osCommerce Online Merchant v2.2 RC1 Upgrade Notes
The following upgrade guide is based on the osCommerce 2.2 Milestone 2 Update 060817 release. If you have not yet updated to this release please review its upgrade guide in the extras directory (update-20060817.txt) before applying these changes.
The following changes should be performed in order on your installation to upgrade it to osCommerce Online Merchant v2.2 RC1. Please note that the following changes are only the recommended changes to make and does not include the new Administration Tool login routine or the Administration Tool index page summary modules that are available with new installations. This is to avoid a conflict with existing Administration Tool securing mechanisms already in place.
- [BUGFIX] Caching of the Manufacturers Box
- [IMPROVEMENT] Database Backup
- [IMPROVEMENT] Input Fields on Checkout Confirmation Page
- [IMPROVEMENT] register_globals Compatibility for PHP 4.3+ Servers
- [BUGFIX] Currency Case-Sensitivity
- [BUGFIX] Invoice and Packing Slip Billing Address
- [IMPROVEMENT] Configuration -> Minimum Values Settings
- [BUGFIX] Compatibility Array Index
- [IMPROVEMENT] MySQL Database Connection Identifier Link
- [BUGFIX] Product Sorting SQL Injection Vulnerability
- [BUGFIX] Product Price Calculations
- [BUGFIX] Country Name on the Order History Page
- [BUGFIX] Shopping Cart Product Quantity as Integer Value
- [IMPROVEMENT] Maximum Order Product Quantities [+SQL]
- [IMPROVEMENT] Accepting State Names
- [BUGFIX] Load the Order Total Modules Before Loading the Payment Modules
- [BUGFIX] Payment Module Selection
- [BUGFIX] Category Image Removal
- [BUGFIX] Add the Session ID to GET Based Forms
- [BUGFIX] Fix Typo on the Products New Page
- [BUGFIX] Process the Order Total Modules Earlier on the Checkout Confirmation Page
- [BUGFIX] PHP < 4.1 Compatibility Update
- [BUGFIX] Strip Additional Slashes When Editing Reviews
- [IMPROVEMENT] New Public Title for Payment Modules
- [IMPROVEMENT] Navigation History Parameter Filter
- [IMPROVEMENT] Increase Configuration Key and Title Database Field Sizes [SQL]
- [BUGFIX] Strip Additional Slashes When Editing Files Through the File Manager
[BUGFIX] Caching of the Manufacturers Box
Fix a spelling mistake preventing the manufacturers box being cached.
Affected Files
catalog/includes/functions/cache.php
File: catalog/includes/functions/cache.php
119 |
function tep_cache_manufacturers_box($auto_expire = false, $refresh = false) { |
= |
119 |
function tep_cache_manufacturers_box($auto_expire = false, $refresh = false) { |
120 |
global $HTTP_GET_VARS, $language; |
|
120 |
global $HTTP_GET_VARS, $language; |
121 |
|
|
121 |
|
122 |
$cache_output = ''; |
|
122 |
$cache_output = ''; |
123 |
|
|
123 |
|
124 |
$manufacturers_id = ''; |
|
124 |
$manufacturers_id = ''; |
125 |
if (isset($HTTP_GET_VARS['manufactuers_id']) && is_numeric($HTTP_GET_VARS['manufacturers_id'])) { |
<> |
125 |
if (isset($HTTP_GET_VARS['manufacturers_id']) && is_numeric($HTTP_GET_VARS['manufacturers_id'])) { |
126 |
$manufacturers_id = $HTTP_GET_VARS['manufacturers_id']; |
= |
126 |
$manufacturers_id = $HTTP_GET_VARS['manufacturers_id']; |
127 |
} |
|
127 |
} |
128 |
|
|
128 |
|
129 |
if (($refresh == true) || !read_cache($cache_output, 'manufacturers_box-' . $language . '.cache' . $manufacturers_id, $auto_expire)) { |
|
129 |
if (($refresh == true) || !read_cache($cache_output, 'manufacturers_box-' . $language . '.cache' . $manufacturers_id, $auto_expire)) { |
130 |
ob_start(); |
|
130 |
ob_start(); |
131 |
include(DIR_WS_BOXES . 'manufacturers.php'); |
|
131 |
include(DIR_WS_BOXES . 'manufacturers.php'); |
[IMPROVEMENT] Database Backup
Don't store the session and whos online database tables in the database backups.
