$final_match_rows = array();\r
foreach ($search_terms as $term)\r
{\r
- $match_rows = $languageTextDAO->getHelpByMatchingText($term, $_SESSION['lang']);\r
+ $match_rows = $languageTextDAO->getHelpByMatchingText($addslashes($term), $_SESSION['lang']);\r
\r
if (is_array($match_rows)) $final_match_rows = array_merge($final_match_rows, $match_rows);\r
}\r
}\r
?>\r
</body>\r
-</html>
\ No newline at end of file
+</html>\r
//$my_courses = array();
$search_text = trim($_GET['search_text']);
-$courses = $coursesDAO->getSearchResult($search_text, $_GET['catid']);
+$courses = $coursesDAO->getSearchResult($addslashes($search_text), $_GET['catid']);
// handle submits
if (isset($_GET['action'], $_GET['cid']) && $_SESSION['user_id'] > 0)
*/
public function getUserByID($userID)
{
+ $userID = intval($userID);
$sql = 'SELECT * FROM '.TABLE_PREFIX.'users WHERE user_id='.$userID;
if ($rows = $this->execute($sql))
{
*/
public function getUserByWebServiceID($webServiceID)
{
+ $webServiceID = intval($webServiceID);
$sql = "SELECT * FROM ".TABLE_PREFIX."users WHERE web_service_id='".$webServiceID."'";
if ($rows = $this->execute($sql))
{
?>\r
\r
<div class="input-form">\r
- <form name="add_form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" >\r
+ <form name="add_form" method="post" action="<?php echo AT_print($_SERVER['PHP_SELF'], 'input.form'); ?>" >\r
<fieldset class="group_form"><legend class="group_form"><?php echo _AT("add_course_category"); ?></legend>\r
<table class="form-data" align="left">\r
<tr align="left">\r
include(TR_INCLUDE_PATH.'header.inc.php');\r
?>\r
\r
-<form name="input_form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?><?php if (isset($_GET["id"])) echo '?id='.$_GET["id"]; ?>" >\r
+<form name="input_form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?><?php if (isset($_GET["id"])) echo '?id='.intval($_GET["id"]); ?>" >\r
<?php if (isset($this->row["language_code"])) {?>\r
<input type="hidden" name="language_code" value="<?php echo $this->row["language_code"]; ?>" />\r
<input type="hidden" name="charset" value="<?php echo $this->row["charset"]; ?>" />\r
foreach ($this->rows_lang as $row_lang)\r
{\r
?>\r
- <option value="<?php echo $row_lang['code_3letters']; ?>" <?php if ((isset($_POST["lang_code"]) && $_REQUEST["lang_code"] == $row_lang['code_3letters']) || (!isset($_REQUEST["lang_code"]) && $this->row["lang_code"] == $row_lang['code_3letters'])) echo 'selected="selected"'; ?>><?php echo $row_lang["description"]. ' - '. $row_lang['code_3letters']; ?></option>\r
+ <option value="<?php echo $row_lang['code_3letters']; ?>" <?php if ((isset($_POST["lang_code"]) && $_POST["lang_code"] == $row_lang['code_3letters']) || (!isset($_REQUEST["lang_code"]) && $this->row["lang_code"] == $row_lang['code_3letters'])) echo 'selected="selected"'; ?>><?php echo $row_lang["description"]. ' - '. $row_lang['code_3letters']; ?></option>\r
<?php\r
}\r
?>\r
<th><label for="lang_code"> <?php echo _AT('lang_code'); ?></label></th>\r
<td>\r
<?php if (isset($this->row['language_code'])) echo $this->row['language_code']; else {?>\r
- <input id="lang_code" name="lang_code" type="text" size="2" maxlength="2" value="<?php if (isset($_POST['lang_code'])) echo $_POST['lang_code']; else echo $this->row['language_code']; ?>" />\r
+ <input id="lang_code" name="lang_code" type="text" size="2" maxlength="2" value="<?php if (isset($_POST['lang_code'])) echo AT_print($_POST['lang_code'], 'input.text'); else echo AT_print($this->row['language_code'], 'input.text'); ?>" />\r
<?php }?>\r
</td>\r
</tr>\r
<th><label for="locale"> <?php echo _AT('locale'); ?></label></th>\r
<td>\r
<?php if (isset($this->row['language_code'])) if ($this->row['locale'] == '') echo _AT('na'); else echo $this->row['locale']; else {?>\r
- <input id="locale" name="locale" type="text" size="2" maxlength="2" value="<?php if (isset($_POST['locale'])) echo $_POST['locale']; else echo $this->row['locale']; ?>" />\r
+ <input id="locale" name="locale" type="text" size="2" maxlength="2" value="<?php if (isset($_POST['locale'])) echo AT_print($_POST['locale'], 'input.text'); else echo AT_print($this->row['locale'], 'input.text'); ?>" />\r
<?php }?>\r
</td>\r
</tr>\r
<label for="charset"><?php echo _AT('charset'); ?></label></th>\r
<td>\r
<?php if (isset($this->row['language_code'])) echo $this->row['charset']; else {?>\r
