Author: dgoette Date: Fri May 8 00:12:07 2009 New Revision: 408
URL: http://svn.reactos.org/svn/reactos?rev=408&view=rev Log: * fix usage of UTF8 * show language selection also for unregistered users
Modified: branches/danny-web/www/www.reactos.org/roscms/connect.db.php branches/danny-web/www/www.reactos.org/roscms/lib/DBConnection.class.php branches/danny-web/www/www.reactos.org/roscms/lib/HTML_User.class.php branches/danny-web/www/www.reactos.org/roscms/lib/backend/Admin_ACL.class.php branches/danny-web/www/www.reactos.org/roscms/lib/backend/Admin_Groups.class.php branches/danny-web/www/www.reactos.org/roscms/lib/backend/Admin_Languages.class.php branches/danny-web/www/www.reactos.org/roscms/lib/om/EMail.class.php branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Login.class.php branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Profile.class.php
Modified: branches/danny-web/www/www.reactos.org/roscms/connect.db.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/www/www.reactos.org/ro... ============================================================================== --- branches/danny-web/www/www.reactos.org/roscms/connect.db.php [iso-8859-1] (original) +++ branches/danny-web/www/www.reactos.org/roscms/connect.db.php [iso-8859-1] Fri May 8 00:12:07 2009 @@ -24,7 +24,7 @@ $db_user = 'username'; $db_pass = 'password'; $db_name = 'roscms'; -$db_port = 3301; +$db_port = 3306;
// vars are unset in DBConnection class // !!! so be sure to use DBConnection or unset(..) yourself
Modified: branches/danny-web/www/www.reactos.org/roscms/lib/DBConnection.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/www/www.reactos.org/ro... ============================================================================== --- branches/danny-web/www/www.reactos.org/roscms/lib/DBConnection.class.php [iso-8859-1] (original) +++ branches/danny-web/www/www.reactos.org/roscms/lib/DBConnection.class.php [iso-8859-1] Fri May 8 00:12:07 2009 @@ -53,6 +53,7 @@ // show errors as warning, and use our own statement class $this->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); $this->setAttribute(PDO::ATTR_STATEMENT_CLASS,array('DBStatement', array($this))); + $this->exec("SET names 'utf8'"); } catch (PDOException $e) {
Modified: branches/danny-web/www/www.reactos.org/roscms/lib/HTML_User.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/www/www.reactos.org/ro... ============================================================================== --- branches/danny-web/www/www.reactos.org/roscms/lib/HTML_User.class.php [iso-8859-1] (original) +++ branches/danny-web/www/www.reactos.org/roscms/lib/HTML_User.class.php [iso-8859-1] Fri May 8 00:12:07 2009 @@ -89,7 +89,7 @@ echo_strip(' <h2>Account</h2> <ul> - <li title="'.htmlentities($thisuser->name()).'"> Nick: '.htmlentities($thisuser->name()).'</li> + <li title="'.htmlspecialchars($thisuser->name()).'"> Nick: '.htmlspecialchars($thisuser->name()).'</li> <li><a href="'.$config->pathInstance().'?page=my">My Profile</a></li> <li><a href="'.$config->pathInstance().'?page=search">User Search</a></li> <li><a href="'.$config->pathGenerated().'peoplemap/">User Map</a></li>'); @@ -128,38 +128,50 @@ <ul> <li> <div style="text-align:center;"> - <select id="select" size="1" name="select" class="selectbox" style="width:140px" onchange="'."window.location.href = '".$config->pathInstance().'?'.htmlentities($_SERVER['QUERY_STRING'])."&lang=' + this.options[this.selectedIndex].value".'"> - <optgroup label="current language">'); - - // print current language - $stmt=&DBConnection::getInstance()->prepare("SELECT id, name FROM ".ROSCMST_LANGUAGES." WHERE id = :lang_id"); - $stmt->bindParam('lang_id',$thisuser->language(),PDO::PARAM_INT); - $stmt->execute(); - $current_lang = $stmt->fetchOnce(PDO::FETCH_ASSOC); - - echo_strip(' - <option value="#">'.$current_lang['name'].'</option> - </optgroup> - <optgroup label="all languages">'); + <select id="select" size="1" name="select" class="selectbox" style="width:140px" onchange="'."window.location.href = '".$config->pathInstance().'?'.htmlspecialchars($_SERVER['QUERY_STRING'])."&lang=' + this.options[this.selectedIndex].value".'">'); + + // show current profile language of registered users + if ($thisuser->language() > 0) { + // print current language + $stmt=&DBConnection::getInstance()->prepare("SELECT id, name FROM ".ROSCMST_LANGUAGES." WHERE id = :lang_id"); + $stmt->bindParam('lang_id',$thisuser->language(),PDO::PARAM_INT); + $stmt->execute(); + $current_lang = $stmt->fetchOnce(PDO::FETCH_ASSOC); + + echo_strip(' + <optgroup label="current language"> + <option value="#">'.$current_lang['name'].'</option> + </optgroup> + <optgroup label="all languages">'); + + $stmt=&DBConnection::getInstance()->prepare("SELECT name, id, name_original FROM ".ROSCMST_LANGUAGES." WHERE id != :lang ORDER BY name ASC"); + $stmt->bindParam('lang',$current_lang['id'],PDO::PARAM_INT); + } + + // for guests show all + else { + $stmt=&DBConnection::getInstance()->prepare("SELECT name, id, name_original FROM ".ROSCMST_LANGUAGES." ORDER BY name ASC"); + }
// print available languages - $stmt=&DBConnection::getInstance()->prepare("SELECT name, id, name_original FROM ".ROSCMST_LANGUAGES." WHERE id != :lang ORDER BY name ASC"); - $stmt->bindParam('lang',$current_lang['id'],PDO::PARAM_INT); $stmt->execute(); while ($language = $stmt->fetch(PDO::FETCH_ASSOC)) {