Affected Files
catalog/admin/backup.php
File: catalog/admin/backup.php
70 |
$keys_query = tep_db_query("show keys from " . $table); |
= |
70 |
$keys_query = tep_db_query("show keys from " . $table); |
71 |
while ($keys = tep_db_fetch_array($keys_query)) { |
|
71 |
while ($keys = tep_db_fetch_array($keys_query)) { |
72 |
$kname = $keys['Key_name']; |
|
72 |
$kname = $keys['Key_name']; |
73 |
|
|
73 |
|
74 |
if (!isset($index[$kname])) { |
|
74 |
if (!isset($index[$kname])) { |
75 |
$index[$kname] = array('unique' => !$keys['Non_unique'], |
|
75 |
$index[$kname] = array('unique' => !$keys['Non_unique'], |
|
|
-+ |
76 |
'fulltext' => ($keys['Index_type'] == 'FULLTEXT' ? '1' : '0'), |
76 |
'columns' => array()); |
= |
77 |
'columns' => array()); |
77 |
} |
|
78 |
} |
78 |
|
|
79 |
|
79 |
$index[$kname]['columns'][] = $keys['Column_name']; |
|
80 |
$index[$kname]['columns'][] = $keys['Column_name']; |
80 |
} |
|
81 |
} |
81 |
|
|
82 |
|
|
83 |
$schema .= ',' . "\n"; |
= |
84 |
$schema .= ',' . "\n"; |
84 |
|
|
85 |
|
85 |
$columns = implode($info['columns'], ', '); |
|
86 |
$columns = implode($info['columns'], ', '); |
86 |
|
|
87 |
|
87 |
if ($kname == 'PRIMARY') { |
|
88 |
if ($kname == 'PRIMARY') { |
88 |
$schema .= ' PRIMARY KEY (' . $columns . ')'; |
|
89 |
$schema .= ' PRIMARY KEY (' . $columns . ')'; |
|
|
-+ |
90 |
} elseif ( $info['fulltext'] == '1' ) { |
|
|
|
91 |
$schema .= ' FULLTEXT ' . $kname . ' (' . $columns . ')'; |
89 |
} elseif ($info['unique']) { |
= |
92 |
} elseif ($info['unique']) { |
90 |
$schema .= ' UNIQUE ' . $kname . ' (' . $columns . ')'; |
|
93 |
$schema .= ' UNIQUE ' . $kname . ' (' . $columns . ')'; |
91 |
} else { |
|
94 |
} else { |
92 |
$schema .= ' KEY ' . $kname . ' (' . $columns . ')'; |
|
95 |
$schema .= ' KEY ' . $kname . ' (' . $columns . ')'; |
93 |
} |
|
96 |
} |
94 |
} |
|
97 |
} |
95 |
|
|
98 |
|
96 |
$schema .= "\n" . ');' . "\n\n"; |
|
99 |
$schema .= "\n" . ');' . "\n\n"; |
97 |
fputs($fp, $schema); |
|
100 |
fputs($fp, $schema); |
98 |
|
|
101 |
|
99 |
// dump the data |
|
102 |
// dump the data |
|
|
<> |
103 |
if ( ($table != TABLE_SESSIONS ) && ($table != TABLE_WHOS_ONLINE) ) { |
100 |
$rows_query = tep_db_query("select " . implode(',', $table_list) . " from " . $table); |
|
104 |
$rows_query = tep_db_query("select " . implode(',', $table_list) . " from " . $table); |
101 |
while ($rows = tep_db_fetch_array($rows_query)) { |
|
105 |
while ($rows = tep_db_fetch_array($rows_query)) { |
102 |
$schema = 'insert into ' . $table . ' (' . implode(', ', $table_list) . ') values ('; |
|
106 |
$schema = 'insert into ' . $table . ' (' . implode(', ', $table_list) . ') values ('; |
103 |
|
= |
107 |
|
104 |
reset($table_list); |
<> |
108 |
reset($table_list); |
105 |
while (list(,$i) = each($table_list)) { |
|
109 |
while (list(,$i) = each($table_list)) { |
106 |
if (!isset($rows[$i])) { |
|
110 |
if (!isset($rows[$i])) { |
107 |
$schema .= 'NULL, '; |
|
111 |
$schema .= 'NULL, '; |
108 |
} elseif (tep_not_null($rows[$i])) { |
|
112 |
} elseif (tep_not_null($rows[$i])) { |
109 |
$row = addslashes($rows[$i]); |
|
113 |
$row = addslashes($rows[$i]); |
110 |
$row = ereg_replace("\n#", "\n".'\#', $row); |
|
114 |
$row = ereg_replace("\n#", "\n".'\#', $row); |
111 |
|
= |
115 |
|
112 |
$schema .= '\'' . $row . '\', '; |
<> |
116 |
$schema .= '\'' . $row . '\', '; |
113 |
} else { |
|
117 |
} else { |
114 |
$schema .= '\'\', '; |
|
118 |
$schema .= '\'\', '; |
|
|
|
119 |
} |
115 |
} |
= |
120 |
} |
|
|
-+ |
121 |
|
|
|
|
122 |
$schema = ereg_replace(', $', '', $schema) . ');' . "\n"; |
