diff --git a/account.php b/account.php index 511b75796..2449540ce 100644 --- a/account.php +++ b/account.php @@ -14,7 +14,7 @@ $OSCOM_Hooks->register_pipeline('loginRequired'); - require "includes/languages/$language/account.php"; + require language::map_to_translation('account.php'); require $oscTemplate->map_to_template(__FILE__, 'page'); diff --git a/account_edit.php b/account_edit.php index 68681bc6a..b4351c4a0 100644 --- a/account_edit.php +++ b/account_edit.php @@ -16,7 +16,7 @@ $message_stack_area = 'account_edit'; // needs to be included earlier to set the success message in the messageStack - require "includes/languages/$language/account_edit.php"; + require language::map_to_translation('account_edit.php'); if (tep_validate_form_action_is('process')) { $customer_details = $customer_data->process($customer_data->get_fields_for_page('account_edit')); @@ -28,7 +28,7 @@ $messageStack->add_session('account', SUCCESS_ACCOUNT_UPDATED, 'success'); - tep_redirect(tep_href_link('account.php', '', 'SSL')); + tep_redirect(tep_href_link('account.php')); } } diff --git a/account_history.php b/account_history.php index f2e04d6c5..3052b5bfd 100644 --- a/account_history.php +++ b/account_history.php @@ -14,7 +14,7 @@ $OSCOM_Hooks->register_pipeline('loginRequired'); - require "includes/languages/$language/account_history.php"; + require language::map_to_translation('account_history.php'); require $oscTemplate->map_to_template(__FILE__, 'page'); diff --git a/account_history_info.php b/account_history_info.php index 52b23ad95..c1536633d 100644 --- a/account_history_info.php +++ b/account_history_info.php @@ -15,7 +15,7 @@ $OSCOM_Hooks->register_pipeline('loginRequired'); if (!is_numeric($_GET['order_id'] ?? null)) { - tep_redirect(tep_href_link('account_history.php', '', 'SSL')); + tep_redirect(tep_href_link('account_history.php')); } $customer_info_query = tep_db_query(sprintf(<<<'EOSQL' @@ -24,12 +24,12 @@ WHERE s.public_flag = 1 AND o.orders_id = %d AND s.language_id = %d EOSQL , (int)$_GET['order_id'], (int)$_SESSION['languages_id'])); - $customer_info = tep_db_fetch_array($customer_info_query); + $customer_info = $customer_info_query->fetch_assoc(); if ($customer_info['customers_id'] != $_SESSION['customer_id']) { - tep_redirect(tep_href_link('account_history.php', '', 'SSL')); + tep_redirect(tep_href_link('account_history.php')); } - require "includes/languages/$language/account_history_info.php"; + require language::map_to_translation('account_history_info.php'); $order = new order($_GET['order_id']); diff --git a/account_newsletters.php b/account_newsletters.php index dc596d658..978dc0601 100644 --- a/account_newsletters.php +++ b/account_newsletters.php @@ -15,19 +15,19 @@ $OSCOM_Hooks->register_pipeline('loginRequired'); if (!$customer_data->has(['newsletter'])) { - tep_redirect(tep_href_link('account.php', '', 'SSL')); + tep_redirect(tep_href_link('account.php')); } // needs to be included earlier to set the success message in the messageStack - require "includes/languages/$language/account_newsletters.php"; + require language::map_to_translation('account_newsletters.php'); $customer_data->build_read(['newsletter'], 'customers', ['id' => (int)$_SESSION['customer_id']]); $newsletter_query = tep_db_query($customer_data->build_read(['newsletter'], 'customers', ['id' => (int)$_SESSION['customer_id']])); - $newsletter = tep_db_fetch_array($newsletter_query); + $newsletter = $newsletter_query->fetch_assoc(); if (tep_validate_form_action_is('process')) { if (isset($_POST['newsletter_general']) && is_numeric($_POST['newsletter_general'])) { - $newsletter_general = tep_db_prepare_input($_POST['newsletter_general']); + $newsletter_general = Text::input($_POST['newsletter_general']); } else { $newsletter_general = 0; } @@ -39,7 +39,7 @@ $messageStack->add_session('account', SUCCESS_NEWSLETTER_UPDATED, 'success'); - tep_redirect(tep_href_link('account.php', '', 'SSL')); + tep_redirect(tep_href_link('account.php')); } require $oscTemplate->map_to_template(__FILE__, 'page'); diff --git a/account_notifications.php b/account_notifications.php index 847ca6a48..fa632fbe5 100644 --- a/account_notifications.php +++ b/account_notifications.php @@ -15,14 +15,14 @@ $OSCOM_Hooks->register_pipeline('loginRequired'); // needs to be included earlier to set the success message in the messageStack - require "includes/languages/$language/account_notifications.php"; + require language::map_to_translation('account_notifications.php'); $global_query = tep_db_query("SELECT global_product_notifications FROM customers_info WHERE customers_info_id = " . (int)$_SESSION['customer_id']); - $global = tep_db_fetch_array($global_query); + $global = $global_query->fetch_assoc(); if (tep_validate_form_action_is('process')) { if (isset($_POST['product_global']) && is_numeric($_POST['product_global'])) { - $product_global = tep_db_prepare_input($_POST['product_global']); + $product_global = Text::input($_POST['product_global']); } else { $product_global = '0'; } @@ -41,7 +41,7 @@ if (count($products_parsed) > 0) { $check_query = tep_db_query("SELECT COUNT(*) AS total FROM products_notifications WHERE customers_id = " . (int)$_SESSION['customer_id'] . " AND products_id NOT IN (" . implode(',', $products_parsed) . ")"); - $check = tep_db_fetch_array($check_query); + $check = $check_query->fetch_assoc(); if ($check['total'] > 0) { tep_db_query("DELETE FROM products_notifications WHERE customers_id = " . (int)$_SESSION['customer_id'] . " AND products_id NOT IN (" . implode(',', $products_parsed) . ")"); @@ -49,7 +49,7 @@ } } else { $check_query = tep_db_query("SELECT COUNT(*) AS total FROM products_notifications WHERE customers_id = " . (int)$_SESSION['customer_id']); - $check = tep_db_fetch_array($check_query); + $check = $check_query->fetch_assoc(); if ($check['total'] > 0) { tep_db_query("DELETE FROM products_notifications WHERE customers_id = " . (int)$_SESSION['customer_id']); @@ -58,7 +58,7 @@ $messageStack->add_session('account', SUCCESS_NOTIFICATIONS_UPDATED, 'success'); - tep_redirect(tep_href_link('account.php', '', 'SSL')); + tep_redirect(tep_href_link('account.php')); } require $oscTemplate->map_to_template(__FILE__, 'page'); diff --git a/account_password.php b/account_password.php index e39fb4822..3b05ec3c6 100644 --- a/account_password.php +++ b/account_password.php @@ -20,19 +20,19 @@ } // needs to be included earlier to set the success message in the messageStack - require "includes/languages/$language/account_password.php"; + require language::map_to_translation('account_password.php'); $page_fields = [ 'password', 'password_confirmation' ]; $message_stack_area = 'account_password'; if (tep_validate_form_action_is('process')) { - $password_current = tep_db_prepare_input($_POST['password_current']); + $password_current = Text::input($_POST['password_current']); $customer_details = $customer_data->process($page_fields); if (tep_form_processing_is_valid()) { $check_customer_query = tep_db_query($customer_data->build_read(['password'], 'customers', ['id' => (int)$_SESSION['customer_id']])); - $check_customer = tep_db_fetch_array($check_customer_query); + $check_customer = $check_customer_query->fetch_assoc(); if (tep_validate_password($password_current, $customer_data->get('password', $check_customer))) { $customer_data->update(['password' => $customer_data->get('password', $customer_details)], ['id' => (int)$_SESSION['customer_id']]); @@ -41,7 +41,7 @@ $messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success'); - tep_redirect(tep_href_link('account.php', '', 'SSL')); + tep_redirect(tep_href_link('account.php')); } else { $messageStack->add($message_stack_area, ERROR_CURRENT_PASSWORD_NOT_MATCHING); } diff --git a/address_book.php b/address_book.php index 103ff8d33..161afe3d9 100644 --- a/address_book.php +++ b/address_book.php @@ -14,7 +14,7 @@ $OSCOM_Hooks->register_pipeline('loginRequired'); - require "includes/languages/$language/address_book.php"; + require language::map_to_translation('address_book.php'); require $oscTemplate->map_to_template(__FILE__, 'page'); diff --git a/address_book_process.php b/address_book_process.php index 038ccd4bc..c637f16e0 100644 --- a/address_book_process.php +++ b/address_book_process.php @@ -17,7 +17,7 @@ $message_stack_area = 'addressbook'; // needs to be included earlier to set the success message in the messageStack - require "includes/languages/$language/address_book_process.php"; + require language::map_to_translation('address_book_process.php'); if (is_numeric($_GET['delete'] ?? null) && tep_validate_form_action_is('deleteconfirm', 2)) { if ((int)$_GET['delete'] == $customer->get_default_address_id()) { @@ -28,7 +28,7 @@ $messageStack->add_session($message_stack_area, SUCCESS_ADDRESS_BOOK_ENTRY_DELETED, 'success'); } - tep_redirect(tep_href_link('address_book.php', '', 'SSL')); + tep_redirect(tep_href_link('address_book.php')); } // error checking when updating or adding an entry @@ -38,7 +38,7 @@ if (tep_form_processing_is_valid()) { if ($_POST['action'] == 'update') { $check_query = tep_db_query("SELECT * FROM address_book WHERE address_book_id = '" . (int)$_GET['edit'] . "' AND customers_id = " . (int)$_SESSION['customer_id'] . " LIMIT 1"); - if (tep_db_num_rows($check_query) === 1) { + if (mysqli_num_rows($check_query) === 1) { if ( 'on' === ($_POST['primary'] ?? null) ) { $table = 'both'; $customer_details['default_address_id'] = (int)$_GET['edit']; @@ -64,7 +64,7 @@ } } - tep_redirect(tep_href_link('address_book.php', '', 'SSL')); + tep_redirect(tep_href_link('address_book.php')); } } @@ -72,48 +72,48 @@ if (is_null($customer->fetch_to_address((int)$_GET['edit']))) { $messageStack->add_session($message_stack_area, ERROR_NONEXISTING_ADDRESS_BOOK_ENTRY); - tep_redirect(tep_href_link('address_book.php', '', 'SSL')); + tep_redirect(tep_href_link('address_book.php')); } $page_heading = HEADING_TITLE_MODIFY_ENTRY; $navbar_title_3 = NAVBAR_TITLE_MODIFY_ENTRY; - $navbar_link_3 = tep_href_link('address_book_process.php', 'edit=' . $_GET['edit'], 'SSL'); - $back_link = tep_href_link('address_book.php', '', 'SSL'); + $navbar_link_3 = tep_href_link('address_book_process.php', 'edit=' . $_GET['edit']); + $back_link = tep_href_link('address_book.php'); } elseif (is_numeric($_GET['delete'] ?? null)) { if ($_GET['delete'] == $customer->get_default_address_id()) { $messageStack->add_session($message_stack_area, WARNING_PRIMARY_ADDRESS_DELETION, 'warning'); - tep_redirect(tep_href_link('address_book.php', '', 'SSL')); + tep_redirect(tep_href_link('address_book.php')); } else { $check_query = tep_db_query("SELECT COUNT(*) AS total FROM address_book WHERE address_book_id = " . (int)$_GET['delete'] . " AND customers_id = " . (int)$_SESSION['customer_id']); - $check = tep_db_fetch_array($check_query); + $check = $check_query->fetch_assoc(); if ($check['total'] < 1) { $messageStack->add_session($message_stack_area, ERROR_NONEXISTING_ADDRESS_BOOK_ENTRY); - tep_redirect(tep_href_link('address_book.php', '', 'SSL')); + tep_redirect(tep_href_link('address_book.php')); } } $page_heading = HEADING_TITLE_DELETE_ENTRY; $navbar_title_3 = NAVBAR_TITLE_DELETE_ENTRY; - $navbar_link_3 = tep_href_link('address_book_process.php', 'delete=' . $_GET['delete'], 'SSL'); + $navbar_link_3 = tep_href_link('address_book_process.php', 'delete=' . $_GET['delete']); } else { if ($customer->count_addresses() >= MAX_ADDRESS_BOOK_ENTRIES) { $messageStack->add_session($message_stack_area, ERROR_ADDRESS_BOOK_FULL); - tep_redirect(tep_href_link('address_book.php', '', 'SSL')); + tep_redirect(tep_href_link('address_book.php')); } $entry = []; $page_heading = HEADING_TITLE_ADD_ENTRY; $navbar_title_3 = NAVBAR_TITLE_ADD_ENTRY; - $navbar_link_3 = tep_href_link('address_book_process.php', '', 'SSL'); + $navbar_link_3 = tep_href_link('address_book_process.php'); if (count($navigation->snapshot) > 0) { $back_link = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], [session_name()]), $navigation->snapshot['mode']); } else { - $back_link = tep_href_link('address_book.php', '', 'SSL'); + $back_link = tep_href_link('address_book.php'); } } diff --git a/admin/administrators.php b/admin/administrators.php index e32f15f40..138803ada 100644 --- a/admin/administrators.php +++ b/admin/administrators.php @@ -10,7 +10,7 @@ Released under the GNU General Public License */ - require('includes/application_top.php'); + require 'includes/application_top.php'; $htaccess_array = null; $htpasswd_array = null; @@ -48,18 +48,18 @@ $OSCOM_Hooks->call('administrators', 'preAction'); - if (tep_not_null($action)) { + if (!Text::is_empty($action)) { switch ($action) { case 'insert': require('includes/functions/password_funcs.php'); - $username = tep_db_prepare_input($_POST['username']); - $password = tep_db_prepare_input($_POST['password']); + $username = Text::prepare($_POST['username']); + $password = Text::prepare($_POST['password']); - $check_query = tep_db_query("select id from administrators where user_name = '" . tep_db_input($username) . "' limit 1"); + $check_query = tep_db_query("SELECT id FROM administrators WHERE user_name = '" . tep_db_input($username) . "' LIMIT 1"); - if (tep_db_num_rows($check_query) < 1) { - tep_db_query("insert into administrators (user_name, user_password) values ('" . tep_db_input($username) . "', '" . tep_db_input(tep_encrypt_password($password)) . "')"); + if (mysqli_num_rows($check_query) < 1) { + tep_db_query("INSERT INTO administrators (user_name, user_password) VALUES ('" . tep_db_input($username) . "', '" . tep_db_input(tep_encrypt_password($password)) . "')"); if (is_array($htpasswd_array)) { for ($i=0, $n=count($htpasswd_array); $i<$n; $i++) { @@ -103,11 +103,11 @@ case 'save': require('includes/functions/password_funcs.php'); - $username = tep_db_prepare_input($_POST['username']); - $password = tep_db_prepare_input($_POST['password']); + $username = Text::prepare($_POST['username']); + $password = Text::prepare($_POST['password']); - $check_query = tep_db_query("select id, user_name from administrators where id = '" . (int)$_GET['aID'] . "'"); - $check = tep_db_fetch_array($check_query); + $check_query = tep_db_query("SELECT id, user_name FROM administrators WHERE id = " . (int)$_GET['aID']); + $check = $check_query->fetch_assoc(); // update username in current session if changed if ( ($check['id'] == $admin['id']) && ($check['user_name'] != $admin['username']) ) { @@ -129,9 +129,9 @@ } } - tep_db_query("update administrators set user_name = '" . tep_db_input($username) . "' where id = '" . (int)$_GET['aID'] . "'"); + tep_db_query("UPDATE administrators SET user_name = '" . tep_db_input($username) . "' WHERE id = " . (int)$_GET['aID']); - if (tep_not_null($password)) { + if (!Text::is_empty($password)) { // update password in htpasswd if (is_array($htpasswd_array)) { for ($i=0, $n=count($htpasswd_array); $i<$n; $i++) { @@ -147,7 +147,7 @@ } } - tep_db_query("update administrators set user_password = '" . tep_db_input(tep_encrypt_password($password)) . "' where id = '" . (int)$_GET['aID'] . "'"); + tep_db_query("UPDATE administrators SET user_password = '" . tep_db_input(tep_encrypt_password($password)) . "' WHERE id = " . (int)$_GET['aID']); } elseif (!isset($_POST['htaccess']) || ($_POST['htaccess'] != 'true')) { if (is_array($htpasswd_array)) { for ($i=0, $n=count($htpasswd_array); $i<$n; $i++) { @@ -186,16 +186,16 @@ tep_redirect(tep_href_link('administrators.php', 'aID=' . (int)$_GET['aID'])); break; case 'deleteconfirm': - $id = tep_db_prepare_input($_GET['aID']); + $id = Text::input($_GET['aID']); - $check_query = tep_db_query("select id, user_name from administrators where id = '" . (int)$id . "'"); - $check = tep_db_fetch_array($check_query); + $check_query = tep_db_query("SELECT id, user_name FROM administrators WHERE id = " . (int)$id); + $check = $check_query->fetch_assoc(); if ($admin['id'] == $check['id']) { - tep_session_unregister('admin'); + unset($_SESSION['admin']); } - tep_db_query("delete from administrators where id = '" . (int)$id . "'"); + tep_db_query("DELETE FROM administrators WHERE id = " . (int)$id); if (is_array($htpasswd_array)) { for ($i=0, $n=count($htpasswd_array); $i<$n; $i++) { @@ -244,7 +244,7 @@ $secMessageStack->add(HTPASSWD_PERMISSIONS, 'error'); } - require('includes/template_top.php'); + require 'includes/template_top.php'; ?>
@@ -275,8 +275,8 @@ fetch_assoc()) { if (!isset($aInfo) && (!isset($_GET['aID']) || ($_GET['aID'] == $admins['id'])) && (substr($action, 0, 3) != 'new')) { $aInfo = new objectInfo($admins); } @@ -388,9 +388,9 @@ break; } - if ( (tep_not_null($heading)) && (tep_not_null($contents)) ) { + if ( ([] !== $heading) && ([] !== $contents) ) { echo '
'; - $box = new box; + $box = new box(); echo $box->infoBox($heading, $contents); echo '
'; } @@ -399,6 +399,6 @@
diff --git a/admin/advert_manager.php b/admin/advert_manager.php index fb82030c1..8429f80cb 100644 --- a/admin/advert_manager.php +++ b/admin/advert_manager.php @@ -16,13 +16,13 @@ $OSCOM_Hooks->call('advert_manager', 'preAction'); - if (tep_not_null($action)) { + if (!Text::is_empty($action)) { switch ($action) { case 'import': $languages = tep_get_languages(); - $import_query = tep_db_query("select * from banners order by banners_id"); - while ($import = tep_db_fetch_array($import_query)) { + $import_query = tep_db_query("SELECT * FROM banners ORDER BY banners_id"); + while ($import = $import_query->fetch_assoc()) { $sql_data_array = ['advert_title' => $import['banners_title'], 'advert_url' => $import['banners_url'], 'advert_image' => $import['banners_image'], @@ -53,7 +53,7 @@ case 'setflag': if ( ($_GET['flag'] == '0') || ($_GET['flag'] == '1') ) { - tep_db_query("update advert set status = '" . (int)$_GET['flag'] . "', date_status_change = now() where advert_id = '" . (int)$_GET['cID'] . "'"); + tep_db_query("UPDATE advert SET status = " . (int)$_GET['flag'] . ", date_status_change = NOW() WHERE advert_id = " . (int)$_GET['cID']); $messageStack->add_session(SUCCESS_ADVERT_STATUS_UPDATED, 'success'); } @@ -64,18 +64,19 @@ break; case 'insert': case 'update': - if (isset($_POST['advert_id'])) $advert_id = tep_db_prepare_input($_POST['advert_id']); - $advert_title = tep_db_prepare_input($_POST['advert_title']); - $advert_url = tep_db_prepare_input($_POST['advert_url']); - $advert_fragment = tep_db_prepare_input($_POST['advert_fragment']); - - $new_advert_group = tep_db_prepare_input($_POST['new_advert_group']); - $advert_group = (empty($new_advert_group)) ? tep_db_prepare_input($_POST['advert_group']) : $new_advert_group; - $sort_order = tep_db_prepare_input($_POST['sort_order']); - - $advert_html_text = tep_db_prepare_input($_POST['advert_html_text']); - $advert_image_local = tep_db_prepare_input($_POST['advert_image_local']); - $advert_image_target = tep_db_prepare_input($_POST['advert_image_target']); + if (isset($_POST['advert_id'])) { + $advert_id = Text::input($_POST['advert_id']); + } + $advert_title = Text::prepare($_POST['advert_title']); + $advert_url = Text::prepare($_POST['advert_url']); + $advert_fragment = Text::prepare($_POST['advert_fragment']); + + $new_advert_group = Text::prepare($_POST['new_advert_group']); + $advert_group = (empty($new_advert_group)) ? Text::prepare($_POST['advert_group']) : $new_advert_group; + $sort_order = Text::input($_POST['sort_order']); + + $advert_image_local = Text::prepare($_POST['advert_image_local']); + $advert_image_target = Text::prepare($_POST['advert_image_target']); $db_image_location = ''; $advert_error = false; @@ -92,21 +93,20 @@ $advert_image = new upload('advert_image'); $advert_image->parse(); - if (!empty($advert_image->filename)) { - $advert_image->set_destination(DIR_FS_CATALOG . 'images/' . $advert_image_target); - if ( $advert_image->save() == false ) { + if (empty($advert_image->filename)) { + if ( empty($advert_image_local) && empty($_POST['advert_html_text']) ) { + $messageStack->add(ERROR_ADVERT_IMAGE_OR_TEXT_REQUIRED, 'error'); $advert_error = true; } - } - else { - if ( empty($advert_image_local) && empty($advert_html_text) ) { - $messageStack->add(ERROR_ADVERT_IMAGE_OR_TEXT_REQUIRED, 'error'); + } else { + $advert_image->set_destination(DIR_FS_CATALOG . 'images/' . $advert_image_target); + if ( $advert_image->save() == false ) { $advert_error = true; } } if ($advert_error == false) { - $db_image_location = (tep_not_null($advert_image_local)) ? $advert_image_local : $advert_image_target . $advert_image->filename; + $db_image_location = (Text::is_empty($advert_image_local)) ? $advert_image_target . $advert_image->filename : $advert_image_local; $sql_data_array = ['advert_title' => $advert_title, 'advert_url' => $advert_url, 'advert_fragment' => $advert_fragment, @@ -115,7 +115,7 @@ 'sort_order' => $sort_order]; if ($action == 'insert') { - $insert_sql_data = ['date_added' => 'now()', 'status' => '1']; + $insert_sql_data = ['date_added' => 'NOW()', 'status' => '1']; $sql_data_array = array_merge($sql_data_array, $insert_sql_data); @@ -129,26 +129,22 @@ } elseif ($action == 'update') { $OSCOM_Hooks->call('advert_manager', 'updateAction'); - tep_db_perform('advert', $sql_data_array, 'update', "advert_id = '" . (int)$advert_id . "'"); + tep_db_perform('advert', $sql_data_array, 'update', "advert_id = " . (int)$advert_id); $messageStack->add_session(SUCCESS_IMAGE_UPDATED, 'success'); } foreach (tep_get_languages() as $l) { - $advert_html_text_array = $_POST['advert_html_text']; - - $language_id = $l['id']; - - $lng_data_array['advert_html_text'] = tep_db_prepare_input($advert_html_text_array[$language_id]); + $lng_data_array['advert_html_text'] = Text::prepare($_POST['advert_html_text'][$l['id']]); if ($action == 'insert') { - $insert_sql_data = ['advert_id' => $advert_id, 'languages_id' => $language_id]; + $insert_sql_data = ['advert_id' => $advert_id, 'languages_id' => $l['id']]; $lng_data_array = array_merge($lng_data_array, $insert_sql_data); tep_db_perform('advert_info', $lng_data_array); } elseif ($action == 'update') { - tep_db_perform('advert_info', $lng_data_array, 'update', "advert_id = '" . (int)$advert_id . "' and languages_id = '" . (int)$language_id . "'"); + tep_db_perform('advert_info', $lng_data_array, 'update', "advert_id = " . (int)$advert_id . " AND languages_id = " . (int)$l['id']); } } @@ -160,11 +156,11 @@ } break; case 'deleteconfirm': - $advert_id = tep_db_prepare_input($_GET['cID']); + $advert_id = Text::input($_GET['cID']); if (isset($_POST['delete_image']) && ($_POST['delete_image'] == 'on')) { - $advert_query = tep_db_query("select advert_image from advert where advert_id = '" . (int)$advert_id . "'"); - $advert = tep_db_fetch_array($advert_query); + $advert_query = tep_db_query("SELECT advert_image FROM advert WHERE advert_id = " . (int)$advert_id); + $advert = $advert_query->fetch_assoc(); if (is_file(DIR_FS_CATALOG . 'images/' . $advert['advert_image'])) { if (tep_is_writable(DIR_FS_CATALOG . 'images/' . $advert['advert_image'])) { @@ -177,8 +173,8 @@ } } - tep_db_query("delete from advert where advert_id = '" . (int)$advert_id . "'"); - tep_db_query("delete from advert_info where advert_id = '" . (int)$advert_id . "'"); + tep_db_query("DELETE FROM advert WHERE advert_id = " . (int)$advert_id); + tep_db_query("DELETE FROM advert_info WHERE advert_id = " . (int)$advert_id); $OSCOM_Hooks->call('advert_manager', 'deleteConfirmAction'); @@ -222,23 +218,26 @@ if (isset($_GET['cID'])) { $form_action = 'update'; - $cID = tep_db_prepare_input($_GET['cID']); + $cID = Text::input($_GET['cID']); - $advert_query = tep_db_query("select * from advert where advert_id = '" . (int)$cID . "'"); - $advert = tep_db_fetch_array($advert_query); + $advert_query = tep_db_query("SELECT * FROM advert WHERE advert_id = " . (int)$cID); + $advert = $advert_query->fetch_assoc(); $cInfo->objectInfo($advert); - } elseif (tep_not_null($_POST)) { + } elseif (!empty($_POST)) { $cInfo->objectInfo($_POST); } $groups_array = []; - $groups_query = tep_db_query("select distinct advert_group from advert order by advert_group"); - while ($groups = tep_db_fetch_array($groups_query)) { + $groups_query = tep_db_query("SELECT DISTINCT advert_group FROM advert ORDER BY advert_group"); + while ($groups = $groups_query->fetch_assoc()) { $groups_array[] = ['id' => $groups['advert_group'], 'text' => $groups['advert_group']]; } - echo tep_draw_form('new_advert', 'advert_manager.php', (isset($_GET['page']) ? 'page=' . (int)$_GET['page'] . '&' : '') . 'action=' . $form_action, 'post', 'enctype="multipart/form-data"'); if ($form_action == 'update') echo tep_draw_hidden_field('advert_id', $cID); + echo tep_draw_form('new_advert', 'advert_manager.php', (isset($_GET['page']) ? 'page=' . (int)$_GET['page'] . '&' : '') . 'action=' . $form_action, 'post', 'enctype="multipart/form-data"'); + if ('update' === $form_action) { + echo tep_draw_hidden_field('advert_id', $cID); + } ?>
