projects / fa-stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6bdb898)
Single quotes encoded before database data insert.
authorJanusz Dobrowolski <janusz@frontaccounting.eu>
Wed, 30 Sep 2009 13:19:47 +0000 (13:19 +0000)
committerJanusz Dobrowolski <janusz@frontaccounting.eu>
Wed, 30 Sep 2009 13:19:47 +0000 (13:19 +0000)
CHANGELOG.txt patch | blob | history
admin/db/maintenance_db.inc patch | blob | history
includes/db/connect_db.inc patch | blob | history
reporting/includes/tcpdf.php patch | blob | history
sales/includes/cart_class.inc patch | blob | history

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 46e197e2c917d133453eb0907c8d1700c675d8a2..5eb0a17bb93262b3127717102317f443f7b6e6d3 100644 (file)
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -24,6 +24,13 @@ $ -> Affected files
 ! Release 2.2 Beta
 $ config.php
 
+30-Sep-2009 Janusz Dobrowolski
+! Single quotes also encoded before database data insert
+$ /admin/db/maintenance_db.inc
+  /includes/db/connect_db.inc
+  /reporting/includes/tcpdf.php
+  /sales/includes/cart_class.inc
+
 29-Sep-2009 Tom Hallman
 ! Changes in tags table structure, tags related security areas
 $ /includes/access_levels.inc
diff --git a/admin/db/maintenance_db.inc b/admin/db/maintenance_db.inc
index 3df97cda089e7c962687f8fa1a95e4733cbe337d..5984094f864c7c66e999d8d7a1888e9eb1208cf7 100644 (file)
--- a/admin/db/maintenance_db.inc
+++ b/admin/db/maintenance_db.inc
@@ -459,7 +459,7 @@ function db_export($conn, $filename, $zip='no', $comment='', $tbpref = TB_PREF)
     $out.="# Backup Date and Time: ".date("Y-m-d H:i")."\n";
     $out.="# Built by " . $app_title . " " . $version ."\n";
     $out.="# ".$power_url."\n";
-    $out.="# Company: ". @html_entity_decode($company, ENT_COMPAT, $_SESSION['language']->encoding)."\n";
+    $out.="# Company: ". @html_entity_decode($company, ENT_QUOTES, $_SESSION['language']->encoding)."\n";
     $out.="# User: ".$_SESSION["wa_current_user"]->name."\n\n";
 
        // write users comment
@@ -557,7 +557,7 @@ function db_export($conn, $filename, $zip='no', $comment='', $tbpref = TB_PREF)
                                        // run through each field
                                        for ($k = 0; $k < $nf = db_num_fields($res2); $k++)
                                        {
-                                               $out .= db_escape(@html_entity_decode($row2[$k], ENT_COMPAT, $_SESSION['language']->encoding));
+                                               $out .= db_escape(@html_entity_decode($row2[$k], ENT_QUOTES, $_SESSION['language']->encoding));
                                                if ($k < ($nf - 1))
                                                        $out .= ", ";
                                        }
diff --git a/includes/db/connect_db.inc b/includes/db/connect_db.inc
index fd6870e947ed121d58ec558a13a00561b523c3f5..f91d70235fe0bb53eec1dae5182b13030f770dc2 100644 (file)
--- a/includes/db/connect_db.inc
+++ b/includes/db/connect_db.inc
@@ -100,7 +100,7 @@ function db_num_fields ($result)
 
 function db_escape($value = "", $nullify = false)
 {
-       $value = @htmlspecialchars($value, ENT_COMPAT, $_SESSION['language']->encoding);
+       $value = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding);
 
        //reset default if second parameter is skipped
        $nullify = ($nullify === null) ? (false) : ($nullify);
diff --git a/reporting/includes/tcpdf.php b/reporting/includes/tcpdf.php
index 48504eb945a7db15c5e70b8cb009410b583e87ee..ba54e66a3ea08b8a96f70a25d25fb50be43c1516 100644 (file)
--- a/reporting/includes/tcpdf.php
+++ b/reporting/includes/tcpdf.php
@@ -5729,7 +5729,7 @@ if (!class_exists('TCPDF')) {
                 */
                function unhtmlentities($text_to_convert) {
                        if (!$this->isunicode) {
-                               return html_entity_decode($text_to_convert);
+                               return html_entity_decode($text_to_convert, ENT_QUOTES);
                        }
                        return html_entity_decode_php4($text_to_convert);
                }
diff --git a/sales/includes/cart_class.inc b/sales/includes/cart_class.inc
index de858816d6fb58e92cb7a049bc1008a8de4570e0..4eeef444f97de87a3a0afbcd0013a4a7156c6058 100644 (file)
--- a/sales/includes/cart_class.inc
+++ b/sales/includes/cart_class.inc
@@ -228,11 +228,11 @@ class cart
                        $this->trans_no = 0;
                        $this->order_no= $this->trans_type==ST_CUSTDELIVERY ? key($src->trans_no) : $src->order_no;
                }
-               $this->reference = @html_entity_decode($this->reference);
-               $this->Comments = @html_entity_decode($this->Comments);
+               $this->reference = @html_entity_decode($this->reference, ENT_QUOTES);
+               $this->Comments = @html_entity_decode($this->Comments, ENT_QUOTES);
                foreach($this->line_items as $lineno => $line) {
-                       $this->line_items[$lineno]->stock_id = @html_entity_decode($line->stock_id);
-                       $this->line_items[$lineno]->item_description = @html_entity_decode($line->item_description);
+                       $this->line_items[$lineno]->stock_id = @html_entity_decode($line->stock_id, ENT_QUOTES);
+                       $this->line_items[$lineno]->item_description = @html_entity_decode($line->item_description, ENT_QUOTES);
                }
                switch($this->trans_type) {
                        case ST_SALESINVOICE:
FrontAccounting stable branch