmiley, contents_noxcode) VALUES ($newid, $category_id, ".$xoopsDB->quoteString($title).", ".$xoopsDB->quoteString($contents).", ".time().", ".$contents_order.", ".$contents_visible.", ".$contents_nohtml.", ".$contents_nosmiley.", ".contents_noxcode.")";
         if (!$xoopsDB->query($sql)) {
             xoops_cp_header();
             echo "Could not add contents";

From onokazu ¡÷ users.sourceforge.jp  Mon Jul 18 19:21:53 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Mon, 18 Jul 2005 19:21:53 +0900
Subject: [xoops-cvslog 252] CVS update: xoops2jp/html/modules/xoopsfaq/admin
Message-ID: <20050718102153.4DFFF2AC020@users.sourceforge.jp>

Index: xoops2jp/html/modules/xoopsfaq/admin/index.php
diff -u xoops2jp/html/modules/xoopsfaq/admin/index.php:1.2.6.2.2.1 xoops2jp/html/modules/xoopsfaq/admin/index.php:1.2.6.2.2.2
--- xoops2jp/html/modules/xoopsfaq/admin/index.php:1.2.6.2.2.1	Mon Jul 18 17:46:30 2005
+++ xoops2jp/html/modules/xoopsfaq/admin/index.php	Mon Jul 18 19:21:53 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: index.php,v 1.2.6.2.2.1 2005/07/18 08:46:30 onokazu Exp $
+// $Id: index.php,v 1.2.6.2.2.2 2005/07/18 10:21:53 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -196,14 +196,16 @@
 if ($op == "addcontentsgo") {
     $category_id = !empty($_POST['category_id']) ? intval($_POST['category_id']) : 0;
     if ($category_id > 0) {
-        foreach (array('contents_order', 'contents_visible', 'contents_nohtml', 'contents_nosmiley', 'contents_noxcode') as $toint) {
-            ${$toint} = !empty($_POST[$toint]) ? intval($_POST[$toint]) : 0;
-        }
+        $contents_nohtml = !empty($_POST['contents_nohtml']) ? 1 : 0;
+        $contents_nosmiley = !empty($_POST['contents_nosmiley']) ? 1 : 0;
+        $contents_noxcode = !empty($_POST['contents_noxcode']) ? 1 : 0;
+        $contents_visible = !empty($_POST['contents_visible']) ? 1 : 0;
+        $contents_order = !empty($_POST['contents_order']) ? intval($_POST['contents_order']) : 0;
         $myts =& MyTextSanitizer::getInstance();
         $title = $myts->stripSlashesGPC($_POST['contents_title']);
         $contents = $myts->makeTareaData4Save($_POST['contents_contents']);
         $newid = $xoopsDB->genId($xoopsDB->prefix("xoopsfaq_contents")."_contents_id_seq");
-        $sql = "INSERT INTO ".$xoopsDB->prefix("xoopsfaq_contents")." (contents_id, category_id, contents_title, contents_contents, contents_time, contents_order, contents_visible, contents_nohtml, contents_nosmiley, contents_noxcode) VALUES ($newid, $category_id, ".$xoopsDB->quoteString($title).", ".$xoopsDB->quoteString($contents).", ".time().", ".$contents_order.", ".$contents_visible.", ".$contents_nohtml.", ".$contents_nosmiley.", ".contents_noxcode.")";
+        $sql = "INSERT INTO ".$xoopsDB->prefix("xoopsfaq_contents")." (contents_id, category_id, contents_title, contents_contents, contents_time, contents_order, contents_visible, contents_nohtml, contents_nosmiley, contents_noxcode) VALUES ($newid, $category_id, ".$xoopsDB->quoteString($title).", ".$xoopsDB->quoteString($contents).", ".time().", ".$contents_order.", ".$contents_visible.", ".$contents_nohtml.", ".$contents_nosmiley.", ".$contents_noxcode.")";
         if (!$xoopsDB->query($sql)) {
             xoops_cp_header();
             echo "Could not add contents";