@@ -323,7 +322,7 @@
- advert_id ?? 0, $l['id']), 'class="form-control" id="aText' . $l['id'] . '"'); ?> + advert_id) ? '' : adverts::advert_get_html_text($cInfo->advert_id, $l['id']), 'class="form-control" id="aText' . $l['id'] . '"') ?>
@@ -372,7 +371,7 @@ $advert_query_raw = "SELECT * FROM advert a, advert_info ai WHERE a.advert_id = ai.advert_id AND ai.languages_id = '" . $_SESSION['languages_id'] . "' ORDER BY a.advert_group, a.sort_order, a.advert_title"; $advert_split = new splitPageResults($_GET['page'], MAX_DISPLAY_SEARCH_RESULTS, $advert_query_raw, $advert_query_numrows); $advert_query = tep_db_query($advert_query_raw); - while ($advert = tep_db_fetch_array($advert_query)) { + while ($advert = $advert_query->fetch_assoc()) { if (!isset($cInfo) && (!isset($_GET['cID']) || ($_GET['cID'] == $advert['advert_id'])) && (substr($action, 0, 3) != 'new')) { $cInfo = new objectInfo($advert); } @@ -405,7 +404,7 @@ '; echo '
'; echo '
'; @@ -431,7 +430,9 @@ $contents = ['form' => tep_draw_form('advert', 'advert_manager.php', 'page=' . (int)$_GET['page'] . '&cID=' . (int)$cInfo->advert_id . '&action=deleteconfirm')]; $contents[] = ['text' => TEXT_INFO_DELETE_INTRO]; $contents[] = ['class' => 'text-center text-uppercase font-weight-bold', 'text' => $cInfo->advert_title]; - if ($cInfo->advert_image) $contents[] = ['text' => '
' . tep_draw_selection_field('delete_image', 'checkbox', 'on', null, 'class="custom-control-input" id="aDelImg"') . '
']; + if ($cInfo->advert_image) { + $contents[] = ['text' => '
' . tep_draw_selection_field('delete_image', 'checkbox', 'on', null, 'class="custom-control-input" id="aDelImg"') . '
']; + } $contents[] = ['align' => 'center', 'text' => tep_draw_bootstrap_button(IMAGE_DELETE, 'fas fa-trash', null, 'primary', null, 'btn-danger mr-2') . tep_draw_bootstrap_button(IMAGE_CANCEL, 'fas fa-angle-left', tep_href_link('advert_manager.php', 'page=' . (int)$_GET['page'] . '&cID=' . (int)$_GET['cID']), null, null, 'btn-light')]; break; default: @@ -441,7 +442,7 @@ $contents[] = ['align' => 'center', 'text' => tep_draw_bootstrap_button(IMAGE_EDIT, 'fas fa-cogs', tep_href_link('advert_manager.php', 'page=' . (int)$_GET['page'] . '&cID=' . $cInfo->advert_id . '&action=new'), null, null, 'btn-warning mr-2') . tep_draw_bootstrap_button(IMAGE_DELETE, 'fas fa-trash', tep_href_link('advert_manager.php', 'page=' . (int)$_GET['page'] . '&cID=' . $cInfo->advert_id . '&action=delete'), null, null, 'btn-danger')]; $contents[] = ['text' => sprintf(TEXT_ADVERT_DATE_ADDED, tep_date_short($cInfo->date_added))]; - if (tep_not_null($cInfo->advert_url)) { + if (!Text::is_empty($cInfo->advert_url)) { if (filter_var($cInfo->advert_url, FILTER_VALIDATE_URL)) { $contents[] = ['text' => sprintf(TEXT_ADVERT_EXTERNAL_URL, $cInfo->advert_url)]; } else { @@ -450,15 +451,21 @@ } } - if (tep_not_null($cInfo->advert_image)) $contents[] = ['text' => tep_info_image($cInfo->advert_image, null)]; - if (tep_not_null($cInfo->advert_html_text)) $contents[] = ['text' => $cInfo->advert_html_text]; + if (!Text::is_empty($cInfo->advert_image)) { + $contents[] = ['text' => tep_info_image($cInfo->advert_image, $cInfo->advert_image)]; + } + if (!Text::is_empty($cInfo->advert_html_text)) { + $contents[] = ['text' => $cInfo->advert_html_text]; + } - if ($cInfo->date_status_change) $contents[] = ['text' => sprintf(TEXT_ADVERT_STATUS_CHANGE, tep_date_short($cInfo->date_status_change))]; + if ($cInfo->date_status_change) { + $contents[] = ['text' => sprintf(TEXT_ADVERT_STATUS_CHANGE, tep_date_short($cInfo->date_status_change))]; + } } break; } - if ( (tep_not_null($heading)) && (tep_not_null($contents)) ) { + if ( ([] !== $heading) && ([] !== $contents) ) { echo '
'; $box = new box(); echo $box->infoBox($heading, $contents); diff --git a/admin/backup.php b/admin/backup.php index 3d42128b8..f58c74db9 100644 --- a/admin/backup.php +++ b/admin/backup.php @@ -20,7 +20,7 @@ $action = $_GET['action'] ?? ''; - if (tep_not_null($action)) { + if (!Text::is_empty($action)) { switch ($action) { case 'forget': tep_db_query("DELETE FROM configuration WHERE configuration_key = 'DB_LAST_RESTORE'"); @@ -51,7 +51,7 @@ fputs($fp, $schema); $tables_query = tep_db_query('SHOW TABLES'); - while ($tables = tep_db_fetch_array($tables_query)) { + while ($tables = $tables_query->fetch_assoc()) { $table = reset($tables); $schema = "\n" . 'DROP TABLE IF EXISTS ' . $table . ';' . "\n" . @@ -59,7 +59,7 @@ $table_list = []; $fields_query = tep_db_query("SHOW FIELDS FROM " . $table); - while ($fields = tep_db_fetch_array($fields_query)) { + while ($fields = $fields_query->fetch_assoc()) { $table_list[] = $fields['Field']; $schema .= ' ' . $fields['Field'] . ' ' . $fields['Type']; @@ -84,7 +84,7 @@ // add the keys $index = []; $keys_query = tep_db_query("SHOW KEYS FROM " . $table); - while ($keys = tep_db_fetch_array($keys_query)) { + while ($keys = $keys_query->fetch_assoc()) { $kname = $keys['Key_name']; if (!isset($index[$kname])) { @@ -118,19 +118,19 @@ // dump the data if ( ($table != 'sessions' ) && ($table != 'whos_online') ) { $rows_query = tep_db_query("SELECT " . implode(',', $table_list) . " FROM " . $table); - while ($rows = tep_db_fetch_array($rows_query)) { + while ($rows = $rows_query->fetch_assoc()) { $schema = 'INSERT INTO ' . $table . ' (' . implode(', ', $table_list) . ') VALUES ('; foreach ($table_list as $i) { if (!isset($rows[$i])) { $schema .= 'NULL, '; - } elseif (tep_not_null($rows[$i])) { + } elseif (Text::is_empty($rows[$i])) { + $schema .= "'', "; + } else { $row = addslashes($rows[$i]); $row = preg_replace("/\n#/", "\n".'\#', $row); - $schema .= '\'' . $row . '\', '; - } else { - $schema .= '\'\', '; + $schema .= "'$row', "; } } @@ -278,7 +278,7 @@ tep_db_query($sql_statement); } - tep_session_close(); + session_write_close(); tep_db_query("DELETE FROM whos_online"); tep_db_query("DELETE FROM sessions"); @@ -308,7 +308,7 @@ echo $buffer; - exit; + exit(); } } else { $messageStack->add(ERROR_DOWNLOAD_LINK_NOT_ACCEPTABLE, 'error'); @@ -488,7 +488,7 @@ break; } - if ( (tep_not_null($heading)) && (tep_not_null($contents)) ) { + if ( ([] !== $heading) && ([] !== $contents) ) { echo '
'; $box = new box; echo $box->infoBox($heading, $contents); diff --git a/admin/categories.php b/admin/categories.php index 511593c4e..0f137e8ac 100644 --- a/admin/categories.php +++ b/admin/categories.php @@ -42,9 +42,9 @@ case 'insert_category': case 'update_category': if (isset($_POST['categories_id'])) { - $categories_id = Text::prepare($_POST['categories_id']); + $categories_id = Text::input($_POST['categories_id']); } - $sort_order = Text::prepare($_POST['sort_order']); + $sort_order = Text::input($_POST['sort_order']); $sql_data = ['sort_order' => (int)$sort_order]; @@ -103,7 +103,7 @@ break; case 'delete_category_confirm': if (isset($_POST['categories_id'])) { - $categories_id = Text::prepare($_POST['categories_id']); + $categories_id = Text::input($_POST['categories_id']); $category_tree = new category_tree(); $descendants = array_reverse($category_tree->get_descendants($categories_id)); @@ -134,7 +134,7 @@ break; case 'delete_product_confirm': if (isset($_POST['products_id'], $_POST['product_categories']) && is_array($_POST['product_categories'])) { - $product_id = Text::prepare($_POST['products_id']); + $product_id = Text::input($_POST['products_id']); $product_categories = implode(', ', array_map('intval', $_POST['product_categories'])); tep_db_query("DELETE FROM products_to_categories WHERE products_id = " . (int)$product_id . " AND categories_id IN (" . $product_categories . ")"); @@ -153,8 +153,8 @@ break; case 'move_category_confirm': if (isset($_POST['categories_id']) && ($_POST['categories_id'] != $_POST['move_to_category_id'])) { - $categories_id = Text::prepare($_POST['categories_id']); - $new_parent_id = Text::prepare($_POST['move_to_category_id']); + $categories_id = Text::input($_POST['categories_id']); + $new_parent_id = Text::input($_POST['move_to_category_id']); $path = explode('_', tep_get_generated_category_path_ids($new_parent_id)); @@ -173,8 +173,8 @@ break; case 'move_product_confirm': - $products_id = Text::prepare($_POST['products_id']); - $new_parent_id = Text::prepare($_POST['move_to_category_id']); + $products_id = Text::input($_POST['products_id']); + $new_parent_id = Text::input($_POST['move_to_category_id']); $duplicate_check_query = tep_db_query("SELECT COUNT(*) AS total FROM products_to_categories WHERE products_id = " . (int)$products_id . " AND categories_id = " . (int)$new_parent_id); $duplicate_check = $duplicate_check_query->fetch_assoc(); @@ -188,18 +188,20 @@ break; case 'insert_product': case 'update_product': - if (isset($_GET['pID'])) $products_id = Text::prepare($_GET['pID']); - $products_date_available = Text::prepare($_POST['products_date_available']); + if (isset($_GET['pID'])) { + $products_id = Text::input($_GET['pID']); + } + $products_date_available = Text::input($_POST['products_date_available']); $sql_data = [ - 'products_quantity' => (int)Text::prepare($_POST['products_quantity']), + 'products_quantity' => (int)Text::input($_POST['products_quantity']), 'products_model' => Text::prepare($_POST['products_model']), - 'products_price' => Text::prepare($_POST['products_price']), + 'products_price' => Text::input($_POST['products_price']), 'products_date_available' => (date('Y-m-d') < $products_date_available) ? $products_date_available : 'NULL', - 'products_weight' => (float)Text::prepare($_POST['products_weight']), - 'products_status' => Text::prepare($_POST['products_status']), - 'products_tax_class_id' => Text::prepare($_POST['products_tax_class_id']), - 'manufacturers_id' => (int)Text::prepare($_POST['manufacturers_id']), + 'products_weight' => (float)Text::input($_POST['products_weight']), + 'products_status' => Text::input($_POST['products_status']), + 'products_tax_class_id' => Text::input($_POST['products_tax_class_id']), + 'manufacturers_id' => (int)Text::input($_POST['manufacturers_id']), 'products_gtin' => (Text::is_empty($_POST['products_gtin'])) ? 'NULL' : str_pad(Text::prepare($_POST['products_gtin']), 14, '0', STR_PAD_LEFT), ]; @@ -309,8 +311,8 @@ break; case 'copy_to_confirm': if (isset($_POST['products_id'], $_POST['categories_id'])) { - $products_id = Text::prepare($_POST['products_id']); - $categories_id = Text::prepare($_POST['categories_id']); + $products_id = Text::input($_POST['products_id']); + $categories_id = Text::input($_POST['categories_id']); if ($_POST['copy_as'] == 'link') { if ($categories_id == $current_category_id) { @@ -387,7 +389,8 @@ if ($action == 'new_product') { if (isset($_GET['pID']) && empty($_POST)) { - $product = product_by_id::build($_GET['pID']); + $product = product_by_id::administer($_GET['pID']); + $translations = $product->get('translations'); } else { $product = new Product([ 'products_name' => '', @@ -411,7 +414,6 @@ 'products_seo_title' => '', ]); } - $translations = $product->get('translations'); $manufacturers_array = [['id' => '', 'text' => TEXT_NONE]]; $manufacturers_query = tep_db_query("SELECT manufacturers_id, manufacturers_name FROM manufacturers ORDER BY manufacturers_name"); @@ -637,7 +639,7 @@ function updateNet() {
- + @@ -674,8 +676,8 @@ function updateNet() {
get('image')) ? 'required aria-required="true" ' : null) . 'class="custom-file-input"'); - ''; + tep_draw_input_field('products_image', '', 'id="pImg"', 'file', null, (Text::is_empty($product->get('image')) ? 'required aria-required="true" ' : null) . 'class="custom-file-input"'), + '' ?>
@@ -724,7 +726,7 @@ function updateNet() { function addNewPiForm() { piSize++; - $('#piList').append('
'); + $('#piList').append('
'); } $('a.piDel').click(function(e){ @@ -756,7 +758,7 @@ function addNewPiForm() { get('translations'); foreach (tep_get_languages() as $l) { diff --git a/admin/geo_zones.php b/admin/geo_zones.php index a15d42142..d62875c72 100644 --- a/admin/geo_zones.php +++ b/admin/geo_zones.php @@ -19,9 +19,9 @@ if (!Text::is_empty($saction)) { switch ($saction) { case 'insert_sub': - $zID = Text::prepare($_GET['zID']); - $zone_country_id = Text::prepare($_POST['zone_country_id']); - $zone_id = Text::prepare($_POST['zone_id']); + $zID = Text::input($_GET['zID']); + $zone_country_id = Text::input($_POST['zone_country_id']); + $zone_id = Text::input($_POST['zone_id']); tep_db_query("INSERT INTO zones_to_geo_zones (zone_country_id, zone_id, geo_zone_id, date_added) VALUES (" . (int)$zone_country_id . ", " . (int)$zone_id . ", " . (int)$zID . ", NOW())"); $new_subzone_id = tep_db_insert_id(); @@ -31,10 +31,10 @@ tep_redirect(tep_href_link('geo_zones.php', 'zpage=' . $_GET['zpage'] . '&zID=' . $_GET['zID'] . '&action=list&spage=' . $_GET['spage'] . '&sID=' . $new_subzone_id)); break; case 'save_sub': - $sID = Text::prepare($_GET['sID']); - $zID = Text::prepare($_GET['zID']); - $zone_country_id = Text::prepare($_POST['zone_country_id']); - $zone_id = Text::prepare($_POST['zone_id']); + $sID = Text::input($_GET['sID']); + $zID = Text::input($_GET['zID']); + $zone_country_id = Text::input($_POST['zone_country_id']); + $zone_id = Text::input($_POST['zone_id']); tep_db_query("UPDATE zones_to_geo_zones SET geo_zone_id = " . (int)$zID . ", zone_country_id = " . (int)$zone_country_id . ", zone_id = " . (Text::is_empty($zone_id) ? 'NULL' : (int)$zone_id) . ", last_modified = NOW() WHERE association_id = " . (int)$sID); @@ -43,7 +43,7 @@ tep_redirect(tep_href_link('geo_zones.php', 'zpage=' . $_GET['zpage'] . '&zID=' . $_GET['zID'] . '&action=list&spage=' . $_GET['spage'] . '&sID=' . $_GET['sID'])); break; case 'deleteconfirm_sub': - $sID = Text::prepare($_GET['sID']); + $sID = Text::input($_GET['sID']); tep_db_query("DELETE FROM zones_to_geo_zones WHERE association_id = '" . (int)$sID . "'"); @@ -74,7 +74,7 @@ tep_redirect(tep_href_link('geo_zones.php', 'zpage=' . $_GET['zpage'] . '&zID=' . $new_zone_id)); break; case 'save_zone': - $zID = Text::prepare($_GET['zID']); + $zID = Text::input($_GET['zID']); $geo_zone_name = Text::prepare($_POST['geo_zone_name']); $geo_zone_description = Text::prepare($_POST['geo_zone_description']); @@ -85,7 +85,7 @@ tep_redirect(tep_href_link('geo_zones.php', 'zpage=' . $_GET['zpage'] . '&zID=' . $_GET['zID'])); break; case 'deleteconfirm_zone': - $zID = Text::prepare($_GET['zID']); + $zID = Text::input($_GET['zID']); tep_db_query("DELETE FROM geo_zones WHERE geo_zone_id = " . (int)$zID); tep_db_query("DELETE FROM zones_to_geo_zones WHERE geo_zone_id = " . (int)$zID); diff --git a/admin/includes/application_bottom.php b/admin/includes/application_bottom.php index 6da5d548f..9d677f6a8 100644 --- a/admin/includes/application_bottom.php +++ b/admin/includes/application_bottom.php @@ -11,7 +11,7 @@ */ // close session (store variables) - tep_session_close(); + session_write_close(); if (STORE_PAGE_PARSE_TIME == 'true') { if (!is_object($logger)) $logger = new logger; diff --git a/admin/includes/functions/sessions.php b/admin/includes/functions/sessions.php index b23a6a6e0..03e31f6a8 100644 --- a/admin/includes/functions/sessions.php +++ b/admin/includes/functions/sessions.php @@ -22,36 +22,26 @@ function _sess_close() { } function _sess_read($key) { - $value_query = tep_db_query("select value from sessions where sesskey = '" . tep_db_input($key) . "'"); - $value = tep_db_fetch_array($value_query); + $value_query = tep_db_query("SELECT value FROM sessions WHERE sesskey = '" . tep_db_input($key) . "'"); + $value = $value_query->fetch_assoc(); - if (isset($value['value'])) { - return $value['value']; - } - - return ''; + return $value['value'] ?? ''; } function _sess_write($key, $value) { - $check_query = tep_db_query("select 1 from sessions where sesskey = '" . tep_db_input($key) . "'"); - - if ( tep_db_num_rows($check_query) > 0 ) { - $result = tep_db_query("update sessions set expiry = '" . tep_db_input(time()) . "', value = '" . tep_db_input($value) . "' where sesskey = '" . tep_db_input($key) . "'"); - } else { - $result = tep_db_query("insert into sessions values ('" . tep_db_input($key) . "', '" . tep_db_input(time()) . "', '" . tep_db_input($value) . "')"); - } - - return $result !== false; + return false !== tep_db_query("INSERT INTO sessions (sesskey, expiry, value) VALUES ('" + . tep_db_input($key) . "', '" . tep_db_input(time()) . "', '" . tep_db_input($value) + . "') ON DUPLICATE KEY UPDATE expiry = VALUES(expiry), value = VALUES(value)"); } function _sess_destroy($key) { - $result = tep_db_query("delete from sessions where sesskey = '" . tep_db_input($key) . "'"); + $result = tep_db_query("DELETE FROM sessions WHERE sesskey = '" . tep_db_input($key) . "'"); return $result !== false; } function _sess_gc($maxlifetime) { - $result = tep_db_query("delete from sessions where expiry < '" . (time() - $maxlifetime) . "'"); + $result = tep_db_query("DELETE FROM sessions WHERE expiry < '" . (time() - $maxlifetime) . "'"); return $result !