Index: /controller/wpsg_AdminController.class.php =================================================================== --- /controller/wpsg_AdminController.class.php (revision 7569) +++ /controller/wpsg_AdminController.class.php (revision 7570) @@ -1146,5 +1146,5 @@ foreach ($_REQUEST['arDelete'] as $country_id => $c) { - if (!wpsg_checkInput($country_id, WPSG_SANITIZE_INT)) throw new wpsg\wpsg_exception(); + if (!wpsg_checkInput($country_id, WPSG_SANITIZE_INT)) throw \wpsg\Exception::getSanitizeException(); $oCountry = wpsg_country::getInstance(wpsg_sinput("key", $country_id)); @@ -2446,5 +2446,5 @@ if ($this->shop->isMultiBlog() && $this->shop->get_option('wpsg_multiblog_standalone', true) != '1') $global = true; - if (!wpsg_checkInput($_REQUEST['aktiv'], WPSG_SANITIZE_CHECKBOX, ['allowEmpty' => true])) throw new wpsg\wpsg_exception(); + if (!wpsg_checkInput($_REQUEST['aktiv'], WPSG_SANITIZE_CHECKBOX, ['allowEmpty' => true])) throw \wpsg\Exception::getSanitizeException(); if ($this->get_option($_REQUEST['modul'], $global) > 0 && $_REQUEST['aktiv'] == '1' && array_key_exists($_REQUEST['modul'], $this->shop->arModule)) Index: /controller/wpsg_BasketController.class.php =================================================================== --- /controller/wpsg_BasketController.class.php (revision 7569) +++ /controller/wpsg_BasketController.class.php (revision 7570) @@ -469,4 +469,6 @@ // Ein Produktformular wurde abgeschickt + // http://wp.home/wpsg4/warenkorb/?wpsg[produkt_id]=6&wpsg[submit]=1&wpsg[menge]=1 + // https://shop.maennchen1.de/warenkorb/?wpsg[produkt_id]=63&wpsg[submit]=1&wpsg[menge]=1&wpsg_vp[5]=10 parent::dispatch(); Index: /controller/wpsg_ProduktController.class.php =================================================================== --- /controller/wpsg_ProduktController.class.php (revision 7569) +++ /controller/wpsg_ProduktController.class.php (revision 7570) @@ -4,59 +4,58 @@ * Controller fÃŒr die Produktverwaltung */ - class wpsg_ProduktController extends wpsg_SystemController - { + class wpsg_ProduktController extends wpsg_SystemController { /** * Übernimmt die Verteilung der Anfragen */ - public function dispatch() - { + public function dispatch() { parent::dispatch(); - if (wpsg_isSizedString($_REQUEST['action'], 'add')) - { + if (!wpsg_checkInput($_REQUEST['action'], WPSG_SANITIZE_TEXTFIELD, ['allowEmpty' => true])) throw \wpsg\Exception::getSanitizeException(); + else $action = wpsg_getStr($_REQUEST['action']); + + if (wpsg_isSizedString($action, 'add')) { + $this->addAction(); - } - else if (wpsg_isSizedString($_REQUEST['action'], 'edit')) - { + + } else if (wpsg_isSizedString($action, 'edit')) { + $this->editAction(); - } - else if (wpsg_isSizedString($_REQUEST['action'], 'export')) - { + + } else if (wpsg_isSizedString($action, 'export')) { + $this->exportAction(); - } - else if (wpsg_isSizedString($_REQUEST['action'], 'exportMedia')) - { + + } else if (wpsg_isSizedString($action, 'exportMedia')) { $this->exportMediaAction(); - } - else if (wpsg_isSizedString($_REQUEST['action'], 'import')) - { + } else if (wpsg_isSizedString($action, 'import')) { + $this->importAction(); - } - else if (wpsg_isSizedString($_REQUEST['action'], 'copy')) - { + + } else if (wpsg_isSizedString($action, 'copy')) { + $this->copyAction(); - } - else if (wpsg_isSizedString($_REQUEST['action'], 'del')) - { + + } else if (wpsg_isSizedString($action, 