diff --git a/admin/cms.php b/admin/cms.php index 30767627..8f3c373b 100644 --- a/admin/cms.php +++ b/admin/cms.php @@ -77,7 +77,7 @@ echo "<< Back to file list
\n"; echo "
"; echo "\n"; - if($_GET['filename']) + if(get_value_from_array($_GET,'filename', '')) echo "\n"; else echo "Choose filename to create: /web/.html
"; @@ -88,7 +88,7 @@ echo ""; echo "\n"; - echo "\n"; + echo "\n"; echo "\n"; @@ -126,7 +126,7 @@ $oFCKeditor = new FCKeditor("text_$lang") ; $oFCKeditor->BasePath = "../fckeditor/"; - $oFCKeditor->Value = $r->text; + $oFCKeditor->Value = get_value_property_or_default($r, 'text'); $oFCKeditor->Width="100%"; $oFCKeditor->Height=400; $oFCKeditor->Create() ; @@ -138,13 +138,13 @@ echo "
"; - $q = $pdo->prepare("SELECT * FROM cms WHERE filename='".$_GET['filename']."' AND lang='$lang' ORDER BY dt DESC LIMIT 1"); + $q = $pdo->prepare("SELECT * FROM cms WHERE filename='".get_value_from_array($_GET, 'filename', '')."' AND lang='$lang' ORDER BY dt DESC LIMIT 1"); $q->execute(); if($r=$q->fetch(PDO::FETCH_OBJ)) { if($r->dt=="0000-00-00 00:00:00" || !$r->dt) $dt="Never"; @@ -112,12 +112,12 @@ echo "$langname
"; //    ".i18n("Last updated").": $dt
"; } echo "
".i18n("Page Title").":title)."\">
".i18n("Page Title").":
".i18n("Show Logo").":"; - if($r->showlogo) $ch="checked=\"checked\""; else $ch=""; + if(get_value_property_or_default($r, 'showlogo')) $ch="checked=\"checked\""; else $ch=""; echo " ".i18n("Yes"); echo "   "; - if(!$r->showlogo) $ch="checked=\"checked\""; else $ch=""; + if(!get_value_property_or_default($r, 'showlogo')) $ch="checked=\"checked\""; else $ch=""; echo " ".i18n("No"); echo "
"; echo ""; - if($_GET['historylimit']) $historylimit=intval($_GET['historylimit']); + if(get_value_from_array($_GET, 'historylimit','')) $historylimit=intval(get_value_from_array($_GET, 'historylimit', '')); else $historylimit=30; echo "\n"; - $q = $pdo->prepare("SELECT DISTINCT(dt) FROM cms WHERE filename='".$_GET['filename']."' ORDER BY dt DESC LIMIT $historylimit"); + $q = $pdo->prepare("SELECT DISTINCT(dt) FROM cms WHERE filename='".get_value_from_array($_GET, 'filename','')."' ORDER BY dt DESC LIMIT $historylimit"); $q->execute(); $first=true; if($q->rowCount()) { diff --git a/admin/reports.php b/admin/reports.php index 30410d7d..730cda96 100644 --- a/admin/reports.php +++ b/admin/reports.php @@ -42,7 +42,7 @@ case 'remove_report': exit; case 'reload': $edit_mode = true; - $reports_id = intval($_POST['reports_id']); + $reports_id = intval(get_value_from_array($_POST, 'reports_id')); exit; case 'load_report': diff --git a/config/categories.php b/config/categories.php index 91c55c9c..bdb8b233 100644 --- a/config/categories.php +++ b/config/categories.php @@ -142,8 +142,9 @@ { $buttontext="Add"; } + echo ""; - echo " "; + echo " "; echo " "; echo " "; echo " "; diff --git a/fckeditor/fckeditor_php5.php b/fckeditor/fckeditor_php5.php index 9b57cbb7..0f773984 100644 --- a/fckeditor/fckeditor_php5.php +++ b/fckeditor/fckeditor_php5.php @@ -155,7 +155,7 @@ class FCKeditor */ public function CreateHtml() { - $HtmlValue = htmlspecialchars( $this->Value ) ; + $HtmlValue = htmlspecialchars( get_value_property_or_default($this, 'Value', 'sdf') ) ; $Html = '' ; diff --git a/helper.inc.php b/helper.inc.php index a9b323f0..e86c6661 100644 --- a/helper.inc.php +++ b/helper.inc.php @@ -25,6 +25,11 @@ function get_value_or_default(mixed $var, mixed $default = null) : mixed { return isset($var) ? $var : $default; } +function get_value_property_or_default(mixed $var, mixed $property, mixed $default = null) : mixed { + + return $var && property_exists($var, $property) ? $var->$property : $default; +} + function show_pdo_errors_if_any($pdo) {// Check for errors after the query execution $errorInfo = $pdo->errorInfo(); diff --git a/tableeditor.class.php b/tableeditor.class.php index 66c5e8bf..104ad1d3 100644 --- a/tableeditor.class.php +++ b/tableeditor.class.php @@ -252,7 +252,7 @@ class TableEditor function sortField() { - if($_SESSION["TableEditorSort{$this->table}"]) + if(get_value_from_array($_SESSION, "TableEditorSort{$this->table}")) return $_SESSION["TableEditorSort{$this->table}"]; else return $this->sortDefault; @@ -537,13 +537,13 @@ class TableEditor } } - if($_GET['TableEditorAction']=="page" && $_GET['page']) + if(get_value_from_array($_GET, 'TableEditorAction') == "page" && get_value_from_array($_GET, 'page')) { $this->setActivePage($_GET['page']); } - if( ($_POST['TableEditorAction']=="editsave" && $_POST['editsave']) - || ($_POST['TableEditorAction']=="addsave") ) + if( (get_value_from_array($_POST, 'TableEditorAction') == "editsave") && get_value_from_array($_POST, 'editsave') + || (get_value_from_array($_POST, 'TableEditorAction') == "addsave") ) { if($_POST['TableEditorAction']=="addsave") { if($this->classname) @@ -961,7 +961,7 @@ class TableEditor echo ""; echo "
".i18n("File History")."
id\">category\">category_shortform\">mingrade\">
"; } - else if($_GET['TableEditorAction']=="export") + else if(get_value_from_array($_GET, 'TableEditorAction') == "export") { //fixme: how to do an export? we cant send headers because its possible that output has already started! @@ -1015,7 +1015,7 @@ class TableEditor $query .= " FROM "; foreach($from as $f) $query .= "$f "; $query .= " WHERE 1 "; - + if(is_array($where)) { foreach($where as $w) $query .= "AND $w "; } @@ -1041,6 +1041,7 @@ class TableEditor if($this->DEBUG) echo $query; + echo $query; $q = $pdo->prepare($query); $q->execute();