Index: /lib/functions.inc.php =================================================================== --- /lib/functions.inc.php (revision 7548) +++ /lib/functions.inc.php (revision 7549) @@ -515,6 +515,7 @@ $bReturn = false; - if (!isset($val) && !wpsg_isTrue($param['allowEmpty'])) return false; - + if (wpsg_isSizedArray($param['allow']) && in_array($val, $param['allow'])) return true; + if (!isset($val) && !wpsg_isTrue($param['allowEmpty'])) return false; + if (!is_numeric($type)) $type = -1; @@ -613,5 +614,5 @@ break; - case WPSG_SANITIZE_PAGEID: + case WPSG_SANITIZE_PAGEID: case WPSG_SANITIZE_INT: @@ -705,4 +706,6 @@ ) ); + + $_SESSION['sanitization_err_fields'][$name] = 0; return false; Index: /mods/wpsg_mod_productgroups.class.php =================================================================== --- /mods/wpsg_mod_productgroups.class.php (revision 7548) +++ /mods/wpsg_mod_productgroups.class.php (revision 7549) @@ -98,8 +98,8 @@ { - $this->shop->update_option('wpsg_productgroups_page', $_REQUEST['wpsg_productgroups_page'], false, false, "key"); - $this->shop->update_option('wpsg_productgroups_order', $_REQUEST['wpsg_productgroups_order'], false, false, "wpsg_in_array", [['id', 'alphabetisch', 'buyed', 'erstellungsdatum', 'preis']]); - $this->shop->update_option('wpsg_mod_productgroups_order_filter', $_REQUEST['wpsg_mod_productgroups_order_filter'], false, false, "key"); - $this->shop->update_option('wpsg_mod_productgroups_productindex', $_REQUEST['wpsg_mod_productgroups_productindex'], false, false, "key"); + $this->shop->update_option('wpsg_productgroups_page', $_REQUEST['wpsg_productgroups_page'], false, false, WPSG_SANITIZE_PAGEID); + $this->shop->update_option('wpsg_productgroups_order', $_REQUEST['wpsg_productgroups_order'], false, false, WPSG_SANITIZE_VALUES, ['id', 'alphabetisch', 'buyed', 'erstellungsdatum', 'preis']); + $this->shop->update_option('wpsg_mod_productgroups_order_filter', $_REQUEST['wpsg_mod_productgroups_order_filter'], false, false, WPSG_SANITIZE_CHECKBOX); + $this->shop->update_option('wpsg_mod_productgroups_productindex', $_REQUEST['wpsg_mod_productgroups_productindex'], false, false, WPSG_SANITIZE_CHECKBOX); } // public function settings_save() @@ -690,7 +690,8 @@ } // public function indexAction() - public function delAction() - { - + public function delAction() { + + \check_admin_referer('wpsg-productgroup-del-'.intval($_REQUEST['edit_id'])); + $this->db->Query("DELETE FROM `".WPSG_TBL_PRODUCTS_GROUP."` WHERE `id` = '".wpsg_q($_REQUEST['edit_id'])."'"); $this->shop->addBackendMessage(__('Produktgruppe wurde erfolgreich gelöscht.', 'wpsg')); @@ -700,30 +701,58 @@ } // public function delAction() - public function saveAction() - { - - $data = array( - 'name' => wpsg_q(wpsg_sinput(WPSG_SANITIZE_TEXTFIELD, $_REQUEST['wpsg_mod_productgroups_name'])), - 'template_file' => wpsg_q(wpsg_sinput(WPSG_SANITIZE_INT, $_REQUEST['wpsg_mod_productgroups_template'])), - 'infopage' => wpsg_q(wpsg_sinput(WPSG_SANITIZE_INT, $_REQUEST['wpsg_mod_productgroups_infopage'])), - 'stock_aktiv' => wpsg_q(wpsg_sinput(WPSG_SANITIZE_CHECKBOX, $_REQUEST['wpsg_mod_productgroups']['stock_aktiv'])), - 'stock_value' => wpsg_q(wpsg_sinput(WPSG_SANITIZE_CHECKBOX, $_REQUEST['wpsg_mod_productgroups']['stock_value'])), - 'lang' => wpsg_q(serialize(wpsg_getArray(wpsg_xss($_REQUEST['lang'])))) - ); - - if (wpsg_getStr($_REQUEST['edit_id']) > 