diff --git a/admin/donors.php b/admin/donors.php index 1bce31d8..b9dc6448 100644 --- a/admin/donors.php +++ b/admin/donors.php @@ -1078,7 +1078,8 @@ function update_contactsinfo() } function contactsinfo_save(uid) { - var id=sponsor_id; + var id=sponsor_id; + print(id); $("#debug").load("?action=contactsinfo_save&id="+id, $("#contact_" + uid).serializeArray(), function() { $("#contactaccordion").accordion(); diff --git a/admin/judges_schedulerconfig_check.inc.php b/admin/judges_schedulerconfig_check.inc.php index 952c5bc3..1bd1577b 100644 --- a/admin/judges_schedulerconfig_check.inc.php +++ b/admin/judges_schedulerconfig_check.inc.php @@ -144,12 +144,16 @@ function judges_scheduler_check_judges() $qp->execute(); $qr = $qp->fetch(PDO::FETCH_OBJ); + if (get_value_from_3d_array($jdiv, $r->jdiv_id, 'num_projects', 'total') !== null){ + $jdiv[$r->jdiv_id][num_projects][total] += $qr->cnt; + } - $jdiv[$r->jdiv_id]['num_projects']['total'] += $qr->cnt; - $jdiv[$r->jdiv_id]['num_projects'][$l] += $qr->cnt; + if(get_value_from_3d_array($jdiv,$r->jdiv_id, 'num_projects', $l) !== null) + $jdiv[$r->jdiv_id]['num_projects'][$l] += $qr->cnt; - $projectlanguagetotal[$l]+=$qr->cnt; + if(get_value_from_array($projectlanguagetotal, $l) !== null) + $projectlanguagetotal[$l]+=$qr->cnt; $projecttotal+=$qr->cnt; } diff --git a/admin/reports.inc.php b/admin/reports.inc.php index d7b9bbda..590cda88 100644 --- a/admin/reports.inc.php +++ b/admin/reports.inc.php @@ -359,17 +359,17 @@ foreach($report_stock as $n=>$v) { foreach($report[$type] as $k=>$v) { if($type == 'option') { /* field, value, x, y, w, h, lines, face, align, valign, fn, fs, fsize, overflow */ - $vals = "'".$k."','".$v."','0','0','0','0','0','','','','','','0','truncate'"; + $vals = "'".$pdo->quote($k)."','".$pdo->quote($v)."','0','0','0','0','0','','','','','','0','truncate'"; } else { if(get_value_from_array($v, 'lines') == 0) $v['lines'] =1; $fs = is_array(get_value_from_array($v,'fontstyle')) ? implode(',',$v['fontstyle']) : ''; - $opts = "{".get_value_from_array($v,'align')."} {". get_value_from_array($v, 'valign') ."}"; - $vals = "'{'".get_value_from_array($v, 'field')."'}','".get_value_from_array($v, 'value')."', - '{".get_value_from_array($v, 'x')."}','{".get_value_from_array($v,'y')."}','{".get_value_from_array($v, 'w')."}', - '{".get_value_from_array($v, 'h')."}','{".get_value_from_array($v, 'lines')."}','{".get_value_from_array($v,'face')."}', - '$opts','{".get_value_from_array($v,'valign')."}', - '{".get_value_from_array($v, 'fontname')."}','$fs','{".get_value_from_array($v, 'fontsize')."}', - '{".get_value_from_array($v, 'on_overflow')."}'"; + $opts = get_value_from_array($v, 'align') . " " .$pdo->quote(get_value_from_array($v, 'valign')); + $vals = "'{$v['field']}','{$v['value']}', + '{$v['x']}','{$v['y']}','{$v['w']}', + '{$v['h']}','{$v['lines']}','{$v['face']}', + '$opts','{$v['valign']}', + '{$v['fontname']}','$fs','{$v['fontsize']}', + '{$v['on_overflow']}'"; } if($q != '') $q .= ','; $q .= "({$report['id']}, '$type','$x',$vals)"; @@ -396,17 +396,19 @@ foreach($report_stock as $n=>$v) { global $report_tours_fields, $report_fairs_fields; global $report_fundraisings_fields; + global $pdo; + $report = array(); $q = $pdo->prepare("SELECT * FROM reports WHERE id='$report_id'"); $q->execute(); $r = $q->fetch(PDO::FETCH_ASSOC); - $report['name'] = $r['name']; - $report['id'] = $r['id']; - $report['system_report_id'] = $r['system_report_id']; - $report['desc'] = $r['desc']; - $report['creator'] = $r['creator']; - $report['type'] = $r['type']; + $report['name'] = get_value_from_array($r, 'name'); + $report['id'] = get_value_from_array($r, 'id'); + $report['system_report_id'] = get_value_from_array($r, 'system_report_id'); + $report['desc'] = get_value_from_array($r,'desc'); + $report['creator'] = get_value_from_array($r,'creator'); + $report['type'] = get_value_from_array($r, 'type'); $report['col'] = array(); $report['sort'] = array(); diff --git a/admin/tours_assignments.php b/admin/tours_assignments.php index de792146..aaf56d88 100644 --- a/admin/tours_assignments.php +++ b/admin/tours_assignments.php @@ -38,7 +38,7 @@ $tours[$i->id]['num'] = $i->num; } - if($_GET['action']=='info') { + if(get_value_from_array($_GET, 'action')=='info') { $sid = intval($_GET['id']); $query="SELECT * FROM students WHERE id='$sid' @@ -139,10 +139,10 @@ function switchinfo() - $tours_id = intval($_POST['tours_id']); - $student_list = is_array($_POST['studentlist']) ? $_POST['studentlist'] : array(); + $tours_id = intval(get_value_from_array($_POST, 'tours_id')); + $student_list = is_array(get_value_from_array($_POST, 'studentlist')) ? $_POST['studentlist'] : array(); - if($_POST['action']=='add' && $tours_id != 0 && count($student_list)>0) { + if(get_value_from_array($_POST, 'action')=='add' && $tours_id != 0 && count($student_list)>0) { // make sure the tour is valid if(!array_key_exists($tours_id, $tours)) { /* Someone is hacking the POST */ @@ -184,10 +184,10 @@ function switchinfo() $added,$j,$tours[$tours_id]['num'],$tours[$tours_id]['name']))); } - $tours_id = intval($_GET['tours_id']); - $students_id = intval($_GET['students_id']); + $tours_id = intval(get_value_from_array($_GET, 'tours_id')); + $students_id = intval(get_value_from_array($_GET, 'students_id')); - if($_GET['action']=='del' && $tours_id>0 && $students_id>0) { + if(get_value_from_array($_GET, 'action')=='del' && $tours_id>0 && $students_id>0) { $stmt = $pdo->prepare("DELETE FROM tours_choice WHERE students_id='$students_id' AND year='{$config['FAIRYEAR']}' @@ -198,7 +198,7 @@ function switchinfo() } - if($_GET['action']=="empty" && $tours_id>0) + if(get_value_from_array($_GET, 'action')=="empty" && $tours_id>0) { $stmt=$po->prepare("DELETE FROM tours_choice WHERE tour_id='$tours_id' @@ -212,7 +212,7 @@ function switchinfo() if(!$_SESSION['viewstate']['students_teams_list_show']) $_SESSION['viewstate']['students_teams_list_show']='unassigned'; //now update the students_teams_list_show viewstate - if($_GET['students_teams_list_show']) + if(get_value_from_array($_GET, 'students_teams_list_show')) $_SESSION['viewstate']['students_teams_list_show']=$_GET['students_teams_list_show']; echo "
"; diff --git a/admin/tours_sa_config.php b/admin/tours_sa_config.php index ff0218ed..ed1f883d 100644 --- a/admin/tours_sa_config.php +++ b/admin/tours_sa_config.php @@ -28,7 +28,7 @@ ogram; see the file COPYING. If not, write to require_once("../config_editor.inc.php"); user_auth_required('committee', 'admin'); - if($_GET['action']=="launch") { + if(get_value_from_array($_GET, 'action')=="launch") { exec("nice php tours_sa.php >/dev/null 2>&1 &"); usleep(1000000); // 1 second to allow the judges_sa to update the % status to 0% otherwise the status page will think its not running if it gets there too soon header("Location: tours_sa_status.php"); @@ -54,6 +54,7 @@ ogram; see the file COPYING. If not, write to function tours_check_tours() { global $config; + global $pdo; $q = $pdo->prepare("SELECT * FROM tours WHERE year='{$config['FAIRYEAR']}'"); $q->execute(); return $q->rowCount(); @@ -62,6 +63,7 @@ ogram; see the file COPYING. If not, write to function tours_check_students() { global $config; + global $pdo; $q=$pdo->prepare("SELECT students.id FROM students LEFT JOIN tours_choice ON (tours_choice.students_id=students.id) @@ -77,7 +79,7 @@ ogram; see the file COPYING. If not, write to return $q->rowCount(); } - if($_GET['action']=="reset") { + if(get_value_from_array($_GET, 'action')=="reset") { $stmt = $pdo->prepare("UPDATE config SET `val`='-1' WHERE `var`='tours_assigner_percent' AND `year`=0"); $stmt->execute(); $config['tours_assigner_percent']=="-1"; diff --git a/common.inc.php b/common.inc.php index 2f3c5776..feac2c9a 100644 --- a/common.inc.php +++ b/common.inc.php @@ -403,7 +403,7 @@ function send_header($title="", $nav=null, $icon=null, $titletranslated=false) - +