|
|
|
123 |
fputs($fp, $schema); |
116 |
} |
= |
124 |
} |
117 |
|
+- |
|
|
118 |
$schema = ereg_replace(', $', '', $schema) . ');' . "\n"; |
|
|
|
119 |
fputs($fp, $schema); |
|
|
|
120 |
|
|
|
|
121 |
} |
= |
125 |
} |
122 |
} |
|
126 |
} |
123 |
|
|
127 |
|
124 |
fclose($fp); |
|
128 |
fclose($fp); |
125 |
|
|
129 |
|
126 |
if (isset($HTTP_POST_VARS['download']) && ($HTTP_POST_VARS['download'] == 'yes')) { |
|
130 |
if (isset($HTTP_POST_VARS['download']) && ($HTTP_POST_VARS['download'] == 'yes')) { |
|
247 |
tep_db_query("drop table if exists address_book, address_format, banners, banners_history, categories, categories_description, configuration, configuration_group, counter, counter_history, countries, currencies, customers, customers_basket, customers_basket_attributes, customers_info, languages, manufacturers, manufacturers_info, orders, orders_products, orders_status, orders_status_history, orders_products_attributes, orders_products_download, products, products_attributes, products_attributes_download, prodcts_description, products_options, products_options_values, products_options_values_to_products_options, products_to_categories, reviews, reviews_description, sessions, specials, tax_class, tax_rates, geo_zones, whos_online, zones, zones_to_geo_zones"); |
= |
251 |
tep_db_query("drop table if exists address_book, address_format, banners, banners_history, categories, categories_description, configuration, configuration_group, counter, counter_history, countries, currencies, customers, customers_basket, customers_basket_attributes, customers_info, languages, manufacturers, manufacturers_info, orders, orders_products, orders_status, orders_status_history, orders_products_attributes, orders_products_download, products, products_attributes, products_attributes_download, prodcts_description, products_options, products_options_values, products_options_values_to_products_options, products_to_categories, reviews, reviews_description, sessions, specials, tax_class, tax_rates, geo_zones, whos_online, zones, zones_to_geo_zones"); |
248 |
|
|
252 |
|
249 |
for ($i=0, $n=sizeof($sql_array); $i<$n; $i++) { |
|
253 |
for ($i=0, $n=sizeof($sql_array); $i<$n; $i++) { |
250 |
tep_db_query($sql_array[$i]); |
|
254 |
tep_db_query($sql_array[$i]); |
251 |
} |
|
255 |
} |
252 |
|
|
256 |
|
|
|
-+ |
257 |
tep_session_close(); |
|
|
|
258 |
|
|
|
|
259 |
tep_db_query("delete from " . TABLE_WHOS_ONLINE); |
|
|
|
260 |
tep_db_query("delete from " . TABLE_SESSIONS); |
|
|
|
261 |
|
253 |
tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'DB_LAST_RESTORE'"); |
= |
262 |
tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'DB_LAST_RESTORE'"); |
254 |
tep_db_query("insert into " . TABLE_CONFIGURATION . " values ('', 'Last Database Restore', 'DB_LAST_RESTORE', '" . $read_from . "', 'Last database restore file', '6', '', '', now(), '', '')"); |
|
263 |
tep_db_query("insert into " . TABLE_CONFIGURATION . " values ('', 'Last Database Restore', 'DB_LAST_RESTORE', '" . $read_from . "', 'Last database restore file', '6', '', '', now(), '', '')"); |
255 |
|
|
264 |
|
256 |
if (isset($remove_raw) && ($remove_raw == true)) { |
|
265 |
if (isset($remove_raw) && ($remove_raw == true)) { |
257 |
unlink($restore_from); |
|
266 |
unlink($restore_from); |
258 |
} |
|
267 |
} |
[IMPROVEMENT] Input Fields on Checkout Confirmation Page
Allow payment modules to display input fields on the checkout confirmation page. This is for PCI conformance where the credit card number can be directly passed to the payment gateway.
