- Timestamp:
- Oct 7, 2013, 11:52:11 PM (11 years ago)
- Location:
- trunk
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Modules/Dictionary/Dictionary.php
r577 r586 213 213 214 214 $Output .= '<tr><td> 215 <input type="text" value="'. $Search.'" name="search" size="30" />215 <input type="text" value="'.htmlentities($Search).'" name="search" size="30" /> 216 216 <input type="submit" value="Vyhledat" />'; 217 217 if($this->System->User->Licence(LICENCE_USER)) -
trunk/Modules/Log/Log.php
r581 r586 79 79 if(array_key_exists('type', $_GET)) $Where = ' WHERE `Type` = "'.($_GET['type'] * 1).'"'; 80 80 else $Where = ''; 81 $sql = 'SELECT *, UNIX_TIMESTAMP(`Date`) AS `TimeCreate`, (SELECT `User`.`Name` FROM `User` WHERE `User`.`ID` = `Log`.`User`) AS `UserName` FROM `Log`'.$Where.' ORDER BY `Date` DESC LIMIT 100'; 81 $sql = 'SELECT *, UNIX_TIMESTAMP(`Date`) AS `TimeCreate`, (SELECT `User`.`Name` FROM `User` WHERE `User`.`ID` = `Log`.`User`) AS `UserName` FROM `Log`'. 82 $Where.' ORDER BY `Date` DESC LIMIT 100'; 82 83 $DbResult = $this->System->Database->query($sql); 83 84 while($Line = $DbResult->fetch_assoc()) … … 93 94 'Title' => $LogType['Name'].' ('.$Line['UserName'].', '.$Line['IP'].')', 94 95 'Link' => 'http://'.$this->System->Config['Web']['Host'].$this->System->Link('/log.php'), 95 'Description' => $LogType['Name'].': '.$Line['Text'].' ('.$Line['UserName'].', '.$Line['IP'].' )',96 'Description' => $LogType['Name'].': '.$Line['Text'].' ('.$Line['UserName'].', '.$Line['IP'].', '.$Line['TimeCreate'].')', 96 97 'Time' => $Line['TimeCreate'], 97 98 ); -
trunk/Modules/Search/Search.php
r577 r586 41 41 else if(array_key_exists('text', $_POST)) $Search = $_POST['text']; 42 42 else $Search = ''; 43 $SearchHTML = htmlentities($Search); 43 44 44 45 $Output = '<table class="BaseTable"><tr><th>Skupina</th><th>Výsledků</th></tr>'; … … 52 53 foreach($Group['Items'] as $Item) 53 54 { 54 if($Item['Column'] != '') $sql .= ' OR `'.$Item['Column'].'` LIKE "%'.$Search.'%"';55 if($Item['Column'] != '') $sql .= ' OR (`'.$Item['Column'].'` LIKE "%'.$Search.'%")'; 55 56 } 56 57 $DbResult = $this->Database->query($sql); 57 58 $Line = $DbResult->fetch_row(); 58 $Output .= '<tr><td><a href="'.$this->System->Link('/TranslationList.php?group='.$Group['Id'].'&user=0&state=0&text='.$Search.'&entry=').'">'.$Group['Name'].'</a></td><td>'.$Line[0].'</td></tr>'; 59 $Output .= '<tr><td><a href="'.$this->System->Link('/TranslationList.php?group='. 60 $Group['Id'].'&user=0&state=0&text='.$SearchHTML.'&entry=').'">'. 61 $Group['Name'].'</a></td><td>'.$Line[0].'</td></tr>'; 59 62 } 60 63 61 64 $DbResult = $this->Database->query('SELECT count(*) FROM `User` WHERE `Name` LIKE "%'.$Search.'%"'); 62 65 $Line = $DbResult->fetch_row(); 63 $Output .= '<tr><td><a href="'.$this->System->Link('/userlist.php?search='.$Search ).'">Uživatelé</a></td><td>'.$Line[0].'</td></tr>';66 $Output .= '<tr><td><a href="'.$this->System->Link('/userlist.php?search='.$SearchHTML).'">Uživatelé</a></td><td>'.$Line[0].'</td></tr>'; 64 67 65 68 $DbResult = $this->Database->query('SELECT count(*) FROM `Team` WHERE `Name` LIKE "%'.$Search.'%" OR `Description` LIKE "%'.$Search.'%"'); 66 69 $Line = $DbResult->fetch_row(); 67 $Output .= '<tr><td><a href="'.$this->System->Link('/team/?search='.$Search ).'">Týmy</a></td><td>'.$Line[0].'</td></tr>';70 $Output .= '<tr><td><a href="'.$this->System->Link('/team/?search='.$SearchHTML).'">Týmy</a></td><td>'.$Line[0].'</td></tr>'; 68 71 69 72 $DbResult = $this->Database->query('SELECT count(*) FROM `CzWoWPackageVersion` WHERE `Text` LIKE "%'.