Changeset 502

Timestamp:

Dec 30, 2014 10:24:51 PM (9 years ago)

Author:

anonymous

Message:

Many minor fixes during pulso development

Location:

trunk

Files:

• bin/acl.cli.php (modified) (8 diffs)
• lib/ACL.inc.php (modified) (6 diffs)
• lib/App.inc.php (modified) (11 diffs)
• lib/Auth_File.inc.php (modified) (1 diff)
• lib/Auth_SQL.inc.php (modified) (5 diffs)
• lib/AuthorizeNet.inc.php (modified) (1 diff)
• lib/CSS.inc.php (modified) (1 diff)
• lib/Cache.inc.php (modified) (1 diff)
• lib/Captcha.inc.php (modified) (1 diff)
• lib/Cart.inc.php (modified) (1 diff)
• lib/Currency.inc.php (modified) (1 diff)
• lib/DB.inc.php (modified) (1 diff)
• lib/DBSessionHandler.inc.php (modified) (1 diff)
• lib/Email.inc.php (modified) (3 diffs)
• lib/FormValidator.inc.php (modified) (1 diff)
• lib/HTML.inc.php (modified) (1 diff)
• lib/Hierarchy.inc.php (modified) (1 diff)
• lib/Image.inc.php (modified) (1 diff)
• lib/ImageThumb.inc.php (modified) (1 diff)
• lib/JS.inc.php (modified) (1 diff)
• lib/Lock.inc.php (modified) (1 diff)
• lib/Navigation.inc.php (modified) (1 diff)
• lib/PEdit.inc.php (modified) (1 diff)
• lib/PageNumbers.inc.php (modified) (1 diff)
• lib/PayPal.inc.php (modified) (1 diff)
• lib/Prefs.inc.php (modified) (1 diff)
• lib/ScriptTimer.inc.php (modified) (1 diff)
• lib/SortOrder.inc.php (modified) (1 diff)
• lib/SpellCheck.inc.php (modified) (1 diff)
• lib/Upload.inc.php (modified) (1 diff)
• lib/Utilities.inc.php (modified) (2 diffs)
• lib/Validator.inc.php (modified) (1 diff)
• lib/Version.inc.php (modified) (3 diffs)
• services/templates/versions_diff.ihtml (modified) (1 diff)
• services/templates/versions_list.ihtml (modified) (1 diff)
• services/templates/versions_view.ihtml (modified) (1 diff)
• services/versions.php (modified) (1 diff)

trunk/bin/acl.cli.php

@@ -44 +44 @@
 // Make sure necessary files exist.
 define('COMMON_BASE', realpath('.'));
-$db_quth_file = COMMON_BASE . '/global/db_auth.inc.php';
-if (!file_exists($db_quth_file)) {
-    die(sprintf("%s error: the current directory must be common site directory (i.e. the parent directory of the document root) AND the global/db_auth.inc.php file must exist.\n", $this_script));
-}
-
-if (fileowner($db_quth_file) != getmyuid()) {
+$db_auth_file = false;
+$rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator(COMMON_BASE));
+$rii->setMaxDepth(2);
+foreach ($rii as $filename => $file) {
+    if (mb_strpos($filename, 'db_auth.inc.php') !== false) {
+        $db_auth_file = $filename;
+        break;
+    }
+}
+if (!$db_auth_file) {
+    die(sprintf("%s error: the current directory must be common site directory (i.e. the parent directory of the document root) AND the db_auth.inc.php file must exist.\n", $this_script));
+}
+if (fileowner($db_auth_file) != getmyuid()) {
     die(sprintf("%s error: you must execute this script as the owner of the web files.\n", $this_script));
 }
 
 // Set include path.
-ini_set('include_path', get_include_path()
-    . PATH_SEPARATOR . COMMON_BASE
-);
+ini_set('include_path', get_include_path() . PATH_SEPARATOR . COMMON_BASE);
 
 /********************************************************************
@@ -83 +88 @@
     'log_filename' => 'site_log',
 ));
-require_once 'global/db_auth.inc.php';
+require_once $db_auth_file;
 