- <input type="text" name="charset" id="charset" value="<?php if (isset($_POST['charset'])) echo $_POST['charset']; else if (isset($this->row["charset"])) echo $this->row["charset"]; else echo DEFAULT_CHARSET; ?>" />\r
+ <input type="text" name="charset" id="charset" value="<?php if (isset($_POST['charset'])) echo $_POST['charset']; else if (isset($this->row["charset"])) echo AT_print($this->row["charset"], 'input.text'); else echo DEFAULT_CHARSET; ?>" />\r
<?php }?>\r
</td>\r
</tr>\r
<tr align="left">\r
<th><span class="required" title="<?php echo _AT('required_field'); ?>">*</span>\r
<label for="native_name"><?php echo _AT('name_in_language'); ?></label></th>\r
- <td><input type="text" name="native_name" id="native_name" value="<?php if (isset($_POST['native_name'])) echo $_POST['native_name']; else echo $this->row["native_name"]; ?>" /></td>\r
+ <td><input type="text" name="native_name" id="native_name" value="<?php if (isset($_POST['native_name'])) echo $_POST['native_name']; else echo AT_print($this->row["native_name"], 'input.text'); ?>" /></td>\r
</tr>\r
\r
<tr align="left">\r
<th><span class="required" title="<?php echo _AT('required_field'); ?>">*</span>\r
<label for="english_name"><?php echo _AT('name_in_english'); ?></label></th>\r
- <td><input type="text" name="english_name" id="english_name" value="<?php if (isset($_POST['english_name'])) echo $_POST['english_name']; else echo $this->row["english_name"]; ?>" /></td>\r
+ <td><input type="text" name="english_name" id="english_name" value="<?php if (isset($_POST['english_name'])) echo $_POST['english_name']; else echo AT_print($this->row["english_name"], 'input.text'); ?>" /></td>\r
</tr>\r
\r
<tr align="left">\r
\r
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="form">\r
<?php if (isset($_REQUEST['oauth_token'])) {?>\r
-<input type="hidden" name="oauth_token" value="<?php echo $_REQUEST['oauth_token']; ?>" />\r
+<input type="hidden" name="oauth_token" value="<?php echo AT_print($_REQUEST['oauth_token'], 'input.hidden'); ?>" />\r
<?php }?>\r
<?php if (isset($_REQUEST['oauth_callback'])) {?>\r
-<input type="hidden" name="oauth_callback" value="<?php echo $_REQUEST['oauth_callback']; ?>" />\r
+<input type="hidden" name="oauth_callback" value="<?php echo AT_print($_REQUEST['oauth_callback'], 'input.hidden'); ?>" />\r
<?php }?>\r
<input type="hidden" name="form_password_hidden" value="" />\r
<div class="input-form">\r
include(TR_INCLUDE_PATH.'header.inc.php');\r
?>\r
\r
-<form name="input_form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?><?php if (isset($_GET["id"])) echo '?id='.$_GET["id"]; ?>" >\r
+<form name="input_form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?><?php if (isset($_GET["id"])) echo '?id='.intval($_GET["id"]); ?>" >\r
<?php if (isset($this->user_group_row["user_group_id"])) {?>\r
<input type="hidden" name="user_group_id" value="<?php echo $this->user_group_row["user_group_id"]; ?>" />\r
<?php }?>\r
\r
<tr>\r
<th align="left"><span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="title"><?php echo _AT('title'); ?></label></th>\r
- <td><input type="text" name="title" size="100" id="title" value="<?php if (isset($_POST['title'])) echo $_POST['title']; else echo $this->user_group_row["title"]; ?>" /></td>\r
+ <td><input type="text" name="title" size="100" id="title" value="<?php if (isset($_POST['title'])) echo AT_print($_POST['title'], 'input.text'); else echo AT_print($this->user_group_row["title"], 'input.text'); ?>" /></td>\r
</tr>\r
\r
<tr>\r
<th align="left"><label for="description"><?php echo _AT('description'); ?></label></th>\r
- <td><textarea rows="3" cols="30" name="description" id="description"><?php if (isset($_POST['description'])) echo $_POST['description']; else echo $this->user_group_row["description"]; ?></textarea></td>\r
+ <td><textarea rows="3" cols="30" name="description" id="description"><?php if (isset($_POST['description'])) echo AT_print($_POST['description'], 'input.text'); else echo AT_print($this->user_group_row["description"], 'input.text'); ?></textarea></td>\r
</tr>\r
\r
<?php if (isset($this->user_group_row['user_group_id'])) {?>\r
exit;\r
}\r
\r
-$myown_patch_id = $_REQUEST["myown_patch_id"];\r
+$myown_patch_id = intval($_REQUEST["myown_patch_id"]);\r
\r
$myownPatchesDAO = new MyownPatchesDAO();\r
$myownPatchesDependentDAO = new MyownPatchesDependentDAO();\r
include_once(TR_INCLUDE_PATH.'classes/DAO/UserGroupsDAO.class.php');
// handle submit
+$_GET['id'] = intval($_GET['id']);
if (isset($_POST['cancel'])) {
header('Location: index.php');
exit;