From onokazu ¡÷ users.sourceforge.jp  Mon Jul 18 19:22:50 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Mon, 18 Jul 2005 19:22:50 +0900
Subject: [xoops-cvslog 253] CVS update: xoops2jp/html/modules/xoopsfaq/admin
Message-ID: <20050718102250.187482AC020@users.sourceforge.jp>

Index: xoops2jp/html/modules/xoopsfaq/admin/contentsform.php
diff -u xoops2jp/html/modules/xoopsfaq/admin/contentsform.php:1.2 xoops2jp/html/modules/xoopsfaq/admin/contentsform.php:1.2.10.1
--- xoops2jp/html/modules/xoopsfaq/admin/contentsform.php:1.2	Fri Mar 18 21:52:49 2005
+++ xoops2jp/html/modules/xoopsfaq/admin/contentsform.php	Mon Jul 18 19:22:49 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: contentsform.php,v 1.2 2005/03/18 12:52:49 onokazu Exp $
+// $Id: contentsform.php,v 1.2.10.1 2005/07/18 10:22:49 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -41,7 +41,7 @@
 xoopsCodeTarea("contents_contents", 60, 20);
 xoopsSmilies("contents_contents");
 
-$checked = " checked='checked'";
+$checked = ($contents_nohtml == 1) ? " checked='checked'" : "";
 echo "<br /><input type='checkbox' name='contents_nohtml' value='1'$checked />"._XD_NOHTML."<br />";
 
 $checked = ($contents_nosmiley == 1) ? " checked='checked'" : "";

From nobunobu ¡÷ users.sourceforge.jp  Tue Jul 19 08:04:15 2005
From: nobunobu ¡÷ users.sourceforge.jp (NobuNobu)
Date: Tue, 19 Jul 2005 08:04:15 +0900
Subject: [xoops-cvslog 254] CVS update:
	xoops2jp/html/modules/system/admin/tplsets
Message-ID: <20050718230415.EC4A92AC08C@users.sourceforge.jp>

Index: xoops2jp/html/modules/system/admin/tplsets/main.php
diff -u xoops2jp/html/modules/system/admin/tplsets/main.php:1.2.6.9.2.3 xoops2jp/html/modules/system/admin/tplsets/main.php:1.2.6.9.2.4
--- xoops2jp/html/modules/system/admin/tplsets/main.php:1.2.6.9.2.3	Sat Jun 25 00:14:50 2005
+++ xoops2jp/html/modules/system/admin/tplsets/main.php	Tue Jul 19 08:04:15 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: main.php,v 1.2.6.9.2.3 2005/06/24 15:14:50 onokazu Exp $
+// $Id: main.php,v 1.2.6.9.2.4 2005/07/18 23:04:15 nobunobu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -1083,7 +1083,7 @@
             for ($i = 0; $i < $fcount; $i++) {
                 $newtpl =& $tplfiles[$i]->xoopsClone();
                 $newtpl->setVar('tpl_id', 0);
-                $newtpl->setVar('tpl_tplset', $tplset);
+                $newtpl->setVar('tpl_tplset', $_POST['tplset']);
                 $newtpl->setVar('tpl_lastmodified', time());
                 $newtpl->setVar('tpl_lastimported', 0);
                 if (!$tpltpl_handler->insert($newtpl)) {

From onokazu ¡÷ users.sourceforge.jp  Wed Jul 20 17:35:15 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Wed, 20 Jul 2005 17:35:15 +0900
Subject: [xoops-cvslog 255] CVS update: xoops2jp/html/include
Message-ID: <20050720083515.3C2382AC02C@users.sourceforge.jp>

Index: xoops2jp/html/include/version.php
diff -u xoops2jp/html/include/version.php:1.4.6.4.2.3 xoops2jp/html/include/version.php:1.4.6.4.2.4
--- xoops2jp/html/include/version.php:1.4.6.4.2.3	Wed Jun 29 14:49:46 2005
+++ xoops2jp/html/include/version.php	Wed Jul 20 17:35:14 2005
@@ -1,4 +1,4 @@
 <?php
-// $Id: version.php,v 1.4.6.4.2.3 2005/06/29 05:49:46 onokazu Exp $
-define("XOOPS_VERSION","XOOPS 2.0.11 RC1");
+// $Id: version.php,v 1.4.6.4.2.4 2005/07/20 08:35:14 onokazu Exp $
+define("XOOPS_VERSION","XOOPS 2.0.11 RC2");
 ?>
\ No newline at end of file

