[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] CVS: notes/inc class.bo.inc.php,1.2.2.1,1.2.2.1.2.1 c
|
From: |
Dave Hall <address@hidden> |
|
Subject: |
[Phpgroupware-cvs] CVS: notes/inc class.bo.inc.php,1.2.2.1,1.2.2.1.2.1 class.so.inc.php,1.2,1.2.4.1 |
|
Date: |
Wed, 30 Apr 2003 03:05:21 -0400 |
Update of /cvsroot/phpgroupware/notes/inc
In directory subversions:/tmp/cvs-serv31258
Modified Files:
Tag: Version-0_9_16-branch
class.bo.inc.php class.so.inc.php
Log Message:
mods for sync and added some security checks
Index: class.bo.inc.php
===================================================================
RCS file: /cvsroot/phpgroupware/notes/inc/class.bo.inc.php,v
retrieving revision 1.2.2.1
retrieving revision 1.2.2.1.2.1
diff -C2 -r1.2.2.1 -r1.2.2.1.2.1
*** class.bo.inc.php 1 Feb 2002 04:24:29 -0000 1.2.2.1
--- class.bo.inc.php 30 Apr 2003 07:05:19 -0000 1.2.2.1.2.1
***************
*** 212,216 ****
}
! function _list($start = '', $search = '', $filter = '', $cat_id
= '')
{
if (is_array($start))
--- 212,216 ----
}
! function _list($start = '', $search = '', $filter = '', $cat_id
= '', $limit = true, $lastmod = -1)
{
if (is_array($start))
***************
*** 224,230 ****
$params['filter'] = $filter;
$params['cat_id'] = $cat_id;
}
! $notes =
$this->so->read_notes($params['start'],$params['search'],$params['filter'],$params['cat_id']);
$this->total_records = $this->so->total_records;
--- 224,232 ----
$params['filter'] = $filter;
$params['cat_id'] = $cat_id;
+ $params['limit']= $limit;
+ $params['lastmod']= $lastmod;
}
! $notes =
$this->so->read_notes($params['start'],$params['search'],$params['filter'],$params['cat_id'],
$params['limit'], $params['lastmod']);
$this->total_records = $this->so->total_records;
Index: class.so.inc.php
===================================================================
RCS file: /cvsroot/phpgroupware/notes/inc/class.so.inc.php,v
retrieving revision 1.2
retrieving revision 1.2.4.1
diff -C2 -r1.2 -r1.2.4.1
*** class.so.inc.php 10 Dec 2001 01:00:27 -0000 1.2
--- class.so.inc.php 30 Apr 2003 07:05:19 -0000 1.2.4.1
***************
*** 24,29 ****
}
! function read_notes($start, $search = '', $filter = '',$cat_id
= '')
{
if (! $filter)
{
--- 24,35 ----
}
! function read_notes($start, $search = '', $filter = '',$cat_id
= '', $limit = true, $lastmod = -1)
{
+ //cast/addslashes for security
+ $start = (int) $start;
+ $cat_id = (int) $cat_id;
+ $lastmod = (int) $lastmod;
+ $search = $this->db->db_addslashes($search);
+
if (! $filter)
{
***************
*** 58,64 ****
}
if ($cat_id)
{
! $filtermethod .= " AND note_category='$cat_id'
";
}
--- 64,75 ----
}
+ if ($lastmod >= 0)
+ {
+ $filtermethod .= " note_date > $lastmod ";
+ }
+
if ($cat_id)
{
! $filtermethod .= " AND note_category=$cat_id ";
}
***************
*** 67,76 ****
$searchmethod = " AND note_content like
'%$search%'";
}
!
$sql = "SELECT * FROM phpgw_notes WHERE $filtermethod
$searchmethod ORDER BY note_date DESC";
$this->db2->query($sql,__LINE__,__FILE__);
$this->total_records = $this->db2->num_rows();
! $this->db->limit_query($sql,$start,__LINE__,__FILE__);
$i = 0;
--- 78,94 ----
$searchmethod = " AND note_content like
'%$search%'";
}
!
