[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fmsystem-commits] [14852] prevent SQL-injection
From: |
Sigurd Nes |
Subject: |
[Fmsystem-commits] [14852] prevent SQL-injection |
Date: |
Fri, 18 Mar 2016 20:33:55 +0000 |
Revision: 14852
http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=14852
Author: sigurdne
Date: 2016-03-18 20:33:54 +0000 (Fri, 18 Mar 2016)
Log Message:
-----------
prevent SQL-injection
Modified Paths:
--------------
trunk/activitycalendar/inc/class.soactivity.inc.php
trunk/activitycalendar/inc/class.soarena.inc.php
trunk/activitycalendar/inc/class.socontactperson.inc.php
trunk/activitycalendar/inc/class.sogroup.inc.php
trunk/activitycalendar/inc/class.soorganization.inc.php
trunk/rental/inc/class.uicontract.inc.php
trunk/rental/inc/class.uifrontpage.inc.php
Modified: trunk/activitycalendar/inc/class.soactivity.inc.php
===================================================================
--- trunk/activitycalendar/inc/class.soactivity.inc.php 2016-03-18 08:56:29 UTC
(rev 14851)
+++ trunk/activitycalendar/inc/class.soactivity.inc.php 2016-03-18 20:33:54 UTC
(rev 14852)
@@ -513,14 +513,13 @@
function get_category_name( $category_id )
{
$result = "Ingen";
- if ($category_id != null)
+ $category_id = (int)$category_id;
+ if ($category_id)
{
- $sql = "SELECT name FROM bb_activity where
id=$category_id";
+ $sql = "SELECT name FROM bb_activity where
id={$category_id}";
$this->db->query($sql, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('name');
- }
+ $this->db->next_record();
+ $result = $this->db->f('name');
}
return $result;
}
@@ -534,7 +533,7 @@
{
$category = new
activitycalendar_category($this->db->f('id'));
$category->set_parent_id($this->db->f('parent_id'));
- $category->set_name($this->db->f('name'));
+ $category->set_name($this->db->f('name', true));
$categories[] = $category;
}
return $categories;
@@ -543,13 +542,13 @@
function select_district_list()
{
$this->db->query("SELECT id, descr FROM fm_district
where id >'0' AND NOT descr LIKE '%vrige%' ORDER BY id ", __LINE__, __FILE__);
-
- $i = 0;
+ $district = array();
while ($this->db->next_record())
{
- $district[$i]['id'] = $this->db->f('id');
- $district[$i]['name'] =
stripslashes($this->db->f('descr'));
- $i++;
+ $district[] = array(
+ 'id' => $this->db->f('id'),
+ 'name' => $this->db->f('descr', true)
+ );
}
return $district;
@@ -558,26 +557,20 @@
function get_district_from_name( $name )
{
$this->db->query("SELECT part_of_town_id FROM
fm_part_of_town where name like UPPER('%{$name}%') ", __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('part_of_town_id');
- }
- return $result;
+ $this->db->next_record();
+ return $this->db->f('part_of_town_id');
}
function get_district_from_id( $d_id )
{
- $this->db->query("SELECT name FROM fm_part_of_town
where part_of_town_id={$d_id} ", __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('name');
- }
- return $result;
+ $d_id = (int)$d_id;
+ $this->db->query("SELECT name FROM fm_part_of_town
where part_of_town_id={$d_id}", __LINE__, __FILE__);
+ $this->db->next_record();
+ return $this->db->f('name', true);
}
function get_district_name( $district_id )
{
- //$result = "Ingen";
$values = array();
if ($district_id != null)
{
@@ -585,9 +578,7 @@
$this->db->query($sql, __LINE__, __FILE__);
while ($this->db->next_record())
{
- $name = $this->db->f('name');
- $values[] = $name;
- //$result .= $name . ',';
+ $values[] = $this->db->f('name', true);
}
$result = implode(", ", $values);
return $result;
@@ -598,17 +589,18 @@
function get_districts()
{
$this->db->query("SELECT part_of_town_id, name FROM
fm_part_of_town district_id ", __LINE__, __FILE__);
-
- $i = 0;
+ $district = array();
while ($this->db->next_record())
{
$name = $this->db->f('name');
- if ($name != 'ØVRIGE')
+ if ($name == 'ØVRIGE')
{
- $district[$i]['part_of_town_id'] =
$this->db->f('part_of_town_id');
- $district[$i]['name'] =
stripslashes($this->db->f('name'));
- $i++;
+ continue;
}
+ $district[] = array(
+ 'part_of_town_id' =>
$this->db->f('part_of_town_id'),
+ 'name' => stripslashes($name)
+ );
}
return $district;
@@ -622,25 +614,43 @@
$q1 = "SELECT office FROM bb_office_user WHERE
account_id={$user_id}";
//var_dump($q1);
$this->db->query($q1, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $office_id = $this->db->f('office');
- }
+ $this->db->next_record();
+
+ $office_id = $this->db->f('office', true);
}
return $office_id;
}
+ /**
+ * DEMO::This one is vulnerable to SQL-injection
+ *
+ *
+ *
+ function get_office_name( $district_id )
+ {
+ $result = "Ingen";
+ if ($district_id != null)
+ {
+ $sql = "SELECT descr FROM fm_district where id=$district_id";
+ $this->db->query($sql, __LINE__, __FILE__);
+ while ($this->db->next_record())
+ {
+ $result = $this->db->f('descr');
+ }
+ }
+ return $result;
+ }
+ */
function get_office_name( $district_id )
{
+ $district_id = (int)$district_id;
$result = "Ingen";
- if ($district_id != null)
+ if ($district_id)
{
- $sql = "SELECT descr FROM fm_district where
id=$district_id";
+ $sql = "SELECT descr FROM fm_district where id
= {$district_id}";
$this->db->query($sql, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('descr');
- }
+ $this->db->next_record();
+ $result = $this->db->f('descr', true);
}
return $result;
}
@@ -648,14 +658,13 @@
function get_office_description( $office_id )
{
$result = "";
- if ($office_id != null)
+ $office_id = (int)$office_id;
+ if ($office_id)
{
- $sql = "SELECT description FROM bb_office where
id=$office_id";
+ $sql = "SELECT description FROM bb_office where
id={$office_id}";
$this->db->query($sql, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('description');
- }
+ $this->db->next_record();
+ $result = $this->db->f('description', true);
}
return $result;
}
@@ -663,14 +672,14 @@
function get_target_name( $target_id )
{
$result = "Ingen";
- if ($target_id != null)
+ $target_id = (int)$target_id;
+ if ($target_id)
{
- $sql = "SELECT name FROM bb_agegroup where
id=$target_id";
+ $sql = "SELECT name FROM bb_agegroup where
id={$target_id}";
$this->db->query($sql, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('name');
- }
+ $this->db->next_record();
+
+ $result = $this->db->f('name', true);
}
return $result;
}
@@ -682,14 +691,15 @@
$this->db->query($sql, __LINE__, __FILE__);
while ($this->db->next_record())
{
- $name = $this->db->f('name');
- if ($name != 'Tilskuere')
+ $name = $this->db->f('name', true);
+ if ($name == 'Tilskuere')
{
- $target = new
activitycalendar_target($this->db->f('id'));
-
$target->set_description($this->db->f('description'));
- $target->set_name($this->db->f('name'));
- $targets[] = $target;
+ continue;
}
+ $target = new
activitycalendar_target($this->db->f('id'));
+
$target->set_description($this->db->f('description', true));
+ $target->set_name($name);
+ $targets[] = $target;
}
return $targets;
}