 // Start application-based functionality: database, session, environment, ini setup, etc.
@@ -104 +109 @@
 if (!$db->tableExists('acl_tbl')) {
     printf("This project doesn't appear to be using ACL (there is no acl_tbl in the %s DB).\n", $app->getParam('db_name'));
+    $app->stop();
     die;
 }
@@ -220 +226 @@
     break;
 }
+
+$app->stop();
+die;
 
 
@@ -309 +318 @@
     case 'aro' :
         $tbl = 'aro_tbl';
-        printf("%-35s %-5s %-5s %s\n", 'Request objects', 'lft', 'rgt', 'Added');
+        printf("%-45s %s\n", 'Request objects', 'Added');
         break;
     case 'aco' :
         $tbl = 'aco_tbl';
-        printf("%-35s %-5s %-5s %s\n", 'Control objects', 'lft', 'rgt', 'Added');
+        printf("%-45s %s\n", 'Control objects', 'Added');
         break;
     case 'axo' :
         $tbl = 'axo_tbl';
-        printf("%-35s %-5s %-5s %s\n", 'Xtra objects', 'lft', 'rgt', 'Added');
+        printf("%-45s %s\n", 'Xtra objects', 'Added');
         break;
     default :
@@ -325 +334 @@
     }
 
-    echo "-----------------------------------------------------------\n";
+    echo "---------------------------------------------------------------------\n";
 
     // Retrieve the left and right value of the $root node.
@@ -342 +351 @@
 
         // Display indented node title.
-        printf("%-35s %-5s %-5s %s\n", str_repeat('    ', sizeof($depth)) . $name, $lft, $rgt, date($app->getParam('date_format'), strtotime($added_datetime)));
+        printf("%-45s %s\n", str_repeat('    ', sizeof($depth)) . $name, date($app->getParam('date_format') . ' ' . $app->getParam('time_format'), strtotime($added_datetime)));
 
         // Add this node to the stack.
@@ -373 +382 @@
     ");
     echo "\n";
-    printf("%-25s %-25s %-25s %-6s %-10s\n", 'Request objects', 'Control objects', 'Xtra objects', '', 'Added');
+    printf("%-25s %-25s %-25s %-6s %-10s\n", 'Request objects', 'Control objects', 'Xtra objects', 'Grant', 'Added');
     echo "------------------------------------------------------------------------------------------------\n";
     while ($p = mysql_fetch_assoc($qid)) {

trunk/lib/ACL.inc.php

@@ -37 +37 @@
 require_once dirname(__FILE__) . '/Cache.inc.php';
 
-class ACL {
+class ACL
+{
 
     // A place to keep an object instance for the singleton pattern.
@@ -49 +50 @@
         // Automatically create table and verify columns. Better set to false after site launch.
         'create_table' => false,
+
+        // Maximum allowed length of names.
+        // This value can be increased only if {aro,aco,axo}_tbl.name VARCHAR length is increased.
+        'name_max_length' => 32.
     );
 
