Index: /lib/functions.inc.php =================================================================== --- /lib/functions.inc.php (revision 7430) +++ /lib/functions.inc.php (revision 7431) @@ -522,4 +522,10 @@ break; + case WPSG_SANITIZE_HEXCOLOR: + + if ($val === '' || preg_match('/^\#[0-9A-F]{6}$/', $val)) $bReturn = true; + + break; + case WSPG_SANITIZE_EMAIL: Index: /mods/wpsg_mod_rechnungen.class.php =================================================================== --- /mods/wpsg_mod_rechnungen.class.php (revision 7430) +++ /mods/wpsg_mod_rechnungen.class.php (revision 7431) @@ -129,9 +129,13 @@ if (!is_array($foot_text)) $foot_text = array(); - $foot_text[$_REQUEST['field_id']][$_REQUEST['field']] = wpsg_sinput("text_field", $_REQUEST['value']); - - $this->shop->update_option('wpsg_rechnungen_footer', $foot_text, false, false, "text_field"); - - die(wpsg_sinput("text_field", $_REQUEST['value'])); + if (wpsg_checkInput($_REQUEST['value'], WPSG_SANITIZE_TEXTFIELD)) { + + $foot_text[$_REQUEST['field_id']][$_REQUEST['field']] = $_REQUEST['value']; + + $this->shop->update_option('wpsg_rechnungen_footer', $foot_text); + + die( $_REQUEST['value']); + + } else die($foot_text[$_REQUEST['field_id']][$_REQUEST['field']]); } @@ -176,6 +180,5 @@ } // public function be_ajax() - public function settings_save() - { + public function settings_save() { if (file_exists($_FILES['wpsg_rechnungen_bp']['tmp_name'])) { @@ -249,10 +252,46 @@ } - - $this->shop->update_option("wpsg_mod_rechnungen_texte", wpsg_sanitize("wpsg_txt_tbl", $_REQUEST['text'])); + + $bCheckTextField = false; +# + foreach ($_REQUEST['text'] as $k => $v) { + + if ( + !in_array($k, ['firma', 'name', 'strasse', 'plzort', 'land', 'tel', 'fax', 'mail', 'web', 'strnr', 'ustidnr', 'knr', 'blz', 'bank', 'user1', 'user2', 'user3', 'user4', 'user5']) || + !wpsg_checkInput($v['text'], WPSG_SANITIZE_TEXTFIELD) || + !wpsg_checkInput($v['x'], WPSG_SANITIZE_FLOAT) || + !wpsg_checkInput($v['y'], WPSG_SANITIZE_FLOAT) || + !wpsg_checkInput($v['color'], WPSG_SANITIZE_HEXCOLOR) || + !wpsg_checkInput($v['fontsize'],WPSG_SANITIZE_INT) + ) { + + /* + var_dump(!in_array($k, ['firma', 'name', 'strasse', 'plzort', 'land', 'tel', 'fax', 'mail', 'web', 'strnr', 'ustidnr', 'knr', 'blz', 'bank', 'user1', 'user2', 'user3', 'user4', 'user5'])); + var_dump(!wpsg_checkInput($v['text'], WPSG_SANITIZE_TEXTFIELD)); + var_dump(!wpsg_checkInput($v['x'], WPSG_SANITIZE_FLOAT)); + var_dump(!wpsg_checkInput($v['y'], WPSG_SANITIZE_FLOAT)); + var_dump(!wpsg_checkInput($v['color'], WPSG_SANITIZE_HEXCOLOR)); + var_dump(!wpsg_checkInput($v['fontsize'],WPSG_SANITIZE_INT)); + var_dump($v['color']); + + die("_"); + */ + + $this->shop->addBackendError(__('Bitte ÃŒberprÃŒfen Sie die Textfelder.', 'wpsg')); + $bCheckTextField = true; + + } + + } + + if ($bCheckTextField) { + + $this->shop->update_option("wpsg_mod_rechnungen_texte", $_REQUEST['text']); + + } $this->shop->update_option("wpsg_rechnungen_url", $_REQUEST['wpsg_rechnungen_url'], false, false, WPSG_SANITIZE_TEXTFIELD); $this->shop->update_option("wpsg_mod_rechnungen_auto", $_REQUEST['wpsg_mod_rechnungen_auto'], false, false, WPSG_SANITIZE_INT); - $this->shop->update_option("wpsg_rechnungen_logo_position", $wpsg_rechnungen_logo_position ?: null); + $this->shop->update_option("wpsg_rechnungen_logo_position", ($wpsg_rechnungen_logo_position??false)); $this->shop->update_option("wpsg_rechnungen_logo_transparency", $_REQUEST['wpsg_rechnungen_logo_transparency'], false, false, WPSG_SANITIZE_FLOAT); $this->shop->update_option("wpsg_rechnungen_faelligkeit", $_REQUEST['wpsg_rechnungen_faelligkeit'],false, false, WPSG_SANITIZE_FLOAT); Index: /wpshopgermany.php =================================================================== --- /wpshopgermany.php (revision 7430) +++ /wpshopgermany.php (revision 7431) @@ -92,4 +92,5 @@ define('WPSG_SANITIZE_TEXTAREA', 9); define('WSPG_SANITIZE_EMAIL', 10); + define('WPSG_SANITIZE_HEXCOLOR', 11); // Ist in Multiblog manchma nicht definiert :? Sonst ist hier das Verzeichnis drin