Show
Ignore:
Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved
  • oscommerce2/trunk/catalog/shopping_cart.php

    r477 r703  
    8282          $attributes = tep_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix 
    8383                                      from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa 
    84                                       where pa.products_id = '" . $products[$i]['id'] . "' 
    85                                        and pa.options_id = '" . $option . "' 
     84                                      where pa.products_id = '" . (int)$products[$i]['id'] . "' 
     85                                       and pa.options_id = '" . (int)$option . "' 
    8686                                       and pa.options_id = popt.products_options_id 
    87                                        and pa.options_values_id = '" . $value . "' 
     87                                       and pa.options_values_id = '" . (int)$value . "' 
    8888                                       and pa.options_values_id = poval.products_options_values_id 
    89                                        and popt.language_id = '" . $languages_id . "' 
    90                                        and poval.language_id = '" . $languages_id . "'"); 
     89                                       and popt.language_id = '" . (int)$languages_id . "' 
     90                                       and poval.language_id = '" . (int)$languages_id . "'"); 
    9191          $attributes_values = tep_db_fetch_array($attributes); 
    9292 
  • oscommerce2/trunk/catalog/includes/classes/shopping_cart.php

    r477 r703  
    8282      $products_id = tep_get_prid($products_id_string); 
    8383 
    84       if (is_numeric($products_id) && is_numeric($qty)) { 
     84      $attributes_pass_check = true; 
     85 
     86      if (is_array($attributes)) { 
     87        reset($attributes); 
     88        while (list($option, $value) = each($attributes)) { 
     89          if (!is_numeric($option) || !is_numeric($value)) { 
     90            $attributes_pass_check = false; 
     91            break; 
     92          } 
     93        } 
     94      } 
     95 
     96      if (is_numeric($products_id) && is_numeric($qty) && ($attributes_pass_check == true)) { 
    8597        $check_product_query = tep_db_query("select products_status from " . TABLE_PRODUCTS . " where products_id = '" . (int)$products_id . "'"); 
    8698        $check_product = tep_db_fetch_array($check_product_query); 
     
    123135      $products_id = tep_get_prid($products_id_string); 
    124136 
    125       if (is_numeric($products_id) && isset($this->contents[$products_id_string]) && is_numeric($quantity)) { 
     137      $attributes_pass_check = true; 
     138 
     139      if (is_array($attributes)) { 
     140        reset($attributes); 
     141        while (list($option, $value) = each($attributes)) { 
     142          if (!is_numeric($option) || !is_numeric($value)) { 
     143            $attributes_pass_check = false; 
     144            break; 
     145          } 
     146        } 
     147      } 
     148 
     149      if (is_numeric($products_id) && isset($this->contents[$products_id_string]) && is_numeric($quantity) && ($attributes_pass_check == true)) { 
    126150        $this->contents[$products_id_string] = array('qty' => $quantity); 
    127151// update database 
  • oscommerce2/trunk/catalog/includes/classes/sessions.php

    r477 r709  
    378378    } 
    379379 
     380    if (!empty($session->id)) { 
     381      if (preg_match('/^[a-zA-Z0-9]+$/', $session->id) == false) { 
     382        unset($session->id); 
     383      } 
     384    } 
     385 
    380386/* 
    381387// Check the REQUEST_URI symbol for a string of the form 
  • oscommerce2/trunk/catalog/includes/functions/compatibility.php

    r477 r706  
    66  http://www.oscommerce.com 
    77 
    8   Copyright (c) 2003 osCommerce 
     8  Copyright (c) 2006 osCommerce 
    99 
    1010  Released under the GNU General Public License 
     
    2323 
    2424    while (list($key, $value) = each($ar)) { 
    25       if (is_array($value)) { 
    26         do_magic_quotes_gpc($value); 
     25      if (is_array($ar[$key])) { 
     26        do_magic_quotes_gpc($ar[$key]); 
    2727      } else { 
    2828        $ar[$key] = addslashes($value); 
  • oscommerce2/trunk/catalog/includes/functions/general.php

    r477 r713  
    451451      } 
    452452    } elseif (isset($address['country']) && tep_not_null($address['country'])) { 
    453       $country = tep_output_string_protected($address['country']); 
     453      $country = tep_output_string_protected($address['country']['title']); 
    454454    } else { 
    455455      $country = ''; 
     