== false; } @@ -62,28 +52,28 @@ function _sess_gc($maxlifetime) { function tep_session_start() { $sane_session_id = true; - if ( isset($_GET[tep_session_name()]) ) { - if ( (SESSION_FORCE_COOKIE_USE == 'True') || (preg_match('/^[a-zA-Z0-9,-]+$/', $_GET[tep_session_name()]) == false) ) { - unset($_GET[tep_session_name()]); + if ( isset($_GET[session_name()]) ) { + if ( (SESSION_FORCE_COOKIE_USE == 'True') || (preg_match('/^[a-zA-Z0-9,-]+$/', $_GET[session_name()]) == false) ) { + unset($_GET[session_name()]); $sane_session_id = false; } } - if ( isset($_POST[tep_session_name()]) ) { - if ( (SESSION_FORCE_COOKIE_USE == 'True') || (preg_match('/^[a-zA-Z0-9,-]+$/', $_POST[tep_session_name()]) == false) ) { - unset($_POST[tep_session_name()]); + if ( isset($_POST[session_name()]) ) { + if ( (SESSION_FORCE_COOKIE_USE == 'True') || (preg_match('/^[a-zA-Z0-9,-]+$/', $_POST[session_name()]) == false) ) { + unset($_POST[session_name()]); $sane_session_id = false; } } - if ( isset($_COOKIE[tep_session_name()]) ) { - if ( preg_match('/^[a-zA-Z0-9,-]+$/', $_COOKIE[tep_session_name()]) == false ) { + if ( isset($_COOKIE[session_name()]) ) { + if ( preg_match('/^[a-zA-Z0-9,-]+$/', $_COOKIE[session_name()]) == false ) { $session_data = session_get_cookie_params(); - setcookie(tep_session_name(), '', time()-42000, $session_data['path'], $session_data['domain']); - unset($_COOKIE[tep_session_name()]); + setcookie(session_name(), '', time()-42000, $session_data['path'], $session_data['domain']); + unset($_COOKIE[session_name()]); $sane_session_id = false; } @@ -99,6 +89,7 @@ function tep_session_start() { } function tep_session_register($variable) { + trigger_error('The tep_session_register function has been deprecated.', E_USER_DEPRECATED); if (!isset($GLOBALS[$variable])) { $GLOBALS[$variable] = null; } @@ -109,14 +100,17 @@ function tep_session_register($variable) { } function tep_session_is_registered($variable) { + trigger_error('The tep_session_is_registered function has been deprecated.', E_USER_DEPRECATED); return isset($_SESSION) && array_key_exists($variable, $_SESSION); } function tep_session_unregister($variable) { + trigger_error('The tep_session_unregister function has been deprecated.', E_USER_DEPRECATED); unset($_SESSION[$variable]); } function tep_session_id($sessid = '') { + trigger_error('The tep_session_id function has been deprecated.', E_USER_DEPRECATED); if ($sessid != '') { return session_id($sessid); } else { @@ -125,6 +119,7 @@ function tep_session_id($sessid = '') { } function tep_session_name($name = '') { + trigger_error('The tep_session_name function has been deprecated.', E_USER_DEPRECATED); if ($name != '') { return session_name($name); } else { @@ -133,21 +128,23 @@ function tep_session_name($name = '') { } function tep_session_close() { + trigger_error('The tep_session_close function has been deprecated.', E_USER_DEPRECATED); return session_write_close(); } function tep_session_destroy() { - if ( isset($_COOKIE[tep_session_name()]) ) { + if ( isset($_COOKIE[session_name()]) ) { $session_data = session_get_cookie_params(); - setcookie(tep_session_name(), '', time()-42000, $session_data['path'], $session_data['domain']); - unset($_COOKIE[tep_session_name()]); + setcookie(session_name(), '', time()-42000, $session_data['path'], $session_data['domain']); + unset($_COOKIE[session_name()]); } return session_destroy(); } function tep_session_save_path($path = '') { + trigger_error('The tep_session_save_path function has been deprecated.', E_USER_DEPRECATED); if ($path != '') { return session_save_path($path); } else { diff --git a/admin/includes/languages/english.php b/admin/includes/languages/english.php index 41f2d93bf..a9ff12e9c 100644 --- a/admin/includes/languages/english.php +++ b/admin/includes/languages/english.php @@ -37,7 +37,7 @@ // header text in includes/header.php const HEADER_TITLE_ONLINE_CATALOG = 'Your Shop'; const HEADER_TITLE_PHOENIX_CLUB = 'Phoenix Club'; -const HEADER_TITLE_PHOENIX_WIKI = 'Phoenix WIKI'; +const HEADER_TITLE_PHOENIX_WIKI = 'User Guide'; const HEADER_TITLE_CERTIFIED_ADDONS = 'Certified Addons & Services'; const HEADER_TITLE_LOGOFF = '%s, securely logoff'; diff --git a/admin/includes/languages/english/modules/security_check/session_storage.php b/admin/includes/languages/english/modules/security_check/session_storage.php index fd0235c2d..832fb6f1b 100644 --- a/admin/includes/languages/english/modules/security_check/session_storage.php +++ b/admin/includes/languages/english/modules/security_check/session_storage.php @@ -10,6 +10,5 @@ Released under the GNU General Public License */ -define('WARNING_SESSION_DIRECTORY_NON_EXISTENT', 'The sessions directory does not exist: ' . tep_session_save_path() . '. Sessions will not work until this directory is created.'); -define('WARNING_SESSION_DIRECTORY_NOT_WRITEABLE', 'I am not able to write to the sessions directory: ' . tep_session_save_path() . '. Sessions will not work until the right user permissions are set.'); -?> +const WARNING_SESSION_DIRECTORY_NON_EXISTENT = 'The sessions directory does not exist: "%s". Sessions will not work until this directory is created.'; +const WARNING_SESSION_DIRECTORY_NOT_WRITEABLE = 'I am not able to write to the sessions directory: "%s". Sessions will not work until the right user permissions are set.'; diff --git a/admin/includes/modules/security_check/session_storage.php b/admin/includes/modules/security_check/session_storage.php index 5587ff4d0..3dd2f123b 100644 --- a/admin/includes/modules/security_check/session_storage.php +++ b/admin/includes/modules/security_check/session_storage.php @@ -25,11 +25,11 @@ function pass() { function getMessage() { if (defined('DIR_FS_SESSION') && DIR_FS_SESSION) { if (!is_dir(DIR_FS_SESSION)) { - return WARNING_SESSION_DIRECTORY_NON_EXISTENT; + return sprintf(WARNING_SESSION_DIRECTORY_NON_EXISTENT, session_save_path()); } if (!is_writable(DIR_FS_SESSION)) { - return WARNING_SESSION_DIRECTORY_NOT_WRITEABLE; + return sprintf(WARNING_SESSION_DIRECTORY_NOT_WRITEABLE, session_save_path()); } } } diff --git a/admin/languages.php b/admin/languages.php index f9f1547e3..67182ba03 100644 --- a/admin/languages.php +++ b/admin/languages.php @@ -23,7 +23,7 @@ 'code' => Text::prepare(substr($_POST['code'], 0, 2)), 'image' => Text::prepare($_POST['image']), 'directory' => Text::prepare($_POST['directory']), - 'sort_order' => (int)Text::prepare($_POST['sort_order']), + 'sort_order' => (int)Text::input($_POST['sort_order']), ]; } @@ -50,7 +50,7 @@ tep_redirect(tep_href_link('languages.php', (isset($_GET['page']) ? 'page=' . (int)$_GET['page'] . '&' : '') . 'lID=' . $lID)); break; case 'save': - $lID = Text::prepare($_GET['lID']); + $lID = Text::input($_GET['lID']); tep_db_perform('languages', $sql_data, 'update', "languages_id = " . (int)$lID); if (isset($_POST['default']) && $_POST['default'] == 'on') { @@ -62,7 +62,7 @@ tep_redirect(tep_href_link('languages.php', (isset($_GET['page']) ? 'page=' . (int)$_GET['page'] . '&' : '') . 'lID=' . $lID)); break; case 'deleteconfirm': - $lID = Text::prepare($_GET['lID']); + $lID = Text::input($_GET['lID']); $lng_query = tep_db_query("SELECT languages_id FROM languages WHERE code = '" . DEFAULT_LANGUAGE . "'"); $lng = $lng_query->fetch_assoc(); @@ -87,7 +87,7 @@ tep_redirect(tep_href_link('languages.php', (isset($_GET['page']) ? 'page=' . (int)$_GET['page'] : ''))); break; case 'delete': - $lID = Text::prepare($_GET['lID']); + $lID = Text::input($_GET['lID']); $lng_query = tep_db_query("SELECT code FROM languages WHERE languages_id = " . (int)$lID); $lng = $lng_query->fetch_assoc(); diff --git a/admin/products_attributes.php b/admin/products_attributes.php index c2179317c..d1a2e0f64 100644 --- a/admin/products_attributes.php +++ b/admin/products_attributes.php @@ -26,13 +26,13 @@ if (!Text::is_empty($action)) { switch ($action) { case 'add_product_options': - $products_options_id = Text::prepare($_POST['products_options_id']); + $products_options_id = Text::input($_POST['products_options_id']); $option_name_array = $_POST['option_name']; $sort_order_array = $_POST['sort_order']; foreach ($languages as $l) { $option_name = Text::prepare($option_name_array[$l['id']]); - $sort_order = Text::prepare($sort_order_array[$l['id']]); + $sort_order = Text::input($sort_order_array[$l['id']]); tep_db_query("INSERT INTO products_options (products_options_id, products_options_name, language_id, sort_order) VALUES (" . (int)$products_options_id . ", '" . tep_db_input($option_name) . "', " . (int)$l['id'] . ", '" . tep_db_input($sort_order) . "')"); } @@ -44,12 +44,12 @@ case 'add_product_option_values': $value_name_array = $_POST['value_name']; $sort_order_array = $_POST['sort_order']; - $value_id = Text::prepare($_POST['value_id']); - $option_id = Text::prepare($_POST['option_id']); + $value_id = Text::input($_POST['value_id']); + $option_id = Text::input($_POST['option_id']); foreach ($languages as $l) { $value_name = Text::prepare($value_name_array[$l['id']]); - $sort_order = Text::prepare($sort_order_array[$l['id']]); + $sort_order = Text::input($sort_order_array[$l['id']]); tep_db_query("INSERT INTO products_options_values (products_options_values_id, language_id, products_options_values_name, sort_order) VALUES (" . (int)$value_id . ", " . (int)$l['id'] . ", '" . tep_db_input($value_name) . "', '" . tep_db_input($sort_order) . "')"); } @@ -61,11 +61,11 @@ tep_redirect(tep_href_link('products_attributes.php', $page_info)); break; case 'add_product_attributes': - $products_id = Text::prepare($_POST['products_id']); - $options_id = Text::prepare($_POST['options_id']); - $values_id = Text::prepare($_POST['values_id']); - $value_price = Text::prepare($_POST['value_price']); - $price_prefix = Text::prepare($_POST['price_prefix']); + $products_id = Text::input($_POST['products_id']); + $options_id = Text::input($_POST['options_id']); + $values_id = Text::input($_POST['values_id']); + $value_price = Text::input($_POST['value_price']); + $price_prefix = Text::input($_POST['price_prefix']); tep_db_query("INSERT INTO products_attributes (products_id, options_id, options_values_id, options_values_price, price_prefix) VALUES (" . (int)$products_id . ", " . (int)$options_id . ", " . (int)$values_id . ", '" . (float)tep_db_input($value_price) . "', '" . tep_db_input($price_prefix) . "')"); @@ -73,8 +73,8 @@ if (DOWNLOAD_ENABLED == 'true') { $products_attributes_filename = Text::prepare($_POST['products_attributes_filename']); - $products_attributes_maxdays = Text::prepare($_POST['products_attributes_maxdays']); - $products_attributes_maxcount = Text::prepare($_POST['products_attributes_maxcount']); + $products_attributes_maxdays = Text::input($_POST['products_attributes_maxdays']); + $products_attributes_maxcount = Text::input($_POST['products_attributes_maxcount']); if (!Text::is_empty($products_attributes_filename)) { tep_db_query("INSERT INTO products_attributes_download (products_attributes_id, products_attributes_filename, products_attributes_maxdays, products_attributes_maxcount) VALUES (" . (int)$products_attributes_id . ", '" . tep_db_input($products_attributes_filename) . "', '" . tep_db_input($products_attributes_maxdays) . "', '" . tep_db_input($products_attributes_maxcount) . "')"); @@ -88,11 +88,11 @@ case 'update_option_name': $option_name_array = $_POST['option_name']; $sort_order_array = $_POST['sort_order']; - $option_id = Text::prepare($_POST['option_id']); + $option_id = Text::input($_POST['option_id']); foreach ($languages as $l) { $option_name = Text::prepare($option_name_array[$l['id']]); - $sort_order = Text::prepare($sort_order_array[$l['id']]); + $sort_order = Text::input($sort_order_array[$l['id']]); tep_db_query("UPDATE products_options SET products_options_name = '" . tep_db_input($option_name) . "', sort_order = '" . tep_db_input($sort_order) . "' WHERE products_options_id = " . (int)$option_id . " AND language_id = " . (int)$l['id']); } @@ -104,12 +104,12 @@ case 'update_value': $value_name_array = $_POST['value_name']; $sort_order_array = $_POST['sort_order']; - $value_id = Text::prepare($_POST['value_id']); - $option_id = Text::prepare($_POST['option_id']); + $value_id = Text::input($_POST['value_id']); + $option_id = Text::input($_POST['option_id']); foreach ($languages as $l) { $value_name = Text::prepare($value_name_array[$l['id']]); - $sort_order = Text::prepare($sort_order_array[$l['id']]); + $sort_order = Text::input($sort_order_array[$l['id']]); tep_db_query("UPDATE products_options_values SET products_options_values_name = '" . tep_db_input($value_name) . "', sort_order = '" . tep_db_input($sort_order) . "' WHERE products_options_values_id = '" . tep_db_input($value_id) . "' AND language_id = " . (int)$l['id']); } @@ -121,19 +121,19 @@ tep_redirect(tep_href_link('products_attributes.php', $page_info)); break; case 'update_product_attribute': - $products_id = Text::prepare($_POST['products_id']); - $options_id = Text::prepare($_POST['options_id']); - $values_id = Text::prepare($_POST['values_id']); - $value_price = Text::prepare($_POST['value_price']); - $price_prefix = Text::prepare($_POST['price_prefix']); - $attribute_id = Text::prepare($_POST['attribute_id']); + $products_id = Text::input($_POST['products_id']); + $options_id = Text::input($_POST['options_id']); + $values_id = Text::input($_POST['values_id']); + $value_price = Text::input($_POST['value_price']); + $price_prefix = Text::input($_POST['price_prefix']); + $attribute_id = Text::input($_POST['attribute_id']); tep_db_query("UPDATE products_attributes SET products_id = " . (int)$products_id . ", options_id = " . (int)$options_id . ", options_values_id = " . (int)$values_id . ", options_values_price = '" . (float)tep_db_input($value_price) . "', price_prefix = '" . tep_db_input($price_prefix) . "' WHERE products_attributes_id = " . (int)$attribute_id); if (DOWNLOAD_ENABLED == 'true') { $products_attributes_filename = Text::prepare($_POST['products_attributes_filename']); - $products_attributes_maxdays = Text::prepare($_POST['products_attributes_maxdays']); - $products_attributes_maxcount = Text::prepare($_POST['products_attributes_maxcount']); + $products_attributes_maxdays = Text::input($_POST['products_attributes_maxdays']); + $products_attributes_maxcount = Text::input($_POST['products_attributes_maxcount']); if (!Text::is_empty($products_attributes_filename)) { tep_db_query("REPLACE INTO products_attributes_download SET products_attributes_id = " . (int)$attribute_id . ", products_attributes_filename = '" . tep_db_input($products_attributes_filename) . "', products_attributes_maxdays = '" . tep_db_input($products_attributes_maxdays) . "', products_attributes_maxcount = '" . tep_db_input($products_attributes_maxcount) . "'"); @@ -145,7 +145,7 @@ tep_redirect(tep_href_link('products_attributes.php', $page_info)); break; case 'delete_option': - $option_id = Text::prepare($_GET['option_id']); + $option_id = Text::input($_GET['option_id']); tep_db_query("DELETE FROM products_options WHERE products_options_id = " . (int)$option_id); @@ -154,7 +154,7 @@ tep_redirect(tep_href_link('products_attributes.php', $page_info)); break; case 'delete_value': - $value_id = Text::prepare($_GET['value_id']); + $value_id = Text::input($_GET['value_id']); tep_db_query("DELETE FROM products_options_values WHERE products_options_values_id = " . (int)$value_id); tep_db_query("DELETE FROM products_options_values_to_products_options WHERE products_options_values_id = " . (int)$value_id); @@ -164,7 +164,7 @@ tep_redirect(tep_href_link('products_attributes.php', $page_info)); break; case 'delete_attribute': - $attribute_id = Text::prepare($_GET['attribute_id']); + $attribute_id = Text::input($_GET['attribute_id']); tep_db_query("DELETE FROM products_attributes WHERE products_attributes_id = " . (int)$attribute_id); diff --git a/admin/reviews.php b/admin/reviews.php index eabc0bbb1..8be848ce7 100644 --- a/admin/reviews.php +++ b/admin/reviews.php @@ -26,10 +26,10 @@ tep_redirect(tep_href_link('reviews.php', 'rID=' . $_GET['rID'] . (isset($_GET['page']) ? '&page=' . (int)$_GET['page'] : ''))); break; case 'update': - $reviews_id = Text::prepare($_GET['rID']); - $reviews_rating = Text::prepare($_POST['reviews_rating']); + $reviews_id = Text::input($_GET['rID']); + $reviews_rating = Text::input($_POST['reviews_rating']); $reviews_text = Text::prepare($_POST['reviews_text']); - $reviews_status = Text::prepare($_POST['reviews_status']); + $reviews_status = Text::input($_POST['reviews_status']); tep_db_query("UPDATE reviews SET reviews_rating = '" . tep_db_input($reviews_rating) . "', reviews_status = '" . tep_db_input($reviews_status) . "', last_modified = NOW() WHERE reviews_id = " . (int)$reviews_id); tep_db_query("UPDATE reviews_description SET reviews_text = '" . tep_db_input($reviews_text) . "' WHERE reviews_id = " . (int)$reviews_id); @@ -39,7 +39,7 @@ tep_redirect(tep_href_link('reviews.php', 'rID=' . $reviews_id(isset($_GET['page']) ? '&page=' . (int)$_GET['page'] : ''))); break; case 'deleteconfirm': - $reviews_id = Text::prepare($_GET['rID']); + $reviews_id = Text::input($_GET['rID']); tep_db_query("DELETE FROM reviews WHERE reviews_id = " . (int)$reviews_id); tep_db_query("DELETE FROM reviews_description WHERE reviews_id = " . (int)$reviews_id); @@ -49,10 +49,10 @@ tep_redirect(tep_href_link('reviews.php', (isset($_GET['page']) ? 'page=' . (int)$_GET['page'] : ''))); break; case 'addnew': - $products_id = Text::prepare($_POST['products_id']); - $customer_id = Text::prepare($_POST['customer_id']); + $products_id = Text::input($_POST['products_id']); + $customer_id = Text::input($_POST['customer_id']); $review = Text::prepare($_POST['reviews_text']); - $rating = Text::prepare($_POST['reviews_rating']); + $rating = Text::input($_POST['reviews_rating']); tep_db_query("INSERT INTO reviews (products_id, customers_id, customers_name, reviews_rating, date_added, reviews_status) VALUES (" . (int)$products_id . ", " . (int)$customer_id . ", '" . tep_customers_name($customer_id) . "', " . (int)$rating . ", NOW(), 1)"); $insert_id = tep_db_insert_id(); @@ -89,7 +89,7 @@ if ( ('edit' === $action) && isset($_GET['rID']) ) { $form_action = 'preview'; - $rID = Text::prepare($_GET['rID']); + $rID = Text::input($_GET['rID']); $reviews_query = tep_db_query(sprintf(<<<'EOSQL' SELECT r.*, rd.*, p.products_image, pd.products_name @@ -178,7 +178,7 @@ call('specials', 'setFlagAction'); tep_redirect(tep_href_link('specials.php', (isset($_GET['page']) ? 'page=' . (int)$_GET['page'] . '&' : '') . 'sID=' . $_GET['id'])); break; case 'insert': - $products_id = Text::prepare($_POST['products_id']); - $products_price = Text::prepare($_POST['products_price']); - $specials_price = Text::prepare($_POST['specials_price']); - $expires_date = Text::prepare($_POST['expdate']); + $products_id = Text::input($_POST['products_id']); + $products_price = Text::input($_POST['products_price']); + $specials_price = Text::input($_POST['specials_price']); + $expires_date = Text::input($_POST['expdate']); if (substr($specials_price, -1) === '%') { $specials_price = substr($specials_price, 0, -1); @@ -56,12 +56,13 @@ break; case 'update': - $specials_id = Text::prepare($_POST['specials_id']); - $products_price = Text::prepare($_POST['products_price']); - $specials_price = Text::prepare($_POST['specials_price']); - $expires_date = Text::prepare($_POST['expdate']); + $specials_id = Text::input($_POST['specials_id']); + $products_price = Text::input($_POST['products_price']); + $specials_price = Text::input($_POST['specials_price']); + $expires_date = Text::input($_POST['expdate']); if (substr($specials_price, -1) === '%') { + $specials_price = substr($specials_price, 0, -1); $specials_price = ($products_price - (($specials_price / 100) * $products_price)); } @@ -75,10 +76,10 @@ $OSCOM_Hooks->call('specials', 'updateAction'); - tep_redirect(tep_href_link('specials.php', 'sID=' . $specials_id . isset($_GET['page']) ? '&page=' . (int)$_GET['page'] : '')); + tep_redirect(tep_href_link('specials.php', 'sID=' . $specials_id . (isset($_GET['page']) ? '&page=' . (int)$_GET['page'] : ''))); break; case 'deleteconfirm': - $specials_id = Text::prepare($_GET['sID']); + $specials_id = Text::input($_GET['sID']); tep_db_query("DELETE FROM specials WHERE specials_id = " . (int)$specials_id); @@ -102,7 +103,7 @@
diff --git a/admin/testimonials.php b/admin/testimonials.php index 7375ed65e..82cdd8fe6 100644 --- a/admin/testimonials.php +++ b/admin/testimonials.php @@ -10,18 +10,18 @@ Released under the GNU General Public License */ - require('includes/application_top.php'); + require 'includes/application_top.php'; $action = $_GET['action'] ?? ''; $OSCOM_Hooks->call('testimonials', 'preAction'); - if (tep_not_null($action)) { + if (!Text::is_empty($action)) { switch ($action) { case 'setflag': if ( ($_GET['flag'] == '0') || ($_GET['flag'] == '1') ) { if (isset($_GET['tID'])) { - tep_db_query("update testimonials set testimonials_status = '" . (int)$_GET['flag'] . "' where testimonials_id = '" . (int)$_GET['tID'] . "'"); + tep_db_query("UPDATE testimonials SET testimonials_status = " . (int)$_GET['flag'] . " WHERE testimonials_id = " . (int)$_GET['tID']); } } @@ -31,23 +31,23 @@ break; case 'update': $customers_id = (int)$_POST['customers_id']; - $customers_name = tep_db_prepare_input($_POST['customer_name']); - $testimonials_id = tep_db_prepare_input($_GET['tID']); - $testimonials_text = tep_db_prepare_input($_POST['testimonials_text']); - $testimonials_status = tep_db_prepare_input($_POST['testimonials_status']); + $customers_name = Text::input($_POST['customer_name']); + $testimonials_id = Text::input($_GET['tID']); + $testimonials_text = Text::prepare($_POST['testimonials_text']); + $testimonials_status = Text::input($_POST['testimonials_status']); - tep_db_query("update testimonials set customers_id = '" . (int)$customers_id . "', customers_name = '" . tep_db_input($customers_name) . "', testimonials_status = '" . tep_db_input($testimonials_status) . "', last_modified = now() where testimonials_id = '" . (int)$testimonials_id . "'"); - tep_db_query("update testimonials_description set testimonials_text = '" . tep_db_input($testimonials_text) . "' where testimonials_id = '" . (int)$testimonials_id . "'"); + tep_db_query("UPDATE testimonials SET customers_id = " . (int)$customers_id . ", customers_name = '" . tep_db_input($customers_name) . "', testimonials_status = '" . tep_db_input($testimonials_status) . "', last_modified = NOW() WHERE testimonials_id = " . (int)$testimonials_id); + tep_db_query("UPDATE testimonials_description SET testimonials_text = '" . tep_db_input($testimonials_text) . "' WHERE testimonials_id = " . (int)$testimonials_id); $OSCOM_Hooks->call('testimonials', 'updateAction'); tep_redirect(tep_href_link('testimonials.php', 'page=' . (int)$_GET['page'] . '&tID=' . $testimonials_id)); break; case 'deleteconfirm': - $testimonials_id = tep_db_prepare_input($_GET['tID']); + $testimonials_id = Text::input($_GET['tID']); - tep_db_query("delete from testimonials where testimonials_id = '" . (int)$testimonials_id . "'"); - tep_db_query("delete from testimonials_description where testimonials_id = '" . (int)$testimonials_id . "'"); + tep_db_query("DELETE FROM testimonials WHERE testimonials_id = " . (int)$testimonials_id); + tep_db_query("DELETE FROM testimonials_description WHERE testimonials_id = " . (int)$testimonials_id); $OSCOM_Hooks->call('testimonials', 'deleteConfirmAction'); @@ -56,12 +56,12 @@ case 'addnew': $customers_id = (int)$_POST['customers_id']; - $customers_name = tep_db_prepare_input($_POST['customer_name']); - $testimonial = tep_db_prepare_input($_POST['testimonials_text']); + $customers_name = Text::input($_POST['customer_name']); + $testimonial = Text::prepare($_POST['testimonials_text']); - tep_db_query("insert into testimonials (customers_id, customers_name, date_added, testimonials_status) values ('" . $customers_id . "', '" . tep_db_input($customers_name) . "', now(), 1)"); + tep_db_query("INSERT INTO testimonials (customers_id, customers_name, date_added, testimonials_status) VALUES (" . $customers_id . ", '" . tep_db_input($customers_name) . "', NOW(), 1)"); $insert_id = tep_db_insert_id(); - tep_db_query("insert into testimonials_description (testimonials_id, languages_id, testimonials_text) values ('" . (int)$insert_id . "', '" . (int)$languages_id . "', '" . tep_db_input($testimonial) . "')"); + tep_db_query("INSERT INTO testimonials_description (testimonials_id, languages_id, testimonials_text) VALUES (" . (int)$insert_id . ", " . (int)$languages_id . ", '" . tep_db_input($testimonial) . "')"); $OSCOM_Hooks->call('testimonials', 'addNewAction'); @@ -72,64 +72,67 @@ $OSCOM_Hooks->call('testimonials', 'postAction'); - require('includes/template_top.php'); + require 'includes/template_top.php'; ?>
