[parasy commit] r35 - in trunk/upload: plugins/parasy templates/babel
codesite...@google.com
Date: Sat Dec 22 02:00:48 2007
New Revision: 35
Modified:
trunk/upload/plugins/parasy/tod.inc.php
trunk/upload/templates/babel/tod.htm
Log:
Today Security Update
Modified: trunk/upload/plugins/parasy/tod.inc.php
==============================================================================
--- trunk/upload/plugins/parasy/tod.inc.php (original)
+++ trunk/upload/plugins/parasy/tod.inc.php Sat Dec 22 02:00:48 2007
@@ -76,6 +76,7 @@
$project['tpr_uid'] = $project['tpr_uid'];
$project['tpr_id'] = $project['tpr_id'];
$project['tpr_title'] = $project['tpr_title'];
+ $project['tpr_clean_title'] = str_replace(array("'",'"'),array("`",'��'),$project['tpr_title']);
$project['tpr_created'] = make_descriptive_time($project['tpr_created']);
if ($project['tpr_private'] == 0) {
$project['tpr_private'] = '@ public';
@@ -101,6 +102,7 @@
$task_count ++;
$task['tta_td'] = 'todo';
$task['task_title'] = $task['tta_title'];
+ $task['tta_clean_title'] = str_replace(array("'",'"'),array("`",'��'),$task['tta_title']);
$task['tta_level'] = 'pri'.$task['tta_level'];
if ($uid == $discuz_uid) {
$task['tta_icon'] = '<input
onchange="TODDoneTask('.$task['tta_id'].');" type="checkbox" />';
@@ -126,6 +128,7 @@
$project['tpr_uid'] = $project['tpr_uid'];
$project['tpr_id'] = $project['tpr_id'];
$project['tpr_title'] = $project['tpr_title'];
+ $project['tpr_clean_title'] = str_replace(array("'",'"'),array("`",'��'),$project['tpr_title']);
if ((time() - $project['tpr_completed']) < 100) {
$project['tpr_completed'] = '�ո����';
} else {
@@ -198,7 +201,7 @@
if ($count > (TOD_PROJECT_MAX - 1)){
$_SESSION['tod_message']
= 'ʮ�ֱ�Ǹ��Ŀǰ���ǵ�ϵͳֻ��֧��ÿ���Ա������� ' . TOD_PROJECT_MAX . ' ����Ŀ���������ڻ���չϵͳ���������֧�ִ洢������Ŀ';
} else {
- $tpr_title = stripslashes($tpr_title);
+ $tpr_title = mysql_real_escape_string(stripslashes($tpr_title));
$t = time();
$db->query("INSERT INTO {$tablepre}plugin_tod_project(tpr_uid,
tpr_private, tpr_title, tpr_progress, tpr_created, tpr_lastupdated,
tpr_lasttouched, tpr_completed) VALUES({$discuz_uid},
0, '{$tpr_title}', 0, {$t}, {$t}, 0, 0)");
if ($db->affected_rows() == 1) {
@@ -233,7 +236,7 @@
if ($count > (TOD_TASK_MAX - 1)) {
$_SESSION['tod_message']
= 'ʮ�ֱ�Ǹ��Ŀǰ���ǵ�ϵͳֻ��Ϊÿ���Ա�ĵ�����Ŀ������� ' . TOD_TASK_MAX . ' ���������������ڻ���չϵͳ���������֧�ִ洢��������';
} else {
- $tta_title = stripslashes($tta_title);
+ $tta_title = mysql_real_escape_string(stripslashes($tta_title));
$t = time();
$db->query("INSERT INTO {$tablepre}plugin_tod_task(tta_uid,
tta_pid, tta_title, tta_progress, tta_created, tta_lastupdated,
tta_completed) VALUES({$discuz_uid}, {$project_id}, '{$tta_title}', 0,
{$t}, {$t}, 0)");
if ($db->affected_rows() == 1) {
Modified: trunk/upload/templates/babel/tod.htm
==============================================================================
--- trunk/upload/templates/babel/tod.htm (original)
+++ trunk/upload/templates/babel/tod.htm Sat Dec 22 02:00:48 2007
@@ -30,12 +30,12 @@
<td class="tod_project" colspan="2">
<a name="p_$project['tpr_id']"></a>
<span class="tod_project"><img src="{IMGDIR}/gt.gif"
align="absmiddle" /> $project['tpr_title']</span>
- <span class="tip_i"> ... ������ $project['tpr_created']<!--{if
$project['tpr_uid'] == $discuz_uid }--> ... <a href="#;" onclick="if
(confirm('ȷ��ɾ����Ŀ�����������������\n\n $project['tpr_title']'))
{ location.href = '$bbsdir/del/tod/project/$project[tpr_id]';}"
class="tod_rm">X del</a> <a