@@ -700,24 +710,22 @@
{
$sql = "select id from bb_activity where name
like '%{$name}%'";
$this->db->query($sql, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('id');
- }
+ $this->db->next_record();
+ $result = $this->db->f('id');
}
return $result;
}
function get_target_from_sort_id( $id )
{
- if ($id != null && is_numeric($id))
+ $id = (int)$id;
+ if ($id)
{
$sql = "select id from bb_agegroup where
sort={$id} and active=1";
$this->db->query($sql, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('id');
- }
+ $this->db->next_record();
+
+ $result = $this->db->f('id');
}
return $result;
}
@@ -728,32 +736,33 @@
{
$sql = "select id from bb_organization where
organization_number='{$orgno}'";
$this->db->query($sql, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('id');
- }
+ $this->db->next_record();
+ $result = $this->db->f('id');
}
return $result;
}
function update_org_description( $org_id, $description )
{
- if ($org_id != null)
+ $description = $this->db->db_addslashes($description);
+ $org_id = (int)$org_id;
+ if ($org_id)
{
$sql = "update bb_organization set
description='{$description}' where id={$org_id}";
$result = $this->db->query($sql, __LINE__,
__FILE__);
}
- return isset($result);
+ return ($result);
}
function set_org_active( $org_id )
{
- if ($org_id != null)
+ $org_id = (int)$org_id;
+ if ($org_id)
{
$sql = "update bb_organization set
show_in_portal=1 where id={$org_id}";
$result = $this->db->query($sql, __LINE__,
__FILE__);
}
- return isset($result);
+ return ($result);
}
function get_activities( $parameters = array() )
@@ -817,49 +826,46 @@
function get_contact_person( $org_id, $group_id, $cont_pers )
{
+ $org_id = (int)$org_id;
+ $group_id = (int)$group_id;
if ($group_id)
{
- $group_id = (int)$group_id;
- // $this->db->query("SELECT * FROM
bb_group_contact WHERE id={$cont_pers}", __LINE__, __FILE__);
$this->db->query("SELECT * FROM
bb_group_contact WHERE group_id={$group_id} LIMIT 1", __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = array('name' => $this->soap ?
$this->db->f('name') : utf8_decode($this->db->f('name')),
- 'phone' =>
$this->db->f('phone'), 'email' => $this->db->f('email'));
- }
+ $this->db->next_record();
+
+ $result = array(
+ 'name' => $this->soap ?
$this->db->f('name', true) : utf8_decode($this->db->f('name', true)),
+ 'phone' => $this->db->f('phone'),
'email' => $this->db->f('email')
+ );
}
else if ($org_id)
{
- $org_id = (int)$org_id;
$this->db->query("SELECT * FROM
bb_organization_contact WHERE organization_id={$org_id} LIMIT 1", __LINE__,
__FILE__);
- while ($this->db->next_record())
- {
- $result = array('name' => $this->soap ?
$this->db->f('name') : utf8_decode($this->db->f('name')),
- 'phone' =>
$this->db->f('phone'), 'email' => $this->db->f('email'));
- }
+ $this->db->next_record();
+ $result = array(
+ 'name' => $this->soap ?
$this->db->f('name', true) : utf8_decode($this->db->f('name', true)),
+ 'phone' => $this->db->f('phone'),
'email' => $this->db->f('email'));
}
return $result;
}
function get_activity_description( $org_id, $group_id )
{
+ $org_id = (int)$org_id;
+ $group_id = (int)$group_id;
if ($group_id)
{
- $group_id = (int)$group_id;
$this->db->query("SELECT * FROM bb_group WHERE
id={$group_id}", __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->soap ?
$this->db->f('description') : utf8_decode($this->db->f('description'));
- }
+ $this->db->next_record();
+
+ $result = $this->soap ?
$this->db->f('description', true) : utf8_decode($this->db->f('description',
true));
}
else if ($org_id)
{
- $org_id = (int)$org_id;
$this->db->query("SELECT * FROM bb_organization
WHERE id={$org_id}", __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->soap ?
$this->db->f('description') : utf8_decode($this->db->f('description'));
- }
+ $this->db->next_record();
+
+ $result = $this->soap ?
$this->db->f('description', true) : utf8_decode($this->db->f('description',
true));
}
return $result;
}
@@ -878,9 +884,9 @@
$organizations[] = array
(
'id' => (int)$this->db->f('id'),
- 'name' =>
utf8_decode($this->db->f('name')),
- 'shortname' =>
utf8_decode($this->db->f('shortname')),
- 'description' =>
utf8_decode($this->db->f('description')),
+ 'name' =>
utf8_decode($this->db->f('name', true)),
+ 'shortname' =>
utf8_decode($this->db->f('shortname', true)),
+ 'description' =>
utf8_decode($this->db->f('description', true)),
'homepage' => $homepage,
'phone' => $this->db->f('phone'),
'email' => $this->db->f('email')
@@ -892,17 +898,16 @@
function get_org_info( $org_id )
{
+ $org_id = (int)$org_id;
$result = array();
if ($org_id)
{
- $org_id = (int)$org_id;
$this->db->query("SELECT * FROM bb_organization
WHERE id={$org_id}", __LINE__, __FILE__);
$this->db->next_record();
- $result = array
- (
- 'name' =>
utf8_decode($this->db->f('name')),
- 'shortname' =>
utf8_decode($this->db->f('shortname')),
- 'description' =>
utf8_decode($this->db->f('description')),
+ $result = array(
+ 'name' =>
utf8_decode($this->db->f('name', true)),
+ 'shortname' =>
utf8_decode($this->db->f('shortname', true)),
+ 'description' =>
utf8_decode($this->db->f('description', true)),
'homepage' => $this->db->f('homepage'),
'phone' => $this->db->f('phone'),
'email' => $this->db->f('email')
@@ -921,9 +926,9 @@
$groups[] = array
(
'id' => (int)$this->db->f('id'),
- 'name' =>
utf8_decode($this->db->f('name')),
- 'shortname' =>
utf8_decode($this->db->f('shortname')),
- 'description' =>
utf8_decode($this->db->f('description')),
+ 'name' =>
utf8_decode($this->db->f('name', true)),
+ 'shortname' =>
utf8_decode($this->db->f('shortname', true)),
+ 'description' =>
utf8_decode($this->db->f('description', true)),
'homepage' =>
utf8_decode($this->db->f('homepage')),
'organization_id' =>
$this->db->f('organization_id')
);
@@ -949,17 +954,17 @@
function get_group_info( $group_id )
{
+ $group_id = (int)$group_id;
$result = array();
if ($group_id)
{
- $group_id = (int)$group_id;
$this->db->query("SELECT * FROM bb_group WHERE
id={$group_id}", __LINE__, __FILE__);
$this->db->next_record();
$result = array
(
- 'name' =>
utf8_decode($this->db->f('name')),
- 'shortname' =>
utf8_decode($this->db->f('shortname')),
- 'description' =>
utf8_decode($this->db->f('description')),
+ 'name' =>
utf8_decode($this->db->f('name', true)),
+ 'shortname' =>
utf8_decode($this->db->f('shortname', true)),
+ 'description' =>
utf8_decode($this->db->f('description', true)),
'organization_id' =>
$this->db->f('organization_id')
);
}
@@ -969,26 +974,24 @@
function get_all_arena_info( $arena_id, $int_arena_id )
{
$result = array();
- if ($arena_id && is_numeric($arena_id))
+ $arena_id = (int)$arena_id;
+ $int_arena_id = (int)$int_arena_id;
+ if ($arena_id)
{
- $arena_id = (int)$arena_id;
$this->db->query("SELECT * FROM activity_arena
WHERE id={$arena_id}", __LINE__, __FILE__);
$this->db->next_record();
- $result = array
- (
- 'arena_name' => $this->soap ?
