From: Janusz Dobrowolski <janusz@frontaccounting.eu>
Date: Thu, 11 Sep 2008 21:57:20 +0000 (+0000)
Subject: Fixed slash quotation problems on direct POST var reuse.
X-Git-Tag: 2.3-final~1466
X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=commitdiff_plain;h=6655bf87cc98c079480039192c1a7091ccdb7ae0;hp=fbb4134bff475538b3477ef6b9ce1768799707c1;p=fa-stable.git

Fixed slash quotation problems on direct POST var reuse.
---

diff --git a/includes/db/connect_db.inc b/includes/db/connect_db.inc
index f7d214be..3fc2bcfb 100644
--- a/includes/db/connect_db.inc
+++ b/includes/db/connect_db.inc
@@ -79,8 +79,6 @@ function db_escape($value = "", $nullify = false)
 
   	//reset default if second parameter is skipped
 	$nullify = ($nullify === null) ? (false) : ($nullify);
-  	//undo slashes for poorly configured servers
-	$value = (get_magic_quotes_gpc()) ? (stripslashes($value)) : ($value);
 
   	//check for null/unset/empty strings
 	if ((!isset($value)) || (is_null($value)) || ($value === "")) {
diff --git a/includes/session.inc b/includes/session.inc
index 9089c693..0e7d3113 100644
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -108,6 +108,23 @@
 		}
 	}
 
+	//-----------------------------------------------------------------------------
+	//	Removing magic quotes from nested arrays/variables
+	//
+	function strip_quotes($data)
+	{
+		if(get_magic_quotes_gpc()) {
+			if(is_array($data)) {
+				foreach($data as $k => $v) {
+					$data[$k] = strip_quotes($data[$k]);
+				}
+			} else
+				return stripslashes($data);
+		}
+		return $data;
+	}
+
+
 	//----------------------------------------------------------------------------------------
 	if (!isset($_SESSION["wa_current_user"]) ||
 		(isset($_SESSION["wa_current_user"]) && !$_SESSION["wa_current_user"]->logged_in()))
@@ -154,6 +171,8 @@
 
    	check_page_security($page_security);
 
-
+// POST vars cleanup needed for direct reuse.
+// We quote all values later with db_escape() before db update.
+	$_POST = strip_quotes($_POST);
 
 ?>
\ No newline at end of file
diff --git a/includes/ui/ui_view.inc b/includes/ui/ui_view.inc
index 7ca792ae..c1364786 100644
--- a/includes/ui/ui_view.inc
+++ b/includes/ui/ui_view.inc
@@ -286,10 +286,17 @@ function exchange_rate_display($from_currency, $to_currency, $date_, $buttons=tr
 			else
 				$currency = $from_currency;
 			$rate = get_ecb_rate($currency);
-			if (get_date_exchange_rate($currency, $date_))
-				update_exchange_rate($currency, $date_, $rate, $rate);
-			else
-				add_exchange_rate($currency, $date_, $rate, $rate);
+			if ($rate==0) 
+			{
+				display_error(_("Cannot get exchange rate for this currency. Please add exchange rate manually on Exchange Rates page.") );
+				$rate = get_exchange_rate_from_to($to_currency, $from_currency, $date_);
+			} else 
+			{
+				if (get_date_exchange_rate($currency, $date_))
+					update_exchange_rate($currency, $date_, $rate, $rate);
+				else
+					add_exchange_rate($currency, $date_, $rate, $rate);
+			}
 			if ($from_currency == $comp_currency)
 				$rate = 1 / $rate;
 			$Ajax->activate('get_rate');