Index: /lib/functions.inc.php
===================================================================
--- /lib/functions.inc.php (revision 7528)
+++ /lib/functions.inc.php (revision 7529)
@@ -523,4 +523,25 @@
switch ($type) {
+ case WPSG_SANITIZE_ZIP:
+
+ if (preg_match('/^\d{5}$/', $val)) $bReturn = true;
+ else $bReturn = false;
+
+ break;
+
+ case WPSG_SANITIZE_USTIDNR:
+
+ if (preg_match('/^([A-z]*)?\d+$/i', $val)) $bReturn = true;
+ else $bReturn = false;
+
+ break;
+
+ case WPSG_SANITIZE_DATE:
+
+ if (preg_match('/^\d{2}\.\d{2}\.\d{4}$/', $val)) $bReturn = true;
+ else $bReturn = false;
+
+ break;
+
case WPSG_SANITIZE_DATETIME:
@@ -680,5 +701,5 @@
wpsg_ShopController::getShop()->addBackendError(
wpsg_translate(
- __('ÃberprÃŒfen Sie die Eingaben im Feld "#1#"', 'wpsg'),
+ __('ÃberprÃŒfen Sie die Eingaben im Feld "#1#", diese war ungÃŒltig.', 'wpsg'),
$strLabel
)
Index: /mods/wpsg_mod_kundenverwaltung.class.php
===================================================================
--- /mods/wpsg_mod_kundenverwaltung.class.php (revision 7528)
+++ /mods/wpsg_mod_kundenverwaltung.class.php (revision 7529)
@@ -204,10 +204,10 @@
$this->shop->update_option('wpsg_mod_kundenveraltung_recaptcha_secretkey', $_REQUEST['wpsg_mod_kundenveraltung_recaptcha_secretkey'], false, false, WPSG_SANITIZE_TEXTFIELD);
- $this->shop->createPage(__('Profil', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_profil', wpsg_sinput(WPSG_SANITIZE_INT, $_REQUEST['wpsg_page_mod_kundenverwaltung_profil']));
- $this->shop->createPage(__('Registrierung', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_registrierung', wpsg_sinput(WPSG_SANITIZE_INT, $_REQUEST['wpsg_page_mod_kundenverwaltung_registrierung']));
- $this->shop->createPage(__('Registrierung abgeschlossen', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_weiterleitung_nach_registrierung', wpsg_sinput(WPSG_SANITIZE_INT, $_REQUEST['wpsg_page_mod_kundenverwaltung_weiterleitung_nach_registrierung']));
- $this->shop->createPage(__('Passwort gesendet', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_passwordsend', wpsg_sinput(WPSG_SANITIZE_INT, $_REQUEST['wpsg_page_mod_kundenverwaltung_passwordsend']));
- $this->shop->createPage(__('Bestellungen', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_order', wpsg_sinput(WPSG_SANITIZE_INT, $_REQUEST['wpsg_page_mod_kundenverwaltung_order']));
- $this->shop->createPage(__('Abonnements', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_abo', wpsg_sinput(WPSG_SANITIZE_INT, $_REQUEST['wpsg_page_mod_kundenverwaltung_abo']));
+ $this->shop->createPage(__('Profil', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_profil', $_REQUEST['wpsg_page_mod_kundenverwaltung_profil']);
+ $this->shop->createPage(__('Registrierung', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_registrierung', $_REQUEST['wpsg_page_mod_kundenverwaltung_registrierung']);
+ $this->shop->createPage(__('Registrierung abgeschlossen', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_weiterleitung_nach_registrierung', $_REQUEST['wpsg_page_mod_kundenverwaltung_weiterleitung_nach_registrierung']);
+ $this->shop->createPage(__('Passwort gesendet', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_passwordsend', $_REQUEST['wpsg_page_mod_kundenverwaltung_passwordsend']);