$sql = "SELECT * FROM phpgw_notes WHERE $filtermethod
$searchmethod ORDER BY note_date DESC";
$this->db2->query($sql,__LINE__,__FILE__);
$this->total_records = $this->db2->num_rows();
! if($limit)
! {
!
$this->db->limit_query($sql,$start,__LINE__,__FILE__);
! }
! else
! {
! $this->db->query($sql,__LINE__,__FILE__);
! }
$i = 0;
***************
*** 85,88 ****
--- 103,107 ----
$notes[$i]['content'] =
$this->db->f('note_content');
$notes[$i]['grants'] =
(int)$this->grants[$this->db->f('note_owner')];
+ $notes[$i]['lastmod'] =
(int)$this->db->f('note_date');
$i++;
}
***************
*** 109,117 ****
function add_note($note)
{
! $note['content'] = addslashes($note['content']);
!
$this->db->query("INSERT INTO phpgw_notes
(note_owner,note_access,note_date,note_content,note_category) "
! . "VALUES ('" . $this->owner . "','" .
$note['access'] . "','" . time() . "','" . $note['content']
! . "','" . $note['category'] .
"')",__LINE__,__FILE__);
return
$this->db->get_last_insert_id('phpgw_notes','note_id');
}
--- 128,139 ----
function add_note($note)
{
! //cast/addslashes for security
! $note['access'] =
$this->db->db_addslashes($note['access']);
! $note['content'] =
$this->db->db_addslashes($note['content']);
! $note['category']= (int)$note['category'];
!
$this->db->query("INSERT INTO phpgw_notes
(note_owner,note_access,note_date,note_content,note_category) "
! . "VALUES ('" . $this->owner . "','" .
$note['access'] . "'," . time() . ",'" . $note['content']
! . "'," . $note['category'] .
")",__LINE__,__FILE__);
return
$this->db->get_last_insert_id('phpgw_notes','note_id');
}
***************
*** 119,130 ****
function edit_note($note)
{
! $note['content'] = addslashes($note['content']);
! $this->db->query("UPDATE phpgw_notes set
note_content='" . $note['content'] . "', note_date='" . time() . "',
note_category='" . $note[category] . "', "
! . "note_access='" . $note['access'] . "' WHERE
note_id='" . $note['id'] . "'",__LINE__,__FILE__);
}
function delete_note($note_id)
{
$this->db->query("DELETE FROM phpgw_notes WHERE
note_id='$note_id'",__LINE__,__FILE__);
}
--- 141,157 ----
function edit_note($note)
{
! //cast/addslashes for security
! $note['id'] = (int)$note['id'];
! $note['access'] =
$this->db->db_addslashes($note['access']);
! $note['content'] =
$this->db->db_addslashes($note['content']);
! $note['category']= (int)$note['category'];
! $this->db->query("UPDATE phpgw_notes set
note_content='" . $note['content'] . "', note_date='" . time() . "',
note_category=" . $note['category'] . ", "
! . "note_access='" . $note['access'] . "' WHERE
note_id=" . $note['id'] ,__LINE__,__FILE__);
}
function delete_note($note_id)
{
+ $note_id = (int) $note_id;
$this->db->query("DELETE FROM phpgw_notes WHERE
note_id='$note_id'",__LINE__,__FILE__);
}
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] CVS: notes/inc class.bo.inc.php,1.2.2.1,1.2.2.1.2.1 class.so.inc.php,1.2,1.2.4.1,
Dave Hall <address@hidden> <=
- Prev by Date:
[Phpgroupware-cvs] CVS: sync/inc class.common_base.inc.php,1.1.1.1,1.2 class.contacts_base.inc.php,1.1.1.1,1.2
- Next by Date:
[Phpgroupware-cvs] CVS: sync/inc class.notes_base.inc.php,NONE,1.1
- Previous by thread:
[Phpgroupware-cvs] CVS: sync/inc class.common_base.inc.php,1.1.1.1,1.2 class.contacts_base.inc.php,1.1.1.1,1.2
- Next by thread:
[Phpgroupware-cvs] CVS: sync/inc class.notes_base.inc.php,NONE,1.1
- Index(es):