Projekt

Allgemein

Profil

« Zurück | Weiter » 

Revision 9d679693

Von Moritz Bunkus vor mehr als 17 Jahren hinzugefügt

  • ID 9d679693eeb06baf737355f5c07ea7abf33e7dbb
  • Vorgänger e07e9534
  • Nachfolger 0ec7b690

Verhinderung von SQL injection durch Verwendung von parametrisierten Abfragen. Entfernen der Verwaltungsfunktionen für "SIC".

Unterschiede anzeigen:

bin/mozilla/am.pl
1110 1110 
|;
1111 1111 

  		




  1112
  1112
  
    
    $discount =


  		




  1113
  
  
    
      $form->format_amount(\%myconfig, $ref->{discount} * 100, 1, "&nbsp");


  		




  
  1113
  
    
      $form->format_amount(\%myconfig, $ref->{discount} * 100);


  		




  1114
  1114
  
    
    $description =


  		




  1115
  1115
  
    
      ($ref->{salesman})


  		




  1116
  1116
  
    
      ? "<b>$ref->{description}</b>"


  		




  ......




  1216
  1216
  
    
  $lxdebug->enter_sub();


  		




  1217
  1217
  
    

  		




  1218
  1218
  
    
  $form->isblank("description", $locale->text('Description missing!'));


  		




  
  1219
  
    
  $form->{discount} = $form->parse_amount(\%myconfig, $form->{discount}) / 100;


  		




  1219
  1220
  
    
  AM->save_business(\%myconfig, \%$form);


  		




  1220
  1221
  
    
  $form->redirect($locale->text('Business saved!'));


  		




  1221
  1222
  
    

  		




  ......




  2416
  2417
  
    
  $lxdebug->leave_sub();


  		




  2417
  2418
  
    
}


  		




  2418
  2419
  
    

  		




  2419
  
  
    
sub add_sic {


  		




  2420
  
  
    
  $lxdebug->enter_sub();


  		




  2421
  
  
    

  		




  2422
  
  
    
  $form->{title} = "Add";


  		




  2423
  
  
    

  		




  2424
  
  
    
  $form->{callback} =


  		




  2425
  
  
    
    "$form->{script}?action=add_sic&path=$form->{path}&login=$form->{login}&password=$form->{password}"


  		




  2426
  
  
    
    unless $form->{callback};


  		




  2427
  
  
    

  		




  2428
  
  
    
  &sic_header;


  		




  2429
  
  
    
  &form_footer;


  		




  2430
  
  
    

  		




  2431
  
  
    
  $lxdebug->leave_sub();


  		




  2432
  
  
    
}


  		




  2433
  
  
    

  		




  2434
  
  
    
sub edit_sic {


  		




  2435
  
  
    
  $lxdebug->enter_sub();


  		




  2436
  
  
    

  		




  2437
  
  
    
  $form->{title} = "Edit";


  		




  2438
  
  
    

  		




  2439
  
  
    
  AM->get_sic(\%myconfig, \%$form);


  		




  2440
  
  
    

  		




  2441
  
  
    
  &sic_header;


  		




  2442
  
  
    

  		




  2443
  
  
    
  $form->{orphaned} = 1;


  		




  2444
  
  
    
  &form_footer;


  		




  2445
  
  
    

  		




  2446
  
  
    
  $lxdebug->leave_sub();


  		




  2447
  
  
    
}


  		




  2448
  
  
    

  		




  2449
  
  
    
sub list_sic {


  		




  2450
  
  
    
  $lxdebug->enter_sub();


  		




  2451
  
  
    

  		




  2452
  
  
    
  AM->sic(\%myconfig, \%$form);


  		




  2453
  
  
    

  		




  2454
  
  
    
  $form->{callback} =


  		




  2455
  
  
    
    "$form->{script}?action=list_sic&path=$form->{path}&login=$form->{login}&password=$form->{password}";


  		




  2456
  
  
    

  		




  2457
  
  
    
  $callback = $form->escape($form->{callback});


  		




  2458
  
  
    

  		




  2459
  
  
    
  $form->{title} = $locale->text('Standard Industrial Codes');


  		




  2460
  
  
    

  		




  2461
  
  
    
  @column_index = qw(code description);


  		




  2462
  
  
    

  		




  2463
  
  
    
  $column_header{code} =


  		




  2464
  
  
    
    qq|<th class=listheading>| . $locale->text('Code') . qq|</th>|;


  		




  2465
  
  
    
  $column_header{description} =


  		




  2466
  
  
    
    qq|<th class=listheading>| . $locale->text('Description') . qq|</th>|;


  		




  2467
  
  
    

  		




  2468
  
  
    
  $form->header;


  		




  2469
  
  
    

  		




  2470
  
  
    
  print qq|


  		




  2471
  
  
    
<body>


  		




  2472
  
  
    

  		




  2473
  
  
    
<table width=100%>


  		




  2474
  
  
    
  <tr>


  		




  2475
  
  
    
    <th class=listtop>$form->{title}</th>


  		




  2476
  
  
    
  </tr>


  		