$this->db->f('arena_name') : utf8_decode($this->db->f('arena_name')),
- 'address' => $this->soap ?
$this->db->f('address') : utf8_decode($this->db->f('address'))
+ $result = array(
+ 'arena_name' => $this->soap ?
$this->db->f('arena_name', true) : utf8_decode($this->db->f('arena_name',
true)),
+ 'address' => $this->soap ?
$this->db->f('address', true) : utf8_decode($this->db->f('address', true))
);
}
- else if ($int_arena_id && is_numeric($int_arena_id))
+ else if ($int_arena_id)
{
- $int_arena_id = (int)$int_arena_id;
$this->db->query("SELECT id, name, street FROM
bb_building WHERE id={$int_arena_id}", __LINE__, __FILE__);
$this->db->next_record();
- $result = array
- (
- 'arena_name' => $this->soap ?
$this->db->f('name') : utf8_decode($this->db->f('name')),
- 'address' => $this->soap ?
$this->db->f('street') : utf8_decode($this->db->f('street'))
+ $result = array(
+ 'arena_name' => $this->soap ?
$this->db->f('name', true) : utf8_decode($this->db->f('name', true)),
+ 'address' => $this->soap ?
$this->db->f('street', true) : utf8_decode($this->db->f('street', true))
);
}
return $result;
@@ -997,15 +1000,14 @@
function get_arena_info( $arena_id )
{
$result = array();
+ $arena_id = (int)$arena_id;
if ($arena_id)
{
- $arena_id = (int)$arena_id;
$this->db->query("SELECT * FROM activity_arena
WHERE id={$arena_id}", __LINE__, __FILE__);
$this->db->next_record();
- $result = array
- (
- 'arena_name' => $this->soap ?
$this->db->f('arena_name') : utf8_decode($this->db->f('arena_name')),
- 'address' => $this->soap ?
$this->db->f('address') : utf8_decode($this->db->f('address'))
+ $result = array(
+ 'arena_name' => $this->soap ?
$this->db->f('arena_name', true) : utf8_decode($this->db->f('arena_name',
true)),
+ 'address' => $this->soap ?
$this->db->f('address', true) : utf8_decode($this->db->f('address', true))
);
}
return $result;
@@ -1014,15 +1016,14 @@
function get_internal_arena_info( $arena_id )
{
$result = array();
+ $arena_id = (int)$arena_id;
if ($arena_id)
{
- $arena_id = (int)$arena_id;
$this->db->query("SELECT id, name, street FROM
bb_building WHERE id={$arena_id}", __LINE__, __FILE__);
$this->db->next_record();
- $result = array
- (
- 'arena_name' => $this->soap ?
$this->db->f('name') : utf8_decode($this->db->f('name')),
- 'address' => $this->soap ?
$this->db->f('street') : utf8_decode($this->db->f('street'))
+ $result = array(
+ 'arena_name' => $this->soap ?
$this->db->f('name', true) : utf8_decode($this->db->f('name', true)),
+ 'address' => $this->soap ?
$this->db->f('street', true) : utf8_decode($this->db->f('street', true))
);
}
return $result;
@@ -1059,6 +1060,7 @@
{
$sql = "SELECT * FROM bb_activity where active=1 and
parent_id=1";
$this->db->query($sql, __LINE__, __FILE__);
+ $categories = array();
while ($this->db->next_record())
{
$categories[] = array(
@@ -1131,7 +1133,7 @@
'show_in_portal = 1'
);
- $result = $this->db->query('UPDATE bb_organization SET
' . join(',', $values) . " WHERE id=$orgid", __LINE__, __FILE__);
+ $result = $this->db->query('UPDATE bb_organization SET
' . join(',', $values) . " WHERE id = {$orgid}", __LINE__, __FILE__);
}
function add_organization( $org_info )
@@ -1328,10 +1330,10 @@
function delete_contact_persons( $org_id )
{
+ $org_id = (int)$org_id;
if ($org_id)
{
- $org = (int)$org_id;
- $sql = "DELETE FROM bb_organization_contact
WHERE organization_id={$org}";
+ $sql = "DELETE FROM bb_organization_contact
WHERE organization_id={$org_id}";
$result = $this->db->query($sql, __LINE__,
__FILE__);
return isset($result);
}
@@ -1441,6 +1443,7 @@
function get_activities_for_update( $org_id, $group = false )
{
+ $org_id = (int)$org_id;
$activity_ids = array();
if ($group)
{
@@ -1462,6 +1465,7 @@
function get_connected_activities( $org_id )
{
+ $org_id = (int)$org_id;
$activities = array();
$sql = "SELECT * FROM activity_activity WHERE
organization_id={$org_id}";
@@ -1498,12 +1502,9 @@
function update_organization_connection( $activity_id,
$organization_id )
{
- $id = intval($activity_id);
- $org_id = intval($organization_id);
-
- $result = $this->db->query("UPDATE activity_activity
SET organization_id={$org_id} WHERE id={$id}", __LINE__, __FILE__);
-
- return isset($result);
+ $id = (int)$activity_id;
+ $org_id = (int)$organization_id;
+ return $this->db->query("UPDATE activity_activity SET
organization_id={$org_id} WHERE id={$id}", __LINE__, __FILE__);
}
function get_activities_without_groups()
@@ -1514,9 +1515,9 @@
while ($this->db->next_record())
{
$activity_id = $this->db->f('id');
- $activity_title = $this->db->f('title');
+ $activity_title = $this->db->f('title', true);
$activity_organization =
$this->db->f('organization_id');
- $description = $this->db->f('org_desc');
+ $description = $this->db->f('org_desc', true);
$activities[] = array(
'id' => $activity_id,
@@ -1540,7 +1541,7 @@
function remove_old_activities( $activity_id )
{
- //$sql = "delete from activity_activity where id in
(1293,1294,1297,1299)"; //1293,1294,1297,1299
+ $activity_id = (int)$activity_id;
$sql = "delete from activity_activity where
id={$activity_id}";
$result = $this->db->query($sql, __LINE__, __FILE__);
@@ -1549,7 +1550,7 @@
function save_with_no_changes( $activity )
{
- $id = intval($activity->get_id());
+ $id = (int)$activity->get_id();
$ts_now = strtotime('now');
$values = "last_change_date = " .