'del')) { + $this->delAction(); - } - else if (wpsg_isSizedString($_REQUEST['action'], 'save')) - { + + } else if (wpsg_isSizedString($action, 'save')) { + $this->saveAction(); - } - else if (wpsg_isSizedString($_REQUEST['action'], 'select')) - { + + } else if (wpsg_isSizedString($action, 'select')) { + $this->selectAction(); - } - else if (wpsg_isSizedString($_REQUEST['action'], 'ajax')) - { + + } else if (wpsg_isSizedString($action, 'ajax')) { + $this->ajaxAction(); - } - else - { + + } else { + $this->indexAction(); } @@ -67,43 +66,56 @@ * Nimmt Ajax Anfragen innerhalb der Produktverwaltung entgege */ - public function ajaxAction() - { - - if (isset($_REQUEST['mod'])) - { - - $this->shop->callMod($_REQUEST['mod'], 'produkt_ajax'); - - } - else if ($_REQUEST['cmd'] == 'upload') - { + public function ajaxAction() { + + if (!wpsg_checkInput($_REQUEST['mod'], WPSG_SANITIZE_TEXTFIELD, ['allowEmpty' => true])) throw \wpsg\Exception::getSanitizeException(); + else $mod = wpsg_getStr($_REQUEST['mod']); + + if (!wpsg_checkInput($_REQUEST['cmd'], WPSG_SANITIZE_TEXTFIELD, ['allowEmpty' => true])) throw \wpsg\Exception::getSanitizeException(); + else $cmd = wpsg_getStr($_REQUEST['cmd']); + + if (wpsg_isSizedString($mod)) { + + // Check valid text input + if (!wpsg_checkInput($mod, WPSG_SANITIZE_TEXTFIELD)) throw \wpsg\Exception::getSanitizeException(); + + $this->shop->callMod($mod, 'produkt_ajax'); + + } else if ($cmd === 'upload') { + // Check Arrry of int + if (!wpsg_checkInput($_REQUEST['post_id'], WPSG_SANITIZE_ARRAY_INT)) throw \wpsg\Exception::getSanitizeException(); + + // Check Datatype + if (!wpsg_checkInput($_REQUEST['edit_id'], WPSG_SANITIZE_INT)) throw \wpsg\Exception::getSanitizeException(); + else $edit_id = intval($_REQUEST['edit_id']); + foreach ($_REQUEST['post_id'] as $post_id) { - add_post_meta($post_id, 'wpsg_produkt_id', $_REQUEST['edit_id']); + $post_id = intval($post_id); + + add_post_meta($post_id, 'wpsg_produkt_id', $edit_id); } - - $this->shop->view['data']['id'] = $_REQUEST['edit_id']; + + $this->shop->view['data']['id'] = $edit_id; - die($this->imagehandler->getProductListBackend($_REQUEST['edit_id'])); - - } - else if ($_REQUEST['cmd'] == 'setImageOrder') - { - - $reo = $_REQUEST['wpsg_reorder']; - $pid = $_REQUEST['edit_id']; - - $file = ''; - $line = ''; - + die($this->imagehandler->getProductListBackend($edit_id)); + + } else if ($cmd === 'setImageOrder') { + + // Check int type + if (!wpsg_checkInput($_REQUEST['edit_id'], WPSG_SANITIZE_INT)) throw \wpsg\Exception::getSanitizeException(); + else $pid = intval($_REQUEST['edit_id']); + + // Check array type + if (!wpsg_isSizedArray($_REQUEST['wpsg_reorder'])) throw \wpsg\Exception::getSanitizeException(); + $sreo = ''; - foreach ($reo as $v) - { + foreach ($_REQUEST['wpsg_reorder'] as $v) { $st = explode('_', $v); - $sreo .= $st[1].','; + + $sreo .= intval($st[1]).','; } @@ -115,33 +127,40 @@ die('1'); - } - else if ($_REQUEST['cmd'] == 'removeImage') - { - + } else if ($cmd == 'removeImage') { + + // Check Datatype int + if (!wpsg_checkInput($_REQUEST['edit_id'], WPSG_SANITIZE_INT)) throw \wpsg\Exception::getSanitizeException(); + else $edit_id = intval($_REQUEST['edit_id']); + + // Check Datatype int + if (!wpsg_checkInput($_REQUEST['pid'], WPSG_SANITIZE_INT)) throw \wpsg\Exception::getSanitizeException(); + else $pid = intval($_REQUEST['pid']); + // Auch in der Mediathek