Index: /controller/wpsg_AdminController.class.php
===================================================================
--- /controller/wpsg_AdminController.class.php (revision 7456)
+++ /controller/wpsg_AdminController.class.php (revision 7457)
@@ -366,5 +366,5 @@
$this->addBackendMessage(__('wpShopGermany wurde aktiviert.', 'wpsg'));
- $this->update_option('wpsg_key', $_REQUEST['wpsg_licence_file'], true, false, "key");
+ $this->update_option('wpsg_key', $_REQUEST['wpsg_licence_file'], true, false, WPSG_SANITIZE_APIKEY);
}
@@ -2391,15 +2391,16 @@
// Seiten speichern
- $this->createPage(__('Anfrageliste', 'wpsg'), 'wpsg_page_request', wpsg_sinput("key", $_REQUEST['wpsg_page_request']));
- $this->createPage(__('Warenkorb', 'wpsg'), 'wpsg_page_basket', wpsg_sinput("key", $_REQUEST['wpsg_page_basket']));
- $this->createPage(__('Weiter shoppen', 'wpsg'), 'wpsg_page_basket_more', wpsg_sinput("key", $_REQUEST['wpsg_page_basket_more']));
- $this->createPage(__('Versandkosten', 'wpsg'), 'wpsg_page_versand', wpsg_sinput("key", $_REQUEST['wpsg_page_versand']));
- $this->createPage(__('Produktdetail', 'wpsg'), 'wpsg_page_product', wpsg_sinput("key", $_REQUEST['wpsg_page_product']));
- $this->createPage(__('AGB', 'wpsg'), 'wpsg_page_agb', wpsg_sinput("key", $_REQUEST['wpsg_page_agb']));
- $this->createPage(__('Datenschutz', 'wpsg'), 'wpsg_page_datenschutz', wpsg_sinput("key", $_REQUEST['wpsg_page_datenschutz']));
- $this->createPage(__('Widerrufsbelehrung', 'wpsg'), 'wpsg_page_widerrufsbelehrung', wpsg_sinput("key", $_REQUEST['wpsg_page_widerrufsbelehrung']));
- $this->update_option('wpsg_page_onlinedisputeresolution', $_REQUEST['wpsg_page_onlinedisputeresolution'], false, false, "key");
- $this->createPage(__('Impressum', 'wpsg'), 'wpsg_page_impressum', wpsg_sinput("key", $_REQUEST['wpsg_page_impressum']));
-
+ $this->createPage(__('Anfrageliste', 'wpsg'), 'wpsg_page_request', $_REQUEST['wpsg_page_request']);
+ $this->createPage(__('Warenkorb', 'wpsg'), 'wpsg_page_basket', $_REQUEST['wpsg_page_basket']);
+ $this->createPage(__('Weiter shoppen', 'wpsg'), 'wpsg_page_basket_more', $_REQUEST['wpsg_page_basket_more']);
+ $this->createPage(__('Versandkosten', 'wpsg'), 'wpsg_page_versand', $_REQUEST['wpsg_page_versand']);
+ $this->createPage(__('Produktdetail', 'wpsg'), 'wpsg_page_product', $_REQUEST['wpsg_page_product']);
+ $this->createPage(__('AGB', 'wpsg'), 'wpsg_page_agb', $_REQUEST['wpsg_page_agb']);
+ $this->createPage(__('Datenschutz', 'wpsg'), 'wpsg_page_datenschutz', $_REQUEST['wpsg_page_datenschutz']);
+ $this->createPage(__('Widerrufsbelehrung', 'wpsg'), 'wpsg_page_widerrufsbelehrung', $_REQUEST['wpsg_page_widerrufsbelehrung']);
+ $this->createPage(__('Impressum', 'wpsg'), 'wpsg_page_impressum', $_REQUEST['wpsg_page_impressum']);
+
+ //$this->update_option('wpsg_page_onlinedisputeresolution', $_REQUEST['wpsg_page_onlinedisputeresolution'], false, false, "key");
+
$this->addBackendMessage(__('Seiteneinstellungen bearbeitet.', 'wpsg'));
Index: /controller/wpsg_SystemController.class.php
===================================================================
--- /controller/wpsg_SystemController.class.php (revision 7456)
+++ /controller/wpsg_SystemController.class.php (revision 7457)
@@ -824,4 +824,6 @@
global $wpdb, $current_user;
