oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed some problems where special characters could be used where they shouldn't be. Also fixed a couple of template inconsistencies.

Browse source
This commit is contained in:
JT Smith 2002-11-04 04:30:21 +00:00
parent 6e9f024c3f
commit 4d3c8cc5a3
6 changed files with 74 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

37
docs/upgrades/upgrade_4.6.9-4.7.0.sql
View file

File diff suppressed because one or more lines are too long

17
lib/WebGUI/Discussion.pm
View file

@ -180,7 +180,7 @@ sub deleteMessageConfirm {
#------------------------------------------------------------------- #-------------------------------------------------------------------
sub formatHeader { sub formatHeader {
my ($output, $subject); my ($output, $subject);
$subject = formatSubject($_[0]); $subject = $_[0];
if ($_[5] ne "") { if ($_[5] ne "") {
$subject = '<a href="'.$_[5].'">'.$subject.'</a>'; $subject = '<a href="'.$_[5].'">'.$subject.'</a>';
} }
@ -204,14 +204,6 @@ sub formatMessage {
return $output; return $output;
} }
#-------------------------------------------------------------------
sub formatSubject {
my $output;
$output = $_[0];
$output = WebGUI::HTML::filter($output,'all');
return $output;
}
#------------------------------------------------------------------- #-------------------------------------------------------------------
sub getMessage { sub getMessage {
my (%message); my (%message);
@ -239,7 +231,7 @@ sub post {
'',$message{status}) '',$message{status})
.'<p>'.formatMessage($message{message}); .'<p>'.formatMessage($message{message});
$message{message} = ""; $message{message} = "";
$message{subject} = formatSubject("Re: ".$message{subject}) unless ($message{subject} =~ /^Re:/); $message{subject} = "Re: ".$message{subject} unless ($message{subject} =~ /^Re:/);
$session{form}{mid} = "new"; $session{form}{mid} = "new";
$f->hidden("replyTo",$session{form}{replyTo}); $f->hidden("replyTo",$session{form}{replyTo});
if ($session{user}{userId} == 1) { if ($session{user}{userId} == 1) {
@ -256,7 +248,6 @@ sub post {
$footer = formatHeader($message{subject},$message{userId},$message{username},$message{dateOfPost},$message{views}, $footer = formatHeader($message{subject},$message{userId},$message{username},$message{dateOfPost},$message{views},
'',$message{status}) '',$message{status})
.'<p>'.formatMessage($message{message}); .'<p>'.formatMessage($message{message});
$message{subject} = formatSubject($message{subject});
} }
$f->hidden("func","postSave"); $f->hidden("func","postSave");
$f->hidden("wid",$session{form}{wid}); $f->hidden("wid",$session{form}{wid});
@ -276,7 +267,9 @@ sub postSave {
my ($u, $rid, $status, $username, $pid); my ($u, $rid, $status, $username, $pid);
if ($session{form}{subject} eq "") { if ($session{form}{subject} eq "") {
$session{form}{subject} = WebGUI::International::get(232); $session{form}{subject} = WebGUI::International::get(232);
} } else {
$session{form}{subject} = WebGUI::HTML::filter($session{form}{subject},'all');
}
if ($session{form}{message} eq "") { if ($session{form}{message} eq "") {
$session{form}{subject} .= ' '.WebGUI::International::get(233); $session{form}{subject} .= ' '.WebGUI::International::get(233);
} }

3
lib/WebGUI/Operation/Account.pm
View file

@ -96,6 +96,9 @@ sub _hasBadUsername {
if ($_[0] eq "") { if ($_[0] eq "") {
$error .= '<li>'.WebGUI::International::get(725); $error .= '<li>'.WebGUI::International::get(725);
} }
unless ($_[0] =~ /^[A-Za-z0-9\-\_\.\,\@]+$/) {
$error .= '<li>'.WebGUI::International::get(747);
}
($otherUser) = WebGUI::SQL->quickArray("select username from users where username='$_[0]'"); ($otherUser) = WebGUI::SQL->quickArray("select username from users where username='$_[0]'");
if ($otherUser ne "" && $otherUser ne $session{user}{username}) { if ($otherUser ne "" && $otherUser ne $session{user}{username}) {
$error .= '<li>'.WebGUI::International::get(77).' "'.$_[0].'too", "'.$_[0].'2", ' $error .= '<li>'.WebGUI::International::get(77).' "'.$_[0].'too", "'.$_[0].'2", '