-

+

-
fetch_assoc(); $tInfo = new objectInfo($testimonials); - if (!isset($tInfo->testimonials_status)) $tInfo->testimonials_status = '1'; - switch ($tInfo->testimonials_status) { - case '0': $in_status = false; $out_status = true; break; - case '1': - default: $in_status = true; $out_status = false; + if (!isset($tInfo->testimonials_status)) { + $tInfo->testimonials_status = '1'; } + $in_status = '1' === $tInfo->testimonials_status; + $out_status = !$in_status; ?> - +
- +
- - + +
- - + +
- +
- customers_id); ?> + customers_id) ?>
- +
customers_name, 'required aria-required="true" id="inputNick"'); ?> @@ -137,21 +140,21 @@
- +
- testimonials_text, 'required aria-required="true" id="inputText" aria-describedby="TextHelp"'); ?> - + testimonials_text, 'required aria-required="true" id="inputText" aria-describedby="TextHelp"') ?> +
- call('testimonials', 'formEdit'); + call('testimonials', 'formEdit'), - echo tep_draw_hidden_field('testimonials_id', $tInfo->testimonials_id); - echo tep_draw_hidden_field('customers_name', $tInfo->customers_name); - echo tep_draw_hidden_field('date_added', $tInfo->date_added); + tep_draw_hidden_field('testimonials_id', $tInfo->testimonials_id), + tep_draw_hidden_field('customers_name', $tInfo->customers_name), + tep_draw_hidden_field('date_added', $tInfo->date_added), - echo tep_draw_bootstrap_button(IMAGE_SAVE, 'fas fa-save', null, 'primary', null, 'btn-success btn-block btn-lg'); + tep_draw_bootstrap_button(IMAGE_SAVE, 'fas fa-save', null, 'primary', null, 'btn-success btn-block btn-lg') ?> @@ -162,14 +165,14 @@ ?>
- +
- +
- +
@@ -177,17 +180,17 @@
- +
- - + +
- call('testimonials', 'formNew'); + call('testimonials', 'formNew'), - echo tep_draw_bootstrap_button(IMAGE_SAVE, 'fas fa-pen', null, 'primary', null, 'btn-success btn-block btn-lg'); + tep_draw_bootstrap_button(IMAGE_SAVE, 'fas fa-pen', null, 'primary', null, 'btn-success btn-block btn-lg') ?> @@ -201,28 +204,28 @@ - - - - - + + + + + fetch_assoc()) { + if (!isset($tInfo) && (!isset($_GET['tID']) || ($_GET['tID'] == $testimonials['testimonials_id']))) { + $testimonials_text_query = tep_db_query("SELECT * FROM testimonials_description WHERE testimonials_id = " . (int)$testimonials['testimonials_id'] . " ORDER BY languages_id = " . (int)$_SESSION['languages_id'] . " DESC LIMIT 1"); + $testimonials_text = $testimonials_text_query->fetch_assoc(); $tInfo_array = array_merge($testimonials, $testimonials_text); $tInfo = new objectInfo($tInfo_array); } - if (isset($tInfo) && is_object($tInfo) && ($testimonials['testimonials_id'] == $tInfo->testimonials_id) ) { + if (isset($tInfo->testimonials_id) && ($testimonials['testimonials_id'] == $tInfo->testimonials_id) ) { echo ''; $icon = ''; } else { @@ -230,15 +233,13 @@ $icon = ''; } ?> - - - - + + + @@ -250,8 +251,8 @@
-
display_count($testimonials_query_numrows, MAX_DISPLAY_SEARCH_RESULTS, $_GET['page'], TEXT_DISPLAY_NUMBER_OF_TESTIMONIALS); ?>
-
display_links($testimonials_query_numrows, MAX_DISPLAY_SEARCH_RESULTS, MAX_DISPLAY_PAGE_LINKS, $_GET['page']); ?>
+
display_count($testimonials_query_numrows, MAX_DISPLAY_SEARCH_RESULTS, $_GET['page'], TEXT_DISPLAY_NUMBER_OF_TESTIMONIALS) ?>
+
display_links($testimonials_query_numrows, MAX_DISPLAY_SEARCH_RESULTS, MAX_DISPLAY_PAGE_LINKS, $_GET['page']) ?>
@@ -274,16 +275,18 @@ $contents[] = ['class' => 'text-center', 'text' => tep_draw_bootstrap_button(IMAGE_EDIT, 'fas fa-cogs', tep_href_link('testimonials.php', 'page=' . (int)$_GET['page'] . '&tID=' . $tInfo->testimonials_id . '&action=edit'), null, null, 'btn-warning mr-2') . tep_draw_bootstrap_button(IMAGE_DELETE, 'fas fa-trash', tep_href_link('testimonials.php', 'page=' . (int)$_GET['page'] . '&tID=' . $tInfo->testimonials_id . '&action=delete'), null, null, 'btn-danger')]; $contents[] = ['text' => sprintf(TEXT_INFO_DATE_ADDED, tep_date_short($tInfo->date_added))]; - if (tep_not_null($tInfo->last_modified)) $contents[] = ['text' => sprintf(TEXT_INFO_LAST_MODIFIED, tep_date_short($tInfo->last_modified))]; + if (!Text::is_empty($tInfo->last_modified)) { + $contents[] = ['text' => sprintf(TEXT_INFO_LAST_MODIFIED, tep_date_short($tInfo->last_modified))]; + } $contents[] = ['text' => sprintf(TEXT_INFO_TESTIMONIAL_AUTHOR, $tInfo->customers_name)]; $contents[] = ['text' => sprintf(TEXT_INFO_TESTIMONIAL_SIZE, str_word_count($tInfo->testimonials_text))]; } break; } - if ( (tep_not_null($heading)) && (tep_not_null($contents)) ) { + if ( ([] !== $heading) && ([] !== $contents) ) { echo '
'; - $box = new box; + $box = new box(); echo $box->infoBox($heading, $contents); echo '
'; } @@ -292,6 +295,6 @@ } - require('includes/template_bottom.php'); - require('includes/application_bottom.php'); + require 'includes/template_bottom.php'; + require 'includes/application_bottom.php'; ?> diff --git a/advanced_search.php b/advanced_search.php index 72dd02ace..c4bf384aa 100644 --- a/advanced_search.php +++ b/advanced_search.php @@ -12,7 +12,7 @@ require 'includes/application_top.php'; - require "includes/languages/$language/advanced_search.php"; + require language::map_to_translation('advanced_search.php'); require $oscTemplate->map_to_template(__FILE__, 'page'); diff --git a/advanced_search_result.php b/advanced_search_result.php index 23bbc7861..32995f9ed 100644 --- a/advanced_search_result.php +++ b/advanced_search_result.php @@ -12,7 +12,7 @@ require 'includes/application_top.php'; - require "includes/languages/$language/advanced_search.php"; + require language::map_to_translation('advanced_search.php'); $error = false; @@ -42,42 +42,34 @@ } if (isset($_GET['keywords'])) { - $keywords = tep_db_prepare_input($_GET['keywords']); + $keywords = Text::input($_GET['keywords']); } $price_check_error = false; - if (tep_not_null($pfrom)) { - if (!settype($pfrom, 'double')) { - $error = true; - $price_check_error = true; + if (!Text::is_empty($pfrom) && !settype($pfrom, 'double')) { + $error = true; + $price_check_error = true; - $messageStack->add_session('search', ERROR_PRICE_FROM_MUST_BE_NUM); - } + $messageStack->add_session('search', ERROR_PRICE_FROM_MUST_BE_NUM); } - if (tep_not_null($pto)) { - if (!settype($pto, 'double')) { - $error = true; - $price_check_error = true; + if (!Text::is_empty($pto) && !settype($pto, 'double')) { + $error = true; + $price_check_error = true; - $messageStack->add_session('search', ERROR_PRICE_TO_MUST_BE_NUM); - } + $messageStack->add_session('search', ERROR_PRICE_TO_MUST_BE_NUM); } - if (!$price_check_error && is_float($pfrom) && is_float($pto)) { - if ($pfrom >= $pto) { - $error = true; + if (!$price_check_error && is_float($pfrom) && is_float($pto) && ($pfrom >= $pto)) { + $error = true; - $messageStack->add_session('search', ERROR_PRICE_TO_LESS_THAN_PRICE_FROM); - } + $messageStack->add_session('search', ERROR_PRICE_TO_LESS_THAN_PRICE_FROM); } - if (tep_not_null($keywords)) { - if (!tep_parse_search_string($keywords, $search_keywords)) { - $error = true; + if (!Text::is_empty($keywords) && !tep_parse_search_string($keywords, $search_keywords)) { + $error = true; - $messageStack->add_session('search', ERROR_INVALID_KEYWORDS); - } + $messageStack->add_session('search', ERROR_INVALID_KEYWORDS); } } @@ -93,13 +85,13 @@ $select_str = "SELECT DISTINCT p.products_id, m.*, p.*, pd.*, p.products_quantity AS in_stock, IF(s.status, s.specials_new_products_price, NULL) AS specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) AS final_price, IF(s.status, 1, 0) AS is_special "; - if ( (DISPLAY_PRICE_WITH_TAX == 'true') && (tep_not_null($pfrom) || tep_not_null($pto)) ) { + if ( (DISPLAY_PRICE_WITH_TAX == 'true') && (!Text::is_empty($pfrom) || !Text::is_empty($pto)) ) { $select_str .= ", SUM(tr.tax_rate) AS tax_rate "; } $from_str = "FROM products p LEFT JOIN manufacturers m using(manufacturers_id) LEFT JOIN specials s ON p.products_id = s.products_id"; - if ( (DISPLAY_PRICE_WITH_TAX == 'true') && (tep_not_null($pfrom) || tep_not_null($pto)) ) { + if ( (DISPLAY_PRICE_WITH_TAX == 'true') && (!Text::is_empty($pfrom) || !Text::is_empty($pto)) ) { if (isset($_SESSION['customer_id'])) { $country_id = $customer->get_country_id(); $zone_id = $customer->get_zone_id(); @@ -114,7 +106,7 @@ $where_str = " WHERE p.products_status = 1 AND p.products_id = pd.products_id AND pd.language_id = " . (int)$languages_id . " AND p.products_id = p2c.products_id AND p2c.categories_id = c.categories_id "; - if (isset($_GET['categories_id']) && tep_not_null($_GET['categories_id'])) { + if (isset($_GET['categories_id']) && !Text::is_empty($_GET['categories_id'])) { if (isset($_GET['inc_subcat']) && ($_GET['inc_subcat'] == '1')) { $subcategories_array = []; tep_get_subcategories($subcategories_array, $_GET['categories_id']); @@ -131,7 +123,7 @@ } } - if (isset($_GET['manufacturers_id']) && tep_not_null($_GET['manufacturers_id'])) { + if (isset($_GET['manufacturers_id']) && !Text::is_empty($_GET['manufacturers_id'])) { $where_str .= " AND m.manufacturers_id = " . (int)$_GET['manufacturers_id']; } @@ -146,7 +138,7 @@ $where_str .= " " . $search_keyword . " "; break; default: - $keyword = tep_db_prepare_input($search_keyword); + $keyword = Text::input($search_keyword); $where_str .= "("; if ( (defined('MODULE_HEADER_TAGS_PRODUCT_META_KEYWORDS_STATUS')) && (MODULE_HEADER_TAGS_PRODUCT_META_KEYWORDS_STATUS == 'True') ) { $where_str .= "pd.products_seo_keywords LIKE '%" . tep_db_input($keyword) . "%' OR "; @@ -160,7 +152,7 @@ $where_str .= " )"; } - if (tep_not_null($pfrom)) { + if (!Text::is_empty($pfrom)) { if ($currencies->is_set($currency)) { $rate = $currencies->get_value($currency); @@ -168,7 +160,7 @@ } } - if (tep_not_null($pto)) { + if (!Text::is_empty($pto)) { if (isset($rate)) { $pto = $pto / $rate; } @@ -182,7 +174,7 @@ if ($pto > 0) $where_str .= " AND (IF(s.status, s.specials_new_products_price, p.products_price) <= " . (double)$pto . ")"; } - if ( (DISPLAY_PRICE_WITH_TAX == 'true') && (tep_not_null($pfrom) || tep_not_null($pto)) ) { + if ( (DISPLAY_PRICE_WITH_TAX == 'true') && (!Text::is_empty($pfrom) || !Text::is_empty($pto)) ) { $where_str .= " GROUP BY p.products_id, tr.tax_priority"; } diff --git a/checkout_confirmation.php b/checkout_confirmation.php index 142552e57..97c810da3 100644 --- a/checkout_confirmation.php +++ b/checkout_confirmation.php @@ -14,15 +14,14 @@ require 'includes/system/segments/checkout/pipeline.php'; - if (isset($_POST['comments']) && tep_not_null($_POST['comments'])) { - $_SESSION['comments'] = tep_db_prepare_input($_POST['comments']); - } elseif (!array_key_exists('comments', $_SESSION)) { + if (isset($_POST['comments']) && !Text::is_empty($_POST['comments'])) { + $_SESSION['comments'] = Text::input($_POST['comments']); + } elseif (!isset($_SESSION['comments']) && !array_key_exists('comments', $_SESSION)) { $_SESSION['comments'] = null; } - require "includes/languages/$language/checkout_confirmation.php"; + require language::map_to_translation('checkout_confirmation.php'); require $oscTemplate->map_to_template(__FILE__, 'page'); require 'includes/application_bottom.php'; -?> diff --git a/checkout_payment.php b/checkout_payment.php index 6ad7540cf..5b6b2cfee 100644 --- a/checkout_payment.php +++ b/checkout_payment.php @@ -14,13 +14,13 @@ require 'includes/system/segments/checkout/pipeline.php'; - if (isset($_POST['comments']) && tep_not_null($_POST['comments'])) { - $_SESSION['comments'] = tep_db_prepare_input($_POST['comments']); - } elseif (!array_key_exists('comments', $_SESSION)) { + if (isset($_POST['comments']) && !Text::is_empty($_POST['comments'])) { + $_SESSION['comments'] = Text::input($_POST['comments']); + } elseif (!isset($_SESSION['comments']) && !array_key_exists('comments', $_SESSION)) { $_SESSION['comments'] = null; } - require "includes/languages/$language/checkout_payment.php"; + require language::map_to_translation('checkout_payment.php'); require $oscTemplate->map_to_template(__FILE__, 'page'); diff --git a/checkout_payment_address.php b/checkout_payment_address.php index d5580f140..0846f15a1 100644 --- a/checkout_payment_address.php +++ b/checkout_payment_address.php @@ -15,11 +15,11 @@ require 'includes/system/segments/checkout/pipeline.php'; if (!$customer_data->has('address')) { - tep_redirect(tep_href_link('checkout_payment.php', '', 'SSL')); + tep_redirect(tep_href_link('checkout_payment.php')); } // needs to be included earlier to set the success message in the messageStack - require "includes/languages/$language/checkout_payment_address.php"; + require language::map_to_translation('checkout_payment_address.php'); $message_stack_area = 'checkout_address'; @@ -36,7 +36,7 @@ unset($_SESSION['payment']); - tep_redirect(tep_href_link('checkout_payment.php', '', 'SSL')); + tep_redirect(tep_href_link('checkout_payment.php')); } elseif (isset($_POST['address'])) { // process the selected billing destination $reset_payment = isset($_SESSION['billto']) && ($_SESSION['billto'] != $_POST['address']) && isset($_SESSION['payment']); @@ -46,7 +46,7 @@ if ($reset_payment) { unset($_SESSION['payment']); } - tep_redirect(tep_href_link('checkout_payment.php', '', 'SSL')); + tep_redirect(tep_href_link('checkout_payment.php')); } else { unset($_SESSION['billto']); } diff --git a/checkout_shipping.php b/checkout_shipping.php index 8f79f21b4..d4e034219 100644 --- a/checkout_shipping.php +++ b/checkout_shipping.php @@ -41,11 +41,11 @@ $_SESSION['shipping'] = $shipping_modules->cheapest(); } - require "includes/languages/$language/checkout_shipping.php"; + require language::map_to_translation('checkout_shipping.php'); if ( defined('SHIPPING_ALLOW_UNDEFINED_ZONES') && (SHIPPING_ALLOW_UNDEFINED_ZONES == 'False') && !$_SESSION['shipping'] ) { $messageStack->add_session('checkout_address', ERROR_NO_SHIPPING_AVAILABLE_TO_SHIPPING_ADDRESS); - tep_redirect(tep_href_link('checkout_shipping_address.php', '', 'SSL')); + tep_redirect(tep_href_link('checkout_shipping_address.php')); } require $oscTemplate->map_to_template(__FILE__, 'page'); diff --git a/checkout_shipping_address.php b/checkout_shipping_address.php index 898c35126..8c3ba84e0 100644 --- a/checkout_shipping_address.php +++ b/checkout_shipping_address.php @@ -15,7 +15,7 @@ require 'includes/system/segments/checkout/pipeline.php'; // needs to be included earlier to set the success message in the messageStack - require "includes/languages/$language/checkout_shipping_address.php"; + require language::map_to_translation('checkout_shipping_address.php'); $message_stack_area = 'checkout_address'; @@ -33,7 +33,7 @@ unset($_SESSION['shipping']); - tep_redirect(tep_href_link('checkout_shipping.php', '', 'SSL')); + tep_redirect(tep_href_link('checkout_shipping.php')); } } elseif (isset($_POST['address']) && tep_validate_form_action_is('select')) { // change to the selected shipping destination @@ -45,7 +45,7 @@ unset($_SESSION['shipping']); } - tep_redirect(tep_href_link('checkout_shipping.php', '', 'SSL')); + tep_redirect(tep_href_link('checkout_shipping.php')); } else { unset($_SESSION['sendto']); } diff --git a/checkout_success.php b/checkout_success.php index 310845f80..e7183b8d5 100644 --- a/checkout_success.php +++ b/checkout_success.php @@ -20,19 +20,19 @@ $orders_query = tep_db_query("SELECT orders_id FROM orders WHERE customers_id = " . (int)$_SESSION['customer_id'] . " ORDER BY date_purchased DESC LIMIT 1"); // redirect to shopping cart page if no orders exist - if ( !tep_db_num_rows($orders_query) ) { + if ( !mysqli_num_rows($orders_query) ) { tep_redirect(tep_href_link('shopping_cart.php')); } - $orders = tep_db_fetch_array($orders_query); + $orders = $orders_query->fetch_assoc(); $order_id = $orders['orders_id']; - if ( isset($_GET['action']) && ($_GET['action'] == 'update') ) { + if ( isset($_GET['action']) && ($_GET['action'] === 'update') ) { tep_redirect(tep_href_link('index.php')); } - require "includes/languages/$language/checkout_success.php"; + require language::map_to_translation('checkout_success.php'); require $oscTemplate->map_to_template(__FILE__, 'page'); diff --git a/conditions.php b/conditions.php index 54dd56ead..0b040ca6f 100644 --- a/conditions.php +++ b/conditions.php @@ -12,7 +12,7 @@ require 'includes/application_top.php'; - require "includes/languages/$language/conditions.php"; + require language::map_to_translation('conditions.php'); require $oscTemplate->map_to_template(__FILE__, 'page'); diff --git a/cookie_usage.php b/cookie_usage.php index a1c67c5be..818dd8170 100644 --- a/cookie_usage.php +++ b/cookie_usage.php @@ -12,7 +12,7 @@ require 'includes/application_top.php'; - require "includes/languages/$language/cookie_usage.php"; + require language::map_to_translation('cookie_usage.php'); require $oscTemplate->map_to_template(__FILE__, 'page'); diff --git a/create_account_success.php b/create_account_success.php index 830bc23bb..c290e8eae 100644 --- a/create_account_success.php +++ b/create_account_success.php @@ -12,8 +12,7 @@ require 'includes/application_top.php'; - require "includes/languages/$language/create_account_success.php"; + require language::map_to_translation('create_account_success.php'); require $oscTemplate->map_to_template(__FILE__, 'page'); require 'includes/application_bottom.php'; -?> diff --git a/ext/modules/content/account/set_password.php b/ext/modules/content/account/set_password.php index a68af921c..cb9938799 100644 --- a/ext/modules/content/account/set_password.php +++ b/ext/modules/content/account/set_password.php @@ -14,27 +14,27 @@ require 'includes/application_top.php'; if (!isset($_SESSION['customer_id'])) { - tep_redirect(tep_href_link('login.php', '', 'SSL')); + tep_redirect(tep_href_link('login.php')); } if ( MODULE_CONTENT_ACCOUNT_SET_PASSWORD_ALLOW_PASSWORD != 'True' ) { - tep_redirect(tep_href_link('account.php', '', 'SSL')); + tep_redirect(tep_href_link('account.php')); } if (!$customer_data->has(['password'])) { - tep_redirect(tep_href_link('account.php', '', 'SSL')); + tep_redirect(tep_href_link('account.php')); } $check_customer_query = tep_db_query($customer_data->build_read(['password'], 'both', ['id' => (int)$_SESSION['customer_id']])); - $check_customer = tep_db_fetch_array($check_customer_query); + $check_customer = $check_customer_query->fetch_assoc(); // only allow to set the password when it is blank if ( !empty($customer_data->get('password', $check_customer)) ) { - tep_redirect(tep_href_link('account.php', '', 'SSL')); + tep_redirect(tep_href_link('account.php')); } // needs to be included earlier to set the success message in the messageStack - require "includes/languages/$language/modules/content/account/cm_account_set_password.php"; + require language::map_to_translation('modules/content/account/cm_account_set_password.php'); $page_fields = ['password', 'password_confirmation']; @@ -48,7 +48,7 @@ $messageStack->add_session('account', MODULE_CONTENT_ACCOUNT_SET_PASSWORD_SUCCESS_PASSWORD_SET, 'success'); - tep_redirect(tep_href_link('account.php', '', 'SSL')); + tep_redirect(tep_href_link('account.php')); } } diff --git a/ext/modules/content/reviews/write.php b/ext/modules/content/reviews/write.php index e8643aef0..fa3790fe6 100644 --- a/ext/modules/content/reviews/write.php +++ b/ext/modules/content/reviews/write.php @@ -13,72 +13,61 @@ chdir('../../../../'); require 'includes/application_top.php'; - $OSCOM_Hooks->register_pipeline('loginRequired'); + $hooks->register_pipeline('loginRequired'); if (!isset($_GET['products_id'])) { tep_redirect(tep_href_link('index.php')); } - require "includes/languages/$language/modules/content/reviews/write.php"; + require language::map_to_translation('modules/content/reviews/write.php'); $reviewed = []; $reviewed_products_query = tep_db_query("SELECT DISTINCT products_id FROM reviews WHERE customers_id = " . (int)$_SESSION['customer_id']); - while ($reviewed_products = tep_db_fetch_array($reviewed_products_query)) { + while ($reviewed_products = $reviewed_products_query->fetch_assoc()) { $reviewed[] = $reviewed_products['products_id']; } if (in_array((int)$_GET['products_id'], $reviewed)) { - $messageStack->add_session('product_action', sprintf(TEXT_ALREADY_REVIEWED, $customer->get_short_name()), 'error'); + $messageStack->add_session('product_action', sprintf(TEXT_ALREADY_REVIEWED, $customer->get('short_name')), 'error'); tep_redirect(tep_href_link('product_info.php', tep_get_all_get_params(['action']))); } - if (ALLOW_ALL_REVIEWS == 'false') { + if (ALLOW_ALL_REVIEWS === 'false') { $purchased = []; - $purchased_products_array = tep_db_query("SELECT DISTINCT op.products_id FROM orders o, orders_products op WHERE o.customers_id = " . (int)$_SESSION['customer_id'] . " AND o.orders_id = op.orders_id GROUP BY products_id"); + $purchased_products_query = tep_db_query("SELECT DISTINCT op.products_id FROM orders o, orders_products op WHERE o.customers_id = " . (int)$_SESSION['customer_id'] . " AND o.orders_id = op.orders_id GROUP BY products_id"); - while ($purchased_products = tep_db_fetch_array($purchased_products_array)) { + while ($purchased_products = $purchased_products_query->fetch_assoc()) { $purchased[] = $purchased_products['products_id']; } $allowable_reviews = array_diff($purchased, $reviewed); if (!in_array((int)$_GET['products_id'], $allowable_reviews)) { - $messageStack->add_session('product_action', sprintf(TEXT_NOT_PURCHASED, $customer->get_short_name()), 'error'); + $messageStack->add_session('product_action', sprintf(TEXT_NOT_PURCHASED, $customer->get('short_name')), 'error'); tep_redirect(tep_href_link('product_info.php', tep_get_all_get_params(['action']))); } } - $product_info_query = tep_db_query(sprintf(<<<'EOSQL' -SELECT p.