+ $this->shop->createPage(__('Bestellungen', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_order', $_REQUEST['wpsg_page_mod_kundenverwaltung_order']);
+ $this->shop->createPage(__('Abonnements', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_abo', $_REQUEST['wpsg_page_mod_kundenverwaltung_abo']);
} // public function settings_save()
@@ -1936,48 +1936,58 @@
* Wird beim speichern des Kunden im Backend aufgerufen
*/
- private function be_saveAction()
- {
-
- if(isset($_REQUEST['edit_id'])) $_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
-
- $data = array(
- 'knr' => wpsg_q(wpsg_sinput("key", $_REQUEST['knr'])),
- 'geb' => wpsg_toDate(wpsg_sinput("key", $_REQUEST['geb'])),
- 'email' => strtolower(wpsg_q(wpsg_sinput("email", $_REQUEST['email']))),
- 'ustidnr' => wpsg_q(wpsg_sinput("key", $_REQUEST['ustidnr'])),
- 'comment' => wpsg_q(wpsg_sinput("text_field", $_REQUEST['comment'])),
- 'status' => wpsg_q(wpsg_sinput("key", $_REQUEST['status']))
- );
- $adata = array(
- 'cdate' => 'NOW()',
- 'title' => wpsg_q(wpsg_sinput("key", $_REQUEST['title'])),
- 'name' => wpsg_q(wpsg_sinput("user", $_REQUEST['name'])),
- 'vname' => wpsg_q(wpsg_sinput("user", $_REQUEST['vname'])),
- 'firma' => wpsg_q(wpsg_sinput("text_field", $_REQUEST['firma'])),
- 'fax' => wpsg_q(wpsg_sinput("key", $_REQUEST['fax'])),
- 'strasse' => wpsg_q(wpsg_sinput("text_field", $_REQUEST['strasse'])),
- 'nr' => wpsg_q(wpsg_getStr(wpsg_sinput("key", $_REQUEST['nr']))),
- 'plz' => wpsg_q(wpsg_sinput("key", $_REQUEST['plz'])),
- 'ort' => wpsg_q(wpsg_sinput("text_field", $_REQUEST['ort'])),
- 'land' => wpsg_q(wpsg_sinput("key", $_REQUEST['land'])),
- 'tel' => wpsg_q(wpsg_sinput("key", $_REQUEST['tel']))
- );
-
- if ($this->shop->hasMod('wpsg_mod_customergroup'))
- {
-
- $data['group_id'] = wpsg_q(wpsg_sinput("key", $_REQUEST['group_id']));
-
+ private function be_saveAction() {
+
+ if (isset($_REQUEST['edit_id']) && !wpsg_checkInput($_REQUEST['edit_id'], WPSG_SANITIZE_INT)) throw new \Exception(__('UngÃŒltige ID beim specihern des Kunden ÃŒbergeben.', 'wpsg'));
+
+ $data = [];
+
+ wpsg_checkRequest('knr', [WPSG_SANITIZE_TEXTFIELD], __('Kundennummer', 'wpsg'), $data);
+ wpsg_checkRequest('geb', [WPSG_SANITIZE_DATE], __('Geburtsdatum', 'wpsg'), $data);
+ wpsg_checkRequest('email', [WPSG_SANITIZE_EMAIL], __('E-Mail', 'wpsg'), $data);
+ wpsg_checkRequest('ustidnr', [WPSG_SANITIZE_USTIDNR], __('UStIdNr.', 'wpsg'), $data);
+ wpsg_checkRequest('comment', [WPSG_SANITIZE_TEXTAREA], __('Kundenkommentar', 'wpsg'), $data);
+ wpsg_checkRequest('status', [WPSG_SANITIZE_TEXTAREA], __('Status', 'wpsg'), $data);
+
+ if (isset($data['geb'])) $data['geb'] = wpsg_toDate($data['geb']);
+
+ $arTitles = explode('|', $this->shop->loadPflichtFeldDaten()['anrede_auswahl']);
+
+ // Adressdaten
+ $adata = [
+ 'cdate' => 'NOW()'
+ ];
+
+ wpsg_checkRequest('title', [WPSG_SANITIZE_VALUES, array_keys($arTitles)], __('Anrede', 'wpsg'), $adata);
+ wpsg_checkRequest('name', [WPSG_SANITIZE_TEXTFIELD], __('Name', 'wpsg'), $adata);
+ wpsg_checkRequest('vname', [WPSG_SANITIZE_TEXTFIELD], __('Vorname', 'wpsg'), $adata);
+ wpsg_checkRequest('firma', [WPSG_SANITIZE_TEXTFIELD], __('Firma', 'wpsg'), $adata);