Affected Files
catalog/checkout_confirmation.php
File: catalog/checkout_confirmation.php
107 |
<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?> |
= |
107 |
<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?> |
108 |
<!-- left_navigation_eof //--> |
|
108 |
<!-- left_navigation_eof //--> |
109 |
</table></td> |
|
109 |
</table></td> |
110 |
<!-- body_text //--> |
|
110 |
<!-- body_text //--> |
111 |
<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
|
111 |
<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
112 |
<tr> |
|
112 |
<tr> |
|
|
<> |
113 |
<td> |
|
|
|
114 |
<?php |
|
|
|
115 |
if (isset($$payment->form_action_url)) { |
|
|
|
116 |
$form_action_url = $$payment->form_action_url; |
|
|
|
117 |
} else { |
|
|
|
118 |
$form_action_url = tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL'); |
|
|
|
119 |
} |
|
|
|
120 |
|
|
|
|
121 |
echo tep_draw_form('checkout_confirmation', $form_action_url, 'post'); |
|
|
|
122 |
?> |
113 |
<td><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
|
123 |
<table border="0" width="100%" cellspacing="0" cellpadding="0"> |
114 |
<tr> |
= |
124 |
<tr> |
115 |
<td class="pageHeading"><?php echo HEADING_TITLE; ?></td> |
|
125 |
<td class="pageHeading"><?php echo HEADING_TITLE; ?></td> |
116 |
<td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_confirmation.gif', HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td> |
|
126 |
<td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_confirmation.gif', HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td> |
117 |
</tr> |
|
127 |
</tr> |
118 |
</table></td> |
|
128 |
</table></td> |
119 |
</tr> |
|
129 |
</tr> |
|
306 |
?> |
= |
316 |
?> |
307 |
<tr> |
|
317 |
<tr> |
308 |
<td><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
|
318 |
<td><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
309 |
<tr> |
|
319 |
<tr> |
310 |
<td align="right" class="main"> |
|
320 |
<td align="right" class="main"> |
311 |
<?php |
|
321 |
<?php |
312 |
if (isset($$payment->form_action_url)) { |
+- |
|
|
313 |
$form_action_url = $$payment->form_action_url; |
|
|
|
314 |
} else { |
|
|
|
315 |
$form_action_url = tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL'); |
|
|
|
316 |
} |
|
|
|
317 |
|
|
|
|
318 |
echo tep_draw_form('checkout_confirmation', $form_action_url, 'post'); |
|
|
|
319 |
|
|
|
|
320 |
if (is_array($payment_modules->modules)) { |
= |
322 |
if (is_array($payment_modules->modules)) { |
321 |
echo $payment_modules->process_button(); |
|
323 |
echo $payment_modules->process_button(); |
322 |
} |
|
324 |
} |
323 |
|
|
325 |
|
324 |
echo tep_image_submit('button_confirm_order.gif', IMAGE_BUTTON_CONFIRM_ORDER) . '</form>' . "\n"; |
<> |
326 |
echo tep_image_submit('button_confirm_order.gif', IMAGE_BUTTON_CONFIRM_ORDER) . "\n"; |
325 |
?> |
= |
327 |
?> |
326 |
</td> |
|
328 |
</td> |
327 |
</tr> |
|
329 |
</tr> |
328 |
</table></td> |
|
330 |
</table></td> |
329 |
</tr> |
|
331 |
</tr> |
330 |
<tr> |
|
332 |
<tr> |
|
359 |
<td align="center" width="25%" class="checkoutBarFrom"><?php echo '<a href="' . tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL') . '" class="checkoutBarFrom">' . CHECKOUT_BAR_PAYMENT . '</a>'; ?></td> |
= |
361 |
<td align="center" width="25%" class="checkoutBarFrom"><?php echo '<a href="' . tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL') . '" class="checkoutBarFrom">' . CHECKOUT_BAR_PAYMENT . '</a>'; ?></td> |
360 |
<td align="center" width="25%" class="checkoutBarCurrent"><?php echo CHECKOUT_BAR_CONFIRMATION; ?></td> |
|
362 |
<td align="center" width="25%" class="checkoutBarCurrent"><?php echo CHECKOUT_BAR_CONFIRMATION; ?></td> |
361 |
<td align="center" width="25%" class="checkoutBarTo"><?php echo CHECKOUT_BAR_FINISHED; ?></td> |
|
363 |
<td align="center" width="25%" class="checkoutBarTo"><?php echo CHECKOUT_BAR_FINISHED; ?></td> |
362 |
</tr> |
|
364 |
</tr> |
363 |
</table></td> |
|
365 |
</table></td> |
364 |
</tr> |
|
366 |
</tr> |
365 |
</table></td> |
<> |
367 |
</table></form></td> |
366 |
<!-- body_text_eof //--> |
= |
368 |
<!-- body_text_eof //--> |
367 |
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2"> |
|
369 |
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2"> |
368 |
<!-- right_navigation //--> |
|
370 |
<!-- right_navigation //--> |
369 |
<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?> |
|
371 |
<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?> |
370 |
<!-- right_navigation_eof //--> |
|
372 |
<!-- right_navigation_eof //--> |
371 |
</table></td> |
|
373 |
</table></td> |
[IMPROVEMENT] register_globals Compatibility for PHP 4.3+ Servers
Add a register_globals compatibility layer for PHP 4.3+ servers.
