Index: /controller/wpsg_AdminController.class.php =================================================================== --- /controller/wpsg_AdminController.class.php (revision 7661) +++ /controller/wpsg_AdminController.class.php (revision 7662) @@ -2442,11 +2442,8 @@ // Modul aktivieren wenn noch nicht aktiviert - if ($_REQUEST['aktiv'] == '1' && $this->get_option($_REQUEST['modul'], $global) == false) - { - - $init = base64_decode('aW5zdGFsbEZpcnN0'); //installFirst; - + if ($_REQUEST['aktiv'] == '1' && $this->get_option($_REQUEST['modul'], $global) == false) { + $this->update_option($_REQUEST['modul'], time(), $global); - $this->shop->arAllModule[$_REQUEST['modul']]->$init(); + $this->shop->arAllModule[$_REQUEST['modul']]->installFirst(); $this->shop->arAllModule[$_REQUEST['modul']]->install(); Index: /controller/wpsg_BasketController.class.php =================================================================== --- /controller/wpsg_BasketController.class.php (revision 7661) +++ /controller/wpsg_BasketController.class.php (revision 7662) @@ -354,29 +354,32 @@ /** * Seite, die nach der Bestellung angezeigt wird + * @param $content + * @throws \wpsg\Exception */ - private function doneAction(&$content) - { - - // Hash verifizierne - $order_id = $_REQUEST['order_id']; - - if (!isset($order_id) || $order_id <= 0) die(__('Aufrufsfehler!', 'wpsg')); - - // Hash bilden - $hash = preg_replace('/(\+)|(\=)/', 'A', base64_encode(md5('wpShopGermany'.$order_id, $this->get_option("wpsg_salt")))); - - if ($hash != $_REQUEST['wpsg_done']) - { - die(__('Aufrufsfehler!!', 'wpsg')); - } - - $this->shop->basket->initFromDB($order_id); - $this->shop->view['basket'] = $this->shop->basket->toArray(); - $this->shop->view['o_id'] = $order_id; - $this->shop->view['order'] = $this->shop->cache->loadOrder($order_id); - $this->shop->view['customer'] = $this->shop->cache->loadKunden($this->shop->view['order']['k_id']); - - $content = $this->shop->render(WPSG_PATH_VIEW.'/warenkorb/done.phtml', false); - + private function doneAction(&$content) { + + if (!wpsg_checkInput($_REQUEST['order_id'], WPSG_SANITIZE_INT)) throw \wpsg\Exception::getSanitizeException(); + else { + + // Hash verifizierne + $order_id = intval($_REQUEST['order_id']); + + if ($order_id <= 0) throw \wpsg\Exception::getInvalidValueException(); + + // Hash vergleichen + if (password_verify($this->shop->get_option("wpsg_salt").$order_id, $_REQUEST['wpsg_done'])) { + + $this->shop->basket->initFromDB($order_id); + $this->shop->view['basket'] = $this->shop->basket->toArray(); + $this->shop->view['o_id'] = $order_id; + $this->shop->view['order'] = $this->shop->cache->loadOrder($order_id); + $this->shop->view['customer'] = $this->shop->cache->loadKunden($this->shop->view['order']['k_id']); + + $content = $this->shop->render(WPSG_PATH_VIEW.'/warenkorb/done.phtml', false); + + } else throw \wpsg\Exception::getInvalidValueException(); + + } + } // private function doneAction() Index: /controller/wpsg_ShopController.class.php =================================================================== --- /controller/wpsg_ShopController.class.php (revision 7661) +++ /controller/wpsg_ShopController.class.php (revision 7662) @@ -436,5 +436,5 @@ $this->checkDefault('wpsg_afterinsert', '1'); - $this->checkDefault('wpsg_salt', base64_encode($_SERVER['REQUEST_URI'].rand(1, 1000))); + $this->checkDefault('wpsg_salt', mkd5($_SERVER['REQUEST_URI'].rand(1, 1000))); // Betreffs der E-Mails vordefinieren @@ -1616,5 +1616,5 @@ // load_(text)domain('wpsg', dirname(__FILE__).'/../lang/wpsg-'.$force_locale.'.mo'); call_user_func_array( - base64_decode('bG9hZF90ZXh0ZG9tYWlu'), + 'load_textdomain', array( 'wpsg', dirname(__FILE__).'