löschen - if ($_REQUEST['delmt'] === 'true') - { - - wp_delete_post($_REQUEST['pid'], true); + if (wpsg_isSizedString($_REQUEST['delmt'], 'true')) { + + // Sanitize + if (!wpsg_checkInput($pid, WPSG_SANITIZE_INT)) throw \wpsg\Exception::getSanitizeException(); + else $pid = intval($pid); + + wp_delete_post($pid, true); } // Zuordnung löschen - delete_post_meta($_REQUEST['pid'], 'wpsg_produkt_id', $_REQUEST['edit_id']); - - $this->shop->view['data']['id'] = wpsg_sinput("key", $_REQUEST['edit_id']); - - if ($this->shop->hasMod('wpsg_mod_produktartikel')) $this->shop->callMod('wpsg_mod_produktartikel', 'updatePostThumbnail', array($_REQUEST['edit_id'])); - - die($this->imagehandler->getProductListBackend($_REQUEST['edit_id'])); - - } - else if ($_REQUEST['cmd'] == 'ratingDel') - { - - wp_delete_comment($_REQUEST['c_id'], true); - - //'content' => $this->shop->render(WPSG_PATH_VIEW.'/produkt/addedit_rating.phtml', false) - //$ret = $this->shop->render(WPSG_PATH_VIEW.'/produkt/addedit_rating.phtml'); + delete_post_meta($pid, 'wpsg_produkt_id', $edit_id); + + $this->shop->view['data']['id'] = $edit_id; + + if ($this->shop->hasMod('wpsg_mod_produktartikel')) $this->shop->callMod('wpsg_mod_produktartikel', 'updatePostThumbnail', array($edit_id)); + + die($this->imagehandler->getProductListBackend($edit_id)); + + } else if ($cmd === 'ratingDel') { + + if (!wpsg_checkInput($_REQUEST['c_id'], WPSG_SANITIZE_INT)) throw \wpsg\Exception::getSanitizeException(); + else $c_id = intval($_REQUEST['c_id']); + + wp_delete_comment($c_id, true); } @@ -156,5 +175,5 @@ if (isset($_REQUEST['submit-button'])) check_admin_referer('wpsg-product-search'); - $nPerPage = $this->shop->get_option('wpsg_produkte_perpage'); + $nPerPage = intval($this->shop->get_option('wpsg_produkte_perpage')); if ($nPerPage <= 0) $nPerPage = 10; @@ -177,14 +196,11 @@ if (wpsg_isSizedArray($_REQUEST['filter'])) { - $_REQUEST['filter']['s'] = wpsg_xss($_REQUEST['filter']['s']); + if (!wpsg_checkInput($_REQUEST['filter']['s'], WPSG_SANITIZE_TEXTFIELD)) throw \wpsg\Exception::getSanitizeException(); + else $_REQUEST['filter']['s'] = wpsg_xss($_REQUEST['filter']['s']); $this->shop->view['arFilter'] = $_REQUEST['filter']; $this->shop->view['hasFilter'] = true; - } else if (wpsg_isSizedArray($_SESSION['wpsg']['backend']['products']['arFilter'])) { - - //$this->shop->view['arFilter'] = $_SESSION['wpsg']['backend']['customer']['arFilter']; - - } + } $this->shop->view['arFilter']['showDisabled'] = true; @@ -192,5 +208,5 @@ $this->shop->view['countAll'] = wpsg_product::count($this->shop->view['arFilter']); - if (wpsg_isSizedInt($_REQUEST['seite'])) $this->shop->view['arFilter']['page'] = $_REQUEST['seite']; + if (wpsg_isSizedInt($_REQUEST['seite'])) $this->shop->view['arFilter']['page'] = intval($_REQUEST['seite']); $this->shop->view['pages'] = ceil($this->shop->view['countAll'] / $nPerPage); @@ -574,12 +590,17 @@ public function editAction() { - check_admin_referer('wpsg-product-edit-'.intval($_REQUEST['edit_id'])); + if (!wpsg_checkInput($_REQUEST['edit_id'], WPSG_SANITIZE_INT)) throw \wpsg\Exception::getSanitizeException(); + else $edit_id = intval($_REQUEST['edit_id']); + + if (!wpsg_checkInput($_REQUEST['wpsg_lang'], WPSG_SANITIZE_ARRAY_LANG, ['allowEmpty' => true])) throw \wpsg\Exception::getSanitizeException(); + else $wpsg_lang = $_REQUEST['wpsg_lang']; + + check_admin_referer('wpsg-product-edit-'.