15
lib/WebGUI/Wobject/FAQ.pm
View file

@ -177,7 +177,7 @@ sub www_moveQuestionUp {
#------------------------------------------------------------------- #-------------------------------------------------------------------
sub www_view { sub www_view {
my (%question, $controls, $sth, %var, @qa, @toc); my (%question, $controls, $sth, %var, @qa);
tie %question,'Tie::CPHash'; tie %question,'Tie::CPHash';
if ($session{var}{adminOn}) { if ($session{var}{adminOn}) {
$var{addquestion} .= '<a href="'.WebGUI::URL::page('func=editQuestion&wid='.$_[0]->get("wobjectId")).'">' $var{addquestion} .= '<a href="'.WebGUI::URL::page('func=editQuestion&wid='.$_[0]->get("wobjectId")).'">'
@ -185,10 +185,6 @@ sub www_view {
} }
$sth = WebGUI::SQL->read("select * from FAQ_question where wobjectId=".$_[0]->get("wobjectId")." order by sequenceNumber"); $sth = WebGUI::SQL->read("select * from FAQ_question where wobjectId=".$_[0]->get("wobjectId")." order by sequenceNumber");
while (%question = $sth->hash) { while (%question = $sth->hash) {
push(@toc,{
questionId=>$question{FAQ_questionId},
question=>$question{question}
});
if ($session{var}{adminOn}) { if ($session{var}{adminOn}) {
$controls = deleteIcon('func=deleteQuestion&wid='.$_[0]->get("wobjectId").'&qid='.$question{FAQ_questionId}) $controls = deleteIcon('func=deleteQuestion&wid='.$_[0]->get("wobjectId").'&qid='.$question{FAQ_questionId})
.editIcon('func=editQuestion&wid='.$_[0]->get("wobjectId").'&qid='.$question{FAQ_questionId}) .editIcon('func=editQuestion&wid='.$_[0]->get("wobjectId").'&qid='.$question{FAQ_questionId})
@ -197,14 +193,13 @@ sub www_view {
.' '; .' ';
} }
push(@qa,{ push(@qa,{
questionId=>$question{FAQ_questionId}, "qa.Id"=>$question{FAQ_questionId},
answer=>$question{answer}, "qa.answer"=>$question{answer},
question=>$question{question}, "qa.question"=>$question{question},
controls=>$controls "qa.controls"=>$controls
}); });
} }
$sth->finish; $sth->finish;
$var{toc_loop} = \@toc;
$var{qa_loop} = \@qa; $var{qa_loop} = \@qa;
return $_[0]->processMacros($_[0]->displayTitle.$_[0]->processTemplate($_[0]->get("templateId"),\%var)); return $_[0]->processMacros($_[0]->displayTitle.$_[0]->processTemplate($_[0]->get("templateId"),\%var));
} }

1
lib/WebGUI/Wobject/MessageBoard.pm
View file

@ -110,7 +110,6 @@ sub www_view {
from discussion where wobjectId=".$_[0]->get("wobjectId")." and pid=0 from discussion where wobjectId=".$_[0]->get("wobjectId")." and pid=0
and (status='Approved' or userId=$session{user}{userId}) order by messageId desc"); and (status='Approved' or userId=$session{user}{userId}) order by messageId desc");
while (%data = $sth->hash) { while (%data = $sth->hash) {
$data{subject} = WebGUI::Discussion::formatSubject($data{subject});
if ($i >= ($_[0]->get("messagesPerPage")*$pn) && $i < ($_[0]->get("messagesPerPage")*($pn+1))) { if ($i >= ($_[0]->get("messagesPerPage")*$pn) && $i < ($_[0]->get("messagesPerPage")*($pn+1))) {
@last = WebGUI::SQL->quickArray("select messageId,dateOfPost,username,subject,userId @last = WebGUI::SQL->quickArray("select messageId,dateOfPost,username,subject,userId
from discussion where wobjectId=".$_[0]->get("wobjectId")." and rid=$data{messageId} from discussion where wobjectId=".$_[0]->get("wobjectId")." and rid=$data{messageId}