/../lang/wpsg-'.$force_locale.'.mo' @@ -2653,19 +2653,15 @@ * Gibt den Link zur Seite nach der Bestellung zurück */ - public function getDoneURL($order_id) - { + public function getDoneURL($order_id) { $basket_url = $this->getURL(wpsg_ShopController::URL_BASKET); - if (strpos($basket_url, '?') === false) - { - - return $basket_url.'?order_id='.$order_id.'&wpsg_done='.preg_replace('/(\+)|(\=)/', 'A', base64_encode(md5('wpShopGermany'.$order_id, $this->get_option("wpsg_salt")))); - - } - else - { - - return $basket_url.'&order_id='.$order_id.'&wpsg_done='.preg_replace('/(\+)|(\=)/', 'A', base64_encode(md5('wpShopGermany'.$order_id, $this->get_option("wpsg_salt")))); + if (strpos($basket_url, '?') === false) { + + return $basket_url.'?order_id='.$order_id.'&wpsg_done='.password_hash($this->get_option("wpsg_salt").$order_id, PASSWORD_DEFAULT); + + } else { + + return $basket_url.'&order_id='.$order_id.'&wpsg_done='.password_hash($this->get_option("wpsg_salt").$order_id, PASSWORD_DEFAULT); } @@ -3339,13 +3335,18 @@ } - if (!wpsg_isSizedInt($this->get_option('wp_installed'))) - { - - $mail_text .= base64_decode('IAotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCgpWZXJ3ZW5kZXRlIFNob3AgU29mdHdhcmU6IHdwU2hvcEdlcm1hbnkgKGh0dHA6Ly93cHNob3BnZXJtYW55Lm1hZW5uY2hlbjEuZGUp'); - - if (wpsg_isSizedString($mail_html)) - { - - $mail_html = preg_replace('/\<\/body\>/', base64_decode('PGJyIC8+DQo8ZGl2IHN0eWxlPSJib3JkZXItdG9wOjFweCBzb2xpZCAjMDAwMDAwOyB3aWR0aDoxMDAlOyBib3R0b206MHB4OyAgdGV4dC1hbGlnbjpjZW50ZXI7IGJhY2tncm91bmQtY29sb3I6I0YxRURFRDsgY29sb3I6MDAwMDAwIj48ZGl2IHN0eWxlPSJwYWRkaW5nOjVweDsiPg0KVmVyd2VuZGV0ZSBTaG9wIFNvZnR3YXJlOiA8YSBocmVmPSJodHRwOi8vd3BzaG9wZ2VybWFueS5kZSI+d3BTaG9wR2VybWFueTwvYT48L2Rpdj48L2Rpdj4=').'', $mail_html); + if (!wpsg_isSizedInt($this->get_option('wp_installed'))) { + + $mail_text = " +---------------------------------------------------------------------------- + +Verwendete Shop Software: wpShopGermany (http://wpshopgermany.maennchen1.de)"; + + $footer = "
+
+Verwendete Shop Software: wpShopGermany
"; + + if (wpsg_isSizedString($mail_html)) { + + $mail_html = preg_replace('/\<\/body\>/', $footer, $mail_html); } Index: /controller/wpsg_SystemController.class.php =================================================================== --- /controller/wpsg_SystemController.class.php (revision 7661) +++ /controller/wpsg_SystemController.class.php (revision 7662) @@ -771,20 +771,15 @@ * Nach dem Aufruf und der DurchfÃŒhrung sollte wieder die Originalspreach mit restoreTemLocale gesetzt werden */ - public function setTempLocale($locale) - { + public function setTempLocale($locale) { global $l10n; - if (file_exists(dirname(__FILE__).'/../lang/wpsg-'.$locale.'.mo')) - { + if (file_exists(dirname(__FILE__).'/../lang/wpsg-'.$locale.'.mo')) { $this->old_l10n = clone $l10n['wpsg']; $this->force_locale = $locale; - - // Hier muss load_(text)domain genommen werden, sonst ging es nicht! - // Damit das Plugin nicht warnt, habe ich es bissl verscrambelt - // load_(text)domain('wpsg', dirname(__FILE__).'/../lang/wpsg-'.$locale.'.mo'); + call_user_func_array( - base64_decode('bG9hZF90ZXh0ZG9tYWlu'), + 'load_textdomain', array( 'wpsg', dirname(__FILE__).'/../lang/wpsg-'.$locale.'