$Search.'%"'); 70 73 $Line = $DbResult->fetch_row(); 71 74 $Output .= '<tr><td><a href="'.$this->System->Link('/download.php?addon').'">Čeština pro klienta</a></td><td>'.$Line[0].'</td></tr>'; 72 $Output .= '<tr><td><a href="'.$this->System->Link('/aowow/?search='.$Search ).'">Vyhledávací databáze AoWoW</a></td></tr>';75 $Output .= '<tr><td><a href="'.$this->System->Link('/aowow/?search='.$SearchHTML).'">Vyhledávací databáze AoWoW</a></td></tr>'; 73 76 74 77 $DbResult = $this->Database->query('SELECT count(*) FROM `Dictionary` WHERE '. 75 78 '(`Text` LIKE "%'.$Search.'%" OR `Description` LIKE "%'.$Search.'%") AND `Language` = '.$this->System->Config['OriginalLanguage']); 76 79 $Line = $DbResult->fetch_row(); 77 $Output .= '<tr><td><a href="'.$this->System->Link('/dictionary/?search='.$Search).'">Slovníček</a></td><td>'.$Line[0].'</td></tr>'; 80 $Output .= '<tr><td><a href="'.$this->System->Link('/dictionary/?search='.$SearchHTML). 81 '">Slovníček</a></td><td>'.$Line[0].'</td></tr>'; 78 82 79 83 $Output .= '</table>'; -
trunk/Modules/Translation/TranslationList.php
r577 r586 131 131 // Words 132 132 $Filter['Text'] = GetParameter('text', '', false, true); 133 $Output .= '<td><input name="text" type="text" style="width: 60px;" value="'. $Filter['Text'].'"></td>';133 $Output .= '<td><input name="text" type="text" style="width: 60px;" value="'.htmlentities($Filter['Text']).'"></td>'; 134 134 if($Filter['Text'] != '') 135 135 { … … 144 144 // Entry 145 145 $Filter['Entry'] = GetParameter('entry', '', false, true); 146 $Output .= '<td><input name="entry" type="text" style="width: 60px;" value="'. $Filter['Entry'].'"></td>';146 $Output .= '<td><input name="entry" type="text" style="width: 60px;" value="'.htmlentities($Filter['Entry']).'"></td>'; 147 147 if($Filter['Entry'] != '') 148 148 { -
trunk/img_level.php
r553 r586 3 3 require_once('includes/global.php'); 4 4 5 // Nastavení5 // Settings 6 6 $xp_from_word = 1; 7 7 $index_level = 100; 8 $from_diakrit = 3; // zvýšené xp za slovo s diakritikou8 $from_diakrit = 3; // higher xp for word with diacritics 9 9 $FontFile = 'images/FRIZQT__.ttf'; 10 10 … … 94 94 } 95 95 } 96 if($translated) $xp = $xp + $xp_translation; // Přičítání XP za celý překlad, pokud je celý přeložený96 if($translated) $xp = $xp + $xp_translation; // XP addition for entire translation if complete translated 97 97 } 98 98 } … … 133 133 while($LineTeam = $DbResult->fetch_array()) 134 134 { 135 CreateImg('team', $LineTeam['Name'], substr($LineTeam['Average'], 0, strpos($LineTeam['Average'],'.'))); // vytváření obrázku135 CreateImg('team', $LineTeam['Name'], substr($LineTeam['Average'], 0, strpos($LineTeam['Average'],'.'))); //image creation 136 136 } 137 137 $System->Database->query('UPDATE `User` SET `NeedUpdate` = 0'); -
trunk/includes/Page.php
r577 r586 20 20 21 21 function GetOutput() 22 { 22 { 23 23 $Output = $this->Show(); 24 24 return($Output); -
trunk/includes/Version.php
r585 r586 1 1 <?php 2 2 3 $Revision = 58 5; // Subversion revision3 $Revision = 586; // Subversion revision 4 4 $DatabaseRevision = 585; // Database structure revision 5 $ReleaseTime = '2013- 09-13';5 $ReleaseTime = '2013-10-07'; -
trunk/includes/global.php
r581 r586 633 633 else $_SERVER['QUERY_STRING'] = ''; 634 634 parse_str($_SERVER['QUERY_STRING'], $_GET); 635 // SQL injection hack protection 636 foreach($_GET as $Index => $Item) $_GET[$Index] = addslashes($_GET[$Index]); 635 637 return($PathItems); 636 638 }
Note:
See TracChangeset
for help on using the changeset viewer.