    481481    $streets = $street; 
    482482    if ($suburb != '') $streets = $street . $cr . $suburb; 
    483     if ($country == '') $country = tep_output_string_protected($address['country']); 
    484483    if ($state != '') $statecomma = $state . ', '; 
    485484 
  • oscommerce2/trunk/catalog/includes/functions/cache.php

    r477 r708  
    66  http://www.oscommerce.com 
    77 
    8   Copyright (c) 2003 osCommerce 
     8  Copyright (c) 2006 osCommerce 
    99 
    1010  Released under the GNU General Public License 
     
    101101    global $cPath, $language, $languages_id, $tree, $cPath_array, $categories_string; 
    102102 
     103    $cache_output = ''; 
     104 
    103105    if (($refresh == true) || !read_cache($cache_output, 'categories_box-' . $language . '.cache' . $cPath, $auto_expire)) { 
    104106      ob_start(); 
     
    118120    global $HTTP_GET_VARS, $language; 
    119121 
     122    $cache_output = ''; 
     123 
    120124    $manufacturers_id = ''; 
    121     if (isset($HTTP_GET_VARS['manufactuers_id']) && tep_not_null($HTTP_GET_VARS['manufacturers_id'])) { 
     125    if (isset($HTTP_GET_VARS['manufactuers_id']) && is_numeric($HTTP_GET_VARS['manufacturers_id'])) { 
    122126      $manufacturers_id = $HTTP_GET_VARS['manufacturers_id']; 
    123127    } 
     
    140144    global $HTTP_GET_VARS, $language, $languages_id; 
    141145 
    142     if (($refresh == true) || !read_cache($cache_output, 'also_purchased-' . $language . '.cache' . $HTTP_GET_VARS['products_id'], $auto_expire)) { 
    143       ob_start(); 
    144       include(DIR_WS_MODULES . FILENAME_ALSO_PURCHASED_PRODUCTS); 
    145       $cache_output = ob_get_contents(); 
    146       ob_end_clean(); 
    147       write_cache($cache_output, 'also_purchased-' . $language . '.cache' . $HTTP_GET_VARS['products_id']); 
     146    $cache_output = ''; 
     147 
     148    if (isset($HTTP_GET_VARS['products_id']) && is_numeric($HTTP_GET_VARS['products_id'])) { 
     149      if (($refresh == true) || !read_cache($cache_output, 'also_purchased-' . $language . '.cache' . $HTTP_GET_VARS['products_id'], $auto_expire)) { 
     150        ob_start(); 
     151        include(DIR_WS_MODULES . FILENAME_ALSO_PURCHASED_PRODUCTS); 
     152        $cache_output = ob_get_contents(); 
     153        ob_end_clean(); 
     154        write_cache($cache_output, 'also_purchased-' . $language . '.cache' . $HTTP_GET_VARS['products_id']); 
     155      } 
    148156    } 
    149157 
  • oscommerce2/trunk/catalog/includes/functions/html_output.php

    r477 r707  
    8989        if (empty($width) && tep_not_null($height)) { 
    9090          $ratio = $height / $image_size[1]; 
    91           $width = $image_size[0] * $ratio
     91          $width = intval($image_size[0] * $ratio)
    9292        } elseif (tep_not_null($width) && empty($height)) { 
    9393          $ratio = $width / $image_size[0]; 
    94           $height = $image_size[1] * $ratio
     94          $height = intval($image_size[1] * $ratio)
    9595        } elseif (empty($width) && empty($height)) { 
    9696          $width = $image_size[0]; 
  • oscommerce2/trunk/catalog/tell_a_friend.php

    r477 r715  
    11<?php 
    22/* 
    3   $Id: tell_a_friend.php,v 1.42 2003/06/11 17:35:01 hpdl Exp
     3  $Id:
    44 
    55  osCommerce, Open Source E-Commerce Solutions 
    66  http://www.oscommerce.com 
    77 
    8   Copyright (c) 2003 osCommerce 
     8  Copyright (c) 2006 osCommerce 
    99 
    1010  Released under the GNU General Public License 
     