.mo' Index: /model/wpsg_exception.class.php =================================================================== --- /model/wpsg_exception.class.php (revision 7661) +++ /model/wpsg_exception.class.php (revision 7662) @@ -52,7 +52,13 @@ } // public function getTypLabel() + public static function getMethodNotFoundException() { + + return new \Exception('Funktion existiert nicht'); + + } + public static function getSanitizeException() { - return new Exception('Parameterfehler'); + return new \Exception('Parameterfehler'); } @@ -60,5 +66,5 @@ public static function getInvalidValueException() { - return new Exception('Aufrufsfehler'); + return new \Exception('Aufrufsfehler'); } Index: /mods/wpsg_mod_basic.class.php =================================================================== --- /mods/wpsg_mod_basic.class.php (revision 7661) +++ /mods/wpsg_mod_basic.class.php (revision 7662) @@ -725,55 +725,13 @@ /** ------------------------------------------------------------------- */ - public function __call($name, $arguments) - { - - if (method_exists($this, $name)) - { + public function __call($name, $arguments) { + + if (method_exists($this, $name)) { return call_user_func_array(array($this, $name), $arguments); - } - else - { - - if ($name == base64_decode('Z2V0RGVtb0RheXM=')) // installModul - { - - return 1; - if (isset($this->free) && $this->free === true) return 7 * 2; - - $a = $this->shop->get_option('wpsg_modul'); - $a = @unserialize(base64_decode($a)); - if (!is_array($a)) $a = array(); - - if (!array_key_exists(get_class($this), $a)) - { - - $a[get_class($this)] = time(); - $this->shop->update_option('wpsg_modul', base64_encode(serialize($a))); - - } - - $d = ceil((time() - $a[get_class($this)]) / (43200 * 2)); - if ($d > (7 * 2) || $d <= 0) return -1; - else return ((7 * 2) - $d); - - } - else if ($name == base64_decode('aW5zdGFsbEZpcnN0=')) - { - - $a = $this->shop->get_option('wpsg_modul'); - $a = @unserialize(base64_decode($a)); - if (!is_array($a)) $a = array(); - - if (!array_key_exists(get_class($this), $a)) $a[get_class($this)] = time(); - - $this->shop->update_option('wpsg_modul', base64_encode(serialize($a))); - - return; - - } - - return call_user_func_array($this, $name()); + } else { + + throw \wpsg\Exception::getMethodNotFoundException(); } Index: /mods/wpsg_mod_creditcard.class.php =================================================================== --- /mods/wpsg_mod_creditcard.class.php (revision 7661) +++ /mods/wpsg_mod_creditcard.class.php (revision 7662) @@ -323,4 +323,5 @@ public function wpsg_mod_export_getValue(&$return, $field_value, $o_id, $p_id, $productkey, $product_index, $profil_separator) { + $arOrder = $this->shop->cache->loadOrder($o_id); $value = ""; @@ -351,40 +352,6 @@ } - if ($value == "") - { - $return = $value; - } - else - { - // Test - /* - $val = base64_decode($value); - $ll = strlen($val); - $iv = substr($val, 0, 16); - $ll = strlen($iv); - $key = $this->shop->get_option("wpsg_mod_creditcard_schluessel"); - $dec1 = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, "VISAVISAVISAVISA", MCRYPT_MODE_CBC, $iv); - $ll = strlen($dec1); - $dec1 = $iv.$dec1; - $ll = strlen($dec1); - $dec2 = base64_encode($dec1); - $ll = strlen($dec2); - $dec3 = base64_decode($dec2); - $ll = strlen($dec3); - $dec3 = substr($dec3, 16); - $dec4 = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $dec3, MCRYPT_MODE_CBC, $iv); - $dec5 = trim($dec4, " \t\n\r\0\x0B"); - */ - $key = $this->shop->get_option("wpsg_mod_creditcard_schluessel"); - //$iv = mcrypt_create_iv(16, MCRYPT_RAND); - - //$value = base64_decode($value); - //$iv = substr($value, 0, 16); - //$value = substr($value, 16); - //echo wpsg_q(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $checkout['mod_creditcard_typ'], MCRYPT_MODE_CBC, $iv)); - //$value = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $value, MCRYPT_MODE_CBC, $iv); - //$value = trim($value, " \t\n\r\0\x0B"); - $return = $value; - } + $return = $value; + } // public function wpsg_mod_export_getValue(&$return, $field_value, $o_id, $p_id, $productkey, $product_index, $profil_separator) Index: /mods/wpsg_mod_downloadprodukte.class.php =================================================================== --- /mods/wpsg_mod_downloadprodukte.class.php (revision 7661) +++ /mods/wpsg_mod_downloadprodukte.class.php (revision 7662) @@ -400,6 +400,6 @@ { - $strLinks .