  2477
  
  
    
  <tr height="5"></tr>


  		




  2478
  
  
    
  <tr>


  		




  2479
  
  
    
    <td>


  		




  2480
  
  
    
      <table width=100%>


  		




  2481
  
  
    
        <tr class=listheading>


  		




  2482
  
  
    
|;


  		




  2483
  
  
    

  		




  2484
  
  
    
  map { print "$column_header{$_}\n" } @column_index;


  		




  2485
  
  
    

  		




  2486
  
  
    
  print qq|


  		




  2487
  
  
    
        </tr>


  		




  2488
  
  
    
|;


  		




  2489
  
  
    

  		




  2490
  
  
    
  foreach $ref (@{ $form->{ALL} }) {


  		




  2491
  
  
    

  		




  2492
  
  
    
    $i++;


  		




  2493
  
  
    
    $i %= 2;


  		




  2494
  
  
    

  		




  2495
  
  
    
    if ($ref->{sictype} eq 'H') {


  		




  2496
  
  
    
      print qq|


  		




  2497
  
  
    
        <tr valign=top class=listheading>


  		




  2498
  
  
    
|;


  		




  2499
  
  
    
      $column_data{code} =


  		




  2500
  
  
    
        qq|<th><a href=$form->{script}?action=edit_sic&code=$ref->{code}&path=$form->{path}&login=$form->{login}&password=$form->{password}&callback=$callback>$ref->{code}</th>|;


  		




  2501
  
  
    
      $column_data{description} = qq|<th>$ref->{description}</th>|;


  		




  2502
  
  
    

  		




  2503
  
  
    
    } else {


  		




  2504
  
  
    
      print qq|


  		




  2505
  
  
    
        <tr valign=top class=listrow$i>


  		




  2506
  
  
    
|;


  		




  2507
  
  
    

  		




  2508
  
  
    
      $column_data{code} =


  		




  2509
  
  
    
        qq|<td><a href=$form->{script}?action=edit_sic&code=$ref->{code}&path=$form->{path}&login=$form->{login}&password=$form->{password}&callback=$callback>$ref->{code}</td>|;


  		




  2510
  
  
    
      $column_data{description} = qq|<td>$ref->{description}</td>|;


  		




  2511
  
  
    

  		




  2512
  
  
    
    }


  		




  2513
  
  
    

  		




  2514
  
  
    
    map { print "$column_data{$_}\n" } @column_index;


  		




  2515
  
  
    

  		




  2516
  
  
    
    print qq|


  		




  2517
  
  
    
	</tr>


  		




  2518
  
  
    
|;


  		




  2519
  
  
    
  }


  		




  2520
  
  
    

  		




  2521
  
  
    
  print qq|


  		




  2522
  
  
    
      </table>


  		




  2523
  
  
    
    </td>


  		




  2524
  
  
    
  </tr>


  		




  2525
  
  
    
  <tr>


  		




  2526
  
  
    
  <td><hr size=3 noshade></td>


  		




  2527
  
  
    
  </tr>


  		




  2528
  
  
    
</table>


  		




  2529
  
  
    

  		




  2530
  
  
    
<br>


  		




  2531
  
  
    
<form method=post action=$form->{script}>


  		




  2532
  
  
    

  		




  2533
  
  
    
<input name=callback type=hidden value="$form->{callback}">


  		




  2534
  
  
    

  		




  2535
  
  
    
<input type=hidden name=type value=sic>


  		




  2536
  
  
    

  		




  2537
  
  
    
<input type=hidden name=path value=$form->{path}>


  		




  2538
  
  
    
<input type=hidden name=login value=$form->{login}>


  		




  2539
  
  
    
<input type=hidden name=password value=$form->{password}>


  		




  2540
  
  
    

  		




  2541
  
  
    
<input class=submit type=submit name=action value="|


  		




  2542
  
  
    
    . $locale->text('Add') . qq|">


  		




  2543
  
  
    

  		




  2544
  
  
    
  </form>


  		




  2545
  
  
    

  		




  2546
  
  
    
  </body>


  		




  2547
  
  
    
  </html>


  		




  2548
  
  
    
|;


  		




  2549
  
  
    

  		




  2550
  
  
    
  $lxdebug->leave_sub();


  		




  2551
  
  
    
}


  		




  2552
  
  
    

  		




  2553
  
  
    
sub sic_header {


  		




  2554
  
  
    
  $lxdebug->enter_sub();


  		




  2555
  
  
    

  		




  2556
  
  
    
  $form->{title} = $locale->text("$form->{title} SIC");


  		




  2557
  
  
    

  		




  2558
  
  
    
  # $locale->text('Add SIC')


  		




  2559
  
  
    
  # $locale->text('Edit SIC')


  		




  2560
  
  
    

  		




  2561
  
  
    
  $form->{code}        =~ s/\"/&quot;/g;


  		




  2562
  
  
    
  $form->{description} =~ s/\"/&quot;/g;


  		




  2563
  
  
    

  		




  2564
  
  
    
  $checked = ($form->{sictype} eq 'H') ? "checked" : "";