$edit_id); // VerfÃŒgbare Produkttemplates $this->shop->view['templates'] = $this->shop->loadProduktTemplates(); - if (isset($_REQUEST['wpsg_lang'])) - { - + if (isset($wpsg_lang)) { + $product_translated_id = $this->db->fetchOne(" SELECT @@ -588,6 +609,6 @@ `".WPSG_TBL_PRODUCTS."` AS P WHERE - P.`lang_parent` = '".wpsg_q($_REQUEST['edit_id'])."' AND - P.`lang_code` = '".wpsg_q($_REQUEST['wpsg_lang'])."' + P.`lang_parent` = '".wpsg_q($edit_id)."' AND + P.`lang_code` = '".wpsg_q($wpsg_lang)."' "); @@ -598,16 +619,16 @@ // Übersetzung anlegen - $product_data_original = $this->db->fetchRow("SELECT * FROM `".WPSG_TBL_PRODUCTS."` WHERE `id` = '".wpsg_q($_REQUEST['edit_id'])."'"); + $product_data_original = $this->db->fetchRow("SELECT * FROM `".WPSG_TBL_PRODUCTS."` WHERE `id` = '".wpsg_q($edit_id)."'"); unset($product_data_original['id']); - $product_data_original['lang_parent'] = wpsg_q($_REQUEST['edit_id']); - $product_data_original['lang_code'] = wpsg_q($_REQUEST['wpsg_lang']); - $product_data_original['name'] .= ' ['.$arLang[$this->shop->getLocaleToLanguageCode($_REQUEST['wpsg_lang'])]['name'].']'; - $product_data_original['beschreibung'] .= ' ['.$arLang[$this->shop->getLocaleToLanguageCode($_REQUEST['wpsg_lang'])]['name'].']'; - if (trim($product_data_original['detailname']) != '') $product_data_original['detailname'] .= ' ['.$arLang[$this->shop->getLocaleToLanguageCode($_REQUEST['wpsg_lang'])]['name'].']'; + $product_data_original['lang_parent'] = wpsg_q($edit_id); + $product_data_original['lang_code'] = wpsg_q($wpsg_lang); + $product_data_original['name'] .= ' ['.$arLang[$this->shop->getLocaleToLanguageCode($wpsg_lang)]['name'].']'; + $product_data_original['beschreibung'] .= ' ['.$arLang[$this->shop->getLocaleToLanguageCode($wpsg_lang)]['name'].']'; + if (trim($product_data_original['detailname']) != '') $product_data_original['detailname'] .= ' ['.$arLang[$this->shop->getLocaleToLanguageCode($wpsg_lang)]['name'].']'; $product_translated_id = $this->db->ImportQuery(WPSG_TBL_PRODUCTS, $product_data_original); - $this->shop->callMods('produkt_createTranslation', array(&$_REQUEST['edit_id'], &$product_translated_id)); + $this->shop->callMods('produkt_createTranslation', array(&$edit_id, &$product_translated_id)); } @@ -619,6 +640,6 @@ `".WPSG_TBL_PRODUCTS."` AS P WHERE - P.`lang_parent` = '".wpsg_q($_REQUEST['edit_id'])."' AND - P.`lang_code` = '".wpsg_q($_REQUEST['wpsg_lang'])."' + P.`lang_parent` = '".wpsg_q($edit_id)."' AND + P.`lang_code` = '".wpsg_q($wpsg_lang)."' "); @@ -633,5 +654,5 @@ `".WPSG_TBL_PRODUCTS."` AS P WHERE - P.`id` = '".wpsg_q($_REQUEST['edit_id'])."' + P.`id` = '".wpsg_q($edit_id)."' "); @@ -645,5 +666,5 @@ // Produktobject - $this->shop->view['oProduct'] = wpsg_product::getInstance($_REQUEST['edit_id']); + $this->shop->view['oProduct'] = wpsg_product::getInstance($edit_id); // Erlaubte Zahlungsarten @@ -685,15 +706,15 @@ $arArtikel = get_posts('numberposts=-1'); if (wpsg_isSizedArray($arArtikel)) { - $this->shop->view['partikel_select']['article'] = array(__('Artikel', 'wpsg'), array()); - foreach ($arArtikel as $a) $this->shop->view['partikel_select']['article'][1][$a->ID] = $a->post_title; - - } + $this->shop->view['partikel_select']['article'] = array(__('Artikel', 'wpsg'), array()); + foreach ($arArtikel as $a) $this->shop->view['partikel_select']['article'][1][$a->ID] = $a->post_title; + + } $arPages = get_pages(); if (wpsg_isSizedArray($arPages)) { - $this->shop->view['partikel_select']['pages'] = array(__('Seiten', 'wpsg'), array()); - foreach ($arPages as $p) $this->shop->view['partikel_select']['pages'][1][$p->ID] = $p->post_title; - - } + $this->shop->view['partikel_select']['pages'] = array(__('Seiten', 'wpsg'), array()); + foreach ($arPages as $p) $this->shop->view['partikel_select']['pages'][1][$p->ID] = $p->post_title; + + } $this->shop->view['arSubAction'] = array( @@ -721,5 +742,5 @@ WHERE C.