From 0935854d49e3a269a83b81f764147853a04b711c Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Sat, 20 Sep 2008 08:20:06 +0000
Subject: [PATCH] Fixed a bug in tform.inc.php
---
interface/lib/classes/tform.inc.php | 25 +++++++++++++------------
1 file changed, 13 insertions(+), 12 deletions(-)
diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php
index 51e5ffe9d1..27e749c88f 100644
--- a/interface/lib/classes/tform.inc.php
+++ b/interface/lib/classes/tform.inc.php
@@ -470,7 +470,8 @@ class tform {
* @return record
*/
function encode($record,$tab) {
-
+ global $app;
+
if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab ist leer oder existiert nicht (TAB: $tab).");
//$this->errorMessage = '';
@@ -482,14 +483,14 @@ class tform {
switch ($field['datatype']) {
case 'VARCHAR':
if(!@is_array($record[$key])) {
- $new_record[$key] = (isset($record[$key]))?mysql_real_escape_string($record[$key]):'';
+ $new_record[$key] = (isset($record[$key]))?$app->db->quote($record[$key]):'';
} else {
$new_record[$key] = implode($field['separator'],$record[$key]);
}
break;
case 'TEXT':
if(!is_array($record[$key])) {
- $new_record[$key] = mysql_real_escape_string($record[$key]);
+ $new_record[$key] = $app->db->quote($record[$key]);
} else {
$new_record[$key] = implode($field['separator'],$record[$key]);
}
@@ -508,7 +509,7 @@ class tform {
//if($key == 'refresh') die($record[$key]);
break;
case 'DOUBLE':
- $new_record[$key] = mysql_real_escape_string($record[$key]);
+ $new_record[$key] = $app->db->quote($record[$key]);
break;
case 'CURRENCY':
$new_record[$key] = str_replace(",",".",$record[$key]);
@@ -699,14 +700,14 @@ class tform {
$salt.="$";
// $salt = substr(md5(time()),0,2);
$record[$key] = crypt($record[$key],$salt);
- $sql_insert_val .= "'".mysql_real_escape_string($record[$key])."', ";
+ $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif ($field['encryption'] == 'MYSQL') {
- $sql_insert_val .= "PASSWORD('".mysql_real_escape_string($record[$key])."'), ";
+ $sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";
} elseif ($field['encryption'] == 'CLEARTEXT') {
- $sql_insert_val .= "'".mysql_real_escape_string($record[$key])."', ";
+ $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} else {
$record[$key] = md5($record[$key]);
- $sql_insert_val .= "'".mysql_real_escape_string($record[$key])."', ";
+ $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
}
} elseif ($field['formtype'] == 'CHECKBOX') {
@@ -732,14 +733,14 @@ class tform {
$salt.="$";
// $salt = substr(md5(time()),0,2);
$record[$key] = crypt($record[$key],$salt);
- $sql_update .= "`$key` = '".mysql_real_escape_string($record[$key])."', ";
+ $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
- $sql_update .= "`$key` = PASSWORD('".mysql_real_escape_string($record[$key])."'), ";
+ $sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') {
- $sql_update .= "`$key` = '".mysql_real_escape_string($record[$key])."', ";
+ $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} else {
$record[$key] = md5($record[$key]);
- $sql_update .= "`$key` = '".mysql_real_escape_string($record[$key])."', ";
+ $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
}
} elseif ($field['formtype'] == 'CHECKBOX') {
--
GitLab