From onokazu ¡÷ users.sourceforge.jp  Thu Jul 21 01:55:16 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Thu, 21 Jul 2005 01:55:16 +0900
Subject: [xoops-cvslog 256] CVS update: xoops2jp/docs
Message-ID: <20050720165516.9051E2AC030@users.sourceforge.jp>

Index: xoops2jp/docs/CHANGES.txt
diff -u xoops2jp/docs/CHANGES.txt:1.2.6.6.2.4 xoops2jp/docs/CHANGES.txt:1.2.6.6.2.5
--- xoops2jp/docs/CHANGES.txt:1.2.6.6.2.4	Wed Jun 29 15:51:07 2005
+++ xoops2jp/docs/CHANGES.txt	Thu Jul 21 01:55:16 2005
@@ -1,6 +1,21 @@
 XOOPS v2 Changelog
 ============================
 
+2005/ 7/21: Version 2.0.11 JP RC2
+===============================
+- Added security patch to prevent SQL injection in xmlrpcapi.php
+- Added security patch for XSS vulnerability in comment post
+- Fixed minor display bugs in search result URLs
+- Fixed incorrect Smarty tag name being assigned in header.php
+- Fixed PHP notice errors in several parts
+
+
+2005/ 6/30: Version 2.0.10.2 JP
+===============================
+- Added security patch to prevent SQL injection in xmlrpcapi.php
+- Added security patch for XSS vulnerability in comment post
+
+
 2005/ 6/29: Version 2.0.11 JP RC1
 ===============================
 - Merged CriteriaString with the original Cirteria class

From onokazu ¡÷ users.sourceforge.jp  Fri Jul 29 15:22:22 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Fri, 29 Jul 2005 15:22:22 +0900
Subject: [xoops-cvslog 257] CVS update: xoops2jp/html/modules/mydownloads
Message-ID: <20050729062222.EC9A22AC023@users.sourceforge.jp>

Index: xoops2jp/html/modules/mydownloads/visit.php
diff -u xoops2jp/html/modules/mydownloads/visit.php:1.2 xoops2jp/html/modules/mydownloads/visit.php:1.2.10.1
--- xoops2jp/html/modules/mydownloads/visit.php:1.2	Fri Mar 18 21:52:14 2005
+++ xoops2jp/html/modules/mydownloads/visit.php	Fri Jul 29 15:22:22 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: visit.php,v 1.2 2005/03/18 12:52:14 onokazu Exp $
+// $Id: visit.php,v 1.2.10.1 2005/07/29 06:22:22 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -26,31 +26,39 @@
 //  ------------------------------------------------------------------------ //
 