$this->marshal($ts_now, 'int');
@@ -1561,15 +1562,9 @@
function update_activity_group( $activity_id, $group_id )
{
- $id = intval($activity_id);
- $g_id = intval($group_id);
-
+ $id = (int)$activity_id;
+ $g_id = (int)$group_id;
$values = "group_id = " . $g_id;
- //var_dump("UPDATE activity_activity SET {$values}
WHERE id={$id}");
- //die;
-
- $result = $this->db->query("UPDATE activity_activity
SET {$values} WHERE id={$id}", __LINE__, __FILE__);
-
- return isset($result);
+ return $this->db->query("UPDATE activity_activity SET
{$values} WHERE id={$id}", __LINE__, __FILE__);
}
}
\ No newline at end of file
Modified: trunk/activitycalendar/inc/class.soarena.inc.php
===================================================================
--- trunk/activitycalendar/inc/class.soarena.inc.php 2016-03-18 08:56:29 UTC
(rev 14851)
+++ trunk/activitycalendar/inc/class.soarena.inc.php 2016-03-18 20:33:54 UTC
(rev 14852)
@@ -184,14 +184,14 @@
function get_arena_name( $arena_id )
{
$result = "Ingen";
- if (isset($arena_id) && $arena_id != '')
+ $arena_id = (int)$arena_id;
+ if ($arena_id)
{
$q1 = "SELECT arena_name FROM activity_arena
WHERE id={$arena_id}";
$this->db->query($q1, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('arena_name');
- }
+ $this->db->next_record();
+
+ $result = $this->db->f('arena_name', true);
}
return $result;
@@ -211,7 +211,7 @@
while ($this->db->next_record())
{
$id = $this->db->f('id');
- $buildings[$id] = $this->db->f('name');
+ $buildings[$id] = $this->db->f('name', true);
}
return $buildings;
}
@@ -224,9 +224,9 @@
*/
function get_building_name( $building_id )
{
- if (isset($building_id))
+ $building_id = (int)$building_id;
+ if ($building_id)
{
- $building_id = (int)$building_id;
$q1 = "SELECT name FROM bb_building WHERE
id={$building_id}";
$this->db->query($q1, __LINE__, __FILE__);
while ($this->db->next_record())
@@ -249,7 +249,7 @@
$q = "INSERT INTO activity_arena (arena_name) VALUES
('test')";
$result = $this->db->query($q);
- if (isset($result))
+ if ($result)
{
// Set the new party ID
$arena->set_id($this->db->get_last_insert_id('activity_arena', 'id'));
@@ -270,7 +270,7 @@
*/
function update( $arena )
{
- $id = intval($arena->get_id());
+ $id = (int)$arena->get_id();
$values = array(
'arena_name = ' .
$this->marshal($arena->get_arena_name(), 'string'),
@@ -282,9 +282,9 @@
'active = ' .
$this->marshal(($arena->is_active() ? 'true' : 'false'), 'bool'),
);
- $result = $this->db->query('UPDATE activity_arena SET '
. join(',', $values) . " WHERE id=$id", __LINE__, __FILE__);
+ $result = $this->db->query('UPDATE activity_arena SET '
. join(',', $values) . " WHERE id={$id}", __LINE__, __FILE__);
- return isset($result);
+ return $result;
}
public function get_id_field_name( $extended_info = false )
@@ -315,15 +315,9 @@
$this->db->query($sql, __LINE__, __FILE__);
while ($this->db->next_record())
{
- //$result_arr = $this->db->f('name');
- /* if($curr_index == 0)
- {
- $result_arr[] = "<option
value='0'>Velg gateadresse</option>";
- }
- $result_arr[] = "<option value='" .
$this->db->f('descr') . "'>" . $this->db->f('descr') . "</option>";
- $curr_index++; */
-
- $result_arr[]['name'] =
$this->db->f('descr');
+ $result_arr[] = array(
+ 'name' => $this->db->f('descr',
true)
+ );
}
}
//$result = implode(' ', $result_arr);
@@ -334,14 +328,12 @@
public function get_arena_id_by_name( $arena_name )
{
$result = 0;
- if (isset($arena_name) && $arena_name != '')
+ if ($arena_name)
{
$q1 = "SELECT id FROM activity_arena WHERE
UPPER(arena_name) = UPPER('{$arena_name}')";
$this->db->query($q1, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('id');
- }
+ $this->db->next_record();
+ $result = $this->db->f('id');
}
return $result;
}
Modified: trunk/activitycalendar/inc/class.socontactperson.inc.php
===================================================================
--- trunk/activitycalendar/inc/class.socontactperson.inc.php 2016-03-18
08:56:29 UTC (rev 14851)
+++ trunk/activitycalendar/inc/class.socontactperson.inc.php 2016-03-18
20:33:54 UTC (rev 14852)
@@ -194,14 +194,13 @@
function get_group_contact_name( $id )
{
$result = "Ingen";
- if (isset($id) && $id != '')
+ $id = (int)$id;
+ if ($id)
{
$q1 = "SELECT name, phone, email FROM
bb_group_contact WHERE id={$id}";
$this->db->query($q1, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('name') .
"<br/>" . $this->db->f('phone') . "<br/>" . $this->db->f('email');
- }
+ $this->db->next_record();
+ $result = $this->db->f('name', true) . "<br/>"
. $this->db->f('phone') . "<br/>" . $this->db->f('email');
}
return $result;
}
@@ -209,14 +208,14 @@
function get_group_contact_name_local( $id )
{
$result = "Ingen";
- if (isset($id) && $id != '')
+ $id = (int)$id;
+ if ($id)
{
$q1 = "SELECT name, phone, email FROM
activity_contact_person WHERE id={$id}";
$this->db->query($q1, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('name') .
"<br/>" . $this->db->f('phone') . "<br/>" . $this->db->f('email');
- }
+ $this->db->next_record();
+
+ $result = $this->db->f('name', true) . "<br/>"
. $this->db->f('phone') . "<br/>" . $this->db->f('email');
}
return $result;
}
@@ -224,14 +223,14 @@
function get_org_contact_name( $id )
{
$result = "Ingen";
- if (isset($id) && $id != '')
+ $id = (int)$id;
+ if ($id)
{
$q1 = "SELECT name, phone, email FROM
bb_organization_contact WHERE id={$id}";
$this->db->query($q1, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('name') .