  		




  2565
  
  
    

  		




  2566
  
  
    
  $form->header;


  		




  2567
  
  
    

  		




  2568
  
  
    
  print qq|


  		




  2569
  
  
    
<body>


  		




  2570
  
  
    

  		




  2571
  
  
    
<form method=post action=$form->{script}>


  		




  2572
  
  
    

  		




  2573
  
  
    
<input type=hidden name=type value=sic>


  		




  2574
  
  
    
<input type=hidden name=id value=$form->{code}>


  		




  2575
  
  
    

  		




  2576
  
  
    
<table width=100%>


  		




  2577
  
  
    
  <tr>


  		




  2578
  
  
    
    <th class=listtop colspan=2>$form->{title}</th>


  		




  2579
  
  
    
  </tr>


  		




  2580
  
  
    
  <tr height="5"></tr>


  		




  2581
  
  
    
  <tr>


  		




  2582
  
  
    
    <th align=right>| . $locale->text('Code') . qq|</th>


  		




  2583
  
  
    
    <td><input name=code size=10 value=$form->{code}></td>


  		




  2584
  
  
    
  <tr>


  		




  2585
  
  
    
  <tr>


  		




  2586
  
  
    
    <td></td>


  		




  2587
  
  
    
    <th align=left><input name=sictype type=checkbox style=checkbox value="H" $checked> |


  		




  2588
  
  
    
    . $locale->text('Heading') . qq|</th>


  		




  2589
  
  
    
  <tr>


  		




  2590
  
  
    
  <tr>


  		




  2591
  
  
    
    <th align=right>| . $locale->text('Description') . qq|</th>


  		




  2592
  
  
    
    <td><input name=description size=60 value="$form->{description}"></td>


  		




  2593
  
  
    
  </tr>


  		




  2594
  
  
    
    <td colspan=2><hr size=3 noshade></td>


  		




  2595
  
  
    
  </tr>


  		




  2596
  
  
    
</table>


  		




  2597
  
  
    
|;


  		




  2598
  
  
    

  		




  2599
  
  
    
  $lxdebug->leave_sub();


  		




  2600
  
  
    
}


  		




  2601
  
  
    

  		




  2602
  
  
    
sub save_sic {


  		




  2603
  
  
    
  $lxdebug->enter_sub();


  		




  2604
  
  
    

  		




  2605
  
  
    
  $form->isblank("code",        $locale->text('Code missing!'));


  		




  2606
  
  
    
  $form->isblank("description", $locale->text('Description missing!'));


  		




  2607
  
  
    
  AM->save_sic(\%myconfig, \%$form);


  		




  2608
  
  
    
  $form->redirect($locale->text('SIC saved!'));


  		




  2609
  
  
    

  		




  2610
  
  
    
  $lxdebug->leave_sub();


  		




  2611
  
  
    
}


  		




  2612
  
  
    

  		




  2613
  
  
    
sub delete_sic {


  		




  2614
  
  
    
  $lxdebug->enter_sub();


  		




  2615
  
  
    

  		




  2616
  
  
    
  AM->delete_sic(\%myconfig, \%$form);


  		




  2617
  
  
    
  $form->redirect($locale->text('SIC deleted!'));


  		




  2618
  
  
    

  		




  2619
  
  
    
  $lxdebug->leave_sub();


  		




  2620
  
  
    
}


  		




  2621
  
  
    

  		




  2622
  2420
  
    
sub display_stylesheet {


  		




  2623
  2421
  
    
  $lxdebug->enter_sub();


  		




  2624
  2422
  
    

  		




  ......




  3132
  2930
  
    
  $lxdebug->leave_sub();


  		




  3133
  2931
  
    
}


  		




  3134
  2932
  
    

  		




  3135
  
  
    
sub backup {


  		




  3136
  
  
    
  $lxdebug->enter_sub();


  		




  3137
  
  
    

  		




  3138
  
  
    
  if ($form->{media} eq 'email') {


  		




  3139
  
  
    
    $form->error($locale->text('No email address for') . " $myconfig{name}")


  		




  3140
  
  
    
      unless ($myconfig{email});


  		




  3141
  
  
    

  		




  3142
  
  
    
    $form->{OUT} = "$sendmail";


  		




  3143
  
  
    

  		




  3144
  
  
    
  }


  		




  3145
  
  
    

  		




  3146
  
  
    
  AM->backup(\%myconfig, \%$form, $userspath);


  		




  3147
  
  
    

  		




  3148
  
  
    
  if ($form->{media} eq 'email') {


  		




  3149
  
  
    
    $form->redirect($locale->text('Backup sent to') . qq| $myconfig{email}|);


  		




  3150
  
  
    
  }


  		




  3151
  
  
    

  		




  3152
  
  
    
  $lxdebug->leave_sub();


  		




  3153
  
  
    
}


  		




  3154
  
  
    

  		




  3155
  2933
  
    
sub audit_control {


  		




  3156
  2934
  
    
  $lxdebug->enter_sub();


  		




  3157
  2935
  
    

  		












Auch abrufbar als:  Unified diff