67
lib/WebGUI/Wobject/Product.pm
View file

@ -510,44 +510,41 @@ sub www_view {
#---brochure #---brochure
if ($_[0]->get("brochure")) { if ($_[0]->get("brochure")) {
$file = WebGUI::Attachment->new($_[0]->get("brochure"),$_[0]->get("wobjectId")); $file = WebGUI::Attachment->new($_[0]->get("brochure"),$_[0]->get("wobjectId"));
$var{brochure} = '<a href="'.$file->getURL.'"><img src="'.$file->getIcon.'" border=0 align="absmiddle"> ' $var{"brochure.icon"} = $file->getIcon;
.WebGUI::International::get(13,$namespace).'</a>'; $var{"brochure.label"} = WebGUI::International::get(13,$namespace);
$var{brochureURL} = $file->getURL; $var{"brochure.URL"} = $file->getURL;
} }
#---manual #---manual
if ($_[0]->get("manual")) { if ($_[0]->get("manual")) {
$file = WebGUI::Attachment->new($_[0]->get("manual"),$_[0]->get("wobjectId")); $file = WebGUI::Attachment->new($_[0]->get("manual"),$_[0]->get("wobjectId"));
$var{manual} = '<a href="'.$file->getURL.'"><img src="'.$file->getIcon.'" border=0 align="absmiddle"> ' $var{"manual.icon"} = $file->getIcon;
.WebGUI::International::get(14,$namespace).'</a>'; $var{"manual.label"} = WebGUI::International::get(14,$namespace);
$var{manualURL} = $file->getURL; $var{"manual.URL"} = $file->getURL;
} }
#---warranty #---warranty
if ($_[0]->get("warranty")) { if ($_[0]->get("warranty")) {
$file = WebGUI::Attachment->new($_[0]->get("warranty"),$_[0]->get("wobjectId")); $file = WebGUI::Attachment->new($_[0]->get("warranty"),$_[0]->get("wobjectId"));
$var{warranty} = '<a href="'.$file->getURL.'"><img src="'.$file->getIcon.'" border=0 align="absmiddle"> ' $var{"warranty.icon"} = $file->getIcon;
.WebGUI::International::get(15,$namespace).'</a>'; $var{"warranty.label"} = WebGUI::International::get(15,$namespace);
$var{warrantyURL} = $file->getURL; $var{"warranty.URL"} = $file->getURL;
} }
#---image1 #---image1
if ($_[0]->get("image1")) { if ($_[0]->get("image1")) {
$file = WebGUI::Attachment->new($_[0]->get("image1"),$_[0]->get("wobjectId")); $file = WebGUI::Attachment->new($_[0]->get("image1"),$_[0]->get("wobjectId"));
$var{image1} = '<img src="'.$file->getURL.'" border=0>'; $var{thumbnail1} = $file->getThumbnail;
$var{image1thumbnail} = '<a href="'.$file->getURL.'"><img src="'.$file->getThumbnail.'" border=0></a>'; $var{image1} = $file->getURL;
$var{image1url} = $file->getURL;
} }
#---image2 #---image2
if ($_[0]->get("image2")) { if ($_[0]->get("image2")) {
$file = WebGUI::Attachment->new($_[0]->get("image2"),$_[0]->get("wobjectId")); $file = WebGUI::Attachment->new($_[0]->get("image2"),$_[0]->get("wobjectId"));
$var{image2} = '<img src="'.$file->getURL.'" border=0>'; $var{thumbnail2} = $file->getThumbnail;
$var{image2thumbnail} = '<a href="'.$file->getURL.'"><img src="'.$file->getThumbnail.'" border=0></a>'; $var{image2} = $file->getURL;
$var{image2url} = $file->getURL;
} }
#---image3 #---image3
if ($_[0]->get("image3")) { if ($_[0]->get("image3")) {
$file = WebGUI::Attachment->new($_[0]->get("image3"),$_[0]->get("wobjectId")); $file = WebGUI::Attachment->new($_[0]->get("image3"),$_[0]->get("wobjectId"));
$var{image3} = '<img src="'.$file->getURL.'" border=0>'; $var{thumbnail3} = $file->getThumbnail;
$var{image3thumbnail} = '<a href="'.$file->getURL.'"><img src="'.$file->getThumbnail.'" border=0></a>'; $var{image3} = $file->getURL;
$var{image3url} = $file->getURL;
} }
#---features #---features
@ -564,7 +561,10 @@ sub www_view {
.moveUpIcon('func=moveFeatureUp&wid='.$_[0]->get("wobjectId").'&fid='.$data{Product_featureId}) .moveUpIcon('func=moveFeatureUp&wid='.$_[0]->get("wobjectId").'&fid='.$data{Product_featureId})
.moveDownIcon('func=moveFeatureDown&wid='.$_[0]->get("wobjectId").'&fid='.$data{Product_featureId}); .moveDownIcon('func=moveFeatureDown&wid='.$_[0]->get("wobjectId").'&fid='.$data{Product_featureId});
} }
