Changeset 1010

Timestamp:

07/02/08 23:05:06 (5 months ago)

Author:

Pernod

Message:

Updated the Load/Save Settings feature to include parent categories, rss subscriptions, tv expressions, and tvid settings. Also ensured that all data is properly UTF-8 encoded and escaped before being written to XML.

Fixes #147

Files:

• trunk/swisscenter/base/swisscenter_configuration.php (modified) (20 diffs)

trunk/swisscenter/base/swisscenter_configuration.php

@@ -67 +67 @@
-        {
-          if ( !in_array($row["NAME"],$exceptions) )
-$row["VALUE"]
+utf8_encode(htmlspecialchars($row["VALUE"]))
-        }
-      }
@@ -80 +80 @@
-    {
-      $xpath = $this->xml->appendChild($this->settings_path,'<users />');
-
-
-
-
-
-$row["USERNAME"].'"/>'
+, u.admin
+
+
+
+
+utf8_encode(htmlspecialchars($row["USERNAME"]).'"/>')
-          $this->xml->appendChild($user_path, '<max_cert scheme="'.$row["SCHEME"].'">'.$row["CERTIFICATE"].'</max_cert>');
-          $this->xml->appendChild($user_path, '<pin>'.$row["PIN"].'</pin>');
+          $this->xml->appendChild($user_path, '<admin>'.$row["ADMIN"].'</admin>');
-          $pref_path = $this->xml->appendChild($user_path, '<preferences />');
-          $prefs = db_toarray("select * from user_prefs where user_id=$row[USER_ID]");
@@ -93 +94 @@
-          {
-            foreach ($prefs as $pref)
-$pref["VALUE"]
+utf8_encode(htmlspecialchars($pref["VALUE"]))
-          }
-        }
@@ -120 +121 @@
-             $cert_xpath = $this->xml->appendChild( $scheme_xpath,'<certificate name="'.$row["NAME"].'" />');
-             $this->xml->appendChild( $cert_xpath,'<rank>'.$row["RANK"].'</rank>');
-$row["DESCRIPTION"]
+utf8_encode(htmlspecialchars($row["DESCRIPTION"]))
-           }     
-         }
@@ -135 +136 @@
-    {
-      $xpath = $this->xml->appendChild($this->settings_path,'<categories />');
-* from categories
+c.cat_name, p.cat_name PARENT, c.download_info, c.parent_id from categories c, categories p where c.parent_id=p.cat_id
-      if ($data !== false && count($data)>0)
-      {
@@ -141 +142 @@
-        {
-          $cat_xpath = $this->xml->appendChild( $xpath,'<category />');
-
+
+
+
+
+
-          $this->xml->appendChild($cat_xpath,'<download_info>'.$row["DOWNLOAD_INFO"].'</download_info>');     
-        }
@@ -184 +189 @@
-          $loc_xpath = $this->xml->appendChild( $xpath,'<location />');
-          $this->xml->appendChild( $loc_xpath, '<type>'.$row["MEDIA_NAME"].'</type>');
-$row["NAME"]
+utf8_encode(htmlspecialchars($row["NAME"]))
-          $this->xml->appendChild( $loc_xpath, '<default_certificate scheme="'.$row["SCHEME"].'">'.$row["CERTIFICATE"].'</default_certificate>');
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-        }
-      }
@@ -204 +275 @@
-      $this->export_artfiles();
-      $this->export_media_locations();
+      $this->export_tv_expressions();
+      $this->export_rss_subscriptions();
+      $this->export_tvid_prefs();
-    }
-
@@ -213 +287 @@
-    function import_categories()
-    {
+      $cat_parent = array();
-      foreach ($this->xml->match('/swisscenter[1]/config[1]/categories[1]/category') as $abspath)
-      {
-
+
+
+
-        $download = $this->xml->getData($abspath.'/download_info[1]');
-
-
+
+
+
+
+
+
+
+
-      }
-    }
@@ -235 +318 @@
-        $value = $this->xml->getData($abspath);
-        if (db_value("select count(*) from system_prefs where name = '".$attrib["NAME"]."'") == 0)
-$value
+addslashes($value)
-        else 
-$value
+".addslashes($value)."
-      }
-    }
@@ -254 +337 @@
-        // Import user
-        $attrib = $this->xml->getAttributes($userpath);
-$attrib["NAME"]
-$name
+html_entity_decode(utf8_decode($attrib["NAME"]))
+".db_escape_str(un_magic_quote($name))."
-        {
-          $attrib      = $this->xml->getAttributes($userpath.'/max_cert[1]');
@@ -261 +344 @@
-          $cert_name   = $this->xml->getData($userpath.'/max_cert[1]');
-          $pin         = $this->xml->getData($userpath.'/pin[1]');
+          $admin       = $this->xml->getData($userpath.'/admin[1]');
-          
-          if (($cert_id = db_value("select cert_id from certificates where name='$cert_name' and scheme='$cert_scheme'")) === false)
@@ -269 +353 @@
-          else
-          {
-
+, "admin"=>$admin
-          }                    
-        }
-        
-        // Determine the user_id for importing settings.
-$name
+".db_escape_str(un_magic_quote($name))."
-        
-        // Import user preferences
@@ -282 +366 @@
-          $value   = $this->xml->getData($prefpath);
-          if (db_value("select count(*) from user_prefs where user_id=$user_id and name = '".$attrib["NAME"]."'") == 0)