@@ -149 +154 @@
             $db->query("
                 CREATE TABLE IF NOT EXISTS acl_tbl (
-                    aro_id SMALLINT(11) UNSIGNED NOT NULL DEFAULT '0',
-                    aco_id SMALLINT(11) UNSIGNED NOT NULL DEFAULT '0',
-                    axo_id SMALLINT(11) UNSIGNED NOT NULL DEFAULT '0',
+                    aro_id SMALLINT UNSIGNED NOT NULL DEFAULT '0',
+                    aco_id SMALLINT UNSIGNED NOT NULL DEFAULT '0',
+                    axo_id SMALLINT UNSIGNED NOT NULL DEFAULT '0',
                     access ENUM('allow', 'deny') DEFAULT NULL,
                     added_datetime DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',
@@ -180 +185 @@
                     CREATE TABLE IF NOT EXISTS {$a_o}_tbl (
                         {$a_o}_id SMALLINT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT,
-                        name VARCHAR(32) NOT NULL DEFAULT '',
-                        lft MEDIUMINT(9) UNSIGNED NOT NULL DEFAULT '0',
-                        rgt MEDIUMINT(9) UNSIGNED NOT NULL DEFAULT '0',
+                        name VARCHAR(" . $this->getParam('name_max_length') . ") NOT NULL DEFAULT '',
+                        lft MEDIUMINT UNSIGNED NOT NULL DEFAULT '0',
+                        rgt MEDIUMINT UNSIGNED NOT NULL DEFAULT '0',
                         added_datetime DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',
                         UNIQUE KEY name (name(15)),
@@ -255 +260 @@
         if ('' == trim($name) || '' == trim($parent)) {
             $app->logMsg(sprintf('Cannot add node, parent (%s) or name (%s) missing.', $name, $parent), LOG_WARNING, __FILE__, __LINE__);
+            return false;
+        }
+
+        // Ensure node node name fits in the column size.
+        // This value can be increased if {aro,aco.axo}_tbl.name VARCHAR length is increased.
+        if (strlen(trim($name)) > $this->getParam('name_max_length')) {
+            $app->logMsg(sprintf('Cannot add node, %s character limit exceeded for name "%s"', $this->getParam('name_max_length'), $name, $parent), LOG_WARNING, __FILE__, __LINE__);
             return false;
         }
@@ -718 +730 @@
 
         if (!$this->check($aro, $aco, $axo)) {
-            $message = '' == trim($message) ? sprintf(_("You have insufficient privileges to view <em>%s %s</em>"), $aco, $axo) : $message;
+            $message = '' == trim($message) ? sprintf(_("Sorry, you have insufficient privileges for <em>%s %s</em>."), $aco, $axo) : $message;
             $app->raiseMsg($message, $type, $file, $line);
             $app->dieBoomerangURL();

trunk/lib/App.inc.php

@@ -40 +40 @@
 require_once dirname(__FILE__) . '/Utilities.inc.php';
 
-class App {
+class App
+{
 
     // Minimum version of PHP required for this version of the Codebase.
@@ -627 +628 @@
         }
 
-        // Make sure to log in the system's locale.
-        $locale = setlocale(LC_TIME, 0);
-        setlocale(LC_TIME, 'C');
-
         // Strip HTML tags except any with more than 7 characters because that's probably not a HTML tag, e.g. <email@address.com>.
         preg_match_all('/(<[^>\s]{7,})[^>]*>/', $message, $strip_tags_allow);
@@ -678 +675 @@
         }
 
+        // Make sure to log in the system's locale.
+        $locale = setlocale(LC_TIME, 0);
+        setlocale(LC_TIME, 'C');
+
         // Data to be stored for a log event.
         $event = array(
@@ -692 +693 @@
         $event_short['url'] = truncate($event_short['url'], 120);
 
+        // Restore original locale.
+        setlocale(LC_TIME, $locale);
 
         // FILE ACTION
@@ -702 +705 @@
         if (false !== $this->getParam('log_email_priority') && $priority <= $this->getParam('log_email_priority') && $send_notifications) {
             $hostname = (isset($_SERVER['HTTP_HOST']) && '' != $_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : php_uname('n');
-            $subject = sprintf('[%s %s] %s', $hostname, $event['type'], mb_substr($message, 0, 64));
+            $subject = sprintf('[%s %s] %s', $hostname, $event['type'], mb_substr($event['message'], 0, 64));
             $email_msg = sprintf("A %s log event occurred on %s\n\n", $event['type'], $hostname);
             $headers = 'From: ' . $this->getParam('site_email');
@@ -724 +727 @@
             file_put_contents('php://stderr', "[{$event['type']}] [{$event['message']}]\n", FILE_APPEND);
         }
-
-        // Restore original locale.
-        setlocale(LC_TIME, $locale);
-
-        unset($event, $event_short);
 