+
+ if (!wpsg_checkInput($page_id, WPSG_SANITIZE_PAGEID)) return false;
if ($page_id == -1)
Index: /lib/functions.inc.php
===================================================================
--- /lib/functions.inc.php (revision 7456)
+++ /lib/functions.inc.php (revision 7457)
@@ -549,4 +549,5 @@
break;
+ case WPSG_SANITIZE_PAGEID:
case WPSG_SANITIZE_INT:
Index: /mods/wpsg_mod_ordervars.class.php
===================================================================
--- /mods/wpsg_mod_ordervars.class.php (revision 7456)
+++ /mods/wpsg_mod_ordervars.class.php (revision 7457)
@@ -131,5 +131,7 @@
$data['auswahl'] = wpsg_q($_REQUEST['value']);
$this->shop->addTranslationString('wpsg_mod_ordervars_auswahl'.$_REQUEST['ov_id'], $_REQUEST['value']);
- $value = $_REQUEST['value'];
+ $value = $_REQUEST['value'];
+
+
}
Index: /mods/wpsg_mod_paypalapi.class.php
===================================================================
--- /mods/wpsg_mod_paypalapi.class.php (revision 7456)
+++ /mods/wpsg_mod_paypalapi.class.php (revision 7457)
@@ -139,14 +139,13 @@
// PaymentExperience
- if (wpsg_isSizedString($_REQUEST['wpsg_mod_paypalapi_clientid']) && wpsg_isSizedString($_REQUEST['wpsg_mod_paypalapi_secret']))
- {
+ if (wpsg_isSizedString($_REQUEST['wpsg_mod_paypalapi_clientid']) && wpsg_isSizedString($_REQUEST['wpsg_mod_paypalapi_secret'])) {
$json_data = $this->api_getWebExperience();
+
$paymentExperienceID = false;
foreach ($json_data as $p) if ($p['name'] == 'wpShopGermany') $paymentExperienceID = $p['id'];
- if ($paymentExperienceID === false)
- {
+ if ($paymentExperienceID === false) {
// PaymentExperience existiert nicht => anlegen
@@ -155,6 +154,5 @@
$this->shop->update_option('wpsg_mod_paypalapi_paymentExperience', $json_data['id']);
- }
- else
+ } else
{
@@ -535,6 +533,5 @@
$basketError = false;
- if ($this->shop->callMods('basket_check') == false)
- {
+ if ($this->shop->callMods('basket_check') == false) {
// Hier stimmt was mit den Daten im Warenkorb nicht -> ZurÃŒck zum Warenkorb leiten
@@ -545,6 +542,5 @@
}
- if (!wpsg_isSizedString($_SESSION['wpsg']['checkout']['shipping']))
- {
+ if (!wpsg_isSizedString($_SESSION['wpsg']['checkout']['shipping'])) {
$this->shop->addFrontendError(__('Bitte eine gÌltige Versandart auswÀhlen.', 'wpsg'));
@@ -553,6 +549,5 @@
}
- if (!wpsg_isSizedInt($_SESSION['wpsg']['checkout']['land']))
- {
+ if (!wpsg_isSizedInt($_SESSION['wpsg']['checkout']['land'])) {
$this->shop->addFrontendError(__('Bitte ein Land auswÀhlen, damit die Versandkosten bestimmt werden können.', 'wpsg'));
@@ -561,6 +556,5 @@
}
- if ($this->shop->hasMod('wpsg_mod_willcollect'))
- {
+ if ($this->shop->hasMod('wpsg_mod_willcollect')) {
$arCheckout = array(
@@ -647,6 +641,5 @@
* Wird aus dem Warenkorb bei PayPal Express aufgerufen
*/
- public function startPayPalExpressRedirect()
- {
+ public function startPayPalExpressRedirect() {
//Bestellung wird im BasketController schon angelegt
@@ -1328,11 +1321,5 @@
}
-
- if (wpsg_isSizedArray($shipping_address) && isset($post_data['transactions'][0]['item_list'])) {
-
- $post_data['transactions'][0]['item_list']['shipping_address'] = $shipping_address;
-
- }
-
+
if (wpsg_isSizedInt($this->shop->get_option('wpsg_mod_paypalapi_paypalexpress_details')) && floatval($subTotal) === floatval($arBasket['sum']['preis_gesamt_brutto']))
