0.6.1

rakheshthayyur · Mar 28, 2017 · 8893165 · 8893165
1 parent 07965ff
commit 8893165
Show file tree

Hide file tree

Showing 179 changed files with 9,273 additions and 3,912 deletions.
diff --git a/inoerp/extensions/comment/class.comment.inc b/inoerp/extensions/comment/class.comment.inc
@@ -327,7 +327,7 @@ class comment extends dbObject {
   $pageno = !empty($_GET['pageno']) ? $_GET['pageno'] : 1;
   $per_page = !empty($_GET['per_page']) ? $_GET['per_page'] : 20;
   $this->subject_noof_char = empty($this->subject_noof_char) ? 100 : $this->subject_noof_char;
-  $query_string = !empty($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
+  $query_string = !empty($_SERVER['QUERY_STRING']) ? htmlentities($_SERVER['QUERY_STRING']) : '';
   $comment_result = $this->content_comment_with_reference();
   $total_count_c = count($comment_result);
   $pagination_c = new pagination($pageno, $per_page, $total_count_c);
@@ -403,7 +403,7 @@ class comment extends dbObject {
   global $f;
   $pageno = !empty($_GET['pageno']) ? $_GET['pageno'] : 1;
   $per_page = !empty($_GET['per_page']) ? $_GET['per_page'] : 10;
-  $query_string = !empty($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
+  $query_string = !empty($_SERVER['QUERY_STRING']) ? htmlentities($_SERVER['QUERY_STRING']) : '';
   $comment_string = " ";
   $sql = "SELECT comment.comment_id, comment.comment, comment.created_by,  comment.creation_date, "
    . "  comment.creation_date, IFNULL(user.username, comment.comment_by) as username, user.image_file_id as image_file_id "

diff --git a/inoerp/extensions/comment/class_extn_comment.inc b/inoerp/extensions/comment/class_extn_comment.inc
@@ -327,7 +327,7 @@ class extn_comment extends dbObject {
   $pageno = !empty($_GET['pageno']) ? $_GET['pageno'] : 1;
   $per_page = !empty($_GET['per_page']) ? $_GET['per_page'] : 20;
   $this->subject_noof_char = empty($this->subject_noof_char) ? 100 : $this->subject_noof_char;
-  $query_string = !empty($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
+  $query_string = !empty($_SERVER['QUERY_STRING']) ? htmlentities($_SERVER['QUERY_STRING']) : '';
   $comment_result = $this->content_comment_with_reference();
   $total_count_c = count($comment_result);
   $pagination_c = new pagination($pageno, $per_page, $total_count_c);
@@ -403,7 +403,7 @@ class extn_comment extends dbObject {
   global $f;
   $pageno = !empty($_GET['pageno']) ? $_GET['pageno'] : 1;
   $per_page = !empty($_GET['per_page']) ? $_GET['per_page'] : 10;
-  $query_string = !empty($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
+  $query_string = !empty($_SERVER['QUERY_STRING']) ? htmlentities($_SERVER['QUERY_STRING']) : '';
   $comment_string = " ";
 
   switch (DB_TYPE) {

diff --git a/inoerp/extensions/comment/post_comment.php b/inoerp/extensions/comment/post_comment.php
@@ -42,7 +42,7 @@
 }
 
 if (!empty($_SERVER['QUERY_STRING'])) {
- $query_string = $_SERVER['QUERY_STRING'];
+ $query_string = htmlentities($_SERVER['QUERY_STRING']);
 //  $query_string = remove_querystring_var($query_string, 'page');
  if (!empty($_GET['pageno'])) {
 	$query_string = substr($query_string, 9);

