From: Janusz Dobrowolski Date: Wed, 30 Sep 2009 13:19:47 +0000 (+0000) Subject: Single quotes encoded before database data insert. X-Git-Tag: v2.4.2~19^2~1187 X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=commitdiff_plain;h=c99c4da3f3a009e48b536dc1cc5268d566dfc6cb;p=fa-stable.git Single quotes encoded before database data insert. --- diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 46e197e2..5eb0a17b 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -24,6 +24,13 @@ $ -> Affected files ! Release 2.2 Beta $ config.php +30-Sep-2009 Janusz Dobrowolski +! Single quotes also encoded before database data insert +$ /admin/db/maintenance_db.inc + /includes/db/connect_db.inc + /reporting/includes/tcpdf.php + /sales/includes/cart_class.inc + 29-Sep-2009 Tom Hallman ! Changes in tags table structure, tags related security areas $ /includes/access_levels.inc diff --git a/admin/db/maintenance_db.inc b/admin/db/maintenance_db.inc index 3df97cda..5984094f 100644 --- a/admin/db/maintenance_db.inc +++ b/admin/db/maintenance_db.inc @@ -459,7 +459,7 @@ function db_export($conn, $filename, $zip='no', $comment='', $tbpref = TB_PREF) $out.="# Backup Date and Time: ".date("Y-m-d H:i")."\n"; $out.="# Built by " . $app_title . " " . $version ."\n"; $out.="# ".$power_url."\n"; - $out.="# Company: ". @html_entity_decode($company, ENT_COMPAT, $_SESSION['language']->encoding)."\n"; + $out.="# Company: ". @html_entity_decode($company, ENT_QUOTES, $_SESSION['language']->encoding)."\n"; $out.="# User: ".$_SESSION["wa_current_user"]->name."\n\n"; // write users comment @@ -557,7 +557,7 @@ function db_export($conn, $filename, $zip='no', $comment='', $tbpref = TB_PREF) // run through each field for ($k = 0; $k < $nf = db_num_fields($res2); $k++) { - $out .= db_escape(@html_entity_decode($row2[$k], ENT_COMPAT, $_SESSION['language']->encoding)); + $out .= db_escape(@html_entity_decode($row2[$k], ENT_QUOTES, $_SESSION['language']->encoding)); if ($k < ($nf - 1)) $out .= ", "; } diff --git a/includes/db/connect_db.inc b/includes/db/connect_db.inc index fd6870e9..f91d7023 100644 --- a/includes/db/connect_db.inc +++ b/includes/db/connect_db.inc @@ -100,7 +100,7 @@ function db_num_fields ($result) function db_escape($value = "", $nullify = false) { - $value = @htmlspecialchars($value, ENT_COMPAT, $_SESSION['language']->encoding); + $value = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding); //reset default if second parameter is skipped $nullify = ($nullify === null) ? (false) : ($nullify); diff --git a/reporting/includes/tcpdf.php b/reporting/includes/tcpdf.php index 48504eb9..ba54e66a 100644 --- a/reporting/includes/tcpdf.php +++ b/reporting/includes/tcpdf.php @@ -5729,7 +5729,7 @@ if (!class_exists('TCPDF')) { */ function unhtmlentities($text_to_convert) { if (!$this->isunicode) { - return html_entity_decode($text_to_convert); + return html_entity_decode($text_to_convert, ENT_QUOTES); } return html_entity_decode_php4($text_to_convert); } diff --git a/sales/includes/cart_class.inc b/sales/includes/cart_class.inc index de858816..4eeef444 100644 --- a/sales/includes/cart_class.inc +++ b/sales/includes/cart_class.inc @@ -228,11 +228,11 @@ class cart $this->trans_no = 0; $this->order_no= $this->trans_type==ST_CUSTDELIVERY ? key($src->trans_no) : $src->order_no; } - $this->reference = @html_entity_decode($this->reference); - $this->Comments = @html_entity_decode($this->Comments); + $this->reference = @html_entity_decode($this->reference, ENT_QUOTES); + $this->Comments = @html_entity_decode($this->Comments, ENT_QUOTES); foreach($this->line_items as $lineno => $line) { - $this->line_items[$lineno]->stock_id = @html_entity_decode($line->stock_id); - $this->line_items[$lineno]->item_description = @html_entity_decode($line->item_description); + $this->line_items[$lineno]->stock_id = @html_entity_decode($line->stock_id, ENT_QUOTES); + $this->line_items[$lineno]->item_description = @html_entity_decode($line->item_description, ENT_QUOTES); } switch($this->trans_type) { case ST_SALESINVOICE: