From 897af06af9522ded99b1e0f46730299e89856ffe Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Mon, 11 Jun 2012 05:00:57 -0400
Subject: [PATCH] Updated version number to 3.0.4.6

---
 interface/lib/classes/listform.inc.php |   23 ++++++++++++-----------
 1 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/interface/lib/classes/listform.inc.php b/interface/lib/classes/listform.inc.php
index a5843d6..70cee01 100644
--- a/interface/lib/classes/listform.inc.php
+++ b/interface/lib/classes/listform.inc.php
@@ -126,7 +126,7 @@
 
     public function getSearchSQL($sql_where = '') 
     {
-        global $db;
+        global $app, $db;
 
         //* Get config variable
         $list_name = $this->listDef['name'];
@@ -151,9 +151,10 @@
                 }
 
                 //* Store field in session
-                if(isset($_REQUEST[$search_prefix.$field])){
+                if(isset($_REQUEST[$search_prefix.$field]) && !stristr($_REQUEST[$search_prefix.$field],"'")){
                     $_SESSION['search'][$list_name][$search_prefix.$field] = $_REQUEST[$search_prefix.$field];
-                }
+					if(preg_match("/['\\\\]/", $_SESSION['search'][$list_name][$search_prefix.$field])) $_SESSION['search'][$list_name][$search_prefix.$field] = '';
+				}
 
                 if(isset($i['formtype']) && $i['formtype'] == 'SELECT'){
                     if(is_array($i['value'])) {
@@ -181,7 +182,7 @@
                 $field = $i['field'];
                 // if($_REQUEST[$search_prefix.$field] != '') $sql_where .= " $field ".$i["op"]." '".$i["prefix"].$_REQUEST[$search_prefix.$field].$i["suffix"]."' and";
 		        if(isset($_SESSION['search'][$list_name][$search_prefix.$field]) && $_SESSION['search'][$list_name][$search_prefix.$field] != ''){
-                    $sql_where .= " $field ".$i['op']." '".$i['prefix'].$_SESSION['search'][$list_name][$search_prefix.$field].$i['suffix']."' and";
+                    $sql_where .= " $field ".$i['op']." '".$app->db->quote($i['prefix'].$_SESSION['search'][$list_name][$search_prefix.$field].$i['suffix'])."' and";
                 }
             }
         }
@@ -195,7 +196,7 @@
         //* Get Config variables
         $list_name          = $this->listDef['name'];
         $search_prefix      = $this->listDef['search_prefix'];
-        $records_per_page   = $this->listDef['records_per_page'];
+        $records_per_page   = intval($this->listDef['records_per_page']);
         $table              = $this->listDef['table'];
 
         //* set PAGE to zero, if in session not set
@@ -204,12 +205,12 @@
         }
 
         //* set PAGE to worth request variable "PAGE" - ? setze page auf wert der request variablen "page"
-        if(isset($_REQUEST["page"])) $_SESSION["search"][$list_name]["page"] = $_REQUEST["page"];
+        if(isset($_REQUEST["page"])) $_SESSION["search"][$list_name]["page"] = intval($_REQUEST["page"]);
 
         //* PAGE to 0 set, if look for themselves ?  page auf 0 setzen, wenn suche sich ge�ndert hat.
         if($this->searchChanged == 1) $_SESSION['search'][$list_name]['page'] = 0;
 
-        $sql_von = $_SESSION['search'][$list_name]['page'] * $records_per_page;
+        $sql_von = intval($_SESSION['search'][$list_name]['page'] * $records_per_page);
         $record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM $table WHERE $sql_where");
         $pages = intval(($record_count['anzahl'] - 1) / $records_per_page);
 
@@ -282,7 +283,7 @@
     public function decode($record) 
     {
         global $conf, $app;
-        if(is_array($record) && count($record) > 0) {
+        if(is_array($record) && count($record) > 0 && is_array($this->listDef['item'])) {
             foreach($this->listDef['item'] as $field){
                 $key = $field['field'];
 				if(isset($record[$key])) {
@@ -295,7 +296,7 @@
                     case 'DATETSTAMP':
                         if ($record[$key] > 0) {
 							// is value int?
-							if (preg_match("/^[0-9]+[.]?[0-9]*$/", $record[$key], $p)) {
+							if (preg_match("/^[0-9]+[\.]?[0-9]*$/", $record[$key], $p)) {
 	                        	$record[$key] = date($this->lng('conf_format_dateshort'), $record[$key]);
 							} else {
 	                        	$record[$key] = date($this->lng('conf_format_dateshort'), strtotime($record[$key]));
@@ -305,7 +306,7 @@
 					case 'DATE':
                         if ($record[$key] > 0) {
 							// is value int?
-							if (preg_match("/^[0-9]+[.]?[0-9]*$/", $record[$key], $p)) {
+							if (preg_match("/^[0-9]+[\.]?[0-9]*$/", $record[$key], $p)) {
 	                        	$record[$key] = date($this->lng('conf_format_dateshort'), $record[$key]);
 							} else {
 	                        	$record[$key] = date($this->lng('conf_format_dateshort'), strtotime($record[$key]));
@@ -316,7 +317,7 @@
                     case 'DATETIME':
                         if ($record[$key] > 0) {
 							// is value int?
-							if (preg_match("/^[0-9]+[.]?[0-9]*$/", $record[$key], $p)) {
+							if (preg_match("/^[0-9]+[\.]?[0-9]*$/", $record[$key], $p)) {
 	                        	$record[$key] = date($this->lng('conf_format_datetime'), $record[$key]);
 							} else {
 	                        	$record[$key] = date($this->lng('conf_format_datetime'), strtotime($record[$key]));

--
Gitblit v1.9.1