Index: /controller/wpsg_ShopController.class.php =================================================================== --- /controller/wpsg_ShopController.class.php (revision 7504) +++ /controller/wpsg_ShopController.class.php (revision 7506) @@ -3741,11 +3741,35 @@ } // function exec($cmd) - + /** * FÃŒgt in die Dummy phtml ein zu ÃŒbersetzenden String hinzu - */ - public function addTranslationString($key, $value) - { - + * + * @param $key + * @param $value + * @param null $sanitize_type + * @param array $sanitize_params + * + * @return bool + * + * @throws \wpsg\Exception + */ + public function addTranslationString($key, $value, $sanitize_type = null, $sanitize_params = []) { + + if (wpsg_isSizedString($sanitize_type)) { + + $bValid = wpsg_checkInput($value, $sanitize_type, $sanitize_params); + + if (!$bValid) { + + $GLOBALS['wpsg_sc']->addBackendError(__('Ihre Eingaben in den markierten Feldern waren ungÃŒltig, bitte ÃŒberprÃŒfen.', 'wpsg')); + + $_SESSION['sanitization_err_fields'][$key] = 0; + + return false; + + } + + } + if (function_exists('icl_register_string')) { Index: /lib/functions.inc.php =================================================================== --- /lib/functions.inc.php (revision 7504) +++ /lib/functions.inc.php (revision 7506) @@ -563,5 +563,16 @@ case WPSG_SANITIZE_PATH: case WPSG_SANITIZE_APIKEY: - case WPSG_SANITIZE_URL: + case WPSG_SANITIZE_URL: + + case WPSG_SANITIZE_EMAILNAME: + + // TODO RFC 2822? Checken + // E-Mail + // Aber auch nur E-Mail + //if (preg_match('/(?:[a-z0-9!#$%&\'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&\'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\ x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])/', $val)) $bReturn = true; + $bReturn = true; + + break; + case WPSG_SANITIZE_TEXTFIELD: Index: /lib/helper_functions.inc.php =================================================================== --- /lib/helper_functions.inc.php (revision 7504) +++ /lib/helper_functions.inc.php (revision 7506) @@ -263,24 +263,23 @@ { - $GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_betreff', $_REQUEST['wpsg_'.$key.'_betreff'], false, false, "text_field"); - $GLOBALS['wpsg_sc']->addTranslationString('wpsg_'.$key.'_betreff', wpsg_sinput("text_field", $_REQUEST['wpsg_'.$key.'_betreff'])); - - } - - if (isset($_REQUEST['wpsg_'.$key.'_absender'])) - { - - $GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_absender', $_REQUEST['wpsg_'.$key.'_absender'], false, false, "text_field"); - $GLOBALS['wpsg_sc']->addTranslationString('wpsg_'.$key.'_absender', wpsg_sinput("text_field", $_REQUEST['wpsg_'.$key.'_absender'])); - } - - if (isset($_REQUEST['wpsg_'.$key.'_empfaenger'])) $GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_empfaenger', $_REQUEST['wpsg_'.$key.'_empfaenger'], false, false, "text_field"); - if (isset($_REQUEST['wpsg_'.$key.'_cc'])) $GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_cc', $_REQUEST['wpsg_'.$key.'_cc'], false, false, "text_field"); - if (isset($_REQUEST['wpsg_'.$key.'_bcc'])) $GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_bcc', $_REQUEST['wpsg_'.$key.'_bcc'], false, false, "text_field"); + $GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_betreff', $_REQUEST['wpsg_'.$key.'_betreff'], false, false, WPSG_SANITIZE_TEXTFIELD); + $GLOBALS['wpsg_sc']->addTranslationString('wpsg_'.$key.'_betreff', $_REQUEST['wpsg_'.$key.'_betreff'], WPSG_SANITIZE_TEXTFIELD); + + } + + if (isset($_REQUEST['wpsg_'.$key.'_absender'])) { + + $GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_absender', $_REQUEST['wpsg_'.$key.'_absender'], false, false, WPSG_SANITIZE_EMAILNAME); + $GLOBALS['wpsg_sc']->addTranslationString('wpsg_'.$key.'_absender', $_REQUEST['wpsg_'.$key.'_absender'], WPSG_SANITIZE_EMAILNAME); + } + + if (isset($_REQUEST['wpsg_'.$key.'