    7575      } 
    7676 
    77       $email_body .= sprintf(TEXT_EMAIL_LINK, tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $HTTP_GET_VARS['products_id'])) . "\n\n" . 
     77      $email_body .= sprintf(TEXT_EMAIL_LINK, tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $HTTP_GET_VARS['products_id'], 'NONSSL', false)) . "\n\n" . 
    7878                     sprintf(TEXT_EMAIL_SIGNATURE, STORE_NAME . "\n" . HTTP_SERVER . DIR_WS_CATALOG . "\n"); 
    7979 
  • oscommerce2/trunk/catalog/admin/includes/languages/espanol/index.php

    r477 r710  
    1818define('BOX_ENTRY_SUPPORT_SITE', 'Soporte'); 
    1919define('BOX_ENTRY_SUPPORT_FORUMS', 'Foros'); 
    20 define('BOX_ENTRY_MAILING_LISTS', 'Listas de Correo'); 
    21 define('BOX_ENTRY_BUG_REPORTS', 'Notificar Fallos'); 
    22 define('BOX_ENTRY_FAQ', 'PUF (FAQ)'); 
    23 define('BOX_ENTRY_LIVE_DISCUSSIONS', 'Discusiones'); 
    24 define('BOX_ENTRY_CVS_REPOSITORY', 'Repositorio CVS'); 
    25 define('BOX_ENTRY_INFORMATION_PORTAL', 'Portal'); 
     20define('BOX_ENTRY_CONTRIBUTIONS', 'M&oacute;dulos'); 
    2621 
    2722define('BOX_ENTRY_CUSTOMERS', 'Clientes:'); 
  • oscommerce2/trunk/catalog/admin/includes/languages/english/index.php

    r477 r710  
    66  http://www.oscommerce.com 
    77 
    8   Copyright (c) 2002 osCommerce 
     8  Copyright (c) 2006 osCommerce 
    99 
    1010  Released under the GNU General Public License 
     
    1818define('BOX_ENTRY_SUPPORT_SITE', 'Support Site'); 
    1919define('BOX_ENTRY_SUPPORT_FORUMS', 'Support Forums'); 
    20 define('BOX_ENTRY_MAILING_LISTS', 'Mailing Lists'); 
    21 define('BOX_ENTRY_BUG_REPORTS', 'Bug Reports'); 
    22 define('BOX_ENTRY_FAQ', 'FAQ'); 
    23 define('BOX_ENTRY_LIVE_DISCUSSIONS', 'Live Discussions'); 
    24 define('BOX_ENTRY_CVS_REPOSITORY', 'CVS Repository'); 
    25 define('BOX_ENTRY_INFORMATION_PORTAL', 'Information Portal'); 
     20define('BOX_ENTRY_CONTRIBUTIONS', 'Contributions'); 
    2621 
    2722define('BOX_ENTRY_CUSTOMERS', 'Customers:'); 
  • oscommerce2/trunk/catalog/admin/includes/languages/german/index.php

    r477 r710  
    66  http://www.oscommerce.com 
    77 
    8   Copyright (c) 2002 osCommerce 
     8  Copyright (c) 2006 osCommerce 
    99 
    1010  Released under the GNU General Public License 
     
    1818define('BOX_ENTRY_SUPPORT_SITE', 'Support Seite'); 
    1919define('BOX_ENTRY_SUPPORT_FORUMS', 'Support Forum'); 
    20 define('BOX_ENTRY_MAILING_LISTS', 'Mailing Listen'); 
    21 define('BOX_ENTRY_BUG_REPORTS', 'Fehler Reporte'); 
    22 define('BOX_ENTRY_FAQ', 'Fragen und Antworten'); 
    23 define('BOX_ENTRY_LIVE_DISCUSSIONS', 'Live Diskussionen'); 
    24 define('BOX_ENTRY_CVS_REPOSITORY', 'CVS Repository'); 
    25 define('BOX_ENTRY_INFORMATION_PORTAL', 'Informations Portal'); 
     20define('BOX_ENTRY_CONTRIBUTIONS', 'Add-On Module'); 
    2621 
    2722define('BOX_ENTRY_CUSTOMERS', 'Kunden:'); 
  • oscommerce2/trunk/catalog/admin/includes/functions/compatibility.php

    r477 r706  
    66  http://www.oscommerce.com 
    77 
    8   Copyright (c) 2003 osCommerce 
     8  Copyright (c) 2006 osCommerce 
    99 
    1010  Released under the GNU General Public License 
     