push(@featureloop,{feature=>$data{feature},featureId=>$data{Product_featureId},controls=>$segment}); push(@featureloop,{
"feature.feature"=>$data{feature},
"feature.controls"=>$segment
});
} }
$sth->finish; $sth->finish;
$var{feature_loop} = \@featureloop; $var{feature_loop} = \@featureloop;
@ -583,7 +583,10 @@ sub www_view {
.moveUpIcon('func=moveBenefitUp&wid='.$_[0]->get("wobjectId").'&bid='.$data{Product_benefitId}) .moveUpIcon('func=moveBenefitUp&wid='.$_[0]->get("wobjectId").'&bid='.$data{Product_benefitId})
.moveDownIcon('func=moveBenefitDown&wid='.$_[0]->get("wobjectId").'&bid='.$data{Product_benefitId}); .moveDownIcon('func=moveBenefitDown&wid='.$_[0]->get("wobjectId").'&bid='.$data{Product_benefitId});
} }
push(@benefitloop,{benefit=>$data{benefit},benefitId=>$data{Product_benefitId},controls=>$segment}); push(@benefitloop,{
"benefit.benefit"=>$data{benefit},
"benefit.controls"=>$segment
});
} }
$sth->finish; $sth->finish;
$var{benefit_loop} = \@benefitloop; $var{benefit_loop} = \@benefitloop;
@ -602,8 +605,12 @@ sub www_view {
.moveUpIcon('func=moveSpecificationUp&wid='.$_[0]->get("wobjectId").'&sid='.$data{Product_specificationId}) .moveUpIcon('func=moveSpecificationUp&wid='.$_[0]->get("wobjectId").'&sid='.$data{Product_specificationId})
.moveDownIcon('func=moveSpecificationDown&wid='.$_[0]->get("wobjectId").'&sid='.$data{Product_specificationId}); .moveDownIcon('func=moveSpecificationDown&wid='.$_[0]->get("wobjectId").'&sid='.$data{Product_specificationId});
} }
push(@specificationloop,{specificationId=>$data{Product_specificationId}, push(@specificationloop,{
controls=>$segment,specification=>$data{value},units=>$data{units},label=>$data{name}}); "specification.controls"=>$segment,
"specification.specification"=>$data{value},
"specification.units"=>$data{units},
"specification.label"=>$data{name}
});
} }
$sth->finish; $sth->finish;
$var{specification_loop} = \@specificationloop; $var{specification_loop} = \@specificationloop;
@ -624,9 +631,11 @@ sub www_view {
.moveUpIcon('func=moveAccessoryUp&wid='.$_[0]->get("wobjectId").'&aid='.$data{accessoryWobjectId}) .moveUpIcon('func=moveAccessoryUp&wid='.$_[0]->get("wobjectId").'&aid='.$data{accessoryWobjectId})
.moveDownIcon('func=moveAccessoryDown&wid='.$_[0]->get("wobjectId").'&aid='.$data{accessoryWobjectId}); .moveDownIcon('func=moveAccessoryDown&wid='.$_[0]->get("wobjectId").'&aid='.$data{accessoryWobjectId});
} }
push(@accessoryloop,{URL=>WebGUI::URL::gateway($data{urlizedTitle}),title=>$data{title}, push(@accessoryloop,{
accessory=>'<a href="'.WebGUI::URL::gateway($data{urlizedTitle}).'">'.$data{title}.'</a>', "accessory.URL"=>WebGUI::URL::gateway($data{urlizedTitle}),
controls=>$segment}); "accessory.title"=>$data{title},
"accessory.controls"=>$segment
});
} }
$sth->finish; $sth->finish;
$var{accessory_loop} = \@accessoryloop; $var{accessory_loop} = \@accessoryloop;
@ -648,9 +657,11 @@ sub www_view {
.moveDownIcon('func=moveRelatedDown&wid='.$_[0]->get("wobjectId").'&rid='.$data{relatedWobjectId}); .moveDownIcon('func=moveRelatedDown&wid='.$_[0]->get("wobjectId").'&rid='.$data{relatedWobjectId});
} }
$segment .= '&middot;<a href="'.WebGUI::URL::gateway($data{urlizedTitle}).'">'.$data{title}.'</a><br>'; $segment .= '&middot;<a href="'.WebGUI::URL::gateway($data{urlizedTitle}).'">'.$data{title}.'</a><br>';
push(@relatedloop,{URL=>WebGUI::URL::gateway($data{urlizedTitle}),title=>$data{title}, push(@relatedloop,{
specification=>'<a href="'.WebGUI::URL::gateway($data{urlizedTitle}).'">'.$data{title}.'</a>', "relatedproduct.URL"=>WebGUI::URL::gateway($data{urlizedTitle}),
controls=>$segment}); "relatedproduct.title"=>$data{title},
"relatedproduct.controls"=>$segment
});
} }
$sth->finish; $sth->finish;
$var{relatedproduct_loop} = \@relatedloop; $var{relatedproduct_loop} = \@relatedloop;