*, pd.*, SUBSTRING_INDEX(pd.products_description, ' ', 40) AS products_description - FROM products p INNER JOIN products_description pd ON p.products_id = pd.products_id - WHERE p.products_status = 1 AND p.products_id = %d AND pd.language_id = %d -EOSQL - , (int)$_GET['products_id'], (int)$_SESSION['languages_id'])); - - if (!tep_db_num_rows($product_info_query)) { + if (!$product->get('status')) { tep_redirect(tep_href_link('product_info.php', 'products_id=' . (int)$_GET['products_id'])); } - $product_info = tep_db_fetch_array($product_info_query); - if (tep_validate_form_action_is('process')) { - $rating = tep_db_prepare_input($_POST['rating']); - $review = tep_db_prepare_input($_POST['review']); - $nickname = tep_db_prepare_input($_POST['nickname']); - - if (ALLOW_ALL_REVIEWS == 'false') { - if ($_POST['nickname'] != $customer->get_short_name()) { - $nickname = sprintf(VERIFIED_BUYER, $nickname); - } + $rating = Text::input($_POST['rating']); + $review = Text::input($_POST['review']); + $nickname = Text::input($_POST['nickname']); + + if ((ALLOW_ALL_REVIEWS === 'false') && ($_POST['nickname'] != $customer->get('short_name'))) { + $nickname = sprintf(VERIFIED_BUYER, $nickname); } tep_db_query("INSERT INTO reviews (products_id, customers_id, customers_name, reviews_rating, date_added) VALUES ('" . (int)$_GET['products_id'] . "', '" . (int)$_SESSION['customer_id'] . "', '" . tep_db_input($nickname) . "', '" . tep_db_input($rating) . "', NOW())"); $insert_id = tep_db_insert_id(); tep_db_query("INSERT INTO reviews_description (reviews_id, languages_id, reviews_text) VALUES ('" . (int)$insert_id . "', '" . (int)$_SESSION['languages_id'] . "', '" . tep_db_input($review) . "')"); - + $OSCOM_Hooks->call('write', 'addNewAction'); $messageStack->add_session('product_action', sprintf(TEXT_REVIEW_RECEIVED, $nickname), 'success'); @@ -86,12 +75,5 @@ tep_redirect(tep_href_link('product_info.php', tep_get_all_get_params(['action']))); } - $tax_rate = tep_get_tax_rate($product_info['products_tax_class_id'], $customer->get_country_id(), $customer->get_zone_id()); - if ($new_price = tep_get_products_special_price($product_info['products_id'])) { - $products_price = '' . $currencies->display_price($product_info['products_price'], $tax_rate) . '' . $currencies->display_price($new_price, $tax_rate) . ''; - } else { - $products_price = $currencies->display_price($product_info['products_price'], $tax_rate); - } - require $oscTemplate->map_to_template(__FILE__, 'ext'); require 'includes/application_bottom.php'; diff --git a/ext/modules/payment/rbsworldpay/hosted_callback.php b/ext/modules/payment/rbsworldpay/hosted_callback.php index 1c374d946..a1e99127a 100644 --- a/ext/modules/payment/rbsworldpay/hosted_callback.php +++ b/ext/modules/payment/rbsworldpay/hosted_callback.php @@ -14,11 +14,18 @@ require 'includes/application_top.php'; if ( !defined('MODULE_PAYMENT_RBSWORLDPAY_HOSTED_STATUS') || (MODULE_PAYMENT_RBSWORLDPAY_HOSTED_STATUS != 'True') ) { - exit; + exit(); } - include 'includes/languages/' . basename($_POST['M_lang']) . '/modules/payment/rbsworldpay_hosted.php'; - include 'includes/modules/payment/rbsworldpay_hosted.php'; + if (isset($_SESSION['language'])) { + if ($_SESSION['language'] != $_POST['M_lang']) { +// bypass autoloader's language selection by loading language and module files manually + include language::map_to_translation('/modules/payment/rbsworldpay_hosted.php', basename($_POST['M_lang'])); + include 'includes/modules/payment/rbsworldpay_hosted.php'; + } + } elseif (isset($lng->catalog_languages[$_POST['M_lang']])) { + $_SESSION['language'] = $_POST['M_lang']; + } $rbsworldpay_hosted = new rbsworldpay_hosted(); @@ -26,7 +33,7 @@ if ( is_null($_GET['installation'] ?? $_POST['installation'] ?? null) || (($_GET['installation'] ?? $_POST['installation']) != MODULE_PAYMENT_RBSWORLDPAY_HOSTED_INSTALLATION_ID) ) { $error = true; - } elseif ( tep_not_null(MODULE_PAYMENT_RBSWORLDPAY_HOSTED_CALLBACK_PASSWORD) && (!isset($_POST['callbackPW']) || ($_POST['callbackPW'] != MODULE_PAYMENT_RBSWORLDPAY_HOSTED_CALLBACK_PASSWORD)) ) { + } elseif ( !Text::is_empty(MODULE_PAYMENT_RBSWORLDPAY_HOSTED_CALLBACK_PASSWORD) && (!isset($_POST['callbackPW']) || ($_POST['callbackPW'] != MODULE_PAYMENT_RBSWORLDPAY_HOSTED_CALLBACK_PASSWORD)) ) { $error = true; } elseif ( !isset($_POST['transStatus']) || ($_POST['transStatus'] != 'Y') ) { $error = true; @@ -37,7 +44,7 @@ if ( !$error ) { $order_query = tep_db_query("SELECT orders_id, orders_status, currency, currency_value FROM orders WHERE orders_id = " . (int)$_POST['cartId'] . " AND customers_id = " . (int)$_POST['M_cid']); - if (!tep_db_num_rows($order_query)) { + if (!mysqli_num_rows($order_query)) { $error = true; } } @@ -48,7 +55,7 @@ exit(); } - $order = tep_db_fetch_array($order_query); + $order = $order_query->fetch_assoc(); if ($order['orders_status'] == MODULE_PAYMENT_RBSWORLDPAY_HOSTED_PREPARE_ORDER_STATUS_ID) { $order_status_id = (MODULE_PAYMENT_RBSWORLDPAY_HOSTED_ORDER_STATUS_ID > 0 ? (int)MODULE_PAYMENT_RBSWORLDPAY_HOSTED_ORDER_STATUS_ID : (int)DEFAULT_ORDERS_STATUS_ID); diff --git a/ext/modules/payment/sage_pay/checkout.php b/ext/modules/payment/sage_pay/checkout.php index 009f8a131..2073dab2c 100644 --- a/ext/modules/payment/sage_pay/checkout.php +++ b/ext/modules/payment/sage_pay/checkout.php @@ -27,16 +27,16 @@ // avoid hack attempts during the checkout procedure by checking the internal cartID if ((isset($_SESSION['cart']->cartID, $_SESSION['cartID']) && $_SESSION['cart']->cartID !== $_SESSION['cartID'])) { - tep_redirect(tep_href_link('checkout_shipping.php', '', 'SSL')); + tep_redirect(tep_href_link('checkout_shipping.php')); } // if no shipping method has been selected, redirect the customer to the shipping method selection page if (!isset($_SESSION['shipping'])) { - tep_redirect(tep_href_link('checkout_shipping.php', '', 'SSL')); + tep_redirect(tep_href_link('checkout_shipping.php')); } if (!isset($_SESSION['payment']) || (($_SESSION['payment'] != 'sage_pay_direct') && ($_SESSION['payment'] != 'sage_pay_server')) || (($_SESSION['payment'] == 'sage_pay_server') && !isset($_SESSION['sage_pay_server_nexturl']))) { - tep_redirect(tep_href_link('checkout_payment.php', '', 'SSL')); + tep_redirect(tep_href_link('checkout_payment.php')); } // load the selected payment module @@ -47,7 +47,7 @@ $payment_modules->update_status(); if ( ( is_array($payment_modules->modules) && (count($payment_modules->modules) > 1) && !is_object(${$_SESSION['payment']}) ) || (is_object(${$_SESSION['payment']}) && (${$_SESSION['payment']}->enabled == false)) ) { - tep_redirect(tep_href_link('checkout_payment.php', 'error_message=' . urlencode(ERROR_NO_PAYMENT_MODULE_SELECTED), 'SSL')); + tep_redirect(tep_href_link('checkout_payment.php', 'error_message=' . urlencode(ERROR_NO_PAYMENT_MODULE_SELECTED))); } if (is_array($payment_modules->modules)) { @@ -74,10 +74,10 @@ } } - require "includes/languages/$language/checkout_confirmation.php"; + require language::map_to_translation('checkout_confirmation.php'); if ($_SESSION['payment'] == 'sage_pay_direct') { - $iframe_url = tep_href_link('ext/modules/payment/sage_pay/direct_3dauth.php', '', 'SSL'); + $iframe_url = tep_href_link('ext/modules/payment/sage_pay/direct_3dauth.php'); } else { $iframe_url = $sage_pay_server_nexturl; } diff --git a/ext/modules/payment/sage_pay/direct_3dauth.php b/ext/modules/payment/sage_pay/direct_3dauth.php index 365220c26..d16cb9830 100644 --- a/ext/modules/payment/sage_pay/direct_3dauth.php +++ b/ext/modules/payment/sage_pay/direct_3dauth.php @@ -21,15 +21,15 @@ $OSCOM_Hooks->register_pipeline('loginRequired', $parameters); if (!isset($_SESSION['sage_pay_direct_acsurl'])) { - tep_redirect(tep_href_link('checkout_payment.php', '', 'SSL')); + tep_redirect(tep_href_link('checkout_payment.php')); } if (!isset($_SESSION['payment']) || ($_SESSION['payment'] != 'sage_pay_direct')) { - tep_redirect(tep_href_link('checkout_payment.php', '', 'SSL')); + tep_redirect(tep_href_link('checkout_payment.php')); } - require "includes/languages/$language/checkout_confirmation.php"; - require "includes/languages/$language/modules/payment/sage_pay_direct.php"; + require language::map_to_translation('checkout_confirmation.php'); + require language::map_to_translation('modules/payment/sage_pay_direct.php'); require $oscTemplate->map_to_template(__FILE__, 'ext'); require 'includes/application_bottom.php'; diff --git a/ext/modules/payment/sage_pay/redirect.php b/ext/modules/payment/sage_pay/redirect.php index 0f28f4094..1298b47d1 100644 --- a/ext/modules/payment/sage_pay/redirect.php +++ b/ext/modules/payment/sage_pay/redirect.php @@ -20,19 +20,19 @@ ]; $OSCOM_Hooks->register_pipeline('loginRequired', $parameters); - if ( isset($_GET['payment_error']) && tep_not_null($_GET['payment_error']) ) { - $redirect_url = tep_href_link('checkout_payment.php', 'payment_error=' . $_GET['payment_error'] . (isset($_GET['error']) && tep_not_null($_GET['error']) ? '&error=' . $_GET['error'] : ''), 'SSL'); + if ( isset($_GET['payment_error']) && !Text::is_empty($_GET['payment_error']) ) { + $redirect_url = tep_href_link('checkout_payment.php', 'payment_error=' . $_GET['payment_error'] . (isset($_GET['error']) && !Text::is_empty($_GET['error']) ? '&error=' . $_GET['error'] : '')); } else { $hidden_params = ''; if ('sage_pay_direct' === $_SESSION['payment']) { - $redirect_url = tep_href_link('checkout_process.php', 'check=3D', 'SSL'); + $redirect_url = tep_href_link('checkout_process.php', 'check=3D'); $hidden_params = tep_draw_hidden_field('MD', $_POST['MD']) . tep_draw_hidden_field('PaRes', $_POST['PaRes']); } else { - $redirect_url = tep_href_link('checkout_process.php', '', 'SSL'); + $redirect_url = tep_href_link('checkout_process.php'); } } - require "includes/languages/$language/checkout_confirmation.php"; + require language::map_to_translation('checkout_confirmation.php'); require $oscTemplate->map_to_template(__FILE__, 'ext'); require 'includes/application_bottom.php'; diff --git a/ext/modules/payment/sage_pay/server.php b/ext/modules/payment/sage_pay/server.php index 5a4cc3403..4f62393ed 100644 --- a/ext/modules/payment/sage_pay/server.php +++ b/ext/modules/payment/sage_pay/server.php @@ -11,26 +11,25 @@ */ chdir('../../../../'); - require('includes/application_top.php'); + require 'includes/application_top.php'; if ( !defined('MODULE_PAYMENT_SAGE_PAY_SERVER_STATUS') || (MODULE_PAYMENT_SAGE_PAY_SERVER_STATUS != 'True') ) { - exit; + exit(); } - include('includes/languages/' . $language . '/modules/payment/sage_pay_server.php'); - include('includes/modules/payment/sage_pay_server.php'); + include language::map_to_translation('/modules/payment/sage_pay_server.php'); $sage_pay_server = new sage_pay_server(); $result = null; if ( isset($_GET['skcode']) && isset($_POST['VPSSignature']) && isset($_POST['VPSTxId']) && isset($_POST['VendorTxCode']) && isset($_POST['Status']) ) { - $skcode = tep_db_prepare_input($_GET['skcode']); + $skcode = Text::input($_GET['skcode']); $sp_query = tep_db_query('select securitykey from sagepay_server_securitykeys where code = "' . tep_db_input($skcode) . '" limit 1'); - if ( tep_db_num_rows($sp_query) ) { - $sp = tep_db_fetch_array($sp_query); + if ( mysqli_num_rows($sp_query) ) { + $sp = $sp_query->fetch_assoc(); - $transaction_details = array('ID' => $_POST['VPSTxId']); + $transaction_details = ['ID' => $_POST['VPSTxId']]; $sig = $_POST['VPSTxId'] . $_POST['VendorTxCode'] . $_POST['Status']; @@ -128,7 +127,7 @@ $transaction_details_string .= $k . ': ' . $v . "\n"; } - $transaction_details_string = tep_db_prepare_input($transaction_details_string); + $transaction_details_string = Text::input($transaction_details_string); tep_db_query('update sagepay_server_securitykeys set verified = 1, transaction_details = "' . tep_db_input($transaction_details_string) . '" where code = "' . tep_db_input($skcode) . '"'); @@ -138,9 +137,9 @@ $error = isset($_POST['StatusDetail']) ? $sage_pay_server->getErrorMessageNumber($_POST['StatusDetail']) : null; if ( MODULE_PAYMENT_SAGE_PAY_SERVER_PROFILE_PAGE == 'Normal' ) { - $error_url = tep_href_link('checkout_payment.php', 'payment_error=' . $sage_pay_server->code . (tep_not_null($error) ? '&error=' . $error : ''), 'SSL', false); + $error_url = tep_href_link('checkout_payment.php', 'payment_error=' . $sage_pay_server->code . (Text::is_empty($error) ? '' : '&error=' . $error), 'SSL', false); } else { - $error_url = tep_href_link('ext/modules/payment/sage_pay/redirect.php', 'payment_error=' . $sage_pay_server->code . (tep_not_null($error) ? '&error=' . $error : ''), 'SSL', false); + $error_url = tep_href_link('ext/modules/payment/sage_pay/redirect.php', 'payment_error=' . $sage_pay_server->code . (Text::is_empty($error) ? '' : '&error=' . $error), 'SSL', false); } $result = 'Status=OK' . chr(13) . chr(10) . @@ -168,7 +167,6 @@ tep_session_destroy(); - exit; + exit(); - require('includes/application_bottom.php'); -?> + require 'includes/application_bottom.php'; diff --git a/gdpr.php b/gdpr.php index ec11bed0f..74fe292ff 100644 --- a/gdpr.php +++ b/gdpr.php @@ -18,7 +18,7 @@ $port_my_data = []; $OSCOM_Hooks->call('gdpr', 'injectData'); - require "includes/languages/$language/gdpr.php"; + require language::map_to_translation('gdpr.php'); require $oscTemplate->map_to_template(__FILE__, 'page'); diff --git a/includes/classes/action_recorder.php b/includes/classes/action_recorder.php index 175d726d5..eff4cd944 100644 --- a/includes/classes/action_recorder.php +++ b/includes/classes/action_recorder.php @@ -11,30 +11,21 @@ */ class actionRecorder { - var $_module; - var $_user_id; - var $_user_name; + + public $_module; + public $_user_id; + public $_user_name; function __construct($module, $user_id = null, $user_name = null) { - global $language, $PHP_SELF; - - $module = tep_sanitize_string(str_replace(' ', '', $module)); - - if (defined('MODULE_ACTION_RECORDER_INSTALLED') && tep_not_null(MODULE_ACTION_RECORDER_INSTALLED)) { - if (tep_not_null($module) && in_array($module . '.' . substr($PHP_SELF, (strrpos($PHP_SELF, '.')+1)), explode(';', MODULE_ACTION_RECORDER_INSTALLED))) { - if (!class_exists($module)) { - if (file_exists('includes/modules/action_recorder/' . $module . '.' . substr($PHP_SELF, (strrpos($PHP_SELF, '.')+1)))) { - include('includes/languages/' . $language . '/modules/action_recorder/' . $module . '.' . substr($PHP_SELF, (strrpos($PHP_SELF, '.')+1))); - include('includes/modules/action_recorder/' . $module . '.' . substr($PHP_SELF, (strrpos($PHP_SELF, '.')+1))); - } else { - return false; - } - } - } else { - return false; - } - } else { - return false; + $module = Text::sanitize(str_replace(' ', '', $module)); + + if (!defined('MODULE_ACTION_RECORDER_INSTALLED') + || Text::is_empty(MODULE_ACTION_RECORDER_INSTALLED) + || Text::is_empty($module) + || !in_array("$module.php", explode(';', MODULE_ACTION_RECORDER_INSTALLED)) + || !class_exists($module)) + { + return; } $this->_module = $module; @@ -52,7 +43,7 @@ function __construct($module, $user_id = null, $user_name = null) { } function canPerform() { - if (tep_not_null($this->_module)) { + if (!Text::is_empty($this->_module)) { return $GLOBALS[$this->_module]->canPerform($this->_user_id, $this->_user_name); } @@ -60,27 +51,26 @@ function canPerform() { } function getTitle() { - if (tep_not_null($this->_module)) { + if (!Text::is_empty($this->_module)) { return $GLOBALS[$this->_module]->title; } } function getIdentifier() { - if (tep_not_null($this->_module)) { + if (!Text::is_empty($this->_module)) { return $GLOBALS[$this->_module]->identifier; } } function record($success = true) { - if (tep_not_null($this->_module)) { - tep_db_query("insert into action_recorder (module, user_id, user_name, identifier, success, date_added) values ('" . tep_db_input($this->_module) . "', '" . (int)$this->_user_id . "', '" . tep_db_input($this->_user_name) . "', '" . tep_db_input($this->getIdentifier()) . "', '" . ($success == true ? 1 : 0) . "', now())"); + if (!Text::is_empty($this->_module)) { + tep_db_query("INSERT INTO action_recorder (module, user_id, user_name, identifier, success, date_added) VALUES ('" . tep_db_input($this->_module) . "', '" . (int)$this->_user_id . "', '" . tep_db_input($this->_user_name) . "', '" . tep_db_input($this->getIdentifier()) . "', '" . ($success ? 1 : 0) . "', NOW())"); } } function expireEntries() { - if (tep_not_null($this->_module)) { + if (!Text::is_empty($this->_module)) { return $GLOBALS[$this->_module]->expireEntries(); } } } -?> diff --git a/includes/functions/sessions.php b/includes/functions/sessions.php index 55ec7794d..a425acdc6 100644 --- a/includes/functions/sessions.php +++ b/includes/functions/sessions.php @@ -26,7 +26,7 @@ function _sess_close() { function _sess_read($key) { $value_query = tep_db_query("SELECT value FROM sessions WHERE sesskey = '" . tep_db_input($key) . "'"); - $value = tep_db_fetch_array($value_query); + $value = $value_query->fetch_assoc(); return $value['value'] ?? ''; } @@ -90,6 +90,7 @@ function tep_session_start() { } function tep_session_register($variable) { + trigger_error('The tep_session_register function has been deprecated.', E_USER_DEPRECATED); global $session_started; if ($session_started === true) { @@ -104,10 +105,12 @@ function tep_session_register($variable) { } function tep_session_is_registered($variable) { + trigger_error('The tep_session_is_registered function has been deprecated.', E_USER_DEPRECATED); return isset($_SESSION) && array_key_exists($variable, $_SESSION); } function tep_session_unregister($variable) { + trigger_error('The tep_session_unregister function has been deprecated.', E_USER_DEPRECATED); unset($_SESSION[$variable]); } @@ -120,6 +123,7 @@ function tep_session_id($sessid = '') { } function tep_session_name($name = '') { + trigger_error('The tep_session_name function has been deprecated.', E_USER_DEPRECATED); if (empty($name)) { return session_name(); } @@ -128,6 +132,7 @@ function tep_session_name($name = '') { } function tep_session_close() { + trigger_error('The tep_session_close function has been deprecated.', E_USER_DEPRECATED); return session_write_close(); } @@ -143,6 +148,7 @@ function tep_session_destroy() { } function tep_session_save_path($path = '') { + trigger_error('The tep_session_save_path function has been deprecated.', E_USER_DEPRECATED); if (empty($path)) { return session_save_path(); } @@ -167,5 +173,5 @@ function tep_session_recreate() { } function tep_reset_session_token() { - $_SESSION['sessiontoken'] = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand()); + $_SESSION['sessiontoken'] = md5(mt_rand() . mt_rand() . mt_rand() . mt_rand()); } diff --git a/includes/hooks/admin/siteWide/bootStrap.php b/includes/hooks/admin/siteWide/bootStrap.php index 656188e6f..18729bbcd 100644 --- a/includes/hooks/admin/siteWide/bootStrap.php +++ b/includes/hooks/admin/siteWide/bootStrap.php @@ -11,22 +11,23 @@ */ class hook_admin_siteWide_bootStrap { - var $version = '4.5.3'; - - var $sitestart = null; - var $siteend = null; - - function listen_injectSiteStart() { - $this->sitestart .= '' . PHP_EOL; + + public $version = '4.6.0'; + + public $sitestart = null; + public $siteend = null; + + public function listen_injectSiteStart() { + $this->sitestart = '' . PHP_EOL; return $this->sitestart; } - - function listen_injectSiteEnd() { - $this->siteend .= '' . PHP_EOL; - $this->siteend .= '' . PHP_EOL; + + public function listen_injectSiteEnd() { + $this->siteend = '' . PHP_EOL; + $this->siteend .= '' . PHP_EOL; return $this->siteend; } - + } diff --git a/includes/languages/english/modules/navbar/nb_brand.php b/includes/languages/english/modules/navbar/nb_brand.php index c62a29635..1853fe3fb 100644 --- a/includes/languages/english/modules/navbar/nb_brand.php +++ b/includes/languages/english/modules/navbar/nb_brand.php @@ -14,7 +14,7 @@ const MODULE_NAVBAR_BRAND_DESCRIPTION = <<<'EOT' Show Brand in Navbar.
This can be a simple link or something more complicated such as an image.