0) - { - - $this->db->UpdateQuery(WPSG_TBL_PRODUCTS_GROUP, $data, "`id` = '".wpsg_q($_REQUEST['edit_id'])."'"); - $this->shop->addBackendMessage(__('Produktgruppe erfolgreich gespeichert.', 'wpsg')); - - } - else - { - - $data['cdate'] = "NOW()"; - $_REQUEST['edit_id'] = $this->db->ImportQuery(WPSG_TBL_PRODUCTS_GROUP, $data); - $this->shop->addBackendMessage(__('Produktgruppe erfolgreich angelegt.', 'wpsg')); - + public function saveAction() { + + \check_admin_referer('wpsg-productgroup-save-'.wpsg_getInt($_REQUEST['edit_id'])); + + $arTemplateFiles = [0] + $this->shop->loadProduktTemplates(true); + + $data = []; + + wpsg_checkRequest('name', [WPSG_SANITIZE_TEXTFIELD], __('Produktgruppenname'), $data); + wpsg_checkRequest('template_file', [WPSG_SANITIZE_VALUES, $arTemplateFiles], __('Template'), $data); + wpsg_checkRequest('infopage', [WPSG_SANITIZE_PAGEID], __('1nfo Seite'), $data); + + if ($this->shop->hasMod('wpsg_mod_stock')) { + + wpsg_checkRequest('stock_aktiv', [WPSG_SANITIZE_INT], __('Bestand'), $data); + wpsg_checkRequest('stock_value', [WPSG_SANITIZE_CHECKBOX], __('Lagerbestand zÀhlen'), $data); + + } + + $arLang = []; + + if (wpsg_isSizedArray($_REQUEST['lang'])) { + + foreach ($_REQUEST['lang'] as $k => $l) { + + if (wpsg_checkInput($l, WPSG_SANITIZE_TEXTFIELD) && wpsg_checkInput($k, WPSG_SANITIZE_INT)) { + + $arLang[$k] = wpsg_xss($l); + + } + + } + + $data['lang'] = wpsg_q(serialize($arLang)); + + } + + if (wpsg_isSizedArray($data)) { + + if (wpsg_getStr($_REQUEST['edit_id']) > 0) { + + $this->db->UpdateQuery(WPSG_TBL_PRODUCTS_GROUP, $data, "`id` = '".wpsg_q($_REQUEST['edit_id'])."'"); + $this->shop->addBackendMessage(__('Produktgruppe erfolgreich gespeichert.', 'wpsg')); + + } else { + + $data['cdate'] = "NOW()"; + + $_REQUEST['edit_id'] = $this->db->ImportQuery(WPSG_TBL_PRODUCTS_GROUP, $data); + + $this->shop->addBackendMessage(__('Produktgruppe erfolgreich angelegt.', 'wpsg')); + + } + } @@ -735,6 +764,5 @@ } // public function saveAction() - public function editAction() - { + public function editAction() { $this->shop->view['data'] = $this->db->fetchRow("SELECT * FROM `".WPSG_TBL_PRODUCTS_GROUP."` WHERE `id` = '".wpsg_q($_REQUEST['edit_id'])."'"); Index: /views/mods/mod_kundenverwaltung/index.phtml =================================================================== --- /views/mods/mod_kundenverwaltung/index.phtml (revision 7548) +++ /views/mods/mod_kundenverwaltung/index.phtml (revision 7549) @@ -116,5 +116,7 @@
- + +
+ render(WPSG_PATH_VIEW.'/admin/pager.phtml'); ?> Index: /views/mods/mod_productgroups/add.phtml =================================================================== --- /views/mods/mod_productgroups/add.phtml (revision 7548) +++ /views/mods/mod_productgroups/add.phtml (revision 7549) @@ -27,7 +27,11 @@ -
+
+
+ + +
@@ -37,5 +41,5 @@ - view['data']['name']); ?> + view['data']['name']); ?> view['languages'])) { ?> @@ -51,6 +55,6 @@ - view['templates'], $this->view['data']['template_file']); ?> - view['pages'], $this->view['data']['infopage']); ?> + view['templates'], $this->view['data']['template_file']); ?> + view['pages'], $this->view['data']['infopage']); ?> Index: /views/mods/mod_productgroups/index.phtml =================================================================== --- /views/mods/mod_productgroups/index.phtml (revision 7548) +++ /views/mods/mod_productgroups/index.phtml (revision 7549) @@ -46,5 +46,8 @@ - + +
+
+ view['pages'] > 1) { ?>