diff --git a/inoerp/extensions/content/class.content.inc b/inoerp/extensions/content/class.content.inc
@@ -559,7 +559,7 @@ AND content.content_id = category_reference.reference_id  ";
 	$pageno = !empty($_GET['pageno']) ? $_GET['pageno'] : 1;
 	$per_page = !empty($_GET['per_page']) ? $_GET['per_page'] : 10;
 	$this->subject_noof_char = empty($this->subject_noof_char) ? 300 : $this->subject_noof_char;
-	$query_string = !empty($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
+	$query_string = !empty($_SERVER['QUERY_STRING']) ? htmlentities($_SERVER['QUERY_STRING']) : '';
 	$content_result = $this->findAll_contents();
 	$total_count_c = count($content_result);
 	$pagination_c = new pagination($pageno, $per_page, $total_count_c);

diff --git a/inoerp/extensions/content/content_list/content_functions.inc b/inoerp/extensions/content/content_list/content_functions.inc
@@ -54,7 +54,7 @@ foreach ($search_array as $key => $value) {
 }
 
 if (!empty($_SERVER['QUERY_STRING'])) {
- $query_string = $_SERVER['QUERY_STRING'];
+ $query_string = htmlentities($_SERVER['QUERY_STRING']);
 //  $query_string = remove_querystring_var($query_string, 'page');
  if (!empty($_GET['pageno'])) {
   $query_string = substr($query_string, 9);