-For more details about using an image, see navbar/#brand
+For more details about using an image, see navbar/#brand EOT; define('MODULE_NAVBAR_BRAND_PUBLIC_TEXT', STORE_NAME); diff --git a/includes/modules/boxes/bm_languages.php b/includes/modules/boxes/bm_languages.php index 6c7d5a782..177fa6927 100644 --- a/includes/modules/boxes/bm_languages.php +++ b/includes/modules/boxes/bm_languages.php @@ -15,9 +15,9 @@ class bm_languages extends abstract_block_module { const CONFIG_KEY_BASE = 'MODULE_BOXES_LANGUAGES_'; public function execute() { - global $PHP_SELF, $lng, $request_type; + global $PHP_SELF, $lng; - if (substr(basename($PHP_SELF), 0, 8) !== 'checkout') { + if (!Text::is_prefixed_by($PHP_SELF, 'checkout')) { if (!isset($lng) || !($lng instanceof language)) { $lng = new language(); } @@ -25,9 +25,12 @@ public function execute() { if (count($lng->catalog_languages) > 1) { $languages_string = ''; $parameters = tep_get_all_get_params(['language', 'currency']) . 'language='; - foreach($lng->catalog_languages as $key => $value) { - $languages_string .= ' ' - . tep_image('includes/languages/' . $value['directory'] . '/images/' . $value['image'], htmlspecialchars($value['name']), null, null, null, false) + foreach ($lng->catalog_languages as $key => $value) { + $image = Text::ltrim_once( + language::map_to_translation("images/{$value['image']}", $value['directory']), + DIR_FS_CATALOG); + $languages_string .= ' ' + . tep_image($image, htmlspecialchars($value['name']), '', '', '', false) . ' '; } diff --git a/includes/modules/content/account/cm_account_braintree_cards.php b/includes/modules/content/account/cm_account_braintree_cards.php index 240850e63..bea426d31 100644 --- a/includes/modules/content/account/cm_account_braintree_cards.php +++ b/includes/modules/content/account/cm_account_braintree_cards.php @@ -5,43 +5,24 @@ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com - Copyright (c) 2014 osCommerce + Copyright (c) 2021 osCommerce Released under the GNU General Public License */ - class cm_account_braintree_cards { - var $code; - var $group; - var $title; - var $description; - var $sort_order; - var $enabled = false; + class cm_account_braintree_cards extends abstract_executable_module { - function __construct() { - global $language; + const CONFIG_KEY_BASE = 'MODULE_CONTENT_ACCOUNT_BRAINTREE_CARDS_'; - $this->code = get_class($this); - $this->group = basename(dirname(__FILE__)); - - $this->title = MODULE_CONTENT_ACCOUNT_BRAINTREE_CARDS_TITLE; - $this->description = MODULE_CONTENT_ACCOUNT_BRAINTREE_CARDS_DESCRIPTION; - - if ( defined('MODULE_CONTENT_ACCOUNT_BRAINTREE_CARDS_STATUS') ) { - $this->sort_order = MODULE_CONTENT_ACCOUNT_BRAINTREE_CARDS_SORT_ORDER; - $this->enabled = (MODULE_CONTENT_ACCOUNT_BRAINTREE_CARDS_STATUS == 'True'); - } - - $this->public_title = MODULE_CONTENT_ACCOUNT_BRAINTREE_CARDS_LINK_TITLE; + public function __construct() { + parent::__construct(__FILE__); $braintree_enabled = false; - if ( defined('MODULE_PAYMENT_INSTALLED') && tep_not_null(MODULE_PAYMENT_INSTALLED) && in_array('braintree_cc.php', explode(';', MODULE_PAYMENT_INSTALLED)) ) { - if ( !class_exists('braintree_cc') ) { - include(DIR_FS_CATALOG . 'includes/languages/' . $language . '/modules/payment/braintree_cc.php'); - include(DIR_FS_CATALOG . 'includes/modules/payment/braintree_cc.php'); - } - + if ( defined('MODULE_PAYMENT_INSTALLED') + && !Text::is_empty(MODULE_PAYMENT_INSTALLED) + && in_array('braintree_cc.php', explode(';', MODULE_PAYMENT_INSTALLED)) ) + { $braintree_cc = new braintree_cc(); if ( $braintree_cc->enabled ) { @@ -61,33 +42,28 @@ function __construct() { } } - function execute() { - global $oscTemplate; - - $oscTemplate->_data['account']['account']['links']['braintree_cards'] = array('title' => $this->public_title, - 'link' => tep_href_link('ext/modules/content/account/braintree/cards.php', '', 'SSL'), - 'icon' => 'far fa-credit-card fa-5x'); - } - - function isEnabled() { - return $this->enabled; - } - - function check() { - return defined('MODULE_CONTENT_ACCOUNT_BRAINTREE_CARDS_STATUS'); + public function execute() { + $GLOBALS['oscTemplate']->_data['account']['account']['links']['braintree_cards'] = [ + 'title' => $this->public_title, + 'link' => tep_href_link('ext/modules/content/account/braintree/cards.php'), + 'icon' => 'far fa-credit-card fa-5x', + ]; } - function install() { - tep_db_query("insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Enable Braintree Card Management', 'MODULE_CONTENT_ACCOUNT_BRAINTREE_CARDS_STATUS', 'True', 'Do you want to enable the Braintree Card Management module?', '6', '1', 'tep_cfg_select_option(array(\'True\', \'False\'), ', now())"); - tep_db_query("insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Sort Order', 'MODULE_CONTENT_ACCOUNT_BRAINTREE_CARDS_SORT_ORDER', '0', 'Sort order of display. Lowest is displayed first.', '6', '0', now())"); + protected function get_parameters() { + return [ + 'MODULE_CONTENT_ACCOUNT_BRAINTREE_CARDS_STATUS' => [ + 'title' => 'Enable Braintree Card Management', + 'value' => 'True', + 'desc' => 'Do you want to enable the Braintree Card Management module?', + 'set_func' => "tep_cfg_select_option(['True', 'False'], ", + ], + 'MODULE_CONTENT_ACCOUNT_BRAINTREE_CARDS_SORT_ORDER' => [ + 'title' => 'Sort Order', + 'value' => '0', + 'desc' => 'Sort order of display. Lowest is displayed first.', + ], + ]; } - function remove() { - tep_db_query("delete from configuration where configuration_key in ('" . implode("', '", $this->keys()) . "')"); - } - - function keys() { - return array('MODULE_CONTENT_ACCOUNT_BRAINTREE_CARDS_STATUS', 'MODULE_CONTENT_ACCOUNT_BRAINTREE_CARDS_SORT_ORDER'); - } } -?> diff --git a/includes/modules/content/account/cm_account_sage_pay_cards.php b/includes/modules/content/account/cm_account_sage_pay_cards.php index 9c408e05f..5059d9444 100644 --- a/includes/modules/content/account/cm_account_sage_pay_cards.php +++ b/includes/modules/content/account/cm_account_sage_pay_cards.php @@ -5,43 +5,24 @@ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com - Copyright (c) 2014 osCommerce + Copyright (c) 2021 osCommerce Released under the GNU General Public License */ - class cm_account_sage_pay_cards { - var $code; - var $group; - var $title; - var $description; - var $sort_order; - var $enabled = false; + class cm_account_sage_pay_cards extends abstract_executable_module { - function __construct() { - global $language; + const CONFIG_KEY_BASE = 'MODULE_CONTENT_ACCOUNT_SAGE_PAY_CARDS_'; - $this->code = get_class($this); - $this->group = basename(dirname(__FILE__)); - - $this->title = MODULE_CONTENT_ACCOUNT_SAGE_PAY_CARDS_TITLE; - $this->description = MODULE_CONTENT_ACCOUNT_SAGE_PAY_CARDS_DESCRIPTION; - - if ( defined('MODULE_CONTENT_ACCOUNT_SAGE_PAY_CARDS_STATUS') ) { - $this->sort_order = MODULE_CONTENT_ACCOUNT_SAGE_PAY_CARDS_SORT_ORDER; - $this->enabled = (MODULE_CONTENT_ACCOUNT_SAGE_PAY_CARDS_STATUS == 'True'); - } - - $this->public_title = MODULE_CONTENT_ACCOUNT_SAGE_PAY_CARDS_LINK_TITLE; + public function __construct() { + parent::__construct(__FILE__); $sage_pay_enabled = false; - if ( defined('MODULE_PAYMENT_INSTALLED') && tep_not_null(MODULE_PAYMENT_INSTALLED) && in_array('sage_pay_direct.php', explode(';', MODULE_PAYMENT_INSTALLED)) ) { - if ( !class_exists('sage_pay_direct') ) { - include(DIR_FS_CATALOG . 'includes/languages/' . $language . '/modules/payment/sage_pay_direct.php'); - include(DIR_FS_CATALOG . 'includes/modules/payment/sage_pay_direct.php'); - } - + if ( defined('MODULE_PAYMENT_INSTALLED') + && !Text::is_empty(MODULE_PAYMENT_INSTALLED) + && in_array('sage_pay_direct.php', explode(';', MODULE_PAYMENT_INSTALLED)) ) + { $sage_pay_direct = new sage_pay_direct(); if ( $sage_pay_direct->enabled ) { @@ -61,33 +42,28 @@ function __construct() { } } - function execute() { - global $oscTemplate; - - $oscTemplate->_data['account']['account']['links']['sage_pay_cards'] = array('title' => $this->public_title, - 'link' => tep_href_link('ext/modules/content/account/sage_pay/cards.php', '', 'SSL'), - 'icon' => 'far fa-credit-card fa-5x'); - } - - function isEnabled() { - return $this->enabled; - } - - function check() { - return defined('MODULE_CONTENT_ACCOUNT_SAGE_PAY_CARDS_STATUS'); + public function execute() { + $GLOBALS['oscTemplate']->_data['account']['account']['links']['sage_pay_cards'] = [ + 'title' => $this->public_title, + 'link' => tep_href_link('ext/modules/content/account/sage_pay/cards.php'), + 'icon' => 'far fa-credit-card fa-5x', + ]; } - function install() { - tep_db_query("insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Enable Sage Pay Card Management', 'MODULE_CONTENT_ACCOUNT_SAGE_PAY_CARDS_STATUS', 'True', 'Do you want to enable the Sage Pay Card Management module?', '6', '1', 'tep_cfg_select_option(array(\'True\', \'False\'), ', now())"); - tep_db_query("insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Sort Order', 'MODULE_CONTENT_ACCOUNT_SAGE_PAY_CARDS_SORT_ORDER', '0', 'Sort order of display. Lowest is displayed first.', '6', '0', now())"); + protected function get_parameters() { + return [ + 'MODULE_CONTENT_ACCOUNT_SAGE_PAY_CARDS_STATUS' => [ + 'title' => 'Enable Sage Pay Card Management', + 'value' => 'True', + 'desc' => 'Do you want to enable the Sage Pay Card Management module?', + 'set_func' => "tep_cfg_select_option(['True', 'False'], ", + ], + 'MODULE_CONTENT_ACCOUNT_SAGE_PAY_CARDS_SORT_ORDER' => [ + 'title' => 'Sort Order', + 'value' => '0', + 'desc' => 'Sort order of display. Lowest is displayed first.', + ], + ]; } - function remove() { - tep_db_query("delete from configuration where configuration_key in ('" . implode("', '", $this->keys()) . "')"); - } - - function keys() { - return array('MODULE_CONTENT_ACCOUNT_SAGE_PAY_CARDS_STATUS', 'MODULE_CONTENT_ACCOUNT_SAGE_PAY_CARDS_SORT_ORDER'); - } } -?> diff --git a/includes/modules/content/login/cm_paypal_login.php b/includes/modules/content/login/cm_paypal_login.php index 9dac9d3ae..02f753091 100644 --- a/includes/modules/content/login/cm_paypal_login.php +++ b/includes/modules/content/login/cm_paypal_login.php @@ -35,7 +35,7 @@ class cm_paypal_login { public $enabled = false; public $_app; - function __construct() { + public function __construct() { $this->_app = new OSCOM_PayPal(); $this->_app->loadLanguageFile('modules/LOGIN/LOGIN.php'); @@ -62,7 +62,7 @@ function __construct() { } if ( $this->enabled === true ) { - if ( ((OSCOM_APP_PAYPAL_LOGIN_STATUS == '1') && (!tep_not_null(OSCOM_APP_PAYPAL_LOGIN_LIVE_CLIENT_ID) || !tep_not_null(OSCOM_APP_PAYPAL_LOGIN_LIVE_SECRET))) || ((OSCOM_APP_PAYPAL_LOGIN_STATUS == '0') && (!tep_not_null(OSCOM_APP_PAYPAL_LOGIN_SANDBOX_CLIENT_ID) || !tep_not_null(OSCOM_APP_PAYPAL_LOGIN_SANDBOX_SECRET))) ) { + if ( ((OSCOM_APP_PAYPAL_LOGIN_STATUS == '1') && (Text::is_empty(OSCOM_APP_PAYPAL_LOGIN_LIVE_CLIENT_ID) || Text::is_empty(OSCOM_APP_PAYPAL_LOGIN_LIVE_SECRET))) || ((OSCOM_APP_PAYPAL_LOGIN_STATUS == '0') && (Text::is_empty(OSCOM_APP_PAYPAL_LOGIN_SANDBOX_CLIENT_ID) || Text::is_empty(OSCOM_APP_PAYPAL_LOGIN_SANDBOX_SECRET))) ) { $this->description .= '
' . $this->_app->getDef('module_login_error_credentials') . '
'; $this->enabled = false; @@ -71,7 +71,7 @@ function __construct() { } } - function execute() { + public function execute() { if ( isset($_GET['action']) ) { if ( $_GET['action'] == 'paypal_login' ) { $this->preLogin(); @@ -96,27 +96,27 @@ function execute() { include 'includes/modules/content/cm_template.php'; } - function guarantee_address($customer_id, $address) { + public function guarantee_address($customer_id, $address) { $address['id'] = $customer_id; $check_query = tep_db_query($GLOBALS['customer_data']->build_read(['address_book_id'], 'address_book', $address) . " LIMIT 1"); - if ($check = tep_db_fetch_array($check_query)) { + if ($check = $check_query->fetch_assoc()) { $_SESSION['sendto'] = $check['address_book_id']; } else { $GLOBALS['customer_data']->create($address, 'address_book'); } } - function preLogin() { + public function preLogin() { global $customer_data; - $return_url = tep_href_link('login.php', '', 'SSL'); + $return_url = tep_href_link('login.php'); if ( isset($_GET['code']) ) { $_SESSION['paypal_login_customer_id'] = false; $params = [ 'code' => $_GET['code'], - 'redirect_uri' => str_replace('&', '&', tep_href_link('login.php', 'action=paypal_login', 'SSL')), + 'redirect_uri' => str_replace('&', '&', tep_href_link('login.php', 'action=paypal_login')), ]; $response_token = $this->_app->getApiResult('LOGIN', 'GrantToken', $params); @@ -136,28 +136,27 @@ function preLogin() { $_SESSION['paypal_login_access_token'] = $response_token['access_token']; $_SESSION['paypal_login_customer_id'] = false; $customer_details = [ - 'firstname' => tep_db_prepare_input($response['given_name']), - 'lastname' => tep_db_prepare_input($response['family_name']), - 'address' => tep_db_prepare_input($response['address']['street_address']), - 'city' => tep_db_prepare_input($response['address']['locality']), - 'zone' => tep_db_prepare_input($response['address']['region']), + 'firstname' => Text::input($response['given_name']), + 'lastname' => Text::input($response['family_name']), + 'address' => Text::input($response['address']['street_address']), + 'city' => Text::input($response['address']['locality']), + 'zone' => Text::input($response['address']['region']), 'zone_id' => 0, - 'postcode' => tep_db_prepare_input($response['address']['postal_code']), - 'country' => tep_db_prepare_input($response['address']['country']), + 'postcode' => Text::input($response['address']['postal_code']), + 'country_iso_code_2' => Text::input($response['address']['country']), 'country_id' => 0, 'address_format_id' => 1, ]; - - $country_query = tep_db_query("SELECT countries_id, address_format_id FROM countries WHERE countries_iso_code_2 = '" . tep_db_input($ship_country) . "' LIMIT 1"); - if ($country = tep_db_fetch_array($country_query)) { + $country_query = tep_db_query("SELECT countries_id, address_format_id FROM countries WHERE countries_iso_code_2 = '" . tep_db_input($customer_details['country_iso_code_2']) . "' LIMIT 1"); + if ($country = $country_query->fetch_assoc()) { $customer_details['country_id'] = $country['countries_id']; $customer_details['address_format_id'] = $country['address_format_id']; } if ($customer_details['country_id'] > 0) { $zone_query = tep_db_query("SELECT zone_id FROM zones WHERE zone_country_id = '" . (int)$customer_details['country_id'] . "' AND (zone_name = '" . tep_db_input($customer_details['zone']) . "' or zone_code = '" . tep_db_input($customer_details['zone']) . "') LIMIT 1"); - if ($zone = tep_db_fetch_array($zone_query)) { + if ($zone = $zone_query->fetch_assoc()) { $customer_details['zone_id'] = $zone['zone_id']; } } @@ -167,10 +166,10 @@ function preLogin() { $this->guarantee_address($_SESSION['customer_id'], $customer_details); } else { // check if e-mail address exists in database and log in or create customer account - $email_address = tep_db_prepare_input($response['email']); + $email_address = Text::input($response['email']); $check_query = tep_db_query($customer_data->build_read(['id'], 'customers', ['email_address' => $email_address]) . ' LIMIT 1'); - if ($check = tep_db_fetch_array($check_query)) { + if ($check = $check_query->fetch_assoc()) { $_SESSION['paypal_login_customer_id'] = (int)$customer_data->get('id', $check); $this->guarantee_address($_SESSION['paypal_login_customer_id'], $customer_details); } else { @@ -183,7 +182,7 @@ function preLogin() { ]; if ($this->hasAttribute('phone') && !empty($response['phone_number'])) { - $customer_details['telephone'] = tep_db_prepare_input($response['phone_number']); + $customer_details['telephone'] = Text::input($response['phone_number']); } if ($customer_details['zone_id'] > 0) { @@ -201,17 +200,17 @@ function preLogin() { $_SESSION['billto'] = $_SESSION['sendto']; - $return_url = tep_href_link('login.php', 'action=paypal_login_process', 'SSL'); + $return_url = tep_href_link('login.php', 'action=paypal_login_process'); } } } echo ''; - exit; + exit(); } - function postLogin() { + public function postLogin() { if ( false !== ($_SESSION['paypal_login_customer_id'] ?? false) ) { $GLOBALS['login_customer_id'] = $_SESSION['paypal_login_customer_id']; } @@ -220,7 +219,7 @@ function postLogin() { // Register PayPal Express Checkout as the default payment method if ( 'paypal_express' !== ($_SESSION['payment'] ?? null) ) { - if (defined('MODULE_PAYMENT_INSTALLED') && tep_not_null(MODULE_PAYMENT_INSTALLED)) { + if (defined('MODULE_PAYMENT_INSTALLED') && !Text::is_empty(MODULE_PAYMENT_INSTALLED)) { if ( in_array('paypal_express.php', explode(';', MODULE_PAYMENT_INSTALLED)) ) { $ppe = new paypal_express(); @@ -233,31 +232,31 @@ function postLogin() { } } - function isEnabled() { + public function isEnabled() { return $this->enabled; } - function check() { + public function check() { return defined('OSCOM_APP_PAYPAL_LOGIN_STATUS'); } - function install() { + public function install() { tep_redirect(tep_href_link('paypal.php', 'action=configure&subaction=install&module=LOGIN')); } - function remove() { + public function remove() { tep_redirect(tep_href_link('paypal.php', 'action=configure&subaction=uninstall&module=LOGIN')); } - function keys() { + public function keys() { return ['OSCOM_APP_PAYPAL_LOGIN_CONTENT_WIDTH', 'OSCOM_APP_PAYPAL_LOGIN_SORT_ORDER']; } - function hasAttribute($attribute) { + public function hasAttribute($attribute) { return in_array($attribute, explode(';', OSCOM_APP_PAYPAL_LOGIN_ATTRIBUTES)); } - function get_default_attributes() { + public function get_default_attributes() { $data = []; foreach ( $this->get_attributes() as $group => $attributes ) { diff --git a/includes/modules/content/navigation/cm_navbar.php b/includes/modules/content/navigation/cm_navbar.php index 905a414f8..1ef2a69be 100644 --- a/includes/modules/content/navigation/cm_navbar.php +++ b/includes/modules/content/navigation/cm_navbar.php @@ -47,7 +47,7 @@ function execute() { // workaround; padding needs to be set last $oscTemplate->addBlock($custom_css, 'footer_scripts'); - if ( defined('MODULE_CONTENT_NAVBAR_INSTALLED') && tep_not_null(MODULE_CONTENT_NAVBAR_INSTALLED) ) { + if ( defined('MODULE_CONTENT_NAVBAR_INSTALLED') && !Text::is_empty(MODULE_CONTENT_NAVBAR_INSTALLED) ) { $nav_array = explode(';', MODULE_CONTENT_NAVBAR_INSTALLED); $navbar_modules = []; @@ -79,19 +79,19 @@ protected function get_parameters() { 'MODULE_CONTENT_NAVBAR_STYLE_BG' => [ 'title' => 'Background Colour Scheme', 'value' => 'bg-light', - 'desc' => 'What background colour should the Navbar have? See colors/#background-color', + 'desc' => 'What background colour should the Navbar have? See colors/#background-color', 'set_func' => "tep_cfg_select_option(['bg-primary', 'bg-secondary', 'bg-success', 'bg-danger', 'bg-warning', 'bg-info', 'bg-light', 'bg-dark', 'bg-white'], ", ], 'MODULE_CONTENT_NAVBAR_STYLE_FG' => [ 'title' => 'Link Colour Scheme', 'value' => 'navbar-light', - 'desc' => 'What foreground colour should the Navbar have? See navbar/#color-schemes', + 'desc' => 'What foreground colour should the Navbar have? See navbar/#color-schemes', 'set_func' => "tep_cfg_select_option(['navbar-dark', 'navbar-light'], ", ], 'MODULE_CONTENT_NAVBAR_FIXED' => [ 'title' => 'Placement', 'value' => 'default', - 'desc' => 'Should the Navbar be Fixed/Sticky/Default behaviour? See navbar/#placement', + 'desc' => 'Should the Navbar be Fixed/Sticky/Default behaviour? See navbar/#placement', 'set_func' => "tep_cfg_select_option(['fixed-top', 'fixed-bottom', 'sticky-top', 'default'], ", ], 'MODULE_CONTENT_NAVBAR_OFFSET' => [ @@ -102,7 +102,7 @@ protected function get_parameters() { 'MODULE_CONTENT_NAVBAR_COLLAPSE' => [ 'title' => 'Collapse', 'value' => 'navbar-expand-sm', - 'desc' => 'When should the Navbar Show? See navbar/#how-it-works', + 'desc' => 'When should the Navbar Show? See navbar/#how-it-works', 'set_func' => "tep_cfg_select_option(['navbar-expand', 'navbar-expand-sm', 'navbar-expand-md', 'navbar-expand-lg', 'navbar-expand-xl'], ", ], 'MODULE_CONTENT_NAVBAR_SORT_ORDER' => [ diff --git a/includes/modules/content/product_info/templates/tpl_cm_pi_gallery.php b/includes/modules/content/product_info/templates/tpl_cm_pi_gallery.php index 892120562..094b7008f 100644 --- a/includes/modules/content/product_info/templates/tpl_cm_pi_gallery.php +++ b/includes/modules/content/product_info/templates/tpl_cm_pi_gallery.php @@ -1,12 +1,12 @@ -
+
'; - $pi_image .= tep_image('images/' . $active_image['image'], tep_db_output( $active_image['htmlcontent'])); + $pi_image .= tep_image('images/' . $active_image['image'], htmlspecialchars( $active_image['htmlcontent'])); $pi_image .= ''; $first_img_indicator = '
  • '; $first_img = '
    '; - $first_img .= tep_image('images/' . $active_image['image'], tep_db_output($active_image['htmlcontent']), null, null, 'loading="lazy"'); + $first_img .= tep_image('images/' . $active_image['image'], htmlspecialchars($active_image['htmlcontent']), '', '', 'loading="lazy"'); $first_img .= '
    '; // now create the thumbs @@ -14,21 +14,21 @@ $pi_thumb .= '
    '; foreach ($other_images as $k => $v) { $n = $k+1; - $pi_thumb .= '
    '; + $pi_thumb .= '
    '; $pi_thumb .= ''; - $pi_thumb .= tep_image('images/' . $v['image'], null, null, null, 'loading="lazy"'); + $pi_thumb .= tep_image('images/' . $v['image'], '', '', '', 'loading="lazy"'); $pi_thumb .= ''; $pi_thumb .= '
    '; } $pi_thumb .= '
    '; - $other_img_indicator = $other_img = null; + $other_img_indicator = $other_img = ''; foreach ($other_images as $k => $v) { $n = $k+1; $other_img_indicator .= '
  • '; $other_img .= '
    '; - $other_img .= tep_image('images/' . $v['image'], null, null, null, 'loading="lazy"'); - if (tep_not_null($v['htmlcontent'])) { + $other_img .= tep_image('images/' . $v['image'], '', '', '', 'loading="lazy"'); + if (!Text::is_empty($v['htmlcontent'])) { $other_img .= '
    '; $other_img .= $v['htmlcontent']; $other_img .= '
    '; @@ -51,6 +51,7 @@ $indicators .= $other_img_indicator; $indicators .= ''; } + $modal_gallery_footer = <<
    @@ -73,12 +74,12 @@