"<br/>" . $this->db->f('phone') . "<br/>" . $this->db->f('email');
- }
+ $this->db->next_record();
+
+ $result = $this->db->f('name', true) . "<br/>"
. $this->db->f('phone') . "<br/>" . $this->db->f('email');
}
return $result;
}
@@ -239,42 +238,39 @@
function get_org_contact_name_local( $id )
{
$result = "Ingen";
- if (isset($id) && $id != '')
+ $id = (int)$id;
+ if ($id)
{
$q1 = "SELECT name, phone, email FROM
activity_contact_person WHERE id={$id}";
$this->db->query($q1, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('name') .
"<br/>" . $this->db->f('phone') . "<br/>" . $this->db->f('email');
- }
+ $this->db->next_record();
+ $result = $this->db->f('name', true) . "<br/>"
. $this->db->f('phone') . "<br/>" . $this->db->f('email');
}
return $result;
}
function get_mailaddress_for_group_contact( $contact_person_id )
{
+ $contact_person_id = (int)$contact_person_id;
if ($contact_person_id)
{
$q1 = "SELECT email FROM bb_group_contact WHERE
id={$contact_person_id}";
$this->db->query($q1, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('email');
- }
+ $this->db->next_record();
+ $result = $this->db->f('email');
}
return $result;
}
function get_mailaddress_for_org_contact( $contact_person_id )
{
+ $contact_person_id = (int)$contact_person_id;
if ($contact_person_id)
{
$q1 = "SELECT email FROM
bb_organization_contact WHERE id={$contact_person_id}";
$this->db->query($q1, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('email');
- }
+ $this->db->next_record();
+ $result = $this->db->f('email');
}
return $result;
}
@@ -339,7 +335,8 @@
function get_local_contact_persons( $id, $group = false )
{
$result = array();
- if (isset($id))
+ $id = (int)$id;
+ if ($id)
{
if ($group)
{
@@ -367,7 +364,8 @@
function get_booking_contact_persons( $id, $group = false )
{
$result = array();
- if (isset($id))
+ $id = (int)$id;
+ if ($id)
{
$columns[] = 'group_contact.id';
$columns[] = 'group_contact.name';
@@ -399,7 +397,7 @@
function update_local_contact_person( $contact )
{
- $id = $contact['id'];
+ $id = (int)$contact['id'];
$name = $contact['name'];
$phone = $contact['phone'];
$mail = $contact['mail'];
Modified: trunk/activitycalendar/inc/class.sogroup.inc.php
===================================================================
--- trunk/activitycalendar/inc/class.sogroup.inc.php 2016-03-18 08:56:29 UTC
(rev 14851)
+++ trunk/activitycalendar/inc/class.sogroup.inc.php 2016-03-18 20:33:54 UTC
(rev 14852)
@@ -185,7 +185,9 @@
function update_group_description( $group_id, $desc )
{
- $sql = "UPDATE bb_group SET description='{$desc}' WHERE
ID={$group_id}";
+ $desc = $this->db->db_addslashes($desc);
+ $group_id = (int)$group_id;
+ $sql = "UPDATE bb_group SET description='{$desc}' WHERE
id={$group_id}";
$result = $this->db->query($sql, __LINE__, __FILE__);
if (isset($result))
{
@@ -199,12 +201,12 @@
function update_group_contact( $contact )
{
- $id = intval($contact['original_id']);
- $name = $contact['name'];
+ $id = (int)$contact['original_id'];
+ $name = $this->db->db_addslashes($contact['name']);
$phone = $contact['phone'];
$mail = $contact['mail'];
- $sql = "UPDATE bb_group_contact SET NAME='{$name}',
PHONE='{$phone}', EMAIL='{$mail}' WHERE id={$id}";
+ $sql = "UPDATE bb_group_contact SET name='{$name}',
phone='{$phone}', email='{$mail}' WHERE id={$id}";
$result = $this->db->query($sql, __LINE__, __FILE__);
if (isset($result))
{
@@ -218,7 +220,7 @@
function add_group_contact_local( $contact )
{
- $name = $contact['name'];
+ $name = $this->db->db_addslashes($contact['name']);
$phone = $contact['phone'];
$mail = $contact['mail'];
$original_id = $contact['original_id'];
@@ -278,14 +280,14 @@
function get_group_name( $group_id )
{
$result = "Ingen";
- if (isset($group_id))
+ $group_id = (int)$group_id;
+ if ($group_id)
{
$q1 = "SELECT name FROM bb_group WHERE
id={$group_id}";
$this->db->query($q1, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('name');
- }
+ $this->db->next_record();
+
+ $result = $this->db->f('name', true);
}
return $result;
@@ -294,14 +296,14 @@
function get_group_name_local( $group_id )
{
$result = "Ingen";
- if (isset($group_id))
+ $group_id = (int)$group_id;
+ if ($group_id)
{
$q1 = "SELECT name FROM activity_group WHERE
id={$group_id}";
$this->db->query($q1, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('name');
- }
+ $this->db->next_record();
+
+ $result = $this->db->f('name', true);
}
return $result;
@@ -310,14 +312,14 @@
function get_orgid_from_group( $group_id )
{
$result = 0;
- if (isset($group_id))
+ $group_id = (int)$group_id;
+ if ($group_id)
{
$q1 = "SELECT organization_id FROM bb_group
WHERE id={$group_id}";
$this->db->query($q1, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result =
$this->db->f('organization_id');
- }
+ $this->db->next_record();
+
+ $result = $this->db->f('organization_id');
}
return $result;
@@ -326,14 +328,14 @@
function get_orgid_from_group_local( $group_id )
{
$result = 0;
- if (isset($group_id))
+ $group_id = (int)$group_id;
+ if ($group_id)
{
$q1 = "SELECT organization_id FROM
activity_group WHERE id={$group_id}";
$this->db->query($q1, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result =
$this->db->f('organization_id');
- }
+ $this->db->next_record();
+
+ $result = $this->db->f('organization_id');
}
return $result;
@@ -342,7 +344,8 @@
function get_contacts( $group_id )
{
$contacts = array();
- if (isset($group_id))
+ $group_id = (int)$group_id;
+ if ($group_id)
{
$q1 = "SELECT id FROM bb_group_contact WHERE
group_id={$group_id}";
$this->db->query($q1, __LINE__, __FILE__);
@@ -350,7 +353,6 @@
{
$contacts[] = $this->db->f('id');
}
- //$result = $contacts;
}
return $contacts;
@@ -359,7 +361,8 @@
function get_contacts_as_objects( $group_id )
{
$contacts = array();
- if (isset($group_id))
+ $group_id = (int)$group_id;
+ if ($group_id)
{
$q1 = "SELECT * FROM bb_group_contact WHERE
group_id={$group_id}";
$this->db->query($q1, __LINE__, __FILE__);
@@ -373,7 +376,6 @@