diff --git a/inoerp/extensions/demo_user/activity/activity.inc b/inoerp/extensions/demo_user/activity/activity.inc
@@ -1 +1 @@
-<?php // $mode = 2; $readonly = 1; if (!empty($_GET['user_id'])) {  $user_id = $_GET['user_id']; } else if (!empty($_SESSION['user_id'])) {  $user_id = $_SESSION['user_id']; }else{  access_denied(); } $ud = new user_activity_v();// $ud->user_id = $user_id; $result = $ud->user_contents(); $subject_noof_char = 50; $pageno = !empty($_GET['pageno']) ? $_GET['pageno'] : 1; $per_page = !empty($_GET['per_page']) ? $_GET['per_page'] : 10; $query_string = !empty($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : ''; $total_count = count($result); $pagination = new pagination($pageno, $per_page, $total_count); $pagination->setProperty('_path', 'form'); $pagination->setProperty('_query_string', $query_string); $content_string = '<div class="table_container">'; if ($result) {  $con_count = 0;  if (count($result) > 0) {   $content_string .='<table id="forum_list" class="top_margin10 form_line_data_table"><thead> 						 <tr class="headerBgColor">							<th class="topics">' . gettext('Topics') . '</th>							<th class="replies">' . gettext('Category') . '</th>							<th class="created_by">' . gettext('Created By') . '</th>							<th class="post_date">' . gettext('Post Date') . '</th>						 </tr>						</thead>';   foreach ($result as $recod_k => $records) {    $continue_act = true;    if (($recod_k > ($pageno - 1) * $per_page) && ($recod_k <= (($pageno - 1) * $per_page) + $per_page)) {     $continue_act = false;    }    if ($continue_act) {     continue;    }    $even_odd = ($con_count % 2 == 0) ? 'even' : 'odd';    $content_string .= "<tr id=\"row_no$con_count\" class='new_row $even_odd'> "      . " <td class='subject_summary'>";    $content_string .= '<a href="' . HOME_URL . 'content.php?mode=2&'      . 'content_id=' . $records->content_id . '&content_type_id=' . $records->content_type_id . '">';    $content_string .= substr($records->subject, 0, $subject_noof_char);    $content_string .= ' </a>';    $content_string .= '</td>';    $content_string .= '<td class="no_of_replies">';    $content_string .= $records->category . '</td>';    $content_string .= '<td class="created_by">';    $content_string .= $records->username;    $content_string .= '</td><td class="post_date">';    $content_string .= $records->creation_date;    $content_string .= '</td>';    $content_string .= '</tr>';    $con_count++;   }  }  $content_string .='</table>'; } $content_string .='</div>'; $content_string .= '<div id="pagination">'; $content_string .= $pagination->show_pagination(); $content_string .= '</div>'; $comment_result = $ud->user_comments(); $total_count_c = count($comment_result); $pagination_c = new pagination($pageno, $per_page, $total_count_c); $pagination_c->setProperty('_path', 'form'); $pagination_c->setProperty('_query_string', $query_string); $comment_string = '<div class="table_container">'; if ($comment_result) {  $con_count = 0;  if (count($comment_result) > 0) {   $comment_string .='<table id="comment_list" class="top_margin10 form_line_data_table"><thead> 						 <tr class="headerBgColor">							<th class="topics">' . gettext('Subject') . '</th>							<th class="created_by">' . gettext('Created By') . '</th>							<th class="post_date">' . gettext('Post Date') . '</th>						 </tr>						</thead>';   foreach ($comment_result as $recod_c_k => $recod_c) {    $continue_act1 = true;    if (($recod_c_k > ($pageno - 1) * $per_page) && ($recod_c_k <= (($pageno - 1) * $per_page) + $per_page)) {     $continue_act1 = false;    }    if ($continue_act1) {     continue;    }    $even_odd = ($con_count % 2 == 0) ? 'even' : 'odd';    $comment_string .= "<tr id=\"row_no$con_count\" class='new_row $even_odd'> "      . " <td class='subject_summary'>";    $comment_string .= '<a href="' . HOME_URL . 'content.php?mode=2&'      . 'content_id=' . $recod_c->reference_id . '&content_type_id=' . $recod_c->content_type_id . '">';    $comment_string .= substr($recod_c->comment, 0, $subject_noof_char);    $comment_string .= ' </a>';    $comment_string .= '</td>';    $comment_string .= '<td class="created_by">';    $comment_string .= $recod_c->username;    $comment_string .= '</td><td class="post_date">';    $comment_string .= $recod_c->creation_date;    $comment_string .= '</td>';    $comment_string .= '</tr>';    $con_count++;   }  }  $comment_string .='</table>'; } $comment_string .='</div>'; $comment_string .= '<div id="pagination">'; $comment_string .= $pagination_c->show_pagination(); $comment_string .= '</div>';?>