         return true;
@@ -850 +848 @@
      *                                     header('Location...') redirections.
      *
+     * @param   bool    $include_csrf_token     Set to true to include the csrf_token in the form. Only use this for forms with action="post" to prevent the token from being revealed in the URL.
      * @return string url with attached queries and, if not using cookies, the session id
      */
-    public function url($url, $carry_args=null, $always_include_sid=false)
+    public function url($url, $carry_args=null, $always_include_sid=false, $include_csrf_token=false)
     {
         if (!$this->running) {
             $this->logMsg(sprintf('Canceled method call %s, application not running.', __FUNCTION__), LOG_NOTICE, __FILE__, __LINE__);
             return false;
+        }
+
+        if ($this->getParam('csrf_token_enabled') && $include_csrf_token) {
+            // Include the csrf_token as a carried query argument.
+            // This token can be validated upon form submission with $app->verifyCSRFToken() or $app->requireValidCSRFToken()
+            $carry_args = is_array($carry_args) ? $carry_args : array();
+            $carry_args = array_merge($carry_args, array($this->getParam('csrf_token_name') => $this->getCSRFToken()));
         }
 
@@ -938 +944 @@
      *
      * @access  public
-     * @param   string  $url    Input URL to parse.
-     * @return  string          URL passed through $app->url() and then & turned to $amp;.
+     * @param   (see param reference for url() method)
+     * @return  string          URL passed through $app->url() with ampersamds transformed to $amp;
      * @author  Quinn Comendant <quinn@strangecode.com>
      * @since   09 Dec 2005 17:58:45
      */
-    public function oHREF($url, $carry_args=null, $always_include_sid=false)
-    {
-        $url = $this->url($url, $carry_args, $always_include_sid);
-
-        // Replace any & not followed by an html or unicode entity with it's &amp; equivalent.
+    public function oHREF($url, $carry_args=null, $always_include_sid=false, $include_csrf_token=false)
+    {
+        // Process the URL.
+        $url = $this->url($url, $carry_args, $always_include_sid, $include_csrf_token);
+
+        // Replace any & not followed by an html or unicode entity with its &amp; equivalent.
         $url = preg_replace('/&(?![\w\d#]{1,10};)/', '&amp;', $url);
 
@@ -1093 +1100 @@
             return false;
         }
-        $this->logMsg(sprintf('Verified CSRF token %s is in %s', $user_submitted_csrf_token, $csrf_token), LOG_DEBUG, __FILE__, __LINE__);
+        $this->logMsg(sprintf('Verified CSRF token %s', $user_submitted_csrf_token), LOG_DEBUG, __FILE__, __LINE__);
         return true;
     }
@@ -1142 +1149 @@
         }
 
-        if ('' == $url) {
+        if (!$url) {
             // If URL is not specified, use the redirect_home_url.
             $url = $this->getParam('redirect_home_url');
@@ -1295 +1302 @@
         }
 
-        $this->logMsg(sprintf('deleteBoomerangURL(%s): %s', $id, $this->getBoomerangURL($id)), LOG_DEBUG, __FILE__, __LINE__);
-
         if (isset($id) && isset($_SESSION['_app'][$this->_ns]['boomerang']['url'][$id])) {
+            $url = $this->getBoomerangURL($id);
             unset($_SESSION['_app'][$this->_ns]['boomerang']['url'][$id]);
         } else if (is_array($_SESSION['_app'][$this->_ns]['boomerang']['url'])) {
-            array_pop($_SESSION['_app'][$this->_ns]['boomerang']['url']);
-        }
+            $url = array_pop($_SESSION['_app'][$this->_ns]['boomerang']['url']);
+        }
+        $this->logMsg(sprintf('deleteBoomerangURL(%s): %s', $id, $url), LOG_DEBUG, __FILE__, __LINE__);
     }
 

trunk/lib/Auth_File.inc.php

@@ -40 +40 @@
 // ));
 
-class Auth_File {
+class Auth_File
+{
 
     // Available encryption types for class Auth_File.

trunk/lib/Auth_SQL.inc.php

@@ -30 +30 @@
 require_once dirname(__FILE__) . '/Email.inc.php';
 