 include "../../mainfile.php";
-$myts =& MyTextSanitizer::getInstance(); // MyTextSanitizer object
-$lid = intval($HTTP_GET_VARS['lid']);
-$cid = intval($HTTP_GET_VARS['cid']);
+$lid = intval($_GET['lid']);
+if (empty($lid)) {
+    header('Location: '.XOOPS_URL.'/');
+    exit();
+}
+$cid = intval($_GET['cid']);
 if ( $xoopsModuleConfig['check_host'] ) {
-	$goodhost      = 0;
-	$referer       = parse_url(xoops_getenv('HTTP_REFERER'));
-	$referer_host  = $referer['host'];
-	foreach ( $xoopsModuleConfig['referers'] as $ref ) {
-		if ( !empty($ref) && preg_match("/".$ref."/i", $referer_host) ) {
-			$goodhost = "1";
-			break;
-		}
-	}
-	if (!$goodhost) {
-		redirect_header(XOOPS_URL . "/modules/mydownloads/singlefile.php?cid=$cid&amp;lid=$lid", 20, _MD_NOPERMISETOLINK);
-		exit();
-	}
+    $goodhost      = 0;
+    $referer       = parse_url(xoops_getenv('HTTP_REFERER'));
+    $referer_host  = $referer['host'];
+    foreach ( $xoopsModuleConfig['referers'] as $ref ) {
+        if ( !empty($ref) && preg_match("/".$ref."/i", $referer_host) ) {
+            $goodhost = "1";
+            break;
+        }
+    }
+    if (!$goodhost) {
+        redirect_header(XOOPS_URL . "/modules/mydownloads/singlefile.php?cid=$cid&amp;lid=$lid", 20, _MD_NOPERMISETOLINK);
+        exit();
+    }
 }
 $sql = sprintf("UPDATE %s SET hits = hits+1 WHERE lid = %u AND status > 0", $xoopsDB->prefix("mydownloads_downloads"), $lid);
 $xoopsDB->queryF($sql);
 $result = $xoopsDB->query("SELECT url FROM ".$xoopsDB->prefix("mydownloads_downloads")." WHERE lid=$lid AND status>0");
 list($url) = $xoopsDB->fetchRow($result);
+if (empty($url)) {
+    header('Location: '.XOOPS_URL.'/');
+    exit();
+}
+$url = htmlspecialchars(preg_replace( '/javascript:/si' , 'java script:', $url ), ENT_QUOTES);
 if (!preg_match("/^ed2k*:\/\//i", $url)) {
-	Header("Location: $url");
+    Header("Location: $url");
 }
-echo "<html><head><meta http-equiv=\"Refresh\" content=\"0; URL=".$myts->oopsHtmlSpecialChars($url)."\"></meta></head><body></body></html>";
+echo "<html><head><meta http-equiv=\"Refresh\" content=\"0; URL=".$url."\"></meta></head><body></body></html>";
 exit();
 ?>

From onokazu ¡÷ users.sourceforge.jp  Fri Jul 29 15:22:23 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Fri, 29 Jul 2005 15:22:23 +0900
Subject: [xoops-cvslog 258] CVS update: xoops2jp/html/modules/mylinks
Message-ID: <20050729062223.159EC2AC041@users.sourceforge.jp>

Index: xoops2jp/html/modules/mylinks/visit.php
diff -u xoops2jp/html/modules/mylinks/visit.php:1.2.6.1 xoops2jp/html/modules/mylinks/visit.php:1.2.6.1.2.1
--- xoops2jp/html/modules/mylinks/visit.php:1.2.6.1	Thu May 26 19:35:16 2005
+++ xoops2jp/html/modules/mylinks/visit.php	Fri Jul 29 15:22:22 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: visit.php,v 1.2.6.1 2005/05/26 10:35:16 onokazu Exp $
+// $Id: visit.php,v 1.2.6.1.2.1 2005/07/29 06:22:22 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -25,15 +25,21 @@
 //  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA //
 //  ------------------------------------------------------------------------ //
 include '../../mainfile.php';
-$lid = intval($HTTP_GET_VARS['lid']);
-$cid = intval($HTTP_GET_VARS['cid']);
+$lid = intval($_GET['lid']);
+if (empty($lid)) {
+    header('Location: '.XOOPS_URL.'/');
+    exit();
+}
+$cid = intval($_GET['cid']);
 $sql = sprintf("UPDATE %s SET hits = hits+1 WHERE lid = %u AND status > 0", $xoopsDB->prefix("mylinks_links"), $lid);
 $xoopsDB->queryF($sql);
 $result = $xoopsDB->query("select url from ".$xoopsDB->prefix("mylinks_links")." where lid=$lid and status>0");
 list($url) = $xoopsDB->fetchRow($result);
+if (empty($url)) {
+    header('Location: '.XOOPS_URL.'/');
+    exit();
+}
 $url = htmlspecialchars(preg_replace( '/javascript:/si' , 'java script:', $url ), ENT_QUOTES);
-
-
 if ( $xoopsModuleConfig['frame'] != "" ) {
     header('Content-Type:text/html; charset='._CHARSET);
     header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');