Affected Files
catalog/includes/application_top.php
catalog/includes/functions/compatibility.php
catalog/includes/functions/sessions.php
catalog/includes/functions/html_output.php
catalog/includes/classes/order.php
catalog/includes/modules/address_book_details.php
catalog/checkout_payment.php
catalog/admin/includes/application_top.php
catalog/admin/includes/functions/compatibility.php
catalog/admin/includes/functions/sessions.php
catalog/admin/includes/functions/html_output.php
catalog/admin/includes/classes/upload.php
catalog/admin/file_manager.php
File: catalog/includes/application_top.php
13 |
// start the timer for the page parse time log |
= |
13 |
// start the timer for the page parse time log |
14 |
define('PAGE_PARSE_START_TIME', microtime()); |
|
14 |
define('PAGE_PARSE_START_TIME', microtime()); |
15 |
|
|
15 |
|
16 |
// set the level of error reporting |
|
16 |
// set the level of error reporting |
17 |
error_reporting(E_ALL & ~E_NOTICE); |
|
17 |
error_reporting(E_ALL & ~E_NOTICE); |
18 |
|
|
18 |
|
19 |
// check if register_globals is enabled. |
<> |
19 |
// check support for register_globals |
20 |
// since this is a temporary measure this message is hardcoded. The requirement will be removed before 2.2 is finalized. |
|
20 |
if (function_exists('ini_get') && (ini_get('register_globals') == false) && (PHP_VERSION < 4.3) ) { |
21 |
if (function_exists('ini_get')) { |
|
21 |
exit('Server Requirement Error: register_globals is disabled in your PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in your catalog directory. Please use PHP 4.3+ if register_globals cannot be enabled on the server.'); |
22 |
ini_get('register_globals') or exit('Server Requirement Error: register_globals is disabled in your PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in your catalog directory.'); |
|
|
|
23 |
} |
= |
22 |
} |
24 |
|
|
23 |
|
25 |
// Set the local configuration parameters - mainly for developers |
|
24 |
// Set the local configuration parameters - mainly for developers |
26 |
if (file_exists('includes/local/configure.php')) include('includes/local/configure.php'); |
|
25 |
if (file_exists('includes/local/configure.php')) include('includes/local/configure.php'); |
27 |
|
|
26 |
|
28 |
// include server parameters |
|
27 |
// include server parameters |
|
33 |
header('Location: install/index.php'); |
= |
32 |
header('Location: install/index.php'); |
34 |
} |
|
33 |
} |
35 |
} |
|
34 |
} |
36 |
|
|
35 |
|
37 |
// define the project version |
|
36 |
// define the project version |
38 |
define('PROJECT_VERSION', 'osCommerce 2.2-MS2'); |
|
37 |
define('PROJECT_VERSION', 'osCommerce 2.2-MS2'); |
|
|
-+ |
38 |
|
|
|
|
39 |
// some code to solve compatibility issues |
|
|
|
40 |
require(DIR_WS_FUNCTIONS . 'compatibility.php'); |
39 |
|
= |
41 |
|
40 |
// set the type of request (secure or not) |
|
42 |
// set the type of request (secure or not) |
41 |
$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; |
|
43 |
$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; |
42 |
|
|
44 |
|
43 |
// set php_self in the local scope |
|
45 |
// set php_self in the local scope |
44 |
if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; |
|
46 |
if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; |
|
122 |
// include shopping cart class |
= |
124 |
// include shopping cart class |
123 |