+ wpsg_checkRequest('fax', [WPSG_SANITIZE_TEXTFIELD], __('Fax', 'wpsg'), $adata);
+ wpsg_checkRequest('strasse', [WPSG_SANITIZE_TEXTFIELD], __('StraÃe', 'wpsg'), $adata);
+
+ if (isset($_REQUEST['nr'])) wpsg_checkRequest('nr', [WPSG_SANITIZE_TEXTFIELD], __('Nr', 'wpsg'), $adata);
+
+ wpsg_checkRequest('plz', [WPSG_SANITIZE_ZIP], __('PLZ', 'wpsg'), $adata);
+ wpsg_checkRequest('ort', [WPSG_SANITIZE_TEXTFIELD], __('Ort', 'wpsg'), $adata);
+ wpsg_checkRequest('land', [WPSG_SANITIZE_TEXTFIELD], __('Land', 'wpsg'), $adata);
+ wpsg_checkRequest('tel', [WPSG_SANITIZE_TEXTFIELD], __('Telefon', 'wpsg'), $adata);
+
+ if ($this->shop->hasMod('wpsg_mod_customergroup')) {
+
+ wpsg_checkRequest('group_id', [WPSG_SANITIZE_INT], __('Produktgruppe', 'wpsg'));
+
}
$data['custom'] = @serialize($_REQUEST['custom']);
- if (isset($_REQUEST['deleted'])) $data['deleted'] = $_REQUEST['deleted'];
-
- if(wpsg_isSizedString($_REQUEST['password1'])) $_REQUEST['password1'] = wpsg_sinput("text_field", $_REQUEST['password1']);
- if(wpsg_isSizedString($_REQUEST['password2'])) $_REQUEST['password2'] = wpsg_sinput("text_field", $_REQUEST['password2']);
-
- if ($_REQUEST['password1'] == $_REQUEST['password2'] && trim($_REQUEST['password1']) != '')
- {
+ if (isset($_REQUEST['deleted'])) {
+
+ wpsg_checkRequest('deleted', [WPSG_SANITIZE_INT], __('Gelöscht', 'wpsg'));
+
+ }
+
+ wpsg_checkRequest('password1', [WPSG_SANITIZE_TEXTFIELD, ['allowEmpty' => true]], __('Passwort', 'wpsg'), $_REQUEST);
+ wpsg_checkRequest('password2', [WPSG_SANITIZE_TEXTFIELD, ['allowEmpty' => true]], __('Passwort Wiederholung', 'wpsg'), $_REQUEST);
+
+ if ($_REQUEST['password1'] == $_REQUEST['password2'] && trim($_REQUEST['password1']) != '') {
$data['passwort_saltmd5'] = $this->hashString($_REQUEST['password1']);
@@ -1985,7 +1995,5 @@
$this->shop->addBackendMessage(__('Passwort wurde erfolgreich geÀndert.', 'wpsg'));
- }
- else if (trim($_REQUEST['password1']) != '' || trim($_REQUEST['password2']) != '')
- {
+ } else if (trim($_REQUEST['password1']) != '' || trim($_REQUEST['password2']) != '') {
$this->shop->addBackendError(__('Passwort wurde nicht geÀndert, da die Wiederholung nicht Ìbereinstimmte.', 'wpsg'));
@@ -1995,18 +2003,13 @@
$this->shop->callMods('wpsg_mod_customer_save', array(&$data));
- if (wpsg_getInt($_REQUEST['edit_id']) > 0)
- {
+ if (wpsg_getInt($_REQUEST['edit_id']) > 0) {
- if ($_REQUEST['info-mail'] == '1')
- {
- $data['info-mail'] = wpsg_q(wpsg_sinput("key", $_REQUEST['info-mail']));
-
- $this->activateMail($data);
-
- unset($data['info-mail']);
- }
-
- if ($_REQUEST['password1'] == $_REQUEST['password2'] && trim($_REQUEST['password1']) != '')
- {
+ if (wpsg_isSizedInt($_REQUEST['info-mail'])) {
+
+ $this->activateMail($data);
+
+ }
+
+ if ($_REQUEST['password1'] === $_REQUEST['password2'] && trim($_REQUEST['password1']) != '') {
$this->shop->callMods('customer_updatePwd', array(&$_REQUEST['edit_id'], &$_REQUEST['password1']));
@@ -2015,25 +2018,30 @@
$a = $this->db->fetchRow("
- SELECT
- `adress_id`
- FROM
- `".WPSG_TBL_KU."`
- WHERE
- `id` = '".wpsg_q($_REQUEST['edit_id'])."'
- ");
-
- if ($a['adress_id'] == 0)
+ SELECT
+ `adress_id`
+ FROM
+ `".WPSG_TBL_KU."`
+ WHERE
+ `id` = '".wpsg_q($_REQUEST['edit_id'])."'