-class Auth_SQL {
+class Auth_SQL
+{
 
     // Available hash types for class Auth_SQL.
@@ -181 +182 @@
                 userpass VARCHAR(255) NOT NULL DEFAULT '',
                 userpass_hashtype TINYINT UNSIGNED NOT NULL DEFAULT '0',
-                first_name VARCHAR(255) NOT NULL DEFAULT '',
-                last_name VARCHAR(255) NOT NULL DEFAULT '',
+                first_name VARCHAR(50) NOT NULL DEFAULT '',
+                last_name VARCHAR(50) NOT NULL DEFAULT '',
                 email VARCHAR(255) NOT NULL DEFAULT '',
-                login_abuse_exempt ENUM('TRUE') DEFAULT NULL,
-                blocked ENUM('TRUE') DEFAULT NULL,
+                login_abuse_exempt ENUM('true') DEFAULT NULL,
+                blocked ENUM('true') DEFAULT NULL,
                 blocked_reason VARCHAR(255) NOT NULL DEFAULT '',
-                abuse_warning_level TINYINT(4) NOT NULL DEFAULT '0',
-                seconds_online INT(11) NOT NULL DEFAULT '0',
+                abuse_warning_level TINYINT NOT NULL DEFAULT '0',
+                seconds_online INT NOT NULL DEFAULT '0',
                 last_login_datetime DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',
                 last_access_datetime DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',
-                last_login_ip VARCHAR(255) NOT NULL DEFAULT '0.0.0.0',
-                added_by_user_id SMALLINT(11) DEFAULT NULL,
-                modified_by_user_id SMALLINT(11) DEFAULT NULL,
+                last_login_ip VARCHAR(45) NOT NULL DEFAULT '0.0.0.0',
+                added_by_user_id SMALLINT DEFAULT NULL,
+                modified_by_user_id SMALLINT DEFAULT NULL,
                 added_datetime DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',
                 modified_datetime DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',
                 KEY " . $this->getParam('db_username_column') . " (" . $this->getParam('db_username_column') . "),
                 KEY userpass (userpass),
-                KEY email (email)
+                KEY email (email),
+                KEY last_login_datetime (last_login_datetime),
+                KEY last_access_datetime (last_access_datetime)
             )");
 
@@ -327 +330 @@
             $db->query("
                 UPDATE " . $this->_params['db_table'] . " SET
-                seconds_online = seconds_online + (UNIX_TIMESTAMP() - UNIX_TIMESTAMP(last_access_datetime)),
+                seconds_online = seconds_online + ABS(UNIX_TIMESTAMP() - UNIX_TIMESTAMP(last_access_datetime)),
                 last_login_datetime = '0000-00-00 00:00:00'
                 WHERE " . $this->_params['db_primary_key'] . " = '" . $this->get('user_id') . "'
@@ -635 +638 @@
             $db->query("
                 UPDATE " . $this->_params['db_table'] . " SET
-                seconds_online = seconds_online + (UNIX_TIMESTAMP() - UNIX_TIMESTAMP(last_access_datetime)) + 1,
+                seconds_online = seconds_online + ABS(UNIX_TIMESTAMP() - UNIX_TIMESTAMP(last_access_datetime)) + 1,
                 last_access_datetime = '" . $this->get('last_access_datetime') . "'
                 WHERE " . $this->_params['db_primary_key'] . " = '" . $this->get('user_id') . "'
@@ -981 +984 @@
         // Issue the password change query.
         $db->query("
-            UPDATE " . $this->_params['db_table'] . "
-            SET userpass = '" . $db->escapeString($this->encryptPassword($password, null, $hash_type)) . "'
-            $userpass_hashtype_clause
+            UPDATE " . $this->_params['db_table'] . " SET
+                userpass = '" . $db->escapeString($this->encryptPassword($password, null, $hash_type)) . "',
+                modified_datetime = NOW(),
+                modified_by_user_id = '" . $db->escapeString($user_id) . "'
+                $userpass_hashtype_clause
             WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "'
         ");

trunk/lib/AuthorizeNet.inc.php

@@ -59 +59 @@
 // }
 
-class AuthorizeNet {
+class AuthorizeNet
+{
 
     public $post_url = ''; // The URL to post data to.