    mgf; - $oscTemplate->addBlock($modal_gallery_footer, 'footer_scripts'); + $GLOBALS['oscTemplate']->addBlock($modal_gallery_footer, 'footer_scripts'); $modal_clicker = <<$(document).ready(function() { $('a.lb').click(function(e) { var s = $(this).data('slide'); $('#lightbox').carousel(s); }); }); mc; - $oscTemplate->addBlock($modal_clicker, 'footer_scripts'); + $GLOBALS['oscTemplate']->addBlock($modal_clicker, 'footer_scripts'); } echo $pi_image; diff --git a/includes/modules/header_tags/ht_canonical.php b/includes/modules/header_tags/ht_canonical.php index 096a1d8e9..cbd2b4abe 100644 --- a/includes/modules/header_tags/ht_canonical.php +++ b/includes/modules/header_tags/ht_canonical.php @@ -10,77 +10,59 @@ Released under the GNU General Public License */ - class ht_canonical { - var $code = 'ht_canonical'; - var $group = 'header_tags'; - var $title; - var $description; - var $sort_order; - var $enabled = false; - - function __construct() { - $this->title = MODULE_HEADER_TAGS_CANONICAL_TITLE; - $this->description = MODULE_HEADER_TAGS_CANONICAL_DESCRIPTION; - - if ( defined('MODULE_HEADER_TAGS_CANONICAL_STATUS') ) { - $this->sort_order = MODULE_HEADER_TAGS_CANONICAL_SORT_ORDER; - $this->enabled = (MODULE_HEADER_TAGS_CANONICAL_STATUS == 'True'); - } + class ht_canonical extends abstract_executable_module { + + const CONFIG_KEY_BASE = 'MODULE_HEADER_TAGS_CANONICAL_'; + + public function __construct() { + parent::__construct(__FILE__); } - function execute() { - global $PHP_SELF, $cPath, $oscTemplate, $category_depth; - global $current_category_id, $OSCOM_category; - + public function build_link() { + global $PHP_SELF, $cPath, $current_category_id; + switch (basename($PHP_SELF)) { case 'index.php': - if (isset($cPath) && tep_not_null($cPath) && ($current_category_id > 0) && ($category_depth != 'top')) { - $canonical = $OSCOM_category->buildBreadcrumb($current_category_id); - - $oscTemplate->addBlock('' . PHP_EOL, $this->group); - } - elseif (isset($_GET['manufacturers_id']) && tep_not_null($_GET['manufacturers_id'])) { - $oscTemplate->addBlock('' . PHP_EOL, $this->group); - } - else { - $oscTemplate->addBlock('' . PHP_EOL, $this->group); + if (isset($cPath) && !Text::is_empty($cPath) && ($current_category_id > 0) && ($GLOBALS['category_depth'] != 'top')) { + $canonical = Guarantor::ensure_global('category_tree')->find_path($current_category_id); + + return tep_href_link('index.php', 'view=all&cPath=' . $canonical, 'SSL', false); + } elseif (isset($_GET['manufacturers_id']) && !Text::is_empty($_GET['manufacturers_id'])) { + return tep_href_link('index.php', 'view=all&manufacturers_id=' . (int)$_GET['manufacturers_id'], 'SSL', false); } - break; - + + return tep_href_link('index.php', '', 'SSL', false); + case 'product_info.php': - $oscTemplate->addBlock('' . PHP_EOL, $this->group); - break; - + return tep_href_link('product_info.php', 'products_id=' . (int)$_GET['products_id'], 'SSL', false); + case 'products_new.php': case 'specials.php': - $oscTemplate->addBlock('' . PHP_EOL, $this->group); - break; - - default: - $oscTemplate->addBlock('' . PHP_EOL, $this->group); - break; - } - } + return tep_href_link($PHP_SELF, 'view=all', 'SSL', false); - function isEnabled() { - return $this->enabled; - } - - function check() { - return defined('MODULE_HEADER_TAGS_CANONICAL_STATUS'); + default: + return tep_href_link($PHP_SELF, '', 'SSL', false); + } } - function install() { - tep_db_query("insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Enable Canonical Module', 'MODULE_HEADER_TAGS_CANONICAL_STATUS', 'True', 'Do you want to enable the Canonical module?', '6', '1', 'tep_cfg_select_option(array(\'True\', \'False\'), ', now())"); - tep_db_query("insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Sort Order', 'MODULE_HEADER_TAGS_CANONICAL_SORT_ORDER', '0', 'Sort order of display. Lowest is displayed first.', '6', '0', now())"); + public function execute() { + $GLOBALS['oscTemplate']->addBlock('' . PHP_EOL, $this->group); } - function remove() { - tep_db_query("delete from configuration where configuration_key in ('" . implode("', '", $this->keys()) . "')"); + protected function get_parameters() { + return [ + 'MODULE_HEADER_TAGS_CANONICAL_STATUS' => [ + 'title' => 'Enable Canonical Module', + 'value' => 'True', + 'desc' => 'Do you want to enable the Canonical module?', + 'set_func' => "tep_cfg_select_option(['True', 'False'], ", + ], + 'MODULE_HEADER_TAGS_CANONICAL_SORT_ORDER' => [ + 'title' => 'Sort Order', + 'value' => '0', + 'desc' => 'Sort order of display. Lowest is displayed first.', + ], + ]; } - function keys() { - return array('MODULE_HEADER_TAGS_CANONICAL_STATUS', 'MODULE_HEADER_TAGS_CANONICAL_SORT_ORDER'); - } } - \ No newline at end of file diff --git a/includes/modules/header_tags/ht_table_click_jquery.php b/includes/modules/header_tags/ht_table_click_jquery.php index 72abc89e0..50220d3c8 100644 --- a/includes/modules/header_tags/ht_table_click_jquery.php +++ b/includes/modules/header_tags/ht_table_click_jquery.php @@ -10,56 +10,54 @@ Released under the GNU General Public License */ - class ht_table_click_jquery { - var $code = 'ht_table_click_jquery'; - var $group = 'footer_scripts'; - var $title; - var $description; - var $sort_order; - var $enabled = false; + class ht_table_click_jquery extends abstract_executable_module { - function __construct() { - $this->title = MODULE_HEADER_TAGS_TABLE_CLICK_JQUERY_TITLE; - $this->description = MODULE_HEADER_TAGS_TABLE_CLICK_JQUERY_DESCRIPTION; + const CONFIG_KEY_BASE = 'MODULE_HEADER_TAGS_TABLE_CLICK_JQUERY_'; - if ( defined('MODULE_HEADER_TAGS_TABLE_CLICK_JQUERY_STATUS') ) { - $this->sort_order = MODULE_HEADER_TAGS_TABLE_CLICK_JQUERY_SORT_ORDER; - $this->enabled = (MODULE_HEADER_TAGS_TABLE_CLICK_JQUERY_STATUS == 'True'); + public function __construct() { + parent::__construct(__FILE__); + + if ($this->base_constant('PLACEMENT') !== 'Header') { + $this->group = 'footer_scripts'; } } function execute() { - global $PHP_SELF, $oscTemplate; - - if (tep_not_null(MODULE_HEADER_TAGS_TABLE_CLICK_JQUERY_PAGES)) { - $pages_array = page_selection::_get_pages(MODULE_HEADER_TAGS_TABLE_CLICK_JQUERY_PAGES); - - if (in_array(basename($PHP_SELF), $pages_array)) { - $oscTemplate->addBlock('', $this->group); - } + if (!Text::is_empty($this->base_constant('PAGES')) + && in_array(basename($GLOBALS['PHP_SELF']), + page_selection::_get_pages($this->base_constant('PAGES')))) + { + $GLOBALS['oscTemplate']->addBlock(<<<'EOCSS' + +EOCSS + , $this->group); } } - function isEnabled() { - return $this->enabled; - } - - function check() { - return defined('MODULE_HEADER_TAGS_TABLE_CLICK_JQUERY_STATUS'); + protected function get_parameters() { + return [ + 'MODULE_HEADER_TAGS_TABLE_CLICK_JQUERY_STATUS' => [ + 'title' => 'Enable Clickable Table Rows Module', + 'value' => 'True', + 'desc' => 'Do you want to enable the Clickable Table Rows module?', + 'set_func' => "tep_cfg_select_option(['True', 'False'], ", + ], + 'MODULE_HEADER_TAGS_TABLE_CLICK_JQUERY_PAGES' => [ + 'title' => 'Pages', + 'value' => 'checkout_payment.php;checkout_shipping.php', + 'desc' => 'The pages to add the jQuery Scripts to.', + 'use_func' => 'page_selection::_show_pages', + 'set_func' => 'page_selection::_edit_pages(', + ], + 'MODULE_HEADER_TAGS_TABLE_CLICK_JQUERY_SORT_ORDER' => [ + 'title' => 'Sort Order', + 'value' => '0', + 'desc' => 'Sort order of display. Lowest is displayed first.', + ], + ]; } - function install() { - tep_db_query("insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Enable Clickable Table Rows Module', 'MODULE_HEADER_TAGS_TABLE_CLICK_JQUERY_STATUS', 'True', 'Do you want to enable the Clickable Table Rows module?', '6', '1', 'tep_cfg_select_option(array(\'True\', \'False\'), ', now())"); - tep_db_query("insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, use_function, set_function, date_added) values ('Pages', 'MODULE_HEADER_TAGS_TABLE_CLICK_JQUERY_PAGES', 'checkout_payment.php;checkout_shipping.php', 'The pages to add the jQuery Scripts to.', '6', '2', 'page_selection::_show_pages', 'page_selection::_edit_pages(', now())"); - tep_db_query("insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Sort Order', 'MODULE_HEADER_TAGS_TABLE_CLICK_JQUERY_SORT_ORDER', '0', 'Sort order of display. Lowest is displayed first.', '6', '3', now())"); - } - - function remove() { - tep_db_query("delete from configuration where configuration_key in ('" . implode("', '", $this->keys()) . "')"); - } - - function keys() { - return ['MODULE_HEADER_TAGS_TABLE_CLICK_JQUERY_STATUS', 'MODULE_HEADER_TAGS_TABLE_CLICK_JQUERY_PAGES', 'MODULE_HEADER_TAGS_TABLE_CLICK_JQUERY_SORT_ORDER']; - } } - \ No newline at end of file diff --git a/includes/modules/navbar/templates/tpl_nb_languages.php b/includes/modules/navbar/templates/tpl_nb_languages.php index d237659e5..bc07877e5 100644 --- a/includes/modules/navbar/templates/tpl_nb_languages.php +++ b/includes/modules/navbar/templates/tpl_nb_languages.php @@ -5,10 +5,11 @@
    catalog_languages as $key => $value) { + $image = Text::ltrim_once(language::map_to_translation("images/{$value['image']}", $value['directory']), DIR_FS_CATALOG); echo '' - . tep_image('includes/languages/' . $value['directory'] . '/images/' . $value['image'], htmlspecialchars($value['name']), null, null, null, false) + . tep_image($image, htmlspecialchars($value['name']), '', '', '', false) . ' ' . $value['name'] . '' . PHP_EOL; } ?> diff --git a/includes/modules/payment/paypal_pro_payflow_ec.php b/includes/modules/payment/paypal_pro_payflow_ec.php index d97106158..d81c1e8ca 100644 --- a/includes/modules/payment/paypal_pro_payflow_ec.php +++ b/includes/modules/payment/paypal_pro_payflow_ec.php @@ -125,7 +125,7 @@ public function before_process() { } if (empty($_SESSION['comments']) && isset($_POST['ppecomments']) && !Text::is_empty($_POST['ppecomments'])) { - $_SESSION['comments'] = Text::prepare($_POST['ppecomments']); + $_SESSION['comments'] = Text::input($_POST['ppecomments']); $order->info['comments'] = $_SESSION['comments']; } diff --git a/includes/modules/payment/sage_pay_direct.php b/includes/modules/payment/sage_pay_direct.php index 4f67705e3..9557beeb5 100644 --- a/includes/modules/payment/sage_pay_direct.php +++ b/includes/modules/payment/sage_pay_direct.php @@ -555,7 +555,7 @@ public function after_process() { 'orders_status_id' => MODULE_PAYMENT_SAGE_PAY_DIRECT_TRANSACTION_ORDER_STATUS_ID, 'date_added' => 'NOW()', 'customer_notified' => '0', - 'comments' => tep_db_input(Text::prepare($result_string)), + 'comments' => tep_db_input(Text::input($result_string)), ]; tep_db_perform('orders_status_history', $sql_data); @@ -939,7 +939,7 @@ function deleteCard($token, $token_id) { } } - tep_db_query("DELETE FROM customers_sagepay_tokens WHERE id = " . (int)$token_id . " AND sagepay_token = '" . tep_db_input(Text::prepare($token)) . "' AND customers_id = " . (int)$_SESSION['customer_id']); + tep_db_query("DELETE FROM customers_sagepay_tokens WHERE id = " . (int)$token_id . " AND sagepay_token = '" . tep_db_input(Text::input($token)) . "' AND customers_id = " . (int)$_SESSION['customer_id']); return (tep_db_affected_rows() === 1); } diff --git a/includes/modules/pi/product_info/pi_gallery.php b/includes/modules/pi/product_info/pi_gallery.php index 16d17c9b7..7e0b6d830 100644 --- a/includes/modules/pi/product_info/pi_gallery.php +++ b/includes/modules/pi/product_info/pi_gallery.php @@ -37,87 +37,90 @@ function getOutput() { $content_width = $this->content_width; $thumbnail_width = PI_GALLERY_CONTENT_WIDTH_EACH; - $pi_image = $pi_thumb = null; + $pi_image = $pi_thumb = ''; - if (tep_not_null($product_info['products_image'])) { - $album_name = sprintf(PI_GALLERY_ALBUM_NAME, $product_info['products_name']); - $album_exit = PI_GALLERY_ALBUM_CLOSE; + if (Text::is_empty($product_info['products_image'])) { + return; + } - $pi_html = []; - $pi_html[0] = ['image' => $product_info['products_image'], 'htmlcontent' => $product_info['products_name']]; + $album_name = sprintf(PI_GALLERY_ALBUM_NAME, $product_info['products_name']); + $album_exit = PI_GALLERY_ALBUM_CLOSE; - $pi_query = tep_db_query("select image, htmlcontent from products_images where products_id = '" . (int)$product_info['products_id'] . "' order by sort_order"); - $pi_total = tep_db_num_rows($pi_query); + $pi_html = []; + $pi_html[0] = ['image' => $product_info['products_image'], 'htmlcontent' => $product_info['products_name']]; - if ($pi_total > 0) { - $pi_counter = 1; + $pi_query = tep_db_query("SELECT image, htmlcontent FROM products_images WHERE products_id = " . (int)$product_info['products_id'] . " ORDER BY sort_order"); + $pi_total = mysqli_num_rows($pi_query); - while ($pi = tep_db_fetch_array($pi_query)) { - $pi_html[$pi_counter] = $pi; + if ($pi_total > 0) { + $pi_counter = 1; - $pi_counter++; - } + while ($pi = $pi_query->fetch_assoc()) { + $pi_html[$pi_counter] = $pi; + + $pi_counter++; } + } - $active_image = array_shift($pi_html); - $other_images = $pi_html; - - $modal_size = PI_GALLERY_MODAL_SIZE; - - $pi_image .= ''; - $pi_image .= tep_image('images/' . $active_image['image'], tep_db_output( $active_image['htmlcontent'])); - $pi_image .= ''; - - $first_img_indicator = '
  • '; - $first_img = '
    '; - $first_img .= tep_image('images/' . $active_image['image'], tep_db_output($active_image['htmlcontent']), null, null, 'loading="lazy"'); - $first_img .= '
    '; - - // now create the thumbs - $other_img_indicator = $other_img = ''; - if (count($other_images) > 0) { - $pi_thumb .= '
    '; - foreach ($other_images as $k => $v) { - $n = $k+1; - $pi_thumb .= '
    '; - $pi_thumb .= ''; - $pi_thumb .= tep_image('images/' . $v['image'], null, null, null, 'loading="lazy"'); - $pi_thumb .= ''; - $pi_thumb .= '
    '; - } + $active_image = array_shift($pi_html); + $other_images = $pi_html; + + $modal_size = PI_GALLERY_MODAL_SIZE; + + $pi_image .= ''; + $pi_image .= tep_image('images/' . $active_image['image'], htmlspecialchars( $active_image['htmlcontent'])); + $pi_image .= ''; + + $first_img_indicator = '
  • '; + $first_img = '
    '; + $first_img .= tep_image('images/' . $active_image['image'], htmlspecialchars($active_image['htmlcontent']), '', '', 'loading="lazy"'); + $first_img .= '
    '; + +// now create the thumbs + $other_img_indicator = $other_img = ''; + if (count($other_images) > 0) { + $pi_thumb .= '
    '; + foreach ($other_images as $k => $v) { + $n = $k+1; + $pi_thumb .= '
    '; + $pi_thumb .= ''; + $pi_thumb .= tep_image('images/' . $v['image'], '', '', '', 'loading="lazy"'); + $pi_thumb .= ''; $pi_thumb .= '
    '; - - foreach ($other_images as $k => $v) { - $n = $k+1; - $other_img_indicator .= '
  • '; - $other_img .= '
    '; - $other_img .= tep_image('images/' . $v['image'], null, null, null, 'loading="lazy"'); - if (tep_not_null($v['htmlcontent'])) { - $other_img .= '
    '; - $other_img .= $v['htmlcontent']; - $other_img .= '
    '; - } + } + $pi_thumb .= '
    '; + + foreach ($other_images as $k => $v) { + $n = $k+1; + $other_img_indicator .= '
  • '; + $other_img .= '
    '; + $other_img .= tep_image('images/' . $v['image'], '', '', '', 'loading="lazy"'); + if (!Text::is_empty($v['htmlcontent'])) { + $other_img .= '
    '; + $other_img .= $v['htmlcontent']; $other_img .= '
    '; } + $other_img .= '
    '; } + } - $tpl_data = ['group' => $this->group, 'file' => __FILE__]; - include 'includes/modules/block_template.php'; + $tpl_data = ['group' => $this->group, 'file' => __FILE__]; + include 'includes/modules/block_template.php'; - $swipe_arrows = ''; - if (PI_GALLERY_SWIPE_ARROWS == 'True') { - $swipe_arrows = ''; - } + $swipe_arrows = ''; + if (PI_GALLERY_SWIPE_ARROWS == 'True') { + $swipe_arrows = ''; + } - $indicators = ''; - if (PI_GALLERY_INDICATORS == 'True') { - $indicators .= '
      '; - $indicators .= $first_img_indicator; - $indicators .= $other_img_indicator; - $indicators .= '
    '; - } + $indicators = ''; + if (PI_GALLERY_INDICATORS == 'True') { + $indicators .= '
      '; + $indicators .= $first_img_indicator; + $indicators .= $other_img_indicator; + $indicators .= '
    '; + } - $modal_gallery_footer = <<
    @@ -139,17 +142,16 @@ function getOutput() {
    mgf; - $oscTemplate->addBlock($modal_gallery_footer, 'footer_scripts'); + $oscTemplate->addBlock($modal_gallery_footer, 'footer_scripts'); - $modal_clicker = <<$(document).ready(function() { $('a.lb').click(function(e) { var s = $(this).data('slide'); $('#lightbox').carousel(s); }); }); mc; - $oscTemplate->addBlock($modal_clicker, 'footer_scripts'); - } + $oscTemplate->addBlock($modal_clicker, 'footer_scripts'); } function display_layout() { - return call_user_func(array('cm_pi_modular', 'display_layout')); + return cm_pi_modular::display_layout(); } protected function get_parameters() { diff --git a/includes/modules/shipping/zones.php b/includes/modules/shipping/zones.php index d6c9e0d68..529823966 100644 --- a/includes/modules/shipping/zones.php +++ b/includes/modules/shipping/zones.php @@ -190,7 +190,7 @@ protected function get_parameters() { Shipping rates to Zone $i destinations based on a group of maximum order weights. Example: 3:8.50,7:10.50,... Weights less than or equal to 3 would cost 8.50 for Zone $i destinations. -EOT, +EOT ], "{$this->config_key_base}HANDLING_$i" => [ 'title' => "Zone $i Handling Fee", diff --git a/includes/system/versioned/1.0.7.other/1.0.7.12/language.php b/includes/system/versioned/1.0.7.other/1.0.7.12/language.php index 6c53a4074..12adeba32 100644 --- a/includes/system/versioned/1.0.7.other/1.0.7.12/language.php +++ b/includes/system/versioned/1.0.7.other/1.0.7.12/language.php @@ -79,6 +79,14 @@ public static function parse_browser_languages() { $acceptable_locales = []; foreach (explode(',', str_replace(' ', '', getenv('HTTP_ACCEPT_LANGUAGE'))) as $entry) { $locale_qualities = explode(';q=', $entry); + switch ($locale_qualities[0]) { + case '': + continue 2; + case '*': + $locale_qualities[0] = DEFAULT_LANGUAGE; + break; + } + $acceptable_locales[] = [ 'locale' => $locale_qualities[0], 'quality' => $locale_qualities[1] ?? 1, @@ -157,10 +165,14 @@ public static function build() { return $language; } - public static function map_to_translation($page) { + public static function map_to_translation($page, $language = null) { + if (is_null($language)) { + $language = $_SESSION['language']; + } + $page = ('.php' === $page) - ? "includes/languages/{$_SESSION['language']}.php" - : "includes/languages/{$_SESSION['language']}/$page"; + ? "includes/languages/$language.php" + : "includes/languages/$language/$page"; $template =& Guarantor::ensure_global('oscTemplate'); $translation = $template->map_to_template($page, 'translation') ?? DIR_FS_CATALOG . $page; diff --git a/includes/system/versioned/1.0.7.other/1.0.7.12/product_by_id.php b/includes/system/versioned/1.0.7.other/1.0.7.12/product_by_id.php index a443968af..51d607887 100644 --- a/includes/system/versioned/1.0.7.other/1.0.7.12/product_by_id.php +++ b/includes/system/versioned/1.0.7.other/1.0.7.12/product_by_id.php @@ -8,22 +8,31 @@ class product_by_id { - public static function build($product_id, $get_parameters = null) { + protected static function _build($product_id, $get_parameters, $active_only) { if ( empty($product_id) ) { return new Product(); } - $product_query = tep_db_query(sprintf(<<<'EOSQL' + $sql = sprintf(<<<'EOSQL' SELECT %s FROM products_description pd INNER JOIN products p ON pd.products_id = p.products_id LEFT JOIN specials s ON p.products_id = s.products_id - LEFT JOIN (SELECT products_id, COUNT(*) AS attribute_count FROM products_attributes GROUP BY products_id) a ON p.products_id = a.products_id - WHERE p.products_status = 1 AND p.products_id = %d AND pd.language_id = %d + LEFT JOIN + (SELECT products_id, COUNT(*) AS attribute_count + FROM products_attributes + GROUP BY products_id) a ON p.products_id = a.products_id + WHERE p.products_id = %d AND pd.language_id = %d EOSQL - , Product::COLUMNS, (int)$product_id, (int)$_SESSION['languages_id'])); + , Product::COLUMNS, (int)$product_id, (int)$_SESSION['languages_id']); + + if ($active_only) { + $sql .= ' AND p.products_status = 1'; + } - if ($product = tep_db_fetch_array($product_query)) { + $product_query = tep_db_query($sql); + + if ($product = $product_query->fetch_assoc()) { if (!empty($get_parameters)) { $product['link'] = Product::build_link($product_id, $get_parameters); } @@ -34,4 +43,12 @@ public static function build($product_id, $get_parameters = null) { return new Product(['status' => 0, 'id' => (int)$product_id]); } + public static function build($product_id, $get_parameters = null) { + return static::_build($product_id, $get_parameters, true); + } + + public static function administer($product_id) { + return static::_build($product_id, null, false); + } + } diff --git a/includes/system/versioned/1.0.7.other/1.0.7.12/text.php b/includes/system/versioned/1.0.7.other/1.0.7.12/text.php index a84e3bcfc..54f89df37 100644 --- a/includes/system/versioned/1.0.7.other/1.0.7.12/text.php +++ b/includes/system/versioned/1.0.7.other/1.0.7.12/text.php @@ -12,6 +12,10 @@ class Text { + public static function input(string $s) { + return trim(static::sanitize(stripslashes($s))); + } + public static function is_empty(string $s = null) { return is_null($s) || ('' === trim($s)); } @@ -38,7 +42,7 @@ public static function output(string $s, $translate = false) { } public static function prepare(string $s) { - return trim(static::sanitize(stripslashes($s))); + return trim(stripslashes($s)); } public static function rtrim_once(string $s, string $suffix) { diff --git a/includes/system/versioned/1.0.7.other/1.0.7.12/tree.php b/includes/system/versioned/1.0.7.other/1.0.7.12/tree.php index 8b5e6b07d..542c1fbf8 100644 --- a/includes/system/versioned/1.0.7.other/1.0.7.12/tree.php +++ b/includes/system/versioned/1.0.7.other/1.0.7.12/tree.php @@ -22,7 +22,7 @@ public function get_children($id) { } public function get_descendants($id, &$results = []) { - foreach (array_keys($this->_data[$id]) as $child_id) { + foreach ($this->get_children($id) as $child_id) { $results[] = $child_id; $this->get_descendants($child_id, $results); } diff --git a/includes/version.php b/includes/version.php index 429447013..b2bc8c32f 100644 --- a/includes/version.php +++ b/includes/version.php @@ -1 +1 @@ -1.0.7.13 +1.0.7.14 diff --git a/info.php b/info.php index 32e6182af..5fdbc307e 100644 --- a/info.php +++ b/info.php @@ -12,7 +12,7 @@ require 'includes/application_top.php'; - require "includes/languages/$language/info.php"; + require language::map_to_translation('info.php'); require $oscTemplate->map_to_template(__FILE__, 'page'); diff --git a/install/phoenix.sql b/install/phoenix.sql index fa19dc2ac..b0a09be06 100644 --- a/install/phoenix.sql +++ b/install/phoenix.sql @@ -705,7 +705,7 @@ INSERT INTO address_format VALUES (5, '$name$cr$streets$cr$postcode $city$cr$cou INSERT INTO configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) VALUES ('Store Name', 'STORE_NAME', 'OSCOM CE Phoenix', 'The name of my store', '1', '1', now()); INSERT INTO configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) VALUES ('Store Owner', 'STORE_OWNER', 'You', 'The name of my store owner', '1', '2', now()); INSERT INTO configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) VALUES ('E-Mail Address', 'STORE_OWNER_EMAIL_ADDRESS', 'you@yours', 'The e-mail address of my store owner', '1', '3', now()); -INSERT INTO configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) VALUES ('Template Selection', 'TEMPLATE_SELECTION', 'default', 'The template to use to display the shop.', '1', '5', 'tep_cfg_select_template(', NOW()); +INSERT INTO configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) VALUES ('Template Selection', 'TEMPLATE_SELECTION', 'override', 'The template to use to display the shop.', '1', '5', 'tep_cfg_select_template(', NOW()); INSERT INTO configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, use_function, set_function, date_added) VALUES ('Country', 'STORE_COUNTRY', '223', 'The country my store is located in