+<?php // $mode = 2; $readonly = 1; if (!empty($_GET['user_id'])) {  $user_id = $_GET['user_id']; } else if (!empty($_SESSION['user_id'])) {  $user_id = $_SESSION['user_id']; }else{  access_denied(); } $ud = new user_activity_v();// $ud->user_id = $user_id; $result = $ud->user_contents(); $subject_noof_char = 50; $pageno = !empty($_GET['pageno']) ? $_GET['pageno'] : 1; $per_page = !empty($_GET['per_page']) ? $_GET['per_page'] : 10; $query_string = !empty($_SERVER['QUERY_STRING']) ? htmlentities($_SERVER['QUERY_STRING']) : ''; $total_count = count($result); $pagination = new pagination($pageno, $per_page, $total_count); $pagination->setProperty('_path', 'form'); $pagination->setProperty('_query_string', $query_string); $content_string = '<div class="table_container">'; if ($result) {  $con_count = 0;  if (count($result) > 0) {   $content_string .='<table id="forum_list" class="top_margin10 form_line_data_table"><thead> 						 <tr class="headerBgColor">							<th class="topics">' . gettext('Topics') . '</th>							<th class="replies">' . gettext('Category') . '</th>							<th class="created_by">' . gettext('Created By') . '</th>							<th class="post_date">' . gettext('Post Date') . '</th>						 </tr>						</thead>';   foreach ($result as $recod_k => $records) {    $continue_act = true;    if (($recod_k > ($pageno - 1) * $per_page) && ($recod_k <= (($pageno - 1) * $per_page) + $per_page)) {     $continue_act = false;    }    if ($continue_act) {     continue;    }    $even_odd = ($con_count % 2 == 0) ? 'even' : 'odd';    $content_string .= "<tr id=\"row_no$con_count\" class='new_row $even_odd'> "      . " <td class='subject_summary'>";    $content_string .= '<a href="' . HOME_URL . 'content.php?mode=2&'      . 'content_id=' . $records->content_id . '&content_type_id=' . $records->content_type_id . '">';    $content_string .= substr($records->subject, 0, $subject_noof_char);    $content_string .= ' </a>';    $content_string .= '</td>';    $content_string .= '<td class="no_of_replies">';    $content_string .= $records->category . '</td>';    $content_string .= '<td class="created_by">';    $content_string .= $records->username;    $content_string .= '</td><td class="post_date">';    $content_string .= $records->creation_date;    $content_string .= '</td>';    $content_string .= '</tr>';    $con_count++;   }  }  $content_string .='</table>'; } $content_string .='</div>'; $content_string .= '<div id="pagination">'; $content_string .= $pagination->show_pagination(); $content_string .= '</div>'; $comment_result = $ud->user_comments(); $total_count_c = count($comment_result); $pagination_c = new pagination($pageno, $per_page, $total_count_c); $pagination_c->setProperty('_path', 'form'); $pagination_c->setProperty('_query_string', $query_string); $comment_string = '<div class="table_container">'; if ($comment_result) {  $con_count = 0;  if (count($comment_result) > 0) {   $comment_string .='<table id="comment_list" class="top_margin10 form_line_data_table"><thead> 						 <tr class="headerBgColor">							<th class="topics">' . gettext('Subject') . '</th>							<th class="created_by">' . gettext('Created By') . '</th>							<th class="post_date">' . gettext('Post Date') . '</th>						 </tr>						</thead>';   foreach ($comment_result as $recod_c_k => $recod_c) {    $continue_act1 = true;    if (($recod_c_k > ($pageno - 1) * $per_page) && ($recod_c_k <= (($pageno - 1) * $per_page) + $per_page)) {     $continue_act1 = false;    }    if ($continue_act1) {     continue;    }    $even_odd = ($con_count % 2 == 0) ? 'even' : 'odd';    $comment_string .= "<tr id=\"row_no$con_count\" class='new_row $even_odd'> "      . " <td class='subject_summary'>";    $comment_string .= '<a href="' . HOME_URL . 'content.php?mode=2&'      . 'content_id=' . $recod_c->reference_id . '&content_type_id=' . $recod_c->content_type_id . '">';    $comment_string .= substr($recod_c->comment, 0, $subject_noof_char);    $comment_string .= ' </a>';    $comment_string .= '</td>';    $comment_string .= '<td class="created_by">';    $comment_string .= $recod_c->username;    $comment_string .= '</td><td class="post_date">';    $comment_string .= $recod_c->creation_date;    $comment_string .= '</td>';    $comment_string .= '</tr>';    $con_count++;   }  }  $comment_string .='</table>'; } $comment_string .='</div>'; $comment_string .= '<div id="pagination">'; $comment_string .= $pagination_c->show_pagination(); $comment_string .= '</div>';?>