trunk/lib/CSS.inc.php

@@ -29 +29 @@
  * @version 1.2
  */
-class CSS {
+class CSS
+{
 
     // Include these style sheets.

trunk/lib/Cache.inc.php

@@ -32 +32 @@
  */
 
-class Cache {
+class Cache
+{
 
     // A place to keep object instances for the singleton pattern.

trunk/lib/Captcha.inc.php

@@ -52 +52 @@
 -------------------------------------------------------------------------------------
  */
-class Captcha {
+class Captcha
+{
 
     public $secret_key = 'some random seed text for the md5';

trunk/lib/Cart.inc.php

@@ -68 +68 @@
 ---------------------------------------------------------------------
  */
-class Cart {
+class Cart
+{
 
     // Namespace of this instance.

trunk/lib/Currency.inc.php

@@ -38 +38 @@
  */
 
-class Currency {
+class Currency
+{
 
     // Configuration parameters for this object.

trunk/lib/DB.inc.php

@@ -30 +30 @@
  */
 
-class DB {
+class DB
+{
 
     // A place to keep an object instance for the singleton pattern.

trunk/lib/DBSessionHandler.inc.php

@@ -30 +30 @@
  */
 
-class DBSessionHandler {
+class DBSessionHandler
+{
 
     public $db; // DB object.

trunk/lib/Email.inc.php

@@ -53 +53 @@
 */
 
-class Email {
+class Email
+{
 
     // Default parameters, to be overwritten by setParam() and read with getParam()
@@ -244 +245 @@
     }
 
+    /*
+    * Returns the body of the current email. This can be used to store the message that is being sent.
+    * It will use the original template, or the replaced template if it has been processed.
+    *
+    * @access   public
+    * @return   string  Message body.
+    * @author   Quinn Comendant <quinn@strangecode.com>
+    * @version  1.0
+    * @since    18 Nov 2014 21:15:19
+    */
+    public function getBody()
+    {
+        $final_body = isset($this->_template_replaced) ? $this->_template_replaced : $this->_template;
+        // Ensure all placeholders have been replaced. Find anything with {...} characters.
+        if (preg_match('/({[^}]+})/', $final_body, $unreplaced_match)) {
+            unset($unreplaced_match[0]);
+            $app->logMsg(sprintf('Cannot get email body. Unreplaced variables in template: %s', getDump($unreplaced_match)), LOG_ERR, __FILE__, __LINE__);
+            return false;
+        }
+        return $final_body;
+    }
+
     /**
      * Send email using PHP's mail() function.
@@ -295 +318 @@
         // Ensure all placeholders have been replaced. Find anything with {...} characters.
         if (preg_match('/({[^}]+})/', $final_body, $unreplaced_match)) {
-            $app->logMsg(sprintf('Cannot send email. At least one variable left unreplaced in template: %s', (isset($unreplaced_match[1]) ? $unreplaced_match[1] : '')), LOG_ERR, __FILE__, __LINE__);
+            unset($unreplaced_match[0]);
+            $app->logMsg(sprintf('Cannot send email. Unreplaced variables in template: %s', getDump($unreplaced_match)), LOG_ERR, __FILE__, __LINE__);
             return false;
         }

trunk/lib/FormValidator.inc.php

@@ -58 +58 @@
 require_once 'codebase/lib/Validator.inc.php';
 
-class FormValidator {
+class FormValidator
+{
 
     // Class parameters.

trunk/lib/HTML.inc.php

@@ -38 +38 @@
 */
 
-class HTML {
+class HTML
+{
 
     // Browsers add names and ids of form controls as properties to the FORM. This results in the properties of the form being replaced.

trunk/lib/Hierarchy.inc.php

@@ -42 +42 @@
  */
 
-class Hierarchy {
+class Hierarchy
+{
 
     /**

trunk/lib/Image.inc.php

@@ -28 +28 @@
  * @since   14 Apr 2006 20:07:29
  */
-class Image {
+class Image
+{
 
     // Object parameters.

