From 6bfa75077f235138a295ffa0bd18824004a1311c Mon Sep 17 00:00:00 2001 From: Alan Garcia Date: Wed, 22 Aug 2012 09:46:56 +0000 Subject: [PATCH] Fix #1137 --- bureau/admin/adm_defquotas.php | 5 ++--- bureau/admin/adm_dodefquotas.php | 31 ++++++++++++++++++------------- bureau/class/m_quota.php | 25 ++++++++++++++++++++++--- 3 files changed, 42 insertions(+), 19 deletions(-) diff --git a/bureau/admin/adm_defquotas.php b/bureau/admin/adm_defquotas.php index f8c4970b..f96223a0 100644 --- a/bureau/admin/adm_defquotas.php +++ b/bureau/admin/adm_defquotas.php @@ -66,9 +66,8 @@ include_once ("head.php"); diff --git a/bureau/admin/adm_dodefquotas.php b/bureau/admin/adm_dodefquotas.php index e5588697..1ac27857 100644 --- a/bureau/admin/adm_dodefquotas.php +++ b/bureau/admin/adm_dodefquotas.php @@ -35,23 +35,28 @@ if (!$admin->enabled) { __("This page is restricted to authorized staff"); exit(); } +$fields = array ( + "action" => array ("post", "string", ""), + "type" => array ("post", "string", ""), + "del_confirm" => array ("post", "string", ""), +); +getFields($fields); -if($_POST["action"] == "add") { - $type = $_POST['type']; +if($action == "add") { if($quota->addtype($type)) { - $error=_("Account type"). " \"$type\" "._("added"); + $error=_("Account type"). " \"".htmlentities($type)."\" "._("added"); } else { - $error=_("Account type"). " \"$type\" "._("could not be added"); + $error=_("Account type"). " \"".htmlentities($type)."\" "._("could not be added"); } include("adm_defquotas.php"); -} else if($_POST["action"] == "delete") { - if(@$_POST["del_confirm"] == "y"){ - if($_POST['type']) { - if($quota->deltype($_POST['type'])) { - $error=_("Account type"). " \"$type\" "._("deleted"); +} else if($action == "delete") { + if($del_confirm == "y"){ + if(!empty($type)) { + if($quota->deltype($type)) { + $error=_("Account type"). " \"".htmlentities($type)."\" "._("deleted"); } else { - $error=_("Account type"). " \"$type\" "._("could not be deleted"); + $error=_("Account type"). " \"".htmlentities($type)."\" "._("could not be deleted"); } } include("adm_defquotas.php"); @@ -60,11 +65,11 @@ if($_POST["action"] == "add") { ?> -

:

+

:

- " /> +

@@ -77,7 +82,7 @@ if($_POST["action"] == "add") { $val) { diff --git a/bureau/class/m_quota.php b/bureau/class/m_quota.php index 3798f493..8b9a2fe6 100644 --- a/bureau/class/m_quota.php +++ b/bureau/class/m_quota.php @@ -262,11 +262,15 @@ class m_quota { * @return boolean true if all went ok */ function addtype($type) { - global $db; + global $db,$err; $qlist=$this->qlist(); reset($qlist); - if(empty($type)) - return false; + if(empty($type)) return false; + $type=strtolower($type); + if (!preg_match("#^[a-z0-9]*$#",$type)) { + $err->raise("quota", "Type can only contains characters a-z and 0-9"); + return false; + } while (list($key,$val)=each($qlist)) { if(!$db->query("INSERT IGNORE INTO defquotas (quota,type) VALUES('$key', '$type');") || $db->affected_rows() == 0) @@ -276,6 +280,21 @@ class m_quota { } + /* ----------------------------------------------------------------- */ + /** + * List for quotas + * @return array + */ + function listtype() { + global $db; + $db->query("SELECT distinct(type) FROM defquotas ORDER by type"); + $t=array(); + while ($db->next_record()) { + $t[] = $db->f("type"); + } + return $t; + } + /* ----------------------------------------------------------------- */ /** * Delete an account type for quotas