= get_permalink($this->shop->get_option('wpsg_page_basket'))."&plugin=1&noheader=1&m_id=".$this->id."&order=".$order_id."&file=".base64_encode(basename($f[0]))."&produkt=".$this->shop->getProduktID($produkt['id'])."&chash=".$chash."\r\n\r\n"; - $arLinks[] = get_permalink($this->shop->get_option('wpsg_page_basket'))."&plugin=1&noheader=1&m_id=".$this->id."&order=".$order_id."&file=".base64_encode(basename($f[0]))."&produkt=".$this->shop->getProduktID($produkt['id'])."&chash=".$chash; + $strLinks .= get_permalink($this->shop->get_option('wpsg_page_basket'))."&plugin=1&noheader=1&m_id=".$this->id."&order=".$order_id."&file=".rawurlencode(basename($f[0]))."&produkt=".$this->shop->getProduktID($produkt['id'])."&chash=".$chash."\r\n\r\n"; + $arLinks[] = get_permalink($this->shop->get_option('wpsg_page_basket'))."&plugin=1&noheader=1&m_id=".$this->id."&order=".$order_id."&file=".rawurlencode(basename($f[0]))."&produkt=".$this->shop->getProduktID($produkt['id'])."&chash=".$chash; } @@ -407,6 +407,6 @@ { - $strLinks .= get_permalink($this->shop->get_option('wpsg_page_basket'))."?plugin=1&noheader=1&m_id=".$this->id."&order=".$order_id."&file=".base64_encode(basename($f[0]))."&produkt=".$this->shop->getProduktID($produkt['id'])."&chash=".$chash."\r\n\r\n"; - $arLinks[] = get_permalink($this->shop->get_option('wpsg_page_basket'))."?plugin=1&noheader=1&m_id=".$this->id."&order=".$order_id."&file=".base64_encode(basename($f[0]))."&produkt=".$this->shop->getProduktID($produkt['id'])."&chash=".$chash; + $strLinks .= get_permalink($this->shop->get_option('wpsg_page_basket'))."?plugin=1&noheader=1&m_id=".$this->id."&order=".$order_id."&file=".rawurlencode(basename($f[0]))."&produkt=".$this->shop->getProduktID($produkt['id'])."&chash=".$chash."\r\n\r\n"; + $arLinks[] = get_permalink($this->shop->get_option('wpsg_page_basket'))."?plugin=1&noheader=1&m_id=".$this->id."&order=".$order_id."&file=".rawurlencode(basename($f[0]))."&produkt=".$this->shop->getProduktID($produkt['id'])."&chash=".$chash; } @@ -536,5 +536,5 @@ $_file = $f; - if ($_file == base64_decode($_REQUEST['file'])) + if ($_file == rawurldecode($_REQUEST['file'])) { Index: /views/admin/ueber.phtml =================================================================== --- /views/admin/ueber.phtml (revision 7661) +++ /views/admin/ueber.phtml (revision 7662) @@ -140,29 +140,41 @@ -
- - (.*).*$%ms', '$1', $pinfo ); - //echo $pinfo; - - $pinfo = htmlentities($pinfo); - //$pinfo = htmlspecialchars($pinfo, ENT_HTML5, 'ISO-8859-1'); - - echo ''; - - //$pinfo = preg_replace("/(width):\".*?\"/", "\${1}=\"100%\"", $pinfo); - //$pinfo = preg_replace('/(width)(:)"([\d]+)"/', '${1}${2}"100%"', $pinfo); - //$pinfo = str_replace('width: 934px;', 'width:100%;', $pinfo); - - ?> - +
+ + + + /is', '', $pi); + + echo $pi; + + ?> +
Index: /wpshopgermany.php =================================================================== --- /wpshopgermany.php (revision 7661) +++ /wpshopgermany.php (revision 7662) @@ -175,10 +175,11 @@ /** @var wpsg_ShopController */ - $GLOBALS['wpsg_sc'] = new wpsg_ShopController(); + $shop = new wpsg_ShopController(); + $GLOBALS['wpsg_sc'] = &$shop; // Nicht behandelte Exceptions werden hier verarbeitet set_exception_handler(array('\\wpsg\\exceptionhandler', 'exception')); - if ($GLOBALS['wpsg_sc']->isMultiBlog() && !is_admin() && $GLOBALS['wpsg_sc']->get_option('wpsg_multiblog_sessionPath', true) == '1') + if ($shop->isMultiBlog() && !is_admin() && $shop->get_option('wpsg_multiblog_sessionPath', true) == '1') { @@ -194,8 +195,7 @@ global $current_blog; - if ($GLOBALS['wpsg_sc']->isMultiBlog()) - { - - $path = $GLOBALS['wpsg_sc']->get_option('wpsg_path_upload_multiblog', true); + if ($shop->isMultiBlog()) { + + $path = $shop->get_option('wpsg_path_upload_multiblog', true); $path = preg_replace('/%blog_id%/', $current_blog->blog_id, $path); @@ -204,5 +204,5 @@ } - $GLOBALS['wpsg_sc']->initShop($prefix); + $shop->initShop($prefix); // Standardrollen fÃŒr die Rechteverteilung @@ -226,5 +226,5 @@ add_action('phpmailer_init', 'wpsg_phpmailer_init'); add_action('shutdown', 'wpsg_shutdown'); - add_action('wp_loaded', array($GLOBALS['wpsg_sc'], 'wp_load')); + add_action('wp_loaded', array($shop, 'wp_load')); add_action('admin_bar_menu', 'wpsg_admin_bar_menu', 2000); @@ -239,5 +239,5 @@ add_filter('site_transient_update_plugins', 'wpsg_update'); - add_action('admin_enqueue_scripts', array($GLOBALS['wpsg_sc'], 'wp_enqueue')); + add_action('admin_enqueue_scripts', array($shop, 'wp_enqueue')); add_action('admin_init', 'wpsg_admin_init'); add_action('admin_footer', 'wpsg_admin_footer'); @@ -249,19 +249,19 @@ { - add_shortcode('wpshopgermany', array($GLOBALS['wpsg_sc'], 'shortcode')); - add_shortcode('wpshopgermany_link', array($GLOBALS['wpsg_sc'], 'shortcode_basket')); - - add_filter('the_title', array($GLOBALS['wpsg_sc'], 'the_title'), 10, 2); - add_filter('the_content', array($GLOBALS['wpsg_sc'], 'content_filter')); - add_filter('the_excerpt', array($GLOBALS['wpsg_sc'], 'the_excerpt')); - add_filter('pre_get_posts', array($GLOBALS['wpsg_sc'], 'pre_get_posts')); + add_shortcode('wpshopgermany', array($shop, 'shortcode')); + add_shortcode('wpshopgermany_link', array($shop, 'shortcode_basket')); + + add_filter('the_title', array($shop, 'the_title'), 10, 2); + add_filter('the_content', array($shop, 'content_filter')); + add_filter('the_excerpt', array($shop, 'the_excerpt')); + add_filter('pre_get_posts', array($shop, 'pre_get_posts')); - add_action('wp_enqueue_scripts', array($GLOBALS['wpsg_sc'], 'wp_enqueue')); - add_action('wp_head', array($GLOBALS['wpsg_sc'], 'wp_head')); - add_action('wp_footer', array($GLOBALS['wpsg_sc'], 'wp_foot')); - add_action('template_redirect', array($GLOBALS['wpsg_sc'], 'template_redirect')); + add_action('wp_enqueue_scripts', array($shop, 'wp_enqueue')); + add_action('wp_head', array($shop, 'wp_head')); + add_action('wp_footer', array($shop, 'wp_foot')); + add_action('template_redirect', array($shop, 'template_redirect')); - if ($GLOBALS['wpsg_sc']->get_option('wpsg_removeWpTrimExcerpt') == '1') remove_filter('get_the_excerpt', 'wp_trim_excerpt'); - if ($GLOBALS['wpsg_sc']->get_option('wpsg_removeWpAutoOp') == '1') remove_filter('the_content', 'wpautop'); + if ($shop->get_option('wpsg_removeWpTrimExcerpt') == '1') remove_filter('get_the_excerpt', 'wp_trim_excerpt'); + if ($shop->get_option('wpsg_removeWpAutoOp') == '1') remove_filter('the_content', 'wpautop'); } @@ -269,9 +269,8 @@ if (!wp_next_scheduled('wpsg_daily_hook')) wp_schedule_event(time(), 'daily', 'wpsg_daily_hook'); - add_action('init', [$GLOBALS['wpsg_sc'], 'init']); - add_action('widgets_init', array($GLOBALS['wpsg_sc'], 'widget_init')); - add_action('wpsg_daily_hook', [$GLOBALS['wpsg_sc'], 'wpsg_daily_hook']); + add_action('init', [$shop, 'init']); + add_action('widgets_init', array($shop, 'widget_init')); + add_action('wpsg_daily_hook', [$shop, 'wpsg_daily_hook']); - $GLOBALS['wpsg_sc']->callMods('load', array()); - - //remove_action( 'shutdown', 'wp_ob_end_flush_all', 1 ); + $shop->callMods('load', array()); +