`comment_type` = 'wpsg_product_comment' AND - P.`wpsg_produkt_id` = '".wpsg_q($_REQUEST['edit_id'])."' + P.`wpsg_produkt_id` = '".wpsg_q($edit_id)."' ORDER BY @@ -734,5 +755,5 @@ } - if (!isset($_REQUEST['wpsg_lang'])) + if (!isset($wpsg_lang)) { @@ -750,5 +771,5 @@ /* Produktbilder */ - if (!isset($_REQUEST['wpsg_lang'])) + if (!isset($wpsg_lang)) { @@ -791,7 +812,8 @@ check_admin_referer('wpsg-product-copy-'.intval($_REQUEST['edit_id'])); - if (!wpsg_checkInput($_REQUEST['edit_id'], WPSG_SANITIZE_INT)) throw new \Exception(__('Requestfehler', 'wpsg')); - - $produkt_db = $this->db->fetchRow("SELECT * FROM `".WPSG_TBL_PRODUCTS."` WHERE `id` = '".wpsg_q($_REQUEST['edit_id'])."' "); + if (!wpsg_checkInput($_REQUEST['edit_id'], WPSG_SANITIZE_INT)) throw \wpsg\Exception::getSanitizeException(); + else $edit_id = intval($_REQUEST['edit_id']); + + $produkt_db = $this->db->fetchRow("SELECT * FROM `".WPSG_TBL_PRODUCTS."` WHERE `id` = '".wpsg_q($edit_id)."' "); // Neues Produkt anlegen @@ -806,5 +828,5 @@ // Übersetzungen kopieren wenn vorhanden - $produkt_translations = $this->db->fetchAssoc("SELECT * FROM `".WPSG_TBL_PRODUCTS."` WHERE `lang_parent` = '".wpsg_q($_REQUEST['edit_id'])."'"); + $produkt_translations = $this->db->fetchAssoc("SELECT * FROM `".WPSG_TBL_PRODUCTS."` WHERE `lang_parent` = '".wpsg_q($edit_id)."'"); foreach ((array)$produkt_translations as $p) @@ -823,5 +845,5 @@ $ih = new wpsg_imagehandler(); - $arAttachments = $ih->getAttachmentIDs($_REQUEST['edit_id']); + $arAttachments = $ih->getAttachmentIDs($edit_id); $GLOBALS['wpsg_product_copy_imagemapping'] = []; @@ -835,5 +857,5 @@ } - $this->shop->callMods('produkt_copy', array(&$_REQUEST['edit_id'], &$new_id)); + $this->shop->callMods('produkt_copy', array(&$edit_id, &$new_id)); $this->addBackendMessage(__('Produkt wurde erfolgreich kopiert.', 'wpsg')); @@ -848,13 +870,18 @@ public function saveAction() { - check_admin_referer('wpsg-product-save-'.wpsg_getInt($_REQUEST['edit_id'])); - - if ($this->shop->get_option('wpsg_options_nl2br') == '1') { $_REQUEST['beschreibung'] = nl2br($_REQUEST['beschreibung']); } + if (!wpsg_checkInput($_REQUEST['edit_id'], WPSG_SANITIZE_INT, ['allowEmpty' => true])) throw \wpsg\Exception::getSanitizeException(); + else $edit_id = intval($_REQUEST['edit_id']); + + check_admin_referer('wpsg-product-save-'.$edit_id); + + if ($this->shop->get_option('wpsg_options_nl2br') == '1' && wpsg_checkInput($_REQUEST['beschreibung'], WPSG_SANITIZE_TEXTFIELD)) { $_REQUEST['beschreibung'] = nl2br($_REQUEST['beschreibung']); } if (isset($_REQUEST['wpsg_lang'])){ // Übersetzung speichern - - $trans_id = $this->db->fetchOne("SELECT `id` FROM `".WPSG_TBL_PRODUCTS."` WHERE `lang_parent` = '".wpsg_q($_REQUEST['edit_id'])."' AND `lang_code` = '".wpsg_q($_REQUEST['wpsg_lang'])."'"); + if (!wpsg_checkInput($_REQUEST['wpsg_lang'], WPSG_SANITIZE_ARRAY_LANG)) throw \wpsg\Exception::getSanitizeException(); + else $wpsg_lang = $_REQUEST['wpsg_lang']; + + $trans_id = $this->db->fetchOne("SELECT `id` FROM `".WPSG_TBL_PRODUCTS."