Index: /controller/wpsg_AdminController.class.php =================================================================== --- /controller/wpsg_AdminController.class.php (revision 7506) +++ /controller/wpsg_AdminController.class.php (revision 7507) @@ -1172,37 +1172,38 @@ { - $form_data = array(); parse_str($_REQUEST['form_data'], $form_data); + $form_data = []; parse_str($_REQUEST['form_data'], $form_data); + $update_data = []; // Sanitization - $form_data['name'] = wpsg_sinput("text_field", $form_data['name']); - $form_data['kuerzel'] = wpsg_sinput("text_field", $form_data['kuerzel']); - $form_data['vz'] = wpsg_sinput("key", $form_data['vz']); - $form_data['mwst'] = wpsg_sinput("key", $form_data['mwst']); - $form_data['mwst_a'] = wpsg_tf(wpsg_sinput("key", $form_data['mwst_a'], "isFloat")); - $form_data['mwst_b'] = wpsg_tf(wpsg_sinput("key", $form_data['mwst_b'], "isFloat")); - $form_data['mwst_c'] = wpsg_tf(wpsg_sinput("key", $form_data['mwst_c'], "isFloat")); - $form_data['mwst_d'] = wpsg_tf(wpsg_sinput("key", $form_data['mwst_d'], "isFloat")); - $form_data['telprefix'] = wpsg_sinput("text_field", $form_data['telprefix']); - - if (wpsg_isSizedInt($form_data['id'])) - { - - $this->db->UpdateQuery(WPSG_TBL_LAND, wpsg_q($form_data['country']), " `id` = '".wpsg_q($form_data['id'])."' "); - $this->addBackendMessage(__('Land erfolgreich gespeichert.', 'wpsg')); - - } - else - { - - $form_data['id'] = $this->db->ImportQuery(WPSG_TBL_LAND, wpsg_q($form_data['country'])); - $this->addBackendMessage(__('Land erfolgreich angelegt.', 'wpsg')); - - } - - $this->shop->addTranslationString('land_'.$form_data['id'], $form_data['country']['name']); - - //icl_register_string('wpsg', '', $form_data['country']['name']); - - if (wpsg_isSizedInt($form_data['standard'])) $this->update_option('wpsg_defaultland', $form_data['id'], false, false, "key"); + wpsg_checkRequest('name', [WPSG_SANITIZE_TEXTFIELD], __('Name', 'wpsg'), $update_data, $form_data['country']['name']); + wpsg_checkRequest('kuerzel', [WPSG_SANITIZE_TEXTFIELD], __('KÃŒrzel', 'wpsg'), $update_data, $form_data['country']['kuerzel']); + wpsg_checkRequest('vz', [WPSG_SANITIZE_INT], __('Versandzone', 'wpsg'), $update_data, $form_data['country']['vz']); + wpsg_checkRequest('mwst', [WPSG_SANITIZE_VALUES, ['0', '1', '2']], __('MwSt. Grundlage', 'wpsg'), $update_data, $form_data['country']['mwst']); + wpsg_checkRequest('mwst_a', [WPSG_SANITIZE_FLOAT], __('MwSt. Satz A (stark ermÀßigter Satz)', 'wpsg'), $update_data, $form_data['country']['mwst_a']); + wpsg_checkRequest('mwst_b', [WPSG_SANITIZE_FLOAT], __('MwSt. Satz B (ermÀßigter Satz)', 'wpsg'), $update_data, $form_data['country']['mwst_b']); + wpsg_checkRequest('mwst_c', [WPSG_SANITIZE_FLOAT], __('MwSt. Satz C (Normalsatz)', 'wpsg'), $update_data, $form_data['country']['mwst_c']); + wpsg_checkRequest('mwst_d', [WPSG_SANITIZE_FLOAT], __('MwSt. Satz D (Zwischensatz)', 'wpsg'), $update_data, $form_data['country']['mwst_d']); + + if (isset($form_data['country']['telprefix'])) wpsg_checkRequest('telprefix', [WPSG_SANITIZE_FLOAT], __('MwSt. Satz D (Zwischensatz)', 'wpsg'), $update_data, $form_data['country']['telprefix']); + + if (wpsg_isSizedArray($update_data)) { + + if (wpsg_isSizedInt($form_data['id'])) { + + $this->db->UpdateQuery(WPSG_TBL_LAND, wpsg_q($update_data), " `id` = '".wpsg_q($form_data['id'])."' "); + $this->addBackendMessage(__('Land erfolgreich gespeichert.', 'wpsg')); + + } else { + + $form_data['id'] = $this->db->ImportQuery(WPSG_TBL_LAND, wpsg_q($update_data)); + $this->addBackendMessage(__('Land erfolgreich angelegt.', 'wpsg')); + + } + + if (isset($update_data['name'])) $this->shop->addTranslationString('land_'.$form_data['id'], $update_data['name']); + + } + + if (wpsg_isSizedInt($form_data['standard'])) $this->update_option('wpsg_defaultland', $form_data['id'], false, false, WPSG_SANITIZE_CHECKBOX); die($this->laenderList()); Index: /views/admin/laender_list.phtml =================================================================== --- /views/admin/laender_list.phtml (revision 7506) +++ /views/admin/laender_list.phtml (revision 7507) @@ -3,4 +3,6 @@ /** Liste der LÀnder im Backend */ + echo $this->writeBackendMessage(); + ?>