_empfaenger'])) $GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_empfaenger', $_REQUEST['wpsg_'.$key.'_empfaenger'], false, false, WPSG_SANITIZE_EMAILNAME); + if (isset($_REQUEST['wpsg_'.$key.'_cc'])) $GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_cc', $_REQUEST['wpsg_'.$key.'_cc'], false, false, WPSG_SANITIZE_EMAILNAME); + if (isset($_REQUEST['wpsg_'.$key.'_bcc'])) $GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_bcc', $_REQUEST['wpsg_'.$key.'_bcc'], false, false, WPSG_SANITIZE_EMAILNAME); if (isset($_REQUEST['wpsg_'.$key.'_text'])) { - $GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_text', $_REQUEST['wpsg_'.$key.'_text'], false, false, "text_field"); - $GLOBALS['wpsg_sc']->addTranslationString('wpsg_'.$key.'_text', wpsg_sinput("text_field", $_REQUEST['wpsg_'.$key.'_text'])); + $GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_text', $_REQUEST['wpsg_'.$key.'_text'], false, false, WPSG_SANITIZE_TEXTFIELD); + $GLOBALS['wpsg_sc']->addTranslationString('wpsg_'.$key.'_text', $_REQUEST['wpsg_'.$key.'_text'], WPSG_SANITIZE_TEXTFIELD); } Index: /views/mailtemplates/adminmail.phtml =================================================================== --- /views/mailtemplates/adminmail.phtml (revision 7504) +++ /views/mailtemplates/adminmail.phtml (revision 7506) @@ -7,5 +7,5 @@ $this->htmlMail = false; - //wpsg_debug($this->view); + wpsg_debug($this->view); ?> @@ -61,5 +61,5 @@ view['basket']['checkout']['onr']; ?> view['basket']['checkout']['datum']); ?> -view['basket']['sum']['preis_gesamt_brutto'], $this->get_option('wpsg_currency')); ?> +view['basket']['arCalculation']['sum']['topay_brutto'], $this->get_option('wpsg_currency')); ?> get_option('wpsg_kleinunternehmer')) { ?> Index: /views/mailtemplates/html/customer.phtml =================================================================== --- /views/mailtemplates/html/customer.phtml (revision 7504) +++ /views/mailtemplates/html/customer.phtml (revision 7506) @@ -109,5 +109,5 @@ : - view['basket']['checkout']['email']); ?> + view['basket']['checkout']['email']); ?> @@ -132,5 +132,5 @@ : - view['basket']['arCalculation']['topay_brutto'], $this->get_option('wpsg_currency')); ?> + view['basket']['arCalculation']['sum']['topay_brutto'], $this->get_option('wpsg_currency')); ?> get_option('wpsg_kleinunternehmer') != '1') { ?> Index: /views/mailtemplates/kundenmail.phtml =================================================================== --- /views/mailtemplates/kundenmail.phtml (revision 7504) +++ /views/mailtemplates/kundenmail.phtml (revision 7506) @@ -64,5 +64,5 @@ view['basket']['checkout']['onr']; ?> view['basket']['checkout']['datum']); ?> -view['basket']['arCalculation']['topay_brutto'], $this->get_option('wpsg_currency')); ?> +view['basket']['arCalculation']['sum']['topay_brutto'], $this->get_option('wpsg_currency')); ?> get_option('wpsg_kleinunternehmer')) { ?> Index: /views/mods/mod_gutschein/mail_order_end_html.phtml =================================================================== --- /views/mods/mod_gutschein/mail_order_end_html.phtml (revision 7504) +++ /views/mods/mod_gutschein/mail_order_end_html.phtml (revision 7506) @@ -46,5 +46,5 @@   - view['basket']['arCalculation']['topay_brutto'], $this->get_option('wpsg_currency')); ?> + view['basket']['arCalculation']['sum']['topay_brutto'], $this->get_option('wpsg_currency')); ?> Index: /wpshopgermany.php =================================================================== --- /wpshopgermany.php (revision 7504) +++ /wpshopgermany.php (revision 7506) @@ -90,5 +90,6 @@ define('WPSG_SANITIZE_COSTKEY', 16); define('WPSG_SANITIZE_NONE', 17); - + define('WPSG_SANITIZE_EMAILNAME', 18); + // Ist in Multiblog manchma nicht definiert :? Sonst ist hier das Verzeichnis drin if (!defined('SITECOOKIEPATH')) define('SITECOOKIEPATH', '/');