trunk/lib/ImageThumb.inc.php

@@ -40 +40 @@
 define('IMAGETHUMB_METHOD_GD', 7);
 
-class ImageThumb {
+class ImageThumb
+{
 
     // General object parameters.

trunk/lib/JS.inc.php

@@ -29 +29 @@
  * @version 1.2
  */
-class JS {
+class JS
+{
 
     // Include these style sheets.

trunk/lib/Lock.inc.php

@@ -29 +29 @@
  * @version 2.1
  */
-class Lock {
+class Lock
+{
 
     // A place to keep an object instance for the singleton pattern.

trunk/lib/Navigation.inc.php

@@ -34 +34 @@
  * @version 2.0
  */
-class Navigation {
+class Navigation
+{
 
     // Configuration parameters for this object.

trunk/lib/PEdit.inc.php

@@ -67 +67 @@
 
  */
-class PEdit {
+class PEdit
+{
 
     // PEdit object parameters.

trunk/lib/PageNumbers.inc.php

@@ -37 +37 @@
 require_once dirname(__FILE__) . '/Prefs.inc.php';
 
-class PageNumbers {
+class PageNumbers
+{
 
     public $total_items;       // Total quantity of items.

trunk/lib/PayPal.inc.php

@@ -30 +30 @@
  * @version 1.0
  */
-class PayPal {
+class PayPal
+{
 
     // General object parameters.

trunk/lib/Prefs.inc.php

@@ -52 +52 @@
 ---------------------------------------------------------------------
  */
-class Prefs {
+class Prefs
+{
 
     // Namespace of this instance of Prefs.

trunk/lib/ScriptTimer.inc.php

@@ -24 +24 @@
  * ScriptTimer.inc.php
  */
-class ScriptTimer {
+class ScriptTimer
+{
 
     public $time_format = '%.3f';

trunk/lib/SortOrder.inc.php

@@ -35 +35 @@
 require_once dirname(__FILE__) . '/Prefs.inc.php';
 
-class SortOrder {
+class SortOrder
+{
 
     protected $_columns;

trunk/lib/SpellCheck.inc.php

@@ -59 +59 @@
 */
 
-class SpellCheck {
+class SpellCheck
+{
 
     protected $_params = array(

trunk/lib/Upload.inc.php

@@ -38 +38 @@
 define('UPLOAD_USER_ERR_MOVE_FAILED', 104);
 
-class Upload {
+class Upload
+{
 
     // General object parameters.

trunk/lib/Utilities.inc.php

@@ -941 +941 @@
 /**
  * Signs a value using md5 and a simple text key. In order for this
- * function to be useful (i.e. secure) the key must be kept secret, which
+ * function to be useful (i.e. secure) the salt must be kept secret, which
  * means keeping it as safe as database credentials. Putting it into an
  * environment variable set in httpd.conf is a good place.
- *
- * TODO: consider using more bits-per-character, such as done with:
- * http://www.php.net/manual/en/function.sha1.php#86239
- * http://blog.kevburnsjr.com/php-unique-hash
  *
  * @access  public
@@ -999 +995 @@
  * @param   string  $signed_val A value with appended signature.
  * @param   string  $salt       (Optional) A text key to use for computing the signature.
+ * @param   string  $length (Optional) The length of the added signature.
  * @return  bool    True if the signature matches the var.
  */

trunk/lib/Validator.inc.php

@@ -31 +31 @@
  */
 
-class Validator {
+class Validator
+{
 
     // Known credit card types.

trunk/lib/Version.inc.php

@@ -37 +37 @@
  * @version 2.1
  */
-class Version {
+class Version
+{
 
     // A place to keep an object instance for the singleton pattern.
@@ -290 +291 @@
         }
 
-        // Replace current record with specified versioned record.
+        // Disable foreign_key_checks to prevent ON DELETE triggers or restrictions.
+        $db->query("SET SESSION foreign_key_checks = 0");
+        // Replace current record with specified versioned record. Consider converting this SQL to use INSERT 
 ON DUPLICATE KEY UPDATE 

