Index: /controller/wpsg_ProduktController.class.php =================================================================== --- /controller/wpsg_ProduktController.class.php (revision 7501) +++ /controller/wpsg_ProduktController.class.php (revision 7502) @@ -867,8 +867,10 @@ wpsg_checkRequest('detailname', [WPSG_SANITIZE_TEXTFIELD], __('Produktname (Detail)', 'wpsg'), $data); wpsg_checkRequest('shortdesc', [WPSG_SANITIZE_TEXTFIELD], __('Produktbeschreibung (Kurz)', 'wpsg'), $data); - wpsg_checkRequest('beschreibung', [WPSG_SANITIZE_HTML], __('Kurztext', 'wpsg'), $data); - wpsg_checkRequest('longdescription', [WPSG_SANITIZE_HTML], __('Langtext', 'wpsg'), $data); - wpsg_checkRequest('moreinfos', [WPSG_SANITIZE_HTML], __('ZusÀtzliche Informationen', 'wpsg'), $data); - wpsg_checkRequest('moreinfos2', [WPSG_SANITIZE_HTML], __('Lieferumfang', 'wpsg'), $data); + + wpsg_checkRequest('beschreibung', [WPSG_SANITIZE_NONE], __('Kurztext', 'wpsg'), $data); + wpsg_checkRequest('longdescription', [WPSG_SANITIZE_NONE], __('Langtext', 'wpsg'), $data); + wpsg_checkRequest('moreinfos', [WPSG_SANITIZE_NONE], __('ZusÀtzliche Informationen', 'wpsg'), $data); + wpsg_checkRequest('moreinfos2', [WPSG_SANITIZE_NONE], __('Lieferumfang', 'wpsg'), $data); + wpsg_checkRequest('anr', [WPSG_SANITIZE_TEXTFIELD], __('Artikelnummer', 'wpsg'), $data); wpsg_checkRequest('mwst_key', [WPSG_SANITIZE_TAXKEY], __('Steuergruppe', 'wpsg'), $data); Index: /lib/functions.inc.php =================================================================== --- /lib/functions.inc.php (revision 7501) +++ /lib/functions.inc.php (revision 7502) @@ -607,5 +607,9 @@ if (in_array($val, ['0', 'a', 'b', 'c', 'd', 'e'])) $bReturn = true; - break; + break; + + case WPSG_SANITIZE_NONE: $bReturn = true; + + break; case WPSG_SANITIZE_ARRAY_INT: Index: /lib/wpsg_imagehandler.class.php =================================================================== --- /lib/wpsg_imagehandler.class.php (revision 7501) +++ /lib/wpsg_imagehandler.class.php (revision 7502) @@ -152,7 +152,19 @@ else if ($this->shop->hasMod('wpsg_mod_productvariants') && wpsg_isSizedInt($vari_id)) { - + // Daten der Produktvariation laden - list($images, $images_set) = array_values($this->db->fetchRow("SELECT `images`, `images_set` FROM `".WPSG_TBL_PRODUCTS_VARIATION."` WHERE `product_id` = '".wpsg_q($product_id)."' AND `variation_id` = '".wpsg_q($vari_id)."' ")); + $row = $this->db->fetchRow("SELECT `images`, `images_set` FROM `".WPSG_TBL_PRODUCTS_VARIATION."` WHERE `product_id` = '".wpsg_q($product_id)."' AND `variation_id` = '".wpsg_q($vari_id)."' "); + + if ($row !== null) { + + list($images, $images_set) = array_values($this->db->fetchRow("SELECT `images`, `images_set` FROM `".WPSG_TBL_PRODUCTS_VARIATION."