+ ");
+
+ if ($a['adress_id'] == 0) {
+
$data['adress_id'] = $this->db->ImportQuery(WPSG_TBL_ADRESS, $adata);
- else
+
+ } else {
+
$this->db->UpdateQuery(WPSG_TBL_ADRESS, $adata, "`id` = '".wpsg_q($a['adress_id'])."'");
-
- $this->db->UpdateQuery(WPSG_TBL_KU, $data, "`id` = '".wpsg_q(wpsg_sinput("key", $_REQUEST['edit_id']))."'");
-
- }
- else
- {
+
+ }
+
+ $this->db->UpdateQuery(WPSG_TBL_KU, $data, "`id` = '".wpsg_q($_REQUEST['edit_id'])."' ");
+
+ } else {
$data['adress_id'] = $this->db->ImportQuery(WPSG_TBL_ADRESS, $adata);
+
$kunde_id = $this->db->ImportQuery(WPSG_TBL_KU, $data);
+
$_REQUEST['edit_id'] = $kunde_id;
@@ -2043,6 +2051,6 @@
$this->db->UpdateQuery(WPSG_TBL_KU, array(
- 'knr' => wpsg_q($knr),
- 'status' => get_option('wpsg_page_mod_kundenverwaltung_status')
+ 'knr' => wpsg_q($knr),
+ 'status' => get_option('wpsg_page_mod_kundenverwaltung_status')
), "`id` = '".wpsg_q($kunde_id)."'");
@@ -2050,9 +2058,11 @@
(wpsg_getStr($_REQUEST['email']) == '') || (wpsg_getStr($_REQUEST['password1']) != wpsg_getStr($_REQUEST['password2'])))
{
- $this->shop->addBackendMessage(__('WP-User wurde nicht angelegt.', 'wpsg'));
- }
- else
- {
+
+ //$this->shop->addBackendMessage(__('WP-User wurde nicht angelegt.', 'wpsg'));
+
+ } else {
+
$this->shop->callMods('customer_created', array(&$_REQUEST['edit_id'], &$_REQUEST['password1']));
+
}
@@ -2106,10 +2116,18 @@
$this->shop->view['pages'] = 1;
- if (wpsg_isSizedArray($_REQUEST['filter']))
- {
-
- $_REQUEST['filter']['s'] = wpsg_sinput("text_field", $_REQUEST['filter']['s']);
- $_REQUEST['filter']['group_id'] = wpsg_sinput("key", $_REQUEST['filter']['group_id']);
-
+ if (wpsg_isSizedArray($_REQUEST['filter'])) {
+
+ if (!wpsg_checkInput($_REQUEST['filter']['s'], WPSG_SANITIZE_TEXTFIELD)) {
+
+ unset($_REQUEST['filter']['s']);
+
+ }
+
+ if (isset($_REQUEST['group_id']) && !wpsg_checkInput($_REQUEST['filter']['group_id'], WPSG_SANITIZE_INT)) {
+
+ unset($_REQUEST['filter']['group_id']);
+
+ }
+
$this->shop->view['arFilter'] = $_REQUEST['filter'];
Index: /views/admin/form/input.phtml
===================================================================
--- /views/admin/form/input.phtml (revision 7528)
+++ /views/admin/form/input.phtml (revision 7529)
@@ -9,4 +9,5 @@
type="view['field_config']['type'], 'text'); ?>"
class="form-control input-sm"
+ view['field_config']['autocomplete']??true) === false) { ?> autocomplete="off"
name="view['field_name']; ?>"
tabindex="render($this->view['subTemplate']); ?>
+
Index: /views/mods/mod_kundenverwaltung/edit.phtml
===================================================================
--- /views/mods/mod_kundenverwaltung/edit.phtml (revision 7528)
+++ /views/mods/mod_kundenverwaltung/edit.phtml (revision 7529)
@@ -29,5 +29,7 @@
-
+
+
+
@@ -55,5 +57,5 @@
view['pflicht']['geb'] != '2') { ?>
- view['data']['geb']), true), array('datepicker' => true, 'hint' => __('Format: TT.MM.JJJJ', 'wpsg'))); ?>
+ view['data']['geb']), true), array('autocomplete' => false, 'datepicker' => true, 'hint' => __('Format: TT.MM.JJJJ', 'wpsg'))); ?>
view['pflicht']['email'] != '2') { ?>
Index: /wpshopgermany.php
===================================================================
--- /wpshopgermany.php (revision 7528)
+++ /wpshopgermany.php (revision 7529)
@@ -91,5 +91,8 @@
define('WPSG_SANITIZE_NONE', 17);
define('WPSG_SANITIZE_EMAILNAME', 18);
-
+ define('WPSG_SANITIZE_DATE', 19);
+ define('WPSG_SANITIZE_USTIDNR', 20);
+ define('WPSG_SANITIZE_ZIP', 21);
+
// Ist in Multiblog manchma nicht definiert :? Sonst ist hier das Verzeichnis drin
if (!defined('SITECOOKIEPATH')) define('SITECOOKIEPATH', '/');