require(DIR_WS_CLASSES . 'shopping_cart.php'); |
|
125 |
require(DIR_WS_CLASSES . 'shopping_cart.php'); |
124 |
|
|
126 |
|
125 |
// include navigation history class |
|
127 |
// include navigation history class |
126 |
require(DIR_WS_CLASSES . 'navigation_history.php'); |
|
128 |
require(DIR_WS_CLASSES . 'navigation_history.php'); |
127 |
|
|
129 |
|
128 |
// some code to solve compatibility issues |
+- |
|
|
129 |
require(DIR_WS_FUNCTIONS . 'compatibility.php'); |
|
|
|
130 |
|
|
|
|
131 |
// check if sessions are supported, otherwise use the php3 compatible session class |
= |
130 |
// check if sessions are supported, otherwise use the php3 compatible session class |
132 |
if (!function_exists('session_start')) { |
|
131 |
if (!function_exists('session_start')) { |
133 |
define('PHP_SESSION_NAME', 'osCsid'); |
|
132 |
define('PHP_SESSION_NAME', 'osCsid'); |
134 |
define('PHP_SESSION_PATH', $cookie_path); |
|
133 |
define('PHP_SESSION_PATH', $cookie_path); |
135 |
define('PHP_SESSION_DOMAIN', $cookie_domain); |
|
134 |
define('PHP_SESSION_DOMAIN', $cookie_domain); |
136 |
define('PHP_SESSION_SAVE_PATH', SESSION_WRITE_DIRECTORY); |
|
135 |
define('PHP_SESSION_SAVE_PATH', SESSION_WRITE_DIRECTORY); |
|
191 |
tep_session_start(); |
= |
190 |
tep_session_start(); |
192 |
$session_started = true; |
|
191 |
$session_started = true; |
193 |
} |
|
192 |
} |
194 |
} else { |
|
193 |
} else { |
195 |
tep_session_start(); |
|
194 |
tep_session_start(); |
196 |
$session_started = true; |
|
195 |
$session_started = true; |
|
|
-+ |
196 |
} |
|
|
|
197 |
|
|
|
|
198 |
if ( ($session_started == true) && (PHP_VERSION >= 4.3) && function_exists('ini_get') && (ini_get('register_globals') == false) ) { |
|
|
|
199 |
extract($_SESSION, EXTR_OVERWRITE+EXTR_REFS); |
197 |
} |
= |
200 |
} |
198 |
|
|
201 |
|
199 |
// set SID once, even if empty |
|
202 |
// set SID once, even if empty |
200 |
$SID = (defined('SID') ? SID : ''); |
|
203 |
$SID = (defined('SID') ? SID : ''); |
201 |
|
|
204 |
|
202 |
// verify the ssl_session_id if the feature is enabled |
|
205 |
// verify the ssl_session_id if the feature is enabled |
File: catalog/includes/functions/compatibility.php
2 |
/* |
= |
2 |
/* |
3 |
$Id$ |
|
3 |
$Id$ |
4 |
|
|
4 |
|
5 |
osCommerce, Open Source E-Commerce Solutions |
|
5 |
osCommerce, Open Source E-Commerce Solutions |
6 |
http://www.oscommerce.com |
|
6 |
http://www.oscommerce.com |
7 |
|
|
7 |
|
8 |
Copyright (c) 2006 osCommerce |
|
8 |
Copyright (c) 2007 osCommerce |
9 |
|
|
9 |
|
10 |
Released under the GNU General Public License |
|
10 |
Released under the GNU General Public License |
11 |
|
+- |
|
|
12 |
Modified by Marco Canini, <m.canini@libero.it> |
|
|
|
13 |
- Fixed a bug with arrays in $HTTP_xxx_VARS |
|
|
|
14 |
*/ |
= |
11 |
*/ |
15 |
|
|
12 |
|
16 |
//// |
|
13 |
//// |
17 |
// Recursively handle magic_quotes_gpc turned off. |
|
14 |
// Recursively handle magic_quotes_gpc turned off. |
18 |
// This is due to the possibility of have an array in |
|
15 |
// This is due to the possibility of have an array in |
19 |
// $HTTP_xxx_VARS |
|
16 |
// $HTTP_xxx_VARS |
|
27 |
} else { |
= |
24 |
} else { |
28 |
$ar[$key] = addslashes($value); |
|
25 |
$ar[$key] = addslashes($value); |
29 |
} |
|
26 |
} |
30 |
} |
|
27 |
} |
31 |
} |
|
28 |
} |
32 |
|
|
29 |
|
33 |
// $HTTP_xxx_VARS are always set on php4 |
<> |
30 |
if (PHP_VERSION >= 4.1) { |
|
|
|