$contact_person->set_email($this->unmarshal($this->db->f('email'), 'string'));
$contacts[] = $contact_person;
}
- //$result = $contacts;
}
return $contacts;
@@ -382,7 +384,8 @@
function get_contacts_local( $group_id )
{
$contacts = array();
- if (isset($group_id))
+ $group_id = (int)$group_id;
+ if ($group_id)
{
$q1 = "SELECT id FROM activity_contact_person
WHERE group_id='{$group_id}'";
$this->db->query($q1, __LINE__, __FILE__);
@@ -390,7 +393,6 @@
{
$contacts[] = $this->db->f('id');
}
- //$result = $contacts;
}
return $contacts;
@@ -399,7 +401,8 @@
function get_contacts_local_as_objects( $group_id )
{
$contacts = array();
- if (isset($group_id))
+ $group_id = (int)$group_id;
+ if ($group_id)
{
$q1 = "SELECT * FROM activity_contact_person
WHERE group_id='{$group_id}'";
$this->db->query($q1, __LINE__, __FILE__);
@@ -413,7 +416,6 @@
$contact_person->set_email($this->unmarshal($this->db->f('email'), 'string'));
$contacts[] = $contact_person;
}
- //$result = $contacts;
}
return $contacts;
@@ -421,33 +423,33 @@
function get_description( $group_id )
{
- if (isset($group_id))
+ $group_id = (int)$group_id;
+ if ($group_id)
{
$q1 = "SELECT description FROM bb_group WHERE
id={$group_id}";
$this->db->query($q1, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $desc = $this->db->f('description');
- }
+ $this->db->next_record();
+
+ $desc = $this->db->f('description', true);
}
return $desc;
}
function get_description_local( $group_id )
{
- if (isset($group_id))
+ $group_id = (int)$group_id;
+ if ($group_id)
{
$q1 = "SELECT description FROM activity_group
WHERE id={$group_id}";
$this->db->query($q1, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $desc = $this->db->f('description');
- }
+ $this->db->next_record();
+
+ $desc = $this->db->f('description', true);
}
return $desc;
}
- protected function populate( int $group_id, &$group )
+ protected function populate( $group_id, &$group )
{
if ($group == null)
@@ -474,14 +476,15 @@
$change_type = $group->get_change_type();
$transferred = ($group->get_transferred() == 1 ||
$group->get_transferred() == true) ? 'true' : 'false';
- $values[] = "NAME='{$name}'";
- $values[] = "DESCRIPTION='{$description}'";
- $values[] = "ORGANIZATION_ID='{$orgid}'";
- $values[] = "CHANGE_TYPE='{$change_type}'";
- $values[] = "TRANSFERRED={$transferred}";
+ $values[] = "name='{$name}'";
+ $values[] = "description='{$description}'";
+ $values[] = "organization_id='{$orgid}'";
+ $values[] = "change_type='{$change_type}'";
+ $values[] = "transferred={$transferred}";
$vals = implode(',', $values);
- $sql = "UPDATE activity_group SET {$vals} WHERE
ID={$group->get_id()}";
+ $id = (int)$group->get_id();
+ $sql = "UPDATE activity_group SET {$vals} WHERE
id={$id}";
$result = $this->db->query($sql, __LINE__, __FILE__);
if (isset($result))
{
@@ -529,6 +532,7 @@
function get_group_local( $g_id )
{
+ $g_id = (int)$g_id;
$columns[] = 'activity_group.id';
$columns[] = 'activity_group.name';
$columns[] = 'activity_group.description';
@@ -545,28 +549,27 @@
$sql = "SELECT {$cols} FROM {$table} WHERE
activity_group.id={$g_id}";
$result = $this->db->query($sql, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $group = new activitycalendar_group((int)$g_id);
+ $this->db->next_record();
-
$group->set_name($this->unmarshal($this->db->f('name'), 'string'));
-
$group->set_organization_id($this->unmarshal($this->db->f('organization_id'),
'int'));
-
$group->set_shortname($this->unmarshal($this->db->f('shortname'), 'string'));
-
$group->set_description($this->unmarshal($this->db->f('description'),
'string'));
-
$group->set_show_in_portal($this->unmarshal($this->db->f('show_in_portal'),
'int'));
-
$group->set_change_type($this->unmarshal($this->db->f('change_type'),
'string'));
-
$group->set_transferred($this->unmarshal($this->db->f('transferred'), 'bool'));
-
$group->set_original_group_id($this->unmarshal($this->db->f('original_group_id'),
'int'));
+ $group = new activitycalendar_group($g_id);
- return $group;
- }
+ $group->set_name($this->unmarshal($this->db->f('name'),
'string'));
+
$group->set_organization_id($this->unmarshal($this->db->f('organization_id'),
'int'));
+
$group->set_shortname($this->unmarshal($this->db->f('shortname'), 'string'));
+
$group->set_description($this->unmarshal($this->db->f('description'),
'string'));
+
$group->set_show_in_portal($this->unmarshal($this->db->f('show_in_portal'),
'int'));
+
$group->set_change_type($this->unmarshal($this->db->f('change_type'),
'string'));
+
$group->set_transferred($this->unmarshal($this->db->f('transferred'), 'bool'));
+
$group->set_original_group_id($this->unmarshal($this->db->f('original_group_id'),
'int'));
+
+ return $group;
}
function add_new_group_from_activity( $group_info )
{
- $name = $group_info['name'];
+ $name = $this->db->db_addslashes($group_info['name']);
$orgid = $group_info['organization_id'];
- $description = $group_info['description'];
+ $description =
$this->db->db_addslashes($group_info['description']);
$activity_id = 1;
$show_in_portal = 1;
Modified: trunk/activitycalendar/inc/class.soorganization.inc.php
===================================================================
--- trunk/activitycalendar/inc/class.soorganization.inc.php 2016-03-18
08:56:29 UTC (rev 14851)
+++ trunk/activitycalendar/inc/class.soorganization.inc.php 2016-03-18
20:33:54 UTC (rev 14852)
@@ -210,15 +210,15 @@
function get_organization_name( $org_id )
{
$result = "Ingen";
- if (isset($org_id))
+ $org_id = (int)$org_id;
+ if ($org_id)
{
$org_id = intval($org_id);
$q1 = "SELECT name FROM bb_organization WHERE
id={$org_id}";
$this->db->query($q1, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('name');
- }
+ $this->db->next_record();
+
+ $result = $this->db->f('name', true);
}
return $result;
@@ -352,14 +352,14 @@
function get_organization_name_local( $org_id )
{
$result = "Ingen";
- if (isset($org_id))
+ $org_id = (int)$org_id;
+ if ($org_id)
{
$q1 = "SELECT name FROM activity_organization
WHERE id={$org_id}";