    Note: Please remember to update the store zone.', '1', '6', 'tep_get_country_name', 'tep_cfg_pull_down_country_list(', now()); INSERT INTO configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, use_function, set_function, date_added) VALUES ('Zone', 'STORE_ZONE', '18', 'The zone my store is located in', '1', '7', 'tep_cfg_get_zone_name', 'tep_cfg_pull_down_zone_list(', now()); INSERT INTO configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) VALUES ('Switch To Default Language Currency', 'USE_DEFAULT_LANGUAGE_CURRENCY', 'false', 'Automatically switch to the language\'s currency when it is changed', '1', '10', 'tep_cfg_select_option([\'true\', \'false\'], ', now()); @@ -828,7 +828,7 @@ INSERT INTO configuration (configuration_title, configuration_key, configuration INSERT INTO configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) VALUES ('Store Logo', 'STORE_LOGO', 'store_logo.png', 'This is the filename of your Store Logo. This should be updated at admin > configuration > Store Logo', 6, 1000, now()); -INSERT INTO configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Bootstrap Container', 'BOOTSTRAP_CONTAINER', 'container-fluid', 'What type of container should the page content be shown in? See overview/#containers', '16', '1', 'tep_cfg_select_option([\'container\', \'container-sm\', \'container-md\', \'container-lg\', \'container-xl\', \'container-fluid\'], ', now()); +INSERT INTO configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Bootstrap Container', 'BOOTSTRAP_CONTAINER', 'container-fluid', 'What type of container should the page content be shown in? See overview/#containers', '16', '1', 'tep_cfg_select_option([\'container\', \'container-sm\', \'container-md\', \'container-lg\', \'container-xl\', \'container-fluid\'], ', now()); INSERT INTO configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Bootstrap Content', 'BOOTSTRAP_CONTENT', '8', 'What width should the page content default to? (8 = two thirds width, 6 = half width, 4 = one third width) Note that the Side Column(s) will adjust automatically.', '16', '2', 'tep_cfg_select_option([\'10\', \'8\', \'6\', \'5\', \'3\', \'2\'], ', now()); INSERT INTO configuration_group VALUES ('1', 'My Store', 'General information about my store', '1', '1'); @@ -1172,7 +1172,7 @@ INSERT INTO hooks (hooks_site, hooks_group, hooks_action, hooks_code, hooks_clas INSERT INTO hooks (hooks_site, hooks_group, hooks_action, hooks_code, hooks_class, hooks_method) VALUES ('shop', 'reset', 'resetStart', '_44_unset_shipping', 'session_eraser', 'shipping'); INSERT INTO hooks (hooks_site, hooks_group, hooks_action, hooks_code, hooks_class, hooks_method) VALUES ('shop', 'reset', 'resetStart', '_45_unset_payment', 'session_eraser', 'payment'); INSERT INTO hooks (hooks_site, hooks_group, hooks_action, hooks_code, hooks_class, hooks_method) VALUES ('shop', 'reset', 'resetStart', '_46_unset_comments', 'session_eraser', 'comments'); -INSERT INTO hooks (hooks_site, hooks_group, hooks_action, hooks_code, hooks_class, hooks_method) VALUES ('shop', 'checkout_process', 'startApplication', '_50_redirect_success', 'Checkout', 'redirect_success'); +INSERT INTO hooks (hooks_site, hooks_group, hooks_action, hooks_code, hooks_class, hooks_method) VALUES ('shop', 'checkout_process', 'startApplication', 'zz_redirect_success', 'Checkout', 'redirect_success'); INSERT INTO hooks (hooks_site, hooks_group, hooks_action, hooks_code, hooks_class, hooks_method) VALUES ('shop', 'siteWide', 'postRegistration', '_01_post_login', 'Login', 'hook'); INSERT INTO hooks (hooks_site, hooks_group, hooks_action, hooks_code, hooks_class, hooks_method) VALUES ('shop', 'siteWide', 'postLogin', '_01_recreate_session', '', 'tep_session_recreate'); @@ -1181,15 +1181,15 @@ INSERT INTO hooks (hooks_site, hooks_group, hooks_action, hooks_code, hooks_clas INSERT INTO hooks (hooks_site, hooks_group, hooks_action, hooks_code, hooks_class, hooks_method) VALUES ('shop', 'login', 'postLogin', '_03_log', 'Login', 'log'); INSERT INTO hooks (hooks_site, hooks_group, hooks_action, hooks_code, hooks_class, hooks_method) VALUES ('shop', 'siteWide', 'postLogin', '_04_reset_token', '', 'tep_reset_session_token'); INSERT INTO hooks (hooks_site, hooks_group, hooks_action, hooks_code, hooks_class, hooks_method) VALUES ('shop', 'login', 'postLogin', '_05_restore_cart', 'cart', 'restore_contents'); -INSERT INTO hooks (hooks_site, hooks_group, hooks_action, hooks_code, hooks_class, hooks_method) VALUES ('shop', 'login', 'postLogin', '_06_redirect', 'navigation', 'redirect_to_snapshot'); +INSERT INTO hooks (hooks_site, hooks_group, hooks_action, hooks_code, hooks_class, hooks_method) VALUES ('shop', 'login', 'postLogin', 'zz_redirect', 'navigation', 'redirect_to_snapshot'); INSERT INTO hooks (hooks_site, hooks_group, hooks_action, hooks_code, hooks_class, hooks_method) VALUES ('shop', 'create_account', 'postRegistration', '_02_restore_cart', 'cart', 'restore_contents'); INSERT INTO hooks (hooks_site, hooks_group, hooks_action, hooks_code, hooks_class, hooks_method) VALUES ('shop', 'create_account', 'postRegistration', '_03_notify', 'Login', 'notify'); -INSERT INTO hooks (hooks_site, hooks_group, hooks_action, hooks_code, hooks_class, hooks_method) VALUES ('shop', 'create_account', 'postRegistration', '_04_redirect', 'Login', 'redirect_success'); +INSERT INTO hooks (hooks_site, hooks_group, hooks_action, hooks_code, hooks_class, hooks_method) VALUES ('shop', 'create_account', 'postRegistration', 'zz_redirect', 'Login', 'redirect_success'); INSERT INTO hooks (hooks_site, hooks_group, hooks_action, hooks_code, hooks_class, hooks_method) VALUES ('shop', 'logoff', 'resetStart', '_40_unset_customer_id', 'session_eraser', 'customer_id'); INSERT INTO hooks (hooks_site, hooks_group, hooks_action, hooks_code, hooks_class, hooks_method) VALUES ('shop', 'checkout_success', 'siteWideStart', 'notify', 'cm_cs_product_notifications', 'process'); INSERT INTO hooks (hooks_site, hooks_group, hooks_action, hooks_code, hooks_class, hooks_method) VALUES ('shop', 'index', 'siteWideStart', 'category_depth', '', 'category_tree::set_global_depth'); -INSERT INTO hooks (hooks_site, hooks_group, hooks_action, hooks_code, hooks_class, hooks_method) VALUES ('shop', 'loginRequired', 'loginRequiredStart', 'redirect', '', 'tep_require_login'); +INSERT INTO hooks (hooks_site, hooks_group, hooks_action, hooks_code, hooks_class, hooks_method) VALUES ('shop', 'loginRequired', 'loginRequiredStart', 'zz_redirect', '', 'tep_require_login'); INSERT INTO languages VALUES (1,'English','en','icon.gif','english',1); @@ -1539,11 +1539,11 @@ insert into configuration (configuration_title, configuration_key, configuration # Navbar insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Enable Navbar Module', 'MODULE_CONTENT_NAVBAR_STATUS', 'True', 'Should the Navbar be shown? ', '6', '1', 'tep_cfg_select_option([\'True\', \'False\'], ', now()); -insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Background Colour Scheme', 'MODULE_CONTENT_NAVBAR_STYLE_BG', 'bg-light', 'What background colour should the Navbar have? See colors/#background-color', '6', '0', 'tep_cfg_select_option([\'bg-primary\', \'bg-secondary\', \'bg-success\', \'bg-danger\', \'bg-warning\', \'bg-info\', \'bg-light\', \'bg-dark\', \'bg-white\'], ', now()); -insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Link Colour Scheme', 'MODULE_CONTENT_NAVBAR_STYLE_FG', 'navbar-light', 'What foreground colour should the Navbar have? See navbar/#color-schemes', '6', '0', 'tep_cfg_select_option([\'navbar-dark\', \'navbar-light\'], ', now()); -insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Placement', 'MODULE_CONTENT_NAVBAR_FIXED', 'floating', 'Should the Navbar be Placed or Floating? See navbar/#placement', '6', '0', 'tep_cfg_select_option([\'fixed-top\', \'fixed-bottom\', \'sticky-top\', \'floating\'], ', now()); +insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Background Colour Scheme', 'MODULE_CONTENT_NAVBAR_STYLE_BG', 'bg-light', 'What background colour should the Navbar have? See colors/#background-color', '6', '0', 'tep_cfg_select_option([\'bg-primary\', \'bg-secondary\', \'bg-success\', \'bg-danger\', \'bg-warning\', \'bg-info\', \'bg-light\', \'bg-dark\', \'bg-white\'], ', now()); +insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Link Colour Scheme', 'MODULE_CONTENT_NAVBAR_STYLE_FG', 'navbar-light', 'What foreground colour should the Navbar have? See navbar/#color-schemes', '6', '0', 'tep_cfg_select_option([\'navbar-dark\', \'navbar-light\'], ', now()); +insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Placement', 'MODULE_CONTENT_NAVBAR_FIXED', 'floating', 'Should the Navbar be Placed or Floating? See navbar/#placement', '6', '0', 'tep_cfg_select_option([\'fixed-top\', \'fixed-bottom\', \'sticky-top\', \'floating\'], ', now()); insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Placement Offset', 'MODULE_CONTENT_NAVBAR_OFFSET', '4rem', 'Offset if using fixed-* Placement.', '6', '0', now()); -insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Collapse', 'MODULE_CONTENT_NAVBAR_COLLAPSE', 'navbar-expand-sm', 'When should the Navbar Show? See navbar/#how-it-works', '6', '0', 'tep_cfg_select_option([\'navbar-expand\', \'navbar-expand-sm\', \'navbar-expand-md\', \'navbar-expand-lg\', \'navbar-expand-xl\'], ', now()); +insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Collapse', 'MODULE_CONTENT_NAVBAR_COLLAPSE', 'navbar-expand-sm', 'When should the Navbar Show? See navbar/#how-it-works', '6', '0', 'tep_cfg_select_option([\'navbar-expand\', \'navbar-expand-sm\', \'navbar-expand-md\', \'navbar-expand-lg\', \'navbar-expand-xl\'], ', now()); insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Sort Order', 'MODULE_CONTENT_NAVBAR_SORT_ORDER', '10', 'Sort order of display. Lowest is displayed first.', '6', '0', now()); # Logo diff --git a/install/templates/main_page.php b/install/templates/main_page.php index c1974f8c4..9b71e934f 100644 --- a/install/templates/main_page.php +++ b/install/templates/main_page.php @@ -20,7 +20,7 @@ OSCOM, Starting Your Online Business with CE Phoenix - + @@ -49,6 +49,6 @@
    - + diff --git a/password_forgotten.php b/password_forgotten.php index 057b4df61..bf9568db5 100644 --- a/password_forgotten.php +++ b/password_forgotten.php @@ -12,19 +12,19 @@ require 'includes/application_top.php'; - require "includes/languages/$language/password_forgotten.php"; + require language::map_to_translation('password_forgotten.php'); if (!$customer_data->has(['email_address'])) { - tep_redirect(tep_href_link('index.php', '', 'SSL')); + tep_redirect(tep_href_link('index.php')); } $password_reset_initiated = false; if (tep_validate_form_action_is('process')) { - $email_address = tep_db_prepare_input($_POST['email_address']); + $email_address = Text::input($_POST['email_address']); $check_customer_query = tep_db_query($customer_data->build_read(['name', 'id'], 'customers', ['email_address' => $email_address])); - if ($check_customer = tep_db_fetch_array($check_customer_query)) { + if ($check_customer = $check_customer_query->fetch_assoc()) { $actionRecorder = new actionRecorder('ar_reset_password', $customer_data->get('id', $check_customer), $email_address); if ($actionRecorder->canPerform()) { diff --git a/privacy.php b/privacy.php index dc9d80ad3..557604cbc 100644 --- a/privacy.php +++ b/privacy.php @@ -12,7 +12,7 @@ require 'includes/application_top.php'; - require "includes/languages/$language/privacy.php"; + require language::map_to_translation('privacy.php'); require $oscTemplate->map_to_template(__FILE__, 'page'); diff --git a/product_info.php b/product_info.php index dafebf811..9faec9626 100644 --- a/product_info.php +++ b/product_info.php @@ -16,10 +16,10 @@ tep_redirect(tep_href_link('index.php')); } - require "includes/languages/$language/product_info.php"; + require language::map_to_translation('product_info.php'); $product_info_query = tep_db_query("SELECT p.*, pd.* FROM products p, products_description pd where p.products_status = 1 and p.products_id = " . (int)$_GET['products_id'] . " and pd.products_id = p.products_id and pd.language_id = " . (int)$languages_id); - if ($product_info = tep_db_fetch_array($product_info_query)) { + if ($product_info = $product_info_query->fetch_assoc()) { tep_db_query("UPDATE products_description SET products_viewed = products_viewed+1 WHERE products_id = " . (int)$_GET['products_id'] . " and language_id = " . (int)$languages_id); require $oscTemplate->map_to_template(__FILE__, 'page'); diff --git a/products_new.php b/products_new.php index aeab073b0..a812746e7 100644 --- a/products_new.php +++ b/products_new.php @@ -12,9 +12,9 @@ require 'includes/application_top.php'; - require "includes/languages/$language/products_new.php"; + require language::map_to_translation('products_new.php'); - $listing_sql = <<<'EOSQL' + $listing_sql = sprintf(<<<'EOSQL' SELECT p.*, pd.*, m.*, IF(s.status, s.specials_new_products_price, NULL) AS specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) AS final_price, @@ -25,9 +25,9 @@ products p LEFT JOIN manufacturers m ON p.manufacturers_id = m.manufacturers_id LEFT JOIN specials s ON p.products_id = s.products_id - WHERE p.products_status = 1 AND p.products_id = pd.products_id AND pd.language_id = + WHERE p.products_status = 1 AND p.products_id = pd.products_id AND pd.language_id = %d EOSQL - . (int)$languages_id; + , (int)$_SESSION['languages_id']); $default_column = 'PRODUCT_LIST_ID'; $sort_order = 'd'; diff --git a/shipping.php b/shipping.php index f913e0c9f..cccd6be16 100644 --- a/shipping.php +++ b/shipping.php @@ -12,7 +12,7 @@ require 'includes/application_top.php'; - require "includes/languages/$language/shipping.php"; + require language::map_to_translation('shipping.php'); require $oscTemplate->map_to_template(__FILE__, 'page'); diff --git a/shopping_cart.php b/shopping_cart.php index 8a094c15f..6f176ba37 100644 --- a/shopping_cart.php +++ b/shopping_cart.php @@ -12,7 +12,7 @@ require 'includes/application_top.php'; - require "includes/languages/$language/shopping_cart.php"; + require language::map_to_translation('shopping_cart.php'); require $oscTemplate->map_to_template(__FILE__, 'page'); diff --git a/specials.php b/specials.php index 227158e7a..c751149c2 100644 --- a/specials.php +++ b/specials.php @@ -12,9 +12,9 @@ require 'includes/application_top.php'; - require "includes/languages/$language/specials.php"; + require language::map_to_translation('specials.php'); - $listing_sql = <<<'EOSQL' + $listing_sql = sprintf(<<<'EOSQL' SELECT p.*, pd.*, m.*, IF(s.status, s.specials_new_products_price, NULL) AS specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) AS final_price, @@ -25,9 +25,9 @@ INNER JOIN products p ON p.products_id = pd.products_id LEFT JOIN manufacturers m ON p.manufacturers_id = m.manufacturers_id LEFT JOIN specials s ON p.products_id = s.products_id - WHERE p.products_status = 1 AND s.status = 1 AND pd.language_id = + WHERE p.products_status = 1 AND s.status = 1 AND pd.language_id = %d EOSQL - . (int)$languages_id; + , (int)$_SESSION['languages_id']); require $oscTemplate->map_to_template(__FILE__, 'page'); diff --git a/ssl_check.php b/ssl_check.php index f7688971a..7b0e33233 100644 --- a/ssl_check.php +++ b/ssl_check.php @@ -12,7 +12,7 @@ require 'includes/application_top.php'; - require "includes/languages/$language/ssl_check.php"; + require language::map_to_translation('ssl_check.php'); require $oscTemplate->map_to_template(__FILE__, 'page'); diff --git a/templates/default/includes/components/product_card.php b/templates/default/includes/components/product_card.php index 7bcbdc243..d76ad42d8 100644 --- a/templates/default/includes/components/product_card.php +++ b/templates/default/includes/components/product_card.php @@ -1,8 +1,8 @@ - get('image'), htmlspecialchars($product->get('name')), null, null, null, true, 'card-img-top') ?> + get('image'), htmlspecialchars($product->get('name')), '', '', '', true, 'card-img-top') ?>
    get('name') ?>
    hype_price() ?>
    - +
    show_pages() === true) { $this->load_lang(); - + $title = ENTRY_MATC; - $checkbox = tep_draw_checkbox_field('matc', 1, false, 'required aria-required="true" class="custom-control-input" id="inputMATC"'); - $label = ENTRY_MATC_TEXT; - + $checkbox = tep_draw_selection_field('matc', 'checkbox', 1, false, 'required aria-required="true" class="custom-control-input" id="inputMATC"'); + $label = ENTRY_MATC_TEXT; + $matc = <<
    {$title}
    @@ -29,22 +29,22 @@ function listen_injectFormDisplay() {
    eod; - + return $matc; } } - + function listen_injectSiteEnd() { if ($this->show_pages() === true) { - $this->load_lang(); - + $this->load_lang(); + $close_button = MATC_BUTTON_CLOSE; - + $p_modal = info_pages::get_page(['p.slug' => 'privacy', 'pd.languages_id' => $_SESSION['languages_id']]); $c_modal = info_pages::get_page(['p.slug' => 'conditions', 'pd.languages_id' => $_SESSION['languages_id']]); - + $modal = <<
    eod; @@ -52,17 +52,17 @@ function listen_injectSiteEnd() { return $modal; } } - + function load_lang() { if (!defined('ENTRY_MATC')) { - require 'includes/languages/' . $_SESSION['language'] . '/hooks/shop/siteWide/MATC.php'; + require language::map_to_translation('hooks/shop/siteWide/MATC.php'); } } - + function show_pages() { $good_pages = ['create_account.php', 'checkout_confirmation.php']; - + return in_array(basename($GLOBALS['PHP_SELF']), $good_pages); } - + } diff --git a/templates/default/includes/hooks/shop/siteWide/bootStrap.php b/templates/default/includes/hooks/shop/siteWide/bootStrap.php index e9cb2142e..0b6cb5f88 100644 --- a/templates/default/includes/hooks/shop/siteWide/bootStrap.php +++ b/templates/default/includes/hooks/shop/siteWide/bootStrap.php @@ -12,20 +12,20 @@ class hook_shop_siteWide_bootStrap { - public $version = '4.5.3'; + public $version = '4.6.0'; public $sitestart = null; public $siteend = null; function listen_injectSiteStart() { - $this->sitestart .= '' . PHP_EOL; + $this->sitestart .= '' . PHP_EOL; return $this->sitestart; } function listen_injectSiteEnd() { $this->siteend .= '' . PHP_EOL; - $this->siteend .= '' . PHP_EOL; + $this->siteend .= '' . PHP_EOL; return $this->siteend; } diff --git a/templates/default/static/user.css b/templates/default/static/user.css index 574fc4d60..30a0dea01 100644 --- a/templates/default/static/user.css +++ b/templates/default/static/user.css @@ -1,2 +1,4 @@ /* user.css ----------------------------------------------------------------- */ - +/* Please don't edit the original of this file. + * Instead copy into a template and edit the copy. + */ diff --git a/templates/override/includes/.htaccess b/templates/override/includes/.htaccess new file mode 100644 index 000000000..fa52d8e86 --- /dev/null +++ b/templates/override/includes/.htaccess @@ -0,0 +1,28 @@ +# $Id$ +# +# This is used with Apache WebServers +# The following blocks direct HTTP requests in this directory recursively +# +# For this to work, you must include the parameter 'Limit' to the AllowOverride configuration +# +# Example: +# +# +# AllowOverride Limit +# +# 'All' with also work. (This configuration is in your apache/conf/httpd.conf file) +# +# This does not affect PHP include/require functions +# +# Example: http://server/catalog/includes/application_top.php will not work + + + + Require all denied + + + + Order Deny,Allow + Deny from all + + diff --git a/templates/override/includes/template.php b/templates/override/includes/template.php new file mode 100644 index 000000000..d0f6e21c9 --- /dev/null +++ b/templates/override/includes/template.php @@ -0,0 +1,54 @@ +_base_hook_directories[] = $hook_directory; + } + + parent::__construct(); + } + + public static function _get_template_mapping_for($file, $type) { + switch ($type) { + case 'page': + return DIR_FS_CATALOG . 'templates/override/includes/pages/' . basename($file); + case 'component': + return DIR_FS_CATALOG . 'templates/override/includes/components/' . basename($file); + case 'module': + $file = static::extract_relative_path($file); + $file = dirname($file) . '/tpl_' . basename($file); + + return DIR_FS_CATALOG . "templates/override/$file"; + case 'ext': + $file = static::extract_relative_path($file); + return DIR_FS_CATALOG . "templates/override/includes/$file"; + case 'translation': + case 'literal': + default: + $file = static::extract_relative_path($file); + return DIR_FS_CATALOG . "templates/override/$file"; + } + } + + public function get_template_mapping_for($file, $type) { + $template_file = static::_get_template_mapping_for($file, $type); + + return file_exists($template_file) + ? $template_file + : parent::get_template_mapping_for($file, $type); + } + + } diff --git a/templates/override/static/.htaccess b/templates/override/static/.htaccess new file mode 100644 index 000000000..fff86914e --- /dev/null +++ b/templates/override/static/.htaccess @@ -0,0 +1,18 @@ +# $Id$ +# +# This is used to restrict access to this folder to anything other +# than images + +# Prevents any script files from being accessed from the images folder + + + Require all denied + + + + Order Deny,Allow + Deny from all + + + +Options -Indexes diff --git a/testimonials.php b/testimonials.php index 60d9b5ff3..d5530e4fe 100644 --- a/testimonials.php +++ b/testimonials.php @@ -12,7 +12,7 @@ require 'includes/application_top.php'; - require "includes/languages/$language/testimonials.php"; + require language::map_to_translation('testimonials.php'); require $oscTemplate->map_to_template(__FILE__, 'page');
    '; - } else { - echo ' '; - } + ' + : ' ' ?>