{
@@ -1363,4 +1350,10 @@
}
+
+ if (wpsg_isSizedArray($shipping_address) && isset($post_data['transactions'][0]['item_list'])) {
+
+ $post_data['transactions'][0]['item_list']['shipping_address'] = $shipping_address;
+
+ }
if (wpsg_isSizedString($this->shop->get_option('wpsg_mod_paypalapi_paymentExperience')))
@@ -1555,4 +1548,2 @@
} // class wpsg_mod_paypalapi extends wpsg_mod_basic
-
-?>
Index: /mods/wpsg_mod_rechnungen.class.php
===================================================================
--- /mods/wpsg_mod_rechnungen.class.php (revision 7456)
+++ /mods/wpsg_mod_rechnungen.class.php (revision 7457)
@@ -293,5 +293,5 @@
$this->shop->update_option("wpsg_rechnungen_url", $_REQUEST['wpsg_rechnungen_url'], false, false, WPSG_SANITIZE_TEXTFIELD);
$this->shop->update_option("wpsg_mod_rechnungen_auto", $_REQUEST['wpsg_mod_rechnungen_auto'], false, false, WPSG_SANITIZE_VALUES, ['0', '1', '2']);
- $this->shop->update_option("wpsg_rechnungen_logo_position", ($wpsg_rechnungen_logo_position??false));
+ $this->shop->update_option("wpsg_rechnungen_logo_position", wpsg_getStr($wpsg_rechnungen_logo_position));
$this->shop->update_option("wpsg_rechnungen_logo_transparency", $_REQUEST['wpsg_rechnungen_logo_transparency'], false, false, WPSG_SANITIZE_FLOAT);
$this->shop->update_option("wpsg_rechnungen_faelligkeit", $_REQUEST['wpsg_rechnungen_faelligkeit'],false, false, WPSG_SANITIZE_FLOAT);
Index: /views/mods/mod_stock/stockmail.phtml
===================================================================
--- /views/mods/mod_stock/stockmail.phtml (revision 7456)
+++ /views/mods/mod_stock/stockmail.phtml (revision 7457)
@@ -1,35 +1,35 @@
htmlMail = false;
-?>
-
-
+?>
basket->arProdukte as $p)
- $id = $p['id'];
- echo ('');
- echo __('Produkt').': '.$p['id'].' '.$p['name'];
-
+ foreach ((array)$this->basket->arProdukte as $p)
+ $id = $p['id'];
+ echo ('');
+ echo __('Produkt').': '.$p['id'].' '.$p['name'];
+
}
?>
Index: /views/mods/mod_stock/stockmail_html.phtml
===================================================================
--- /views/mods/mod_stock/stockmail_html.phtml (revision 7456)
+++ /views/mods/mod_stock/stockmail_html.phtml (revision 7457)
@@ -18,7 +18,7 @@
echo wpsg_translate(__('Eine Produktvariation hat das Erreichen des minimalen Lagerbestands am #1# um #2# Uhr gemeldet.', 'wpsg'), date('d.m.Y'), date('H:i'));
- echo ('
');
- echo __("Produkt").': '.$GLOBALS['stockemail_prodvariant']['produkt']['id'].' '.$GLOBALS['stockemail_prodvariant']['produkt']['name'];
- echo ('
');
+ echo '
';
+ echo __("Produkt").': '.$GLOBALS['stockemail_prodvariant']['produkt']['id'].' '.$GLOBALS['stockemail_prodvariant']['produkt']['name'].' ';
+ echo '
';
echo __("Produktvariation").': '.$GLOBALS['stockemail_prodvariant']['variant']['id'].' '.$GLOBALS['stockemail_prodvariant']['variant']['name'];
Index: /wpshopgermany.php
===================================================================
--- /wpshopgermany.php (revision 7456)
+++ /wpshopgermany.php (revision 7457)
@@ -83,4 +83,5 @@
define('WSPG_SANITIZE_EMAIL', 10);
define('WPSG_SANITIZE_HEXCOLOR', 11);
+ define('WPSG_SANITIZE_PAGEID', 12);
// Ist in Multiblog manchma nicht definiert :? Sonst ist hier das Verzeichnis drin