href="$bbsdir/change/tod/project/permission/$project['tpr_id']"
class="tod_pr">$project['tpr_private']</a> ... $project['private_desc']<!--{/if}--></span>
+ <span class="tip_i"> ... ������ $project['tpr_created']<!--{if
$project['tpr_uid'] == $discuz_uid }--> ... <a href="#;" onclick="if
(confirm('ȷ��ɾ����Ŀ�����������������\n\n
$project['tpr_clean_title']')) { location.href
= '$bbsdir/del/tod/project/$project[tpr_id]';}" class="tod_rm">X
del</a> <a
href="$bbsdir/change/tod/project/permission/$project['tpr_id']"
class="tod_pr">$project['tpr_private']</a> ... $project['private_desc']<!--{/if}--></span>
</td>
</tr>
<!--{loop $task_list[$project['tpr_id']] $task}-->
<tr><td class="$task['tta_level'] pri_td" width="1%"
id="showlevel_$task['tta_id']" <!--{if $task['tta_progress'] != 1 &&
$task['tta_uid'] == $discuz_uid
}-->onmousedown="TODTasklevel($task['tta_id'])" style="cursor:pointer;"<!--{/if}-->> </td>
- <td class="tod_task_$task['tta_td']"
onmouseover="this.style.backgroundColor='#F9F9F9'"
onmouseout="this.style.backgroundColor=''">$task['tta_icon']
$task['task_title']<span class="tip_i"> ... <!--{if $task['tta_uid'] ==
$discuz_uid }--><a href="#;" onclick="if
(confirm('ȷ��ɾ������\n\n$task['tta_title']')) { location.href
= '$bbsdir/del/tod/task/$task['tta_id']';}" class="tod_rm">X del</a>
<!--{if $task['tta_progress'] == 1 }--><a
href="$bbsdir/change/tod/task/undone/$task['tta_id']"
class="tod_undone">- undone</a><!--{/if}--><!--{/if}--> </span></td></tr>
+ <td class="tod_task_$task['tta_td']"
onmouseover="this.style.backgroundColor='#F9F9F9'"
onmouseout="this.style.backgroundColor=''">$task['tta_icon']
$task['task_title']<span class="tip_i"> ... <!--{if $task['tta_uid'] ==
$discuz_uid }--><a href="#;" onclick="if
(confirm('ȷ��ɾ������\n\n$task['tta_clean_title']')) { location.href
= '$bbsdir/del/tod/task/$task['tta_id']';}" class="tod_rm">X del</a>
<!--{if $task['tta_progress'] == 1 }--><a
href="$bbsdir/change/tod/task/undone/$task['tta_id']"
class="tod_undone">- undone</a><!--{/if}--><!--{/if}--> </span></td></tr>
<!--{/loop}-->
<!--{if $project['tpr_uid'] == $discuz_uid }-->
<tr><td class="tod_task_new" colspan="2"><div
id="pf_$project['tpr_id']"><img src="{IMGDIR}/add.png"
align="absmiddle" alt="+" /> <a href="javascript:void(0)" class="t" onclick="TODSwitchProjectForm($project['tpr_id']);">���������</a></div></td>
@@ -61,7 +61,7 @@
<td class="tod_project" colspan="2">
<a name="p_$project['tpr_id']"></a>
<span class="tod_project"><img src="{IMGDIR}/gt.gif"
align="absmiddle" /> $project['tpr_title']</span>
- <span class="tip_i"> ... $project['tpr_completed']<!--{if
$project['tpr_uid'] == $discuz_uid }--> ... <a href="#;" onclick="if
(confirm('ȷ��ɾ����Ŀ�����������������\n\n $project['tpr_title']'))
{ location.href = '$bbsdir/del/tod/project/$project[tpr_id]';}"
class="tod_rm">X del</a> <a
href="$bbsdir/change/tod/project/permission/$project['tpr_id']"
class="tod_pr">$project['tpr_private']</a> ... $project['private_desc']<!--{/if}--></span>
+ <span class="tip_i"> ... $project['tpr_completed']<!--{if
$project['tpr_uid'] == $discuz_uid }--> ... <a href="#;" onclick="if
(confirm('ȷ��ɾ����Ŀ�����������������\n\n
$project['tpr_clean_title']')) { location.href
= '$bbsdir/del/tod/project/$project[tpr_id]';}" class="tod_rm">X
del</a> <a
href="$bbsdir/change/tod/project/permission/$project['tpr_id']"
class="tod_pr">$project['tpr_private']</a> ... $project['private_desc']<!--{/if}--></span>
</td>
</tr>
<!--{loop $task_done_list[$project['tpr_id']] $task}-->