$this->db->query($q1, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('name');
- }
+ $this->db->next_record();
+
+ $result = $this->db->f('name', true);
}
return $result;
@@ -368,16 +368,15 @@
function get_contacts( $organization_id )
{
$contacts = array();
- if (isset($organization_id))
+ $organization_id = (int)$organization_id;
+ if ($organization_id)
{
$q1 = "SELECT id FROM bb_organization_contact
WHERE organization_id={$organization_id}";
$this->db->query($q1, __LINE__, __FILE__);
while ($this->db->next_record())
{
- $cont_id = $this->db->f('id');
- $contacts[] = $cont_id;
+ $contacts[] = $this->db->f('id');
}
- //$result=$contacts;
}
return $contacts;
}
@@ -385,10 +384,10 @@
function get_contacts_as_objects( $organization_id )
{
$contacts = array();
- if (isset($organization_id))
+ $organization_id = (int)$organization_id;
+ if ($organization_id)
{
$q1 = "SELECT * FROM bb_organization_contact
WHERE organization_id={$organization_id}";
- //var_dump($q1);
$this->db->query($q1, __LINE__, __FILE__);
while ($this->db->next_record())
{
@@ -407,17 +406,15 @@
function get_contacts_local( $organization_id )
{
$contacts = array();
- if (isset($organization_id))
+ $organization_id = (int)$organization_id;
+ if ($organization_id)
{
$q1 = "SELECT id FROM activity_contact_person
WHERE organization_id='{$organization_id}'";
- //var_dump($q1);
$this->db->query($q1, __LINE__, __FILE__);
while ($this->db->next_record())
{
- $cont_id = $this->db->f('id');
- $contacts[] = $cont_id;
+ $contacts[] = $this->db->f('id');
}
- //$result=$contacts;
}
return $contacts;
}
@@ -425,10 +422,10 @@
function get_contacts_local_as_objects( $organization_id )
{
$contacts = array();
- if (isset($organization_id))
+ $organization_id = (int)$organization_id;
+ if ($organization_id)
{
$q1 = "SELECT * FROM activity_contact_person
WHERE organization_id='{$organization_id}'";
- //var_dump($q1);
$this->db->query($q1, __LINE__, __FILE__);
while ($this->db->next_record())
{
@@ -446,28 +443,28 @@
function get_description( $organization_id )
{
- if (isset($organization_id))
+ $organization_id = (int)$organization_id;
+ if ($organization_id)
{
$q1 = "SELECT description FROM bb_organization
WHERE id={$organization_id}";
$this->db->query($q1, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $desc = $this->db->f('description');
- }
+ $this->db->next_record();
+
+ $desc = $this->db->f('description', true);
}
return $desc;
}
function get_description_local( $organization_id )
{
- if (isset($organization_id))
+ $organization_id = (int)$organization_id;
+ if ($organization_id)
{
$q1 = "SELECT description FROM
activity_organization WHERE id={$organization_id}";
$this->db->query($q1, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $desc = $this->db->f('description');
- }
+ $this->db->next_record();
+
+ $desc = $this->db->f('description', true);
}
return $desc;
}
@@ -475,10 +472,10 @@
function get_district_from_name( $name )
{
$this->db->query("SELECT part_of_town_id FROM
fm_part_of_town where name like UPPER('%{$name}%') ", __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('part_of_town_id');
- }
+ $this->db->next_record();
+
+ $result = $this->db->f('part_of_town_id');
+
return $result;
}
@@ -490,10 +487,9 @@
$q1 = "SELECT fm_district.descr FROM
fm_part_of_town,fm_district WHERE
fm_part_of_town.part_of_town_id={$district_id} AND fm_district.id =
fm_part_of_town.district_id";
//var_dump($q1);
$this->db->query($q1, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $office_name = $this->db->f('descr');
- }
+ $this->db->next_record();
+
+ $office_name = $this->db->f('descr', true);
}
return $office_name;
}
@@ -532,23 +528,24 @@
$transferred = ($organization->get_transferred() == 1
|| $organization->get_transferred() == true) ? 'true' : 'false';
$original_org_id =
($organization->get_original_org_id() && $organization->get_original_org_id()
!= '') ? $organization->get_original_org_id() : 0;
- $values[] = "NAME='{$name}'";
- $values[] = "HOMEPAGE='{$homepage}'";
- $values[] = "PHONE='{$phone}'";
- $values[] = "EMAIL='{$email}'";
- $values[] = "DESCRIPTION='{$description}'";
- $values[] = "ADDRESS='{$street}'";
- $values[] = "ADDRESSNUMBER='{$streetnumber}'";
- $values[] = "ZIP_CODE='{$zip_code}'";
- $values[] = "CITY='{$city}'";
- $values[] = "ORGNO='{$orgnr}'";
- $values[] = "DISTRICT='{$district}'";
- $values[] = "CHANGE_TYPE='{$change_type}'";
- $values[] = "TRANSFERRED={$transferred}";
- $values[] = "ORIGINAL_ORG_ID={$original_org_id}";
+ $values[] = "name='{$name}'";
+ $values[] = "homepage='{$homepage}'";
+ $values[] = "phone='{$phone}'";
+ $values[] = "email='{$email}'";
+ $values[] = "description='{$description}'";
+ $values[] = "address='{$street}'";
+ $values[] = "addressnumber='{$streetnumber}'";
+ $values[] = "zip_code='{$zip_code}'";
+ $values[] = "city='{$city}'";
+ $values[] = "orgno='{$orgnr}'";
+ $values[] = "district='{$district}'";
+ $values[] = "change_type='{$change_type}'";
+ $values[] = "transferred={$transferred}";
+ $values[] = "original_org_id={$original_org_id}";
$vals = implode(',', $values);
- $sql = "UPDATE activity_organization SET {$vals} WHERE
ID={$organization->get_id()}";
+ $id = (int)$organization->get_id();
+ $sql = "UPDATE activity_organization SET {$vals} WHERE
id={$id}";
$result = $this->db->query($sql, __LINE__, __FILE__);
if (isset($result))
{
@@ -622,19 +619,19 @@
$original_org_id = 0;
}
-
- $values[] = "NAME='{$name}'";
- $values[] = "HOMEPAGE='{$homepage}'";
- $values[] = "ADDRESS='{$street}'";
- $values[] = "ADDRESSNUMBER='{$streetnumber}'";
- $values[] = "ZIP_CODE='{$zip_code}'";
- $values[] = "CITY='{$city}'";
- $values[] = "ORGNO='{$orgnr}'";
- $values[] = "ORIGINAL_ORG_ID={$original_org_id}";
+ $values[] = "name='{$name}'";
+ $values[] = "homepage='{$homepage}'";
+ $values[] = "address='{$street}'";
+ $values[] = "addressnumber='{$streetnumber}'";
+ $values[] = "zip_code='{$zip_code}'";
+ $values[] = "city='{$city}'";
+ $values[] = "orgno='{$orgnr}'";
+ $values[] = "original_org_id={$original_org_id}";