31 |
$HTTP_GET_VARS =& $_GET; |
|
|
|
32 |
$HTTP_POST_VARS =& $_POST; |
|
|
|
33 |
$HTTP_COOKIE_VARS =& $_COOKIE; |
|
|
|
34 |
$HTTP_SESSION_VARS =& $_SESSION; |
|
|
|
35 |
$HTTP_POST_FILES =& $_FILES; |
|
|
|
36 |
$HTTP_SERVER_VARS =& $_SERVER; |
|
|
|
37 |
} else { |
34 |
if (!is_array($HTTP_GET_VARS)) $HTTP_GET_VARS = array(); |
|
38 |
if (!is_array($HTTP_GET_VARS)) $HTTP_GET_VARS = array(); |
35 |
if (!is_array($HTTP_POST_VARS)) $HTTP_POST_VARS = array(); |
|
39 |
if (!is_array($HTTP_POST_VARS)) $HTTP_POST_VARS = array(); |
36 |
if (!is_array($HTTP_COOKIE_VARS)) $HTTP_COOKIE_VARS = array(); |
|
40 |
if (!is_array($HTTP_COOKIE_VARS)) $HTTP_COOKIE_VARS = array(); |
|
|
|
41 |
} |
37 |
|
= |
42 |
|
38 |
// handle magic_quotes_gpc turned off. |
|
43 |
// handle magic_quotes_gpc turned off. |
39 |
if (!get_magic_quotes_gpc()) { |
|
44 |
if (!get_magic_quotes_gpc()) { |
40 |
do_magic_quotes_gpc($HTTP_GET_VARS); |
|
45 |
do_magic_quotes_gpc($HTTP_GET_VARS); |
41 |
do_magic_quotes_gpc($HTTP_POST_VARS); |
|
46 |
do_magic_quotes_gpc($HTTP_POST_VARS); |
42 |
do_magic_quotes_gpc($HTTP_COOKIE_VARS); |
|
47 |
do_magic_quotes_gpc($HTTP_COOKIE_VARS); |
File: catalog/includes/functions/sessions.php
98 |
} |
= |
98 |
} |
99 |
|
|
99 |
|
100 |
function tep_session_register($variable) { |
|
100 |
function tep_session_register($variable) { |
101 |
global $session_started; |
|
101 |
global $session_started; |
102 |
|
|
102 |
|
103 |
if ($session_started == true) { |
|
103 |
if ($session_started == true) { |
|
|
<> |
104 |
if (PHP_VERSION < 4.3) { |
104 |
return session_register($variable); |
|
105 |
return session_register($variable); |
105 |
} else { |
|
106 |
} else { |
|
|
|
107 |
$_SESSION[$variable] = (isset($GLOBALS[$variable])) ? $GLOBALS[$variable] : null; |
|
|
|
108 |
|
|
|
|
109 |
$GLOBALS[$variable] =& $_SESSION[$variable]; |
106 |
return false; |
|
110 |
} |
107 |
} |
= |
111 |
} |
|
|
-+ |
112 |
|
|
|
|
113 |
return false; |
108 |
} |
= |
114 |
} |
109 |
|
|
115 |
|
110 |
function tep_session_is_registered($variable) { |
|
116 |
function tep_session_is_registered($variable) { |
|
|
<> |
117 |
if (PHP_VERSION < 4.3) { |
111 |
return session_is_registered($variable); |
|
118 |
return session_is_registered($variable); |
|
|
|
119 |
} else { |
|
|
|
120 |
return isset($_SESSION[$variable]); |
|
|
|
121 |
} |
112 |
} |
= |
122 |
} |
113 |
|
|
123 |
|
114 |
function tep_session_unregister($variable) { |
|
124 |
function tep_session_unregister($variable) { |
|
|
<> |
125 |
if (PHP_VERSION < 4.3) { |
115 |
return session_unregister($variable); |
|
126 |
return session_unregister($variable); |
|
|
|
127 |
} else { |
|
|
|
128 |
unset($_SESSION[$variable]); |
|
|
|
129 |
} |
116 |
} |
= |
130 |
} |
117 |
|
|
131 |
|
118 |
function tep_session_id($sessid = '') { |
|
132 |
function tep_session_id($sessid = '') { |
119 |
if (!empty($sessid)) { |
|
133 |
if (!empty($sessid)) { |
120 |
return session_id($sessid); |
|
134 |
return session_id($sessid); |
121 |
} else { |
|
135 |
} else { |
File: catalog/includes/functions/html_output.php
155 |
return $form; |
= |
155 |
return $form; |
156 |
} |
|
156 |
} |
157 |
|
|
157 |
|
158 |
//// |
|
158 |
//// |
159 |
// Output a form input field |
|
159 |
// Output a form input field |
160 |
function tep_draw_input_field($name, $value = '', $parameters = '', $type = 'text', $reinsert_value = true) { |