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		<?php // $mode = 2; $readonly = 1; if (!empty($_GET['user_id'])) { $user_id = $_GET['user_id']; } else if (!empty($_SESSION['user_id'])) { $user_id = $_SESSION['user_id']; }else{ access_denied(); } $ud = new user_activity_v();// $ud->user_id = $user_id; $result = $ud->user_contents(); $subject_noof_char = 50; $pageno = !empty($_GET['pageno']) ? $_GET['pageno'] : 1; $per_page = !empty($_GET['per_page']) ? $_GET['per_page'] : 10; $query_string = !empty($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : ''; $total_count = count($result); $pagination = new pagination($pageno, $per_page, $total_count); $pagination->setProperty('_path', 'form'); $pagination->setProperty('_query_string', $query_string); $content_string = '<div class="table_container">'; if ($result) { $con_count = 0; if (count($result) > 0) { $content_string .='<table id="forum_list" class="top_margin10 form_line_data_table"><thead> <tr class="headerBgColor"> <th class="topics">' . gettext('Topics') . '</th> <th class="replies">' . gettext('Category') . '</th> <th class="created_by">' . gettext('Created By') . '</th> <th class="post_date">' . gettext('Post Date') . '</th> </tr> </thead>'; foreach ($result as $recod_k => $records) { $continue_act = true; if (($recod_k > ($pageno - 1) * $per_page) && ($recod_k <= (($pageno - 1) * $per_page) + $per_page)) { $continue_act = false; } if ($continue_act) { continue; } $even_odd = ($con_count % 2 == 0) ? 'even' : 'odd'; $content_string .= "<tr id=\"row_no$con_count\" class='new_row $even_odd'> " . " <td class='subject_summary'>"; $content_string .= '<a href="' . HOME_URL . 'content.php?mode=2&' . 'content_id=' . $records->content_id . '&content_type_id=' . $records->content_type_id . '">'; $content_string .= substr($records->subject, 0, $subject_noof_char); $content_string .= ' </a>'; $content_string .= '</td>'; $content_string .= '<td class="no_of_replies">'; $content_string .= $records->category . '</td>'; $content_string .= '<td class="created_by">'; $content_string .= $records->username; $content_string .= '</td><td class="post_date">'; $content_string .= $records->creation_date; $content_string .= '</td>'; $content_string .= '</tr>'; $con_count++; } } $content_string .='</table>'; } $content_string .='</div>'; $content_string .= '<div id="pagination">'; $content_string .= $pagination->show_pagination(); $content_string .= '</div>'; $comment_result = $ud->user_comments(); $total_count_c = count($comment_result); $pagination_c = new pagination($pageno, $per_page, $total_count_c); $pagination_c->setProperty('_path', 'form'); $pagination_c->setProperty('_query_string', $query_string); $comment_string = '<div class="table_container">'; if ($comment_result) { $con_count = 0; if (count($comment_result) > 0) { $comment_string .='<table id="comment_list" class="top_margin10 form_line_data_table"><thead> <tr class="headerBgColor"> <th class="topics">' . gettext('Subject') . '</th> <th class="created_by">' . gettext('Created By') . '</th> <th class="post_date">' . gettext('Post Date') . '</th> </tr> </thead>'; foreach ($comment_result as $recod_c_k => $recod_c) { $continue_act1 = true; if (($recod_c_k > ($pageno - 1) * $per_page) && ($recod_c_k <= (($pageno - 1) * $per_page) + $per_page)) { $continue_act1 = false; } if ($continue_act1) { continue; } $even_odd = ($con_count % 2 == 0) ? 'even' : 'odd'; $comment_string .= "<tr id=\"row_no$con_count\" class='new_row $even_odd'> " . " <td class='subject_summary'>"; $comment_string .= '<a href="' . HOME_URL . 'content.php?mode=2&' . 'content_id=' . $recod_c->reference_id . '&content_type_id=' . $recod_c->content_type_id . '">'; $comment_string .= substr($recod_c->comment, 0, $subject_noof_char); $comment_string .= ' </a>'; $comment_string .= '</td>'; $comment_string .= '<td class="created_by">'; $comment_string .= $recod_c->username; $comment_string .= '</td><td class="post_date">'; $comment_string .= $recod_c->creation_date; $comment_string .= '</td>'; $comment_string .= '</tr>'; $con_count++; } } $comment_string .='</table>'; } $comment_string .='</div>'; $comment_string .= '<div id="pagination">'; $comment_string .= $pagination_c->show_pagination(); $comment_string .= '</div>';?>