-$value
+addslashes($value)
-          else
-$value
+".addslashes($value)."
-        }        
-      }
@@ -306 +390 @@
-          $cert_name = $attrib["NAME"];
-          $rank      = $this->xml->getData($certpath.'/rank[1]');
-$this->xml->getData($certpath.'/description[1]'
+html_entity_decode(utf8_decode($this->xml->getData($certpath.'/description[1]'))
-          
-          if (db_value("select count(*) from certificates where name='$cert_name' and scheme='$scheme_name'") == 0)
@@ -326 +410 @@
-      {
-        $type        = $this->xml->getData($locpath.'/type[1]');
-$this->xml->getData($locpath.'/path[1]'
-$this->xml->getData($locpath.'/category[1]'
+html_entity_decode(utf8_decode($this->xml->getData($locpath.'/path[1]'))
+html_entity_decode(utf8_decode($this->xml->getData($locpath.'/category[1]'))
-        $cert_name   = $this->xml->getData($locpath.'/default_certificate[1]');
-        $attrib      = $this->xml->getAttributes($locpath.'/default_certificate[1]');
@@ -338 +422 @@
-        elseif (($cat_id = db_value("select cat_id from categories where cat_name='$cat_name'")) === false)               
-          $errors[] = str('IMP_LOC_CAT_MISSING',$path,$cat_name);
-$path
+".db_escape_str(un_magic_quote($path))."
-        {
-          if ( db_insert_row("media_locations", array("name"=>$path, "media_type"=>$type_id, "cat_id"=>$cat_id, "unrated"=>$cert_id)) !== false)
-          {
-$path
+".db_escape_str(un_magic_quote($path))."
-            
-            if (! is_windows() )
@@ -356 +440 @@
-  
-    /**
-media_location
+artfile detail
-     *
-     * @return array - Array of errors
@@ -369 +453 @@
-        if (!in_array($name,$files))
-          db_insert_row("art_files",array("filename"=>$name));
+      }
+    }
+    
+    /**
+     * Imports all tv expressions into the database from the XML document
+     *
+     */
+    
+    function import_tv_expressions()
+    {
+      foreach ($this->xml->match('/swisscenter[1]/config[1]/tv_expressions[1]/expression') as $expressionpath)
+      {
+        $pos        = $this->xml->getData($expressionpath.'/pos[1]');
+        $expression = $this->xml->getData($expressionpath.'/expression[1]');
+        
+        if (db_value("select count(*) from tv_expressions where pos = $pos") == 0)
+          db_insert_row("tv_expressions", array("pos"=>$pos, "expression"=>addslashes($expression)));
+        else 
+          db_sqlcommand("update tv_expressions set expression='".addslashes($expression)."' where pos=$pos");
+      }
+    }
+    
+    /**
+     * Imports all rss_subscriptions into the database from the XML document
+     * 
+     */
+  
+    function import_rss_subscriptions()
+    {
+      foreach ($this->xml->match('/swisscenter[1]/config[1]/rss_subscriptions[1]/subscription') as $rsspath)
+      {
+        $type    = $this->xml->getData($rsspath.'/type[1]');
+        $url     = html_entity_decode(utf8_decode($this->xml->getData($rsspath.'/url[1]')));
+        $title   = html_entity_decode(utf8_decode($this->xml->getData($rsspath.'/title[1]')));
+        $update  = $this->xml->getData($rsspath.'/update[1]');
+        $cache   = $this->xml->getData($rsspath.'/cache[1]');
+        $type_id = db_value("select media_id from media_types where media_name='$type'");
+        
+        if (db_value("select count(*) from rss_subscriptions where type=$type_id and url='".db_escape_str(un_magic_quote($url))."'") == 0)
+          db_insert_row("rss_subscriptions", array("type"=>$type_id, "url"=>$url, "title"=>$title, "update_frequency"=>$update, "cache"=>$cache));
+      }
+    }
+    
+    /**
+     * Imports all tvid preferences into the database from the XML document
+     *
+     */
+    
+    function import_tvid_prefs()
+    {
+      foreach ($this->xml->match('/swisscenter[1]/config[1]/tvid_prefs[1]/tvid') as $tvidpath)
+      {
+        $player      = $this->xml->getData($tvidpath.'/player[1]');
+        $tvid        = $this->xml->getData($tvidpath.'/tvid[1]');
+        $tvid_custom = $this->xml->getData($tvidpath.'/tvid_custom[1]');
+        
+        if ($tvid_id = db_value("select tvid_id from tvid_prefs where player_type='$player' and tvid_sc='$tvid'"));
+        {
+          $data["tvid_custom"] = $tvid_custom;
+          db_sqlcommand("update tvid_prefs set tvid_custom='$tvid_custom' where tvid_id=$tvid_id");
+        }
-      }
-    }
@@ -383 +528 @@
-      $this->import_sys_prefs();    
-      $this->import_certificates();
+      $this->import_tv_expressions();
+      $this->import_rss_subscriptions();
+      $this->import_tvid_prefs();
-      
-      $errors = array();