From onokazu ¡÷ users.sourceforge.jp  Fri Jul 29 15:30:00 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Fri, 29 Jul 2005 15:30:00 +0900
Subject: [xoops-cvslog 259] CVS update: xoops2jp/html/include
Message-ID: <20050729063000.A4AB82AC041@users.sourceforge.jp>

Index: xoops2jp/html/include/version.php
diff -u xoops2jp/html/include/version.php:1.4.6.4.2.4 xoops2jp/html/include/version.php:1.4.6.4.2.5
--- xoops2jp/html/include/version.php:1.4.6.4.2.4	Wed Jul 20 17:35:14 2005
+++ xoops2jp/html/include/version.php	Fri Jul 29 15:30:00 2005
@@ -1,4 +1,4 @@
 <?php
-// $Id: version.php,v 1.4.6.4.2.4 2005/07/20 08:35:14 onokazu Exp $
-define("XOOPS_VERSION","XOOPS 2.0.11 RC2");
+// $Id: version.php,v 1.4.6.4.2.5 2005/07/29 06:30:00 onokazu Exp $
+define("XOOPS_VERSION","XOOPS 2.0.11 JP");
 ?>
\ No newline at end of file

From onokazu ¡÷ users.sourceforge.jp  Sat Jul 30 23:43:43 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Sat, 30 Jul 2005 23:43:43 +0900
Subject: [xoops-cvslog 260] CVS update: xoops2jp/docs
Message-ID: <20050730144343.6442E2AC00F@users.sourceforge.jp>

Index: xoops2jp/docs/CHANGES.txt
diff -u xoops2jp/docs/CHANGES.txt:1.2.6.6.2.5 xoops2jp/docs/CHANGES.txt:1.2.6.6.2.6
--- xoops2jp/docs/CHANGES.txt:1.2.6.6.2.5	Thu Jul 21 01:55:16 2005
+++ xoops2jp/docs/CHANGES.txt	Sat Jul 30 23:43:43 2005
@@ -1,6 +1,11 @@
 XOOPS v2 Changelog
 ============================
 
+2005/ 7/31: Version 2.0.11 JP
+===============================
+- Fixed infinite refresh of page in visit.php of mydownloads/mylinks
+
+
 2005/ 7/21: Version 2.0.11 JP RC2
 ===============================
 - Added security patch to prevent SQL injection in xmlrpcapi.php

From onokazu ¡÷ users.sourceforge.jp  Sun Jul 31 00:32:52 2005
From: onokazu ¡÷ users.sourceforge.jp (onokazu)
Date: Sun, 31 Jul 2005 00:32:52 +0900
Subject: [xoops-cvslog 261] CVS update: xoops2jp/html/modules/mydownloads
Message-ID: <20050730153252.D6BF92AC00F@users.sourceforge.jp>

Index: xoops2jp/html/modules/mydownloads/visit.php
diff -u xoops2jp/html/modules/mydownloads/visit.php:1.2.10.1 xoops2jp/html/modules/mydownloads/visit.php:1.2.10.2
--- xoops2jp/html/modules/mydownloads/visit.php:1.2.10.1	Fri Jul 29 15:22:22 2005
+++ xoops2jp/html/modules/mydownloads/visit.php	Sun Jul 31 00:32:52 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: visit.php,v 1.2.10.1 2005/07/29 06:22:22 onokazu Exp $
+// $Id: visit.php,v 1.2.10.2 2005/07/30 15:32:52 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -55,10 +55,10 @@
     header('Location: '.XOOPS_URL.'/');
     exit();
 }
-$url = htmlspecialchars(preg_replace( '/javascript:/si' , 'java script:', $url ), ENT_QUOTES);
 if (!preg_match("/^ed2k*:\/\//i", $url)) {
     Header("Location: $url");
 }
+$url = htmlspecialchars(preg_replace( '/javascript:/si' , 'java script:', $url ), ENT_QUOTES);
 echo "<html><head><meta http-equiv=\"Refresh\" content=\"0; URL=".$url."\"></meta></head><body></body></html>";
 exit();
 ?>