` WHERE `lang_parent` = '".wpsg_q($edit_id)."' AND `lang_code` = '".wpsg_q($wpsg_lang)."'"); if ($trans_id <= 0) throw new \wpsg\Exception(__('ERROR: Übersetzung existiert noch nicht, das dÃŒrfte nicht passieren!', 'wpsg')); @@ -873,8 +900,8 @@ $this->addBackendMessage(__('Übersetzung erfolgreich gespeichert', 'wpsg')); - $this->shop->callMods('produkt_save_translation', array(&$_REQUEST['edit_id'], &$trans_id)); + $this->shop->callMods('produkt_save_translation', array(&$edit_id, &$trans_id)); if (isset($_REQUEST['submit_index'])) $this->redirect(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&action=index'); - else $this->redirect(wp_nonce_url(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&action=edit&edit_id='.$_REQUEST['edit_id'].'&wpsg_lang='.$_REQUEST['wpsg_lang'], 'wpsg-product-edit-'.wpsg_getInt($_REQUEST['edit_id']))); + else $this->redirect(wp_nonce_url(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&action=edit&edit_id='.$edit_id.'&wpsg_lang='.$wpsg_lang, 'wpsg-product-edit-'.wpsg_getInt($edit_id))); } else { @@ -903,5 +930,5 @@ wpsg_checkRequest('rating', [WPSG_SANITIZE_VALUES, ['0', '1', '2', '3', '4', '5']], __('Produkt unterliegt den EU-Leistungsortregeln', 'wpsg'), $data); - if (wpsg_isSizedInt($_REQUEST['edit_id'])) { + if (wpsg_isSizedInt($edit_id)) { wpsg_checkRequest('mwst_key', [WPSG_SANITIZE_TAXKEY], __('Steuergruppe', 'wpsg'), $data); @@ -936,8 +963,8 @@ $this->shop->callMods('produkt_save_before', array(&$data)); - if (wpsg_getInt($_REQUEST['edit_id']) > 0) - { - - $this->db->UpdateQuery(WPSG_TBL_PRODUCTS, $data, "`id` = '".wpsg_q($_REQUEST['edit_id'])."'"); + if (wpsg_getInt($edit_id) > 0) + { + + $this->db->UpdateQuery(WPSG_TBL_PRODUCTS, $data, "`id` = '".wpsg_q($edit_id)."'"); $this->addBackendMessage(__('Produkt erfolgreich gespeichert.', 'wpsg')); @@ -947,5 +974,5 @@ $data['cdate'] = 'NOW()'; - $_REQUEST['edit_id'] = $this->db->ImportQuery(WPSG_TBL_PRODUCTS, $data); + $edit_id = $this->db->ImportQuery(WPSG_TBL_PRODUCTS, $data); $this->addBackendMessage(__('Produkt erfolgreich angelegt.', 'wpsg')); @@ -956,17 +983,17 @@ { - $data = array('anr' => wpsg_q($_REQUEST['edit_id'])); - - $this->db->UpdateQuery(WPSG_TBL_PRODUCTS, $data, "`id` = '".wpsg_q($_REQUEST['edit_id'])."'"); + $data = array('anr' => wpsg_q($edit_id)); + + $this->db->UpdateQuery(WPSG_TBL_PRODUCTS, $data, "`id` = '".wpsg_q($edit_id)."'"); // Produkt Object Cache löschen - $this->shop->cache->clearProductCache($_REQUEST['edit_id']); - - } - - $this->shop->callMods('produkt_save', array(&$_REQUEST['edit_id'])); + $this->shop->cache->clearProductCache($edit_id); + + } + + $this->shop->callMods('produkt_save', array(&$edit_id)); if (isset($_REQUEST['submit_index'])) $this->redirect(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&action=index'); - else $this->redirect(wp_nonce_url(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&action=edit&edit_id='.$_REQUEST['edit_id'], 'wpsg-product-edit-'.wpsg_getInt($_REQUEST['edit_id']))); + else $this->redirect(wp_nonce_url(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&action=edit&edit_id='.