$vals = implode(',', $values);
//var_dump("INSERT INTO activity_organization ({$cols})
VALUES ({$vals})");
- $sql = "UPDATE activity_organization SET {$vals} WHERE
ID={$organization->get_id()}";
+ $id = (int)$organization->get_id();
+ $sql = "UPDATE activity_organization SET {$vals} WHERE
id={$id}";
$result = $this->db->query($sql, __LINE__, __FILE__);
if (isset($result))
{
@@ -705,6 +702,8 @@
function get_organization_local( $org_id )
{
+ $org_id = (int)$org_id;
+
$sql = "SELECT * FROM activity_organization WHERE
id={$org_id}";
//var_dump($sql);
$this->db->query($sql, __LINE__, __FILE__);
@@ -819,14 +818,15 @@
function set_organization_inactive( $org_id )
{
- $orgid = (int)$org_id;
+ $org_id = (int)$org_id;
//var_dump("UPDATE bb_organization SET active=0,
show_in_portal=0 WHERE id={$orgid}");
- $result = $this->db->query("UPDATE bb_organization SET
active=0, show_in_portal=0 WHERE id={$orgid}", __LINE__, __FILE__);
+ $result = $this->db->query("UPDATE bb_organization SET
active=0, show_in_portal=0 WHERE id={$org_id}", __LINE__, __FILE__);
}
function get_affected_allocations( $org_id )
{
+ $org_id = (int)$org_id;
$result = array();
$sql = "select id from bb_allocation where
organization_id={$org_id}";
$this->db->query($sql, __LINE__, __FILE__);
@@ -840,11 +840,14 @@
function update_affected_allocations( $id, $org_id )
{
- $result = $this->db->query("update bb_allocation set
organization_id={$org_id} where id={$id}", __LINE__, __FILE__);
+ $id = (int)$id;
+ $org_id = (int)$org_id;
+ return $this->db->query("update bb_allocation set
organization_id={$org_id} where id={$id}", __LINE__, __FILE__);
}
function get_affected_reservations( $org_id )
{
+ $org_id = (int)$org_id;
$result = array();
$sql = "select id from bb_completed_reservation where
organization_id={$org_id}";
$this->db->query($sql, __LINE__, __FILE__);
@@ -858,11 +861,14 @@
function update_affected_reservations( $id, $org_id )
{
- $result = $this->db->query("update
bb_completed_reservation set organization_id={$org_id} where id={$id}",
__LINE__, __FILE__);
+ $id = (int)$id;
+ $org_id = (int)$org_id;
+ return $this->db->query("update
bb_completed_reservation set organization_id={$org_id} where id={$id}",
__LINE__, __FILE__);
}
function get_affected_events( $org_id )
{
+ $org_id = (int)$org_id;
$result = array();
$sql = "select id from bb_event where
customer_organization_id={$org_id}";
$this->db->query($sql, __LINE__, __FILE__);
@@ -876,7 +882,9 @@
function update_affected_events( $id, $org_id )
{
- $result = $this->db->query("update bb_event set
customer_organization_id={$org_id} where id={$id}", __LINE__, __FILE__);
+ $id = (int)$id;
+ $org_id = (int)$org_id;
+ return $this->db->query("update bb_event set
customer_organization_id={$org_id} where id={$id}", __LINE__, __FILE__);
}
function update( $organization )
@@ -886,7 +894,9 @@
function update_org_district_local( $org_id, $district_id )
{
- $sql = "UPDATE activity_organization SET
district='{$district_id}' WHERE ID={$org_id}";
+ $district_id = (int)$district_id;
+ $org_id = (int)$org_id;
+ $sql = "UPDATE activity_organization SET
district='{$district_id}' WHERE id={$org_id}";
$result = $this->db->query($sql, __LINE__, __FILE__);
if (isset($result))
{
@@ -901,15 +911,13 @@
function get_organization_homepage( $org_id )
{
$result = "Ingen";
- if (isset($org_id))
+ $org_id = (int)$org_id;
+ if ($org_id)
{
- $org_id = intval($org_id);
$q1 = "SELECT homepage FROM bb_organization
WHERE id={$org_id}";
$this->db->query($q1, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('homepage');
- }
+ $this->db->next_record();
+ $result = $this->db->f('homepage');
}
return $result;
@@ -918,14 +926,14 @@
function get_organization_homepage_local( $org_id )
{
$result = "Ingen";
- if (isset($org_id))
+ $org_id = (int)$org_id;
+ if ($org_id)
{
$q1 = "SELECT homepage FROM
activity_organization WHERE id={$org_id}";
$this->db->query($q1, __LINE__, __FILE__);
- while ($this->db->next_record())
- {
- $result = $this->db->f('homepage');
- }
+ $this->db->next_record();
+
+ $result = $this->db->f('homepage');
}
return $result;
@@ -934,18 +942,11 @@
//$org->set_change_type("rejected");
function reject_organization( $org_id )
{
- if (isset($org_id))
+ $org_id = (int)$org_id;
+ if ($org_id)
{
$query = "UPDATE activity_organization set
change_type='rejected' where id={$org_id}";
- $result = $this->db->query($query, __LINE__,
__FILE__);
- if (isset($result))
- {
- return true;
- }
- else
- {
- return false;
- }
+ return $this->db->query($query, __LINE__,
__FILE__);
}
return false;
}
Modified: trunk/rental/inc/class.uicontract.inc.php
===================================================================
--- trunk/rental/inc/class.uicontract.inc.php 2016-03-18 08:56:29 UTC (rev
14851)
+++ trunk/rental/inc/class.uicontract.inc.php 2016-03-18 20:33:54 UTC (rev
14852)
@@ -864,7 +864,7 @@
$filters =
array('contract_status' => 'ended', 'contract_type' => $comma_seperated_ids);
break;
case 'last_edited': //
Contracts that are last edited in areas of resposibility
- $filters =
array('contract_type' => $comma_seperated_ids);
+ $filters =
array('contract_type' => $comma_seperated_ids, 'contract_status' => 'active' );
$sort_field =
'contract.last_updated';
$sort_ascending = false;
break;
Modified: trunk/rental/inc/class.uifrontpage.inc.php
===================================================================
--- trunk/rental/inc/class.uifrontpage.inc.php 2016-03-18 08:56:29 UTC (rev
14851)
+++ trunk/rental/inc/class.uifrontpage.inc.php 2016-03-18 20:33:54 UTC (rev
14852)
@@ -73,7 +73,7 @@
'parameters' => json_encode(array('parameter'
=> array(array('name' => 'id',
'source' => 'id'))))
);
-
+/*
$tabletools[] = array
(
'my_name' => 'download',
@@ -82,7 +82,7 @@
'type' => 'last_edited',
'export' => true))
);
-
+*/
$datatable_def[] = array
(
'container' => 'datatable-container_0',
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Fmsystem-commits] [14852] prevent SQL-injection,
Sigurd Nes <=