		<?php // $mode = 2; $readonly = 1; if (!empty($_GET['user_id'])) { $user_id = $_GET['user_id']; } else if (!empty($_SESSION['user_id'])) { $user_id = $_SESSION['user_id']; }else{ access_denied(); } $ud = new user_activity_v();// $ud->user_id = $user_id; $result = $ud->user_contents(); $subject_noof_char = 50; $pageno = !empty($_GET['pageno']) ? $_GET['pageno'] : 1; $per_page = !empty($_GET['per_page']) ? $_GET['per_page'] : 10; $query_string = !empty($_SERVER['QUERY_STRING']) ? htmlentities($_SERVER['QUERY_STRING']) : ''; $total_count = count($result); $pagination = new pagination($pageno, $per_page, $total_count); $pagination->setProperty('_path', 'form'); $pagination->setProperty('_query_string', $query_string); $content_string = '<div class="table_container">'; if ($result) { $con_count = 0; if (count($result) > 0) { $content_string .='<table id="forum_list" class="top_margin10 form_line_data_table"><thead> <tr class="headerBgColor"> <th class="topics">' . gettext('Topics') . '</th> <th class="replies">' . gettext('Category') . '</th> <th class="created_by">' . gettext('Created By') . '</th> <th class="post_date">' . gettext('Post Date') . '</th> </tr> </thead>'; foreach ($result as $recod_k => $records) { $continue_act = true; if (($recod_k > ($pageno - 1) * $per_page) && ($recod_k <= (($pageno - 1) * $per_page) + $per_page)) { $continue_act = false; } if ($continue_act) { continue; } $even_odd = ($con_count % 2 == 0) ? 'even' : 'odd'; $content_string .= "<tr id=\"row_no$con_count\" class='new_row $even_odd'> " . " <td class='subject_summary'>"; $content_string .= '<a href="' . HOME_URL . 'content.php?mode=2&' . 'content_id=' . $records->content_id . '&content_type_id=' . $records->content_type_id . '">'; $content_string .= substr($records->subject, 0, $subject_noof_char); $content_string .= ' </a>'; $content_string .= '</td>'; $content_string .= '<td class="no_of_replies">'; $content_string .= $records->category . '</td>'; $content_string .= '<td class="created_by">'; $content_string .= $records->username; $content_string .= '</td><td class="post_date">'; $content_string .= $records->creation_date; $content_string .= '</td>'; $content_string .= '</tr>'; $con_count++; } } $content_string .='</table>'; } $content_string .='</div>'; $content_string .= '<div id="pagination">'; $content_string .= $pagination->show_pagination(); $content_string .= '</div>'; $comment_result = $ud->user_comments(); $total_count_c = count($comment_result); $pagination_c = new pagination($pageno, $per_page, $total_count_c); $pagination_c->setProperty('_path', 'form'); $pagination_c->setProperty('_query_string', $query_string); $comment_string = '<div class="table_container">'; if ($comment_result) { $con_count = 0; if (count($comment_result) > 0) { $comment_string .='<table id="comment_list" class="top_margin10 form_line_data_table"><thead> <tr class="headerBgColor"> <th class="topics">' . gettext('Subject') . '</th> <th class="created_by">' . gettext('Created By') . '</th> <th class="post_date">' . gettext('Post Date') . '</th> </tr> </thead>'; foreach ($comment_result as $recod_c_k => $recod_c) { $continue_act1 = true; if (($recod_c_k > ($pageno - 1) * $per_page) && ($recod_c_k <= (($pageno - 1) * $per_page) + $per_page)) { $continue_act1 = false; } if ($continue_act1) { continue; } $even_odd = ($con_count % 2 == 0) ? 'even' : 'odd'; $comment_string .= "<tr id=\"row_no$con_count\" class='new_row $even_odd'> " . " <td class='subject_summary'>"; $comment_string .= '<a href="' . HOME_URL . 'content.php?mode=2&' . 'content_id=' . $recod_c->reference_id . '&content_type_id=' . $recod_c->content_type_id . '">'; $comment_string .= substr($recod_c->comment, 0, $subject_noof_char); $comment_string .= ' </a>'; $comment_string .= '</td>'; $comment_string .= '<td class="created_by">'; $comment_string .= $recod_c->username; $comment_string .= '</td><td class="post_date">'; $comment_string .= $recod_c->creation_date; $comment_string .= '</td>'; $comment_string .= '</tr>'; $con_count++; } } $comment_string .='</table>'; } $comment_string .='</div>'; $comment_string .= '<div id="pagination">'; $comment_string .= $pagination_c->show_pagination(); $comment_string .= '</div>';?>
Expand Down