         $db->query("
-            REPLACE INTO " . $record['record_table'] . " (
+        REPLACE INTO " . $record['record_table'] . " (
                 $replace_keys
             ) VALUES (
                 $replace_values
-            )
-        ");
+            );
+        ");
+        // Re-enable foreign_key_checks.
+        $db->query("SET SESSION foreign_key_checks = 1");
 
         return $record;
@@ -468 +473 @@
     {
         $db =& DB::getInstance();
-
-        $this->initDB();
+        $app =& App::getInstance();
+
+        $this->initDB();
+
+        if (!$record_table || !$record_key || !$record_val) {
+            $app->logMsg(sprintf('Invalid current version args: %s, %s, %s.', $record_table, $record_key, $record_val), LOG_ERR, __FILE__, __LINE__);
+            return false;
+        }
 
         $qid = $db->query("

trunk/services/templates/versions_diff.ihtml

@@ -45 +45 @@
             $action_links = array();
             if (!getFormData('current', false)) {
-                $action_links[] = array('href' => $app->oHREF($_SERVER['PHP_SELF'] . '?op=restore', array('version_id', 'version_title')), 'value' => _("Restore this saved version"), 'class' => 'small button alert', 'accesskey' => 'r');
+                $action_links[] = array('href' => $app->oHREF('?op=restore', array('version_id', 'version_title')), 'value' => _("Restore this saved version"), 'class' => 'small button alert', 'accesskey' => 'r');
             }
-            $action_links[] = array('href' => $app->ohref(oTxt($_SERVER['PHP_SELF'])), 'value' => _("Cancel"), 'class' => 'small button secondary', 'accesskey' => 'b');
+            $action_links[] = array('href' => $app->ohref('?op=cancel'), 'value' => _("Cancel"), 'class' => 'small button secondary', 'accesskey' => 'c');
             HTML::printButtons($action_links);
             ?>

trunk/services/templates/versions_list.ihtml

@@ -50 +50 @@
                 <div class="sc-help"><?php printf(_("When there are more than %s versions, those over %s days old are deleted."), $version->getParam('min_qty'), $version->getParam('min_days')); ?></div>
                 <?php
-                HTML::printButtons(array(
-                    array('name' => 'op', 'value' => _("Cancel"), 'class' => 'small button secondary', 'accesskey' => 'c'),
-                ));
+                // Buttons.
+                $action_links = array();
+                $action_links[] = array('href' => $app->ohref('?op=cancel'), 'value' => _("Cancel"), 'class' => 'small button secondary', 'accesskey' => 'c');
+                HTML::printButtons($action_links);
                 ?>
             </div>

trunk/services/templates/versions_view.ihtml

@@ -28 +28 @@
             $action_links = array();
             if (!getFormData('current', false)) {
-                $action_links[] = array('href' => $app->oHREF($_SERVER['PHP_SELF'] . '?op=restore', array('version_id', 'version_title')), 'value' => _("Restore this saved version"), 'class' => 'small button alert', 'accesskey' => 'r');
+                $action_links[] = array('href' => $app->oHREF('?op=restore', array('version_id', 'version_title')), 'value' => _("Restore this saved version"), 'class' => 'small button alert', 'accesskey' => 'r');
             }
-            $action_links[] = array('href' => $app->ohref(oTxt($_SERVER['PHP_SELF'])), 'value' => _("Cancel"), 'class' => 'small button secondary', 'accesskey' => 'b');
+            $action_links[] = array('href' => $app->ohref('?op=cancel'), 'value' => _("Cancel"), 'class' => 'small button secondary', 'accesskey' => 'c');
             HTML::printButtons($action_links);
             ?>

trunk/services/versions.php

@@ -78 +78 @@
 switch (getFormData('op')) {
 
-case _("Cancel") :
-    $app->dieBoomerangURL('versions', false);
+case 'cancel' :
+    if ($app->validBoomerangURL('version')) {
+        // Display boomerang page.
+        $app->dieBoomerangURL('version');
+    }
+    // Display default page.
+    $app->dieURL(false, false);
     break;