diff options
author | rvelices <rv-github@modusoptimus.com> | 2007-09-12 03:52:16 +0000 |
---|---|---|
committer | rvelices <rv-github@modusoptimus.com> | 2007-09-12 03:52:16 +0000 |
commit | 0a8cfa318a853943bc315d17c36cc4d7d6680f8b (patch) | |
tree | c0d1aefe7c9627bb26b9ab31478f9a1a9742de77 | |
parent | 160fdcf517c4ac3fad9d9c914abeaaa65e791428 (diff) |
urls used in http redirections must not be html escaped (eg. should use & instead of &)
git-svn-id: http://piwigo.org/svn/branches/branch-1_7@2088 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r-- | admin/notification_by_mail.php | 24 | ||||
-rw-r--r-- | admin/user_list.php | 12 | ||||
-rw-r--r-- | include/functions.inc.php | 13 |
3 files changed, 23 insertions, 26 deletions
diff --git a/admin/notification_by_mail.php b/admin/notification_by_mail.php index 8d1cc6520..377aed03e 100644 --- a/admin/notification_by_mail.php +++ b/admin/notification_by_mail.php @@ -84,7 +84,7 @@ function do_timeout_treatment($post_keyname, $check_key_treated = array()) $must_repost = true; array_push($page['errors'], - l10n_dec('nbm_background_treatment_redirect_second', + l10n_dec('nbm_background_treatment_redirect_second', 'nbm_background_treatment_redirect_seconds', $time_refresh)); } @@ -164,7 +164,7 @@ order by // Insert new nbm_users array_push ( - $inserts, + $inserts, array ( 'user_id' => $nbm_user['user_id'], @@ -175,10 +175,10 @@ order by array_push ( - $page['infos'], + $page['infos'], sprintf( - l10n('nbm_user_x_added'), - $nbm_user['username'], + l10n('nbm_user_x_added'), + $nbm_user['username'], get_email_address_as_display_text($nbm_user['mail_address']) ) ); @@ -203,7 +203,7 @@ order by $query = 'delete from '.USER_MAIL_NOTIFICATION_TABLE.' where check_key in ('.implode(",", $quoted_check_key_list).');'; $result = pwg_query($query); - redirect($base_url.get_query_string_diff(array()), l10n('nbm_redirect_msg')); + redirect($base_url.get_query_string_diff(array(), false), l10n('nbm_redirect_msg')); } } } @@ -218,7 +218,7 @@ function do_action_send_mail_notification($action = 'list_to_send', $check_key_l { global $conf, $page, $user, $lang_info, $lang, $env_nbm; $return_list = array(); - + if (in_array($action, array('list_to_send', 'send'))) { list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();')); @@ -313,7 +313,7 @@ function do_action_send_mail_notification($action = 'list_to_send', $check_key_l 'content_new_elements_between', array ( - 'DATE_BETWEEN_1' => $nbm_user['last_send'], + 'DATE_BETWEEN_1' => $nbm_user['last_send'], 'DATE_BETWEEN_2' => $dbnow, 'END_PUNCT' => $end_punct ) @@ -421,7 +421,7 @@ function do_action_send_mail_notification($action = 'list_to_send', $check_key_l array_push($return_list, $nbm_user); } } - + // unset env nbm user unset_user_on_env_nbm(); } @@ -519,7 +519,7 @@ where $updated_param_count += 1; } } - + array_push($page['infos'], l10n_dec('nbm_updated_param_count', 'nbm_updated_params_count', $updated_param_count)); @@ -586,7 +586,7 @@ if (is_autorize_status(ACCESS_WEBMASTER)) 'param' => array ( 'caption' => l10n('nbm_param_mode'), - 'url' => add_url_params($base_url.get_query_string_diff(array('mode', 'select')), + 'url' => add_url_params($base_url.get_query_string_diff(array('mode', 'select')), array('mode' => 'param')) ), 'subscribe' => array @@ -626,7 +626,7 @@ if ($must_repost) $template->assign_block_vars ( - 'repost', + 'repost', array ( 'REPOST_SUBMIT_NAME' => $repost_submit_name diff --git a/admin/user_list.php b/admin/user_list.php index 1c7a752d4..6bd8c4046 100644 --- a/admin/user_list.php +++ b/admin/user_list.php @@ -256,7 +256,7 @@ if (isset($_POST['delete']) and count($collection) > 0) { array_push($page['errors'], l10n('Guest cannot be deleted')); } - if (($conf['guest_id'] != $conf['default_user_id']) and + if (($conf['guest_id'] != $conf['default_user_id']) and in_array($conf['default_user_id'], $collection)) { array_push($page['errors'], l10n('Default user cannot be deleted')); @@ -353,7 +353,7 @@ DELETE FROM '.USER_GROUP_TABLE.' 'recent_period', 'maxwidth', 'expand', 'show_nb_comments', 'show_nb_hits', 'maxheight', 'status', 'enabled_high'); - $true_false_fields = array('expand', 'show_nb_comments', + $true_false_fields = array('expand', 'show_nb_comments', 'show_nb_hits', 'enabled_high'); if ($conf['allow_adviser']) { @@ -438,11 +438,7 @@ DELETE FROM '.USER_GROUP_TABLE.' redirect( PHPWG_ROOT_PATH. 'admin.php'. - get_query_string_diff( - array( - 'start' - ) - ) + get_query_string_diff(array(), false) ); } @@ -836,7 +832,7 @@ foreach ($visible_user_list as $num => $local_user) ? '<BR />['.l10n('adviser').']' : ''), 'EMAIL' => get_email_address_as_display_text($local_user['email']), 'GROUPS' => $groups_string, - 'PROPERTIES' => + 'PROPERTIES' => (isset($local_user['enabled_high']) and ($local_user['enabled_high'] == 'true')) ? $lang['is_high_enabled'] : $lang['is_high_disabled'] ) diff --git a/include/functions.inc.php b/include/functions.inc.php index b120cd0a6..aee815866 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -428,7 +428,7 @@ function pwg_log($image_id = null, $image_type = null) } $do_log = trigger_event('pwg_log_allowed', $do_log, $image_id, $image_type); - + if (!$do_log) { return false; @@ -458,7 +458,7 @@ SELECT CURDATE(), CURTIME() list($curyear, $curmonth, $curday) = explode('-', $curdate); list($curhour) = explode(':', $curtime); - + $query = ' INSERT INTO '.HISTORY_TABLE.' ( @@ -711,9 +711,10 @@ function redirect( $url , $msg = '', $refresh_time = 0) * returns $_SERVER['QUERY_STRING'] whitout keys given in parameters * * @param array $rejects + * @param boolean $escape - if true escape & to & (for html) * @returns string */ -function get_query_string_diff($rejects = array()) +function get_query_string_diff($rejects=array(), $escape=true) { $query_string = ''; @@ -725,7 +726,7 @@ function get_query_string_diff($rejects = array()) { if (!in_array($key, $rejects)) { - $query_string.= $is_first ? '?' : '&'; + $query_string.= $is_first ? '?' : ($escape ? '&' : '&' ); $is_first = false; $query_string.= $key.'='.$value; } @@ -837,7 +838,7 @@ function get_thumbnail_title($element_info) { $thumbnail_title = ''; } - + if (!empty($element_info['filesize'])) { $thumbnail_title .= ' : '.l10n_dec('%d Kb', '%d Kb', $element_info['filesize']); @@ -1073,7 +1074,7 @@ function get_l10n_args($key, $args) * returns a string with formated with l10n_args elements * * @param element/array $key_args: element or array of l10n_args elements - * @param $sep: if $key_args is array, + * @param $sep: if $key_args is array, * separator is used when translated l10n_args elements are concated * @return string */ |