$edit_id, 'wpsg-product-edit-'.wpsg_getInt($edit_id))); } @@ -981,5 +1008,5 @@ public function addAction() { - check_admin_referer('wpsg-product-admin'); + check_admin_referer('wpsg-product-add'); // VerfÃŒgbare Produkttemplates @@ -1030,11 +1057,14 @@ public function delAction() { - check_admin_referer('wpsg-product-del-'.intval($_REQUEST['edit_id'])); - - $oProduct = wpsg_product::getInstance($_REQUEST['edit_id']); + if (!wpsg_checkInput($_REQUEST['edit_id'], WPSG_SANITIZE_INT)) throw \wpsg\Exception::getSanitizeException(); + else $edit_id = $_REQUEST['edit_id']; + + check_admin_referer('wpsg-product-del-'.$edit_id); + + $oProduct = wpsg_product::getInstance($edit_id); $oProduct->delete(); // Alle Bilder eines Produktes in der Mediathek löschen - $pid = $_REQUEST['edit_id']; + $pid = $edit_id; $data = $GLOBALS['wpsg_sc']->db->fetchAssoc("SELECT * FROM `".$GLOBALS['wpdb']->prefix."postmeta` WHERE `meta_key`='".wpsg_q('wpsg_produkt_id')."' AND `meta_value`='".wpsg_q($pid)."' ORDER BY `post_id`"); @@ -1076,19 +1106,18 @@ * Dialog fÃŒr die Produktauswahl */ - public function selectAction() - { - - if (wpsg_isSizedString($_REQUEST['wpsg_mode'], 'filterDialog')) - { + public function selectAction() { + + if (!wpsg_checkInput($_REQUEST['edit_id'], WPSG_SANITIZE_INT, ['allowEmpty' => true])) throw \wpsg\Exception::getSanitizeException(); + else $edit_id = intval($_REQUEST['edit_id']); + + if (wpsg_isSizedString($_REQUEST['wpsg_mode'], 'filterDialog')) { die($this->shop->render(WPSG_PATH_VIEW.'/produkt/select_filter.phtml')); - } - else if (wpsg_isSizedString($_REQUEST['wpsg_mode'], 'filter')) - { + } else if (wpsg_isSizedString($_REQUEST['wpsg_mode'], 'filter')) { $strQueryWHERE = ''; - if (wpsg_isSizedString($_REQUEST['filter_name'])) $strQueryWHERE .= " AND P.`name` LIKE '%".wpsg_q($_REQUEST['filter_name'])."%' "; + if (wpsg_checkInput($_REQUEST['filter_name'], WPSG_SANITIZE_TEXTFIELD)) $strQueryWHERE .= " AND P.`name` LIKE '%".wpsg_q($_REQUEST['filter_name'])."%' "; $arProductIDs = $this->db->fetchAssocField(" @@ -1106,6 +1135,5 @@ // Aufwerten - foreach ($arProductIDs as $p_id) - { + foreach ($arProductIDs as $p_id) { $product_data = $this->shop->loadProduktArray($p_id); @@ -1132,7 +1160,5 @@ die($this->shop->render(WPSG_PATH_VIEW.'/produkt/select_filter_productlist.phtml')); - } - else if ($_REQUEST['wpsg_mode'] == 'wpsg_mod_relatedproducts') - { + } else if (wpsg_isSizedString($_REQUEST['wpsg_mode'], 'wpsg_mod_relatedproducts')) { // Bei der Auswahl fÃŒr die Ähnlichen Produkte sollte das aktuelle Produkt und bereits relevante nicht zur auswahl stehen @@ -1147,10 +1173,8 @@ P.`deleted` = '0' AND P.`lang_parent` = '0' AND - P.`id` != '".wpsg_q($_REQUEST['edit_id'])."' + P.`id` != '".wpsg_q($edit_id)."' ", "id", "name"); - } - else - { + } else { $this->shop->view['arProdukte'] = wpsg_array_merge(array('-1' => __('Alle Produkte', 'wpsg')), $this->db->fetchAssocField(" @@ -1200,4 +1224,2 @@ } // class wpsg_ProduktController extends wpsg_SystemController - -?> Index: /controller/wpsg_SystemController.class.php =================================================================== --- /controller/wpsg_SystemController.class.php (revision 7569) +++ /controller/wpsg_SystemController.class.php (revision 7570) @@ -76,5 +76,5 @@ } // public function get_option($key) - + /** * Setzt eine Einstellung @@ -83,58 +83,45 @@ * @param $key * @param $value - * @param bool $force_global - * @param bool $addTrans - * @param null $sanitize_type + * @param bool $force_global + * @param bool $addTrans + * @param null $sanitize_type * @param array $sanitize_params - */ - public function update_option($key, $value, $force_global = false, $addTrans = false, $sanitize_type = NULL, $sanitize_params = array()) - { - - if (wpsg_isSizedString($sanitize_type)) { - - /* - array_unshift($sanitize_params, $value); - array_unshift($sanitize_params, $sanitize_type); - - $value = call_user_func_array("wpsg_sanitize", $sanitize_params); - - if ($value === false) { - - $value = $this->get_option($key); - - // Die 0 ist wichtig! - $_SESSION['sanitization_err_fields'][$key] = 0; - - // Ich breche das speichern ab, wenn das Feld nicht valide ist - return false; + * @return bool + * @throws Exception + */ + public function update_option($key, $value, $force_global = false, $addTrans = false, $sanitize_type = NULL, $sanitize_params = array()) { + + // fallback to check data Textfield (sanitize_text_field) + if ($sanitize_type === null) $sanitize_type = WPSG_SANITIZE_TEXTFIELD; + + $bValid = wpsg_checkInput($value, $sanitize_type, $sanitize_params); + + if (!$bValid) { + + // Not valid + + $GLOBALS['wpsg_sc']->addBackendError(__('Ihre Eingaben in den markierten Feldern waren ungÃŒltig, bitte ÃŒberprÃŒfen.', 'wpsg')); + + $_SESSION['sanitization_err_fields'][$key] = 0; + + return false; + + } else { + + // Sanitized + + if ($force_global) { + + update_site_option($key, $value); + + } else { + + update_option($key, $value); } - */ - - $bValid = wpsg_checkInput($value, $sanitize_type, $sanitize_params); - - if (!$bValid) { - - $GLOBALS['wpsg_sc']->addBackendError(__('Ihre Eingaben in den markierten Feldern waren ungÃŒltig, bitte ÃŒberprÃŒfen.', 'wpsg')); - - $_SESSION['sanitization_err_fields'][$key] = 0; - - return false; - - } - - } - - if ($force_global) { - - update_site_option($key, $value); - - } else { - - update_option($key, $value); - - } - - if ($addTrans === true) $GLOBALS['wpsg_sc']->addTranslationString($key, $value); + + if ($addTrans === true) $GLOBALS['wpsg_sc']->addTranslationString($key, $value); + + } } // public function update_option($key, $value) Index: /lib/functions.inc.php =================================================================== --- /lib/functions.inc.php (revision 7569) +++ /lib/functions.inc.php (revision 7570) @@ -601,4 +601,5 @@ case WPSG_SANITIZE_URL: case WPSG_SANITIZE_DOMAIN: + case WPSG_SANITIZE_ARRAY_LANG: case WPSG_SANITIZE_TEXTFIELD: Index: b/wpsg_exception.php =================================================================== --- /lib/wpsg_exception.php (revision 7569) +++ (revision ) @@ -1,25 +1,0 @@ -view['field_config']['type'], 'text'); ?>" class="form-control input-sm" - view['field_config']['autocomplete']??true) === false) { ?> autocomplete="off" + view['field_config']['autocomplete'])) { ?> autocomplete="off" name="view['field_name']; ?>" tabindex=" - " href="wp-admin/admin.php?page=wpsg-Customer&action=edit&edit_id=id; ?>" class="row-title">GetNr().' '.$c->getLabel()); ?> + " href=" $c->getId()]); + + ?>" class="row-title">GetNr().' '.$c->getLabel()); ?> getEMail()) > 0) { ?> getEMail(); ?> Index: /wpshopgermany.php =================================================================== --- /wpshopgermany.php (revision 7569) +++ /wpshopgermany.php (revision 7570) @@ -95,4 +95,5 @@ define('WPSG_SANITIZE_ZIP', 21); define('WPSG_SANITIZE_DOMAIN', 22); + define('WPSG_SANITIZE_ARRAY_LANG', 23); // Ist in Multiblog manchma nicht definiert :? Sonst ist hier das Verzeichnis drin