// display original name in brackets, if a localized version is available if ($language['name_original'] != '') { - echo '<option value="'.$language['id'].'">'.$language['name'].' ('.htmlentities($language['name_original']).')</option>'; + echo '<option value="'.$language['id'].'">'.$language['name'].' ('.htmlspecialchars($language['name_original']).')</option>'; } else { echo '<option value="'.$language['id'].'">'.$language['name'].'</option>'; } } + + if ($thisuser->language() > 0) { + echo '</optgroup>'; + }
// close navigation and open content area echo_strip(' - </optgroup> </select> </div> </li>
Modified: branches/danny-web/www/www.reactos.org/roscms/lib/backend/Admin_ACL.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/www/www.reactos.org/ro... ============================================================================== --- branches/danny-web/www/www.reactos.org/roscms/lib/backend/Admin_ACL.class.php [iso-8859-1] (original) +++ branches/danny-web/www/www.reactos.org/roscms/lib/backend/Admin_ACL.class.php [iso-8859-1] Fri May 8 00:12:07 2009 @@ -172,7 +172,7 @@ <tr id="tra'.($x).'" class="'.($x%2 ? 'odd' : 'even').'" onclick="'."editAccess(".$access['id'].")".'" onmouseover="'."hlRow(this.id,1)".'" onmouseout="'."hlRow(this.id,2)".'"> <td>'.$access['standard'].'</td> <td>'.$access['name'].'</td> - <td>'.htmlentities($access['description']).'</td> + <td>'.htmlspecialchars($access['description']).'</td> </tr>'); }
Modified: branches/danny-web/www/www.reactos.org/roscms/lib/backend/Admin_Groups.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/www/www.reactos.org/ro... ============================================================================== --- branches/danny-web/www/www.reactos.org/roscms/lib/backend/Admin_Groups.class.php [iso-8859-1] (original) +++ branches/danny-web/www/www.reactos.org/roscms/lib/backend/Admin_Groups.class.php [iso-8859-1] Fri May 8 00:12:07 2009 @@ -225,7 +225,7 @@ <tr id="trg'.($x).'" class="'.($x%2 ? 'odd' : 'even').'" onclick="'."editGroup(".$group['id'].")".'" onmouseover="'."hlRow(this.id,1)".'" onmouseout="'."hlRow(this.id,2)".'"> <td>'.$group['security_level'].'</td> <td>'.$group['name'].'</td> - <td>'.htmlentities($group['description']).'</td> + <td>'.htmlspecialchars($group['description']).'</td> </tr>'); } } // end of member function showSearch
Modified: branches/danny-web/www/www.reactos.org/roscms/lib/backend/Admin_Languages.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/www/www.reactos.org/ro... ============================================================================== --- branches/danny-web/www/www.reactos.org/roscms/lib/backend/Admin_Languages.class.php [iso-8859-1] (original) +++ branches/danny-web/www/www.reactos.org/roscms/lib/backend/Admin_Languages.class.php [iso-8859-1] Fri May 8 00:12:07 2009 @@ -117,7 +117,7 @@ <tr id="trl'.($x).'" class="'.($x%2 ? 'odd' : 'even').'" onclick="'."editLanguage(".$lang['id'].")".'" onmouseover="'."hlRow(this.id,1)".'" onmouseout="'."hlRow(this.id,2)".'"> <td>'.$lang['name_short'].'</td> <td>'.$lang['name'].'</td> - <td>'.htmlentities($lang['name_original']).'</td> + <td>'.htmlspecialchars($lang['name_original']).'</td> </tr>'); } } // end of member function showSearch
Modified: branches/danny-web/www/www.reactos.org/roscms/lib/om/EMail.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/www/www.reactos.org/ro... ============================================================================== --- branches/danny-web/www/www.reactos.org/roscms/lib/om/EMail.class.php [iso-8859-1] (original) +++ branches/danny-web/www/www.reactos.org/roscms/lib/om/EMail.class.php [iso-8859-1] Fri May 8 00:12:07 2009 @@ -55,7 +55,7 @@ }
// email addresses - $receiver = htmlentities($receiver, ENT_NOQUOTES, 'UTF-8'); + $receiver = htmlspecialchars($receiver, ENT_NOQUOTES, 'UTF-8');
// header $headers = "";
Modified: branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Login.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/www/www.reactos.org/ro... ============================================================================== --- branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Login.class.php [iso-8859-1] (original) +++ branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Login.class.php [iso-8859-1] Fri May 8 00:12:07 2009 @@ -233,7 +233,7 @@
$target_clean = ''; if (isset($_REQUEST['target']) && preg_match('/^(/[a-zA-Z0-9!$%&,'()*+-./:;=?@_~]+)$/', $_REQUEST['target'], $matches)) { - $target_clean = htmlentities($matches[1]); + $target_clean = htmlspecialchars($matches[1]); }
echo_strip('
Modified: branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Profile.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/www/www.reactos.org/ro... ============================================================================== --- branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Profile.class.php [iso-8859-1] (original) +++ branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Profile.class.php [iso-8859-1] Fri May 8 00:12:07 2009 @@ -86,7 +86,7 @@ <h2>Profile Search</h2> <div class="field"> <label for="search">Username</label> - <input name="search" type="text" id="search" value="'.@htmlentities($_GET['search']).'" /> + <input name="search" type="text" id="search" value="'.@htmlspecialchars($_GET['search']).'" /> </div> <div class="field"> <input type="hidden" name="page" id="page" value="search" />