    2020 
    2121    while (list($key, $value) = each($ar)) { 
    22       if (is_array($value)) { 
    23         do_magic_quotes_gpc($value); 
     22      if (is_array($ar[$key])) { 
     23        do_magic_quotes_gpc($ar[$key]); 
    2424      } else { 
    2525        $ar[$key] = addslashes($value); 
  • oscommerce2/trunk/catalog/admin/includes/functions/general.php

    r477 r723  
    898898    tep_db_query("delete from " . TABLE_PRODUCTS_DESCRIPTION . " where products_id = '" . (int)$product_id . "'"); 
    899899    tep_db_query("delete from " . TABLE_PRODUCTS_ATTRIBUTES . " where products_id = '" . (int)$product_id . "'"); 
    900     tep_db_query("delete from " . TABLE_CUSTOMERS_BASKET . " where products_id = '" . (int)$product_id . "'"); 
    901     tep_db_query("delete from " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " where products_id = '" . (int)$product_id . "'"); 
     900    tep_db_query("delete from " . TABLE_CUSTOMERS_BASKET . " where products_id = '" . (int)$product_id . "' or products_id like '" . (int)$product_id . "{%'"); 
     901    tep_db_query("delete from " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " where products_id = '" . (int)$product_id . "' or products_id like '" . (int)$product_id . "{%'"); 
    902902 
    903903    $product_reviews_query = tep_db_query("select reviews_id from " . TABLE_REVIEWS . " where products_id = '" . (int)$product_id . "'"); 
  • oscommerce2/trunk/catalog/admin/index.php

    r477 r710  
    66  http://www.oscommerce.com 
    77 
    8   Copyright (c) 2003 osCommerce 
     8  Copyright (c) 2006 osCommerce 
    99 
    1010  Released under the GNU General Public License 
     
    116116  $contents[] = array('params' => 'class="infoBox"', 
    117117                      'text'  => '<a href="http://www.oscommerce.com" target="_blank">' . BOX_ENTRY_SUPPORT_SITE . '</a><br>' . 
    118                                  '<a href="http://www.oscommerce.com/community.php/forum" target="_blank">' . BOX_ENTRY_SUPPORT_FORUMS . '</a><br>' . 
    119                                  '<a href="http://www.oscommerce.com/community.php/mlists" target="_blank">' . BOX_ENTRY_MAILING_LISTS . '</a><br>' . 
    120                                  '<a href="http://www.oscommerce.com/community.php/bugs" target="_blank">' . BOX_ENTRY_BUG_REPORTS . '</a><br>' . 
    121                                  '<a href="http://www.oscommerce.com/community.php/faq" target="_blank">' . BOX_ENTRY_FAQ . '</a><br>' . 
    122                                  '<a href="http://www.oscommerce.com/community.php/irc" target="_blank">' . BOX_ENTRY_LIVE_DISCUSSIONS . '</a><br>' . 
    123                                  '<a href="http://www.oscommerce.com/community.php/cvs" target="_blank">' . BOX_ENTRY_CVS_REPOSITORY . '</a><br>' . 
    124                                  '<a href="http://www.oscommerce.com/about.php/portal" target="_blank">' . BOX_ENTRY_INFORMATION_PORTAL . '</a>'); 
     118                                 '<a href="http://forums.oscommerce.com" target="_blank">' . BOX_ENTRY_SUPPORT_FORUMS . '</a><br>' . 
     119                                 '<a href="http://www.oscommerce.com/community/contributions" target="_blank">' . BOX_ENTRY_CONTRIBUTIONS . '</a>'); 
    125120 
    126121  $box = new box;