` WHERE `product_id` = '".wpsg_q($product_id)."' AND `variation_id` = '".wpsg_q($vari_id)."' ")); + + } else { + + $images = ''; + $images_set = ''; + + } + $arAttachmentIDsProductVari = explode(',', $images); Index: /mods/wpsg_mod_fuellmenge.class.php =================================================================== --- /mods/wpsg_mod_fuellmenge.class.php (revision 7501) +++ /mods/wpsg_mod_fuellmenge.class.php (revision 7502) @@ -202,11 +202,16 @@ } - public function produkt_save(&$produkt_id) - { - - $this->db->UpdateQuery(WPSG_TBL_PRODUCTS, array( - "feinheit" => wpsg_q(wpsg_sinput("key", $_REQUEST['feinheit'])), - "fmenge" => wpsg_q(wpsg_tf(wpsg_sinput("key", $_REQUEST['fmenge'], WPSG_SANITIZE_FLOAT))) - ), "`id` = '".wpsg_q(wpsg_sinput("key", $produkt_id))."'"); + public function produkt_save(&$produkt_id) { + + $db_data = []; + + wpsg_checkRequest('feinheit', [WPSG_SANITIZE_TEXTFIELD], __('Einheit FÌllmenge', 'wpsg'), $db_data); + wpsg_checkRequest('fmenge', [WPSG_SANITIZE_FLOAT], __('FÌllmenge', 'wpsg'), $db_data); + + if (wpsg_isSizedArray($db_data)) { + + $this->db->UpdateQuery(WPSG_TBL_PRODUCTS, $db_data, "`id` = '".wpsg_q($produkt_id)."'"); + + } } // public function produkt_save(&$produkt_id) Index: /mods/wpsg_mod_productvars.class.php =================================================================== --- /mods/wpsg_mod_productvars.class.php (revision 7501) +++ /mods/wpsg_mod_productvars.class.php (revision 7502) @@ -173,10 +173,10 @@ public function produkt_save(&$produkt_id) { - - if (isset($_REQUEST['wpsg_pv'])) - { - foreach ((array)$_REQUEST['wpsg_pv'] as $k => $v) { if ($v != '1') unset($_REQUEST['wpsg_pv'][$k]); } - - $this->db->UpdateQuery(WPSG_TBL_PRODUCTS, array('produktvars' => wpsg_sinput("text_field", implode(",", array_keys((array)$_REQUEST['wpsg_pv'])))), "`id` = '".wpsg_q($produkt_id)."'"); + + if (isset($_REQUEST['wpsg_pv'])) { + + foreach ((array)$_REQUEST['wpsg_pv'] as $k => $v) { if ($v != '1') unset($_REQUEST['wpsg_pv'][$k]); else $_REQUEST['wpsg_pv'][$k] = intval($v); } + + $this->db->UpdateQuery(WPSG_TBL_PRODUCTS, array('produktvars' => implode(",", array_keys($_REQUEST['wpsg_pv']))), "`id` = '".wpsg_q($produkt_id)."'"); } Index: /mods/wpsg_mod_topseller.class.php =================================================================== --- /mods/wpsg_mod_topseller.class.php (revision 7501) +++ /mods/wpsg_mod_topseller.class.php (revision 7502) @@ -75,8 +75,7 @@ } //public function product_addedit_content(&$product_content, &$product_data) - public function produkt_save_before(&$produkt_data) - { + public function produkt_save_before(&$produkt_data) { - $produkt_data['wpsg_mod_topseller'] = wpsg_tf(wpsg_sinput("key", $_REQUEST['wpsg_mod_topseller']['status'], "isFloat")); + wpsg_checkRequest('wpsg_mod_topseller', [WPSG_SANITIZE_CHECKBOX], __('Topseller Status'), $produkt_data, $_REQUEST['wpsg_mod_topseller']['status']); } // public function produkt_save_before(&$produkt_data) Index: /wpshopgermany.php =================================================================== --- /wpshopgermany.php (revision 7501) +++ /wpshopgermany.php (revision 7502) @@ -89,5 +89,6 @@ define('WPSG_SANITIZE_HTML', 15); define('WPSG_SANITIZE_COSTKEY', 16); - + define('WPSG_SANITIZE_NONE', 17); + // Ist in Multiblog manchma nicht definiert :? Sonst ist hier das Verzeichnis drin if (!defined('SITECOOKIEPATH')) define('SITECOOKIEPATH', '/');