|
160 |
function tep_draw_input_field($name, $value = '', $parameters = '', $type = 'text', $reinsert_value = true) { |
|
|
-+ |
161 |
global $HTTP_GET_VARS, $HTTP_POST_VARS; |
|
|
|
162 |
|
161 |
$field = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"'; |
= |
163 |
$field = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"'; |
162 |
|
|
164 |
|
163 |
if ( (isset($GLOBALS[$name])) && ($reinsert_value == true) ) { |
<> |
165 |
if ( ($reinsert_value == true) && ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) ) { |
164 |
$field .= ' value="' . tep_output_string(stripslashes($GLOBALS[$name])) . '"'; |
|
166 |
if (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) { |
|
|
|
167 |
$value = stripslashes($HTTP_GET_VARS[$name]); |
|
|
|
168 |
} elseif (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) { |
|
|
|
169 |
$value = stripslashes($HTTP_POST_VARS[$name]); |
|
|
|
170 |
} |
|
|
|
171 |
} |
|
|
|
172 |
|
165 |
} elseif (tep_not_null($value)) { |
|
173 |
if (tep_not_null($value)) { |
166 |
$field .= ' value="' . tep_output_string($value) . '"'; |
= |
174 |
$field .= ' value="' . tep_output_string($value) . '"'; |
167 |
} |
|
175 |
} |
168 |
|
|
176 |
|
169 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
|
177 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
170 |
|
|
178 |
|
171 |
$field .= '>'; |
|
179 |
$field .= '>'; |
|
179 |
return tep_draw_input_field($name, $value, $parameters, 'password', false); |
= |
187 |
return tep_draw_input_field($name, $value, $parameters, 'password', false); |
180 |
} |
|
188 |
} |
181 |
|
|
189 |
|
182 |
//// |
|
190 |
//// |
183 |
// Output a selection field - alias function for tep_draw_checkbox_field() and tep_draw_radio_field() |
|
191 |
// Output a selection field - alias function for tep_draw_checkbox_field() and tep_draw_radio_field() |
184 |
function tep_draw_selection_field($name, $type, $value = '', $checked = false, $parameters = '') { |
|
192 |
function tep_draw_selection_field($name, $type, $value = '', $checked = false, $parameters = '') { |
|
|
-+ |
193 |
global $HTTP_GET_VARS, $HTTP_POST_VARS; |
|
|
|
194 |
|
185 |
$selection = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"'; |
= |
195 |
$selection = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"'; |
186 |
|
|
196 |
|
187 |
if (tep_not_null($value)) $selection .= ' value="' . tep_output_string($value) . '"'; |
|
197 |
if (tep_not_null($value)) $selection .= ' value="' . tep_output_string($value) . '"'; |
188 |
|
|
198 |
|
189 |
if ( ($checked == true) || ( isset($GLOBALS[$name]) && is_string($GLOBALS[$name]) && ( ($GLOBALS[$name] == 'on') || (isset($value) && (stripslashes($GLOBALS[$name]) == $value)) ) ) ) { |
<> |
199 |
if ( ($checked == true) || (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name]) && (($HTTP_GET_VARS[$name] == 'on') || (stripslashes($HTTP_GET_VARS[$name]) == $value))) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name]) && (($HTTP_POST_VARS[$name] == 'on') || (stripslashes($HTTP_POST_VARS[$name]) == $value))) ) { |
190 |
$selection .= ' CHECKED'; |
= |
200 |
$selection .= ' CHECKED'; |
191 |
} |
|
201 |
} |
192 |
|
|
202 |
|
193 |
if (tep_not_null($parameters)) $selection .= ' ' . $parameters; |
|
203 |
if (tep_not_null($parameters)) $selection .= ' ' . $parameters; |
194 |
|
|
204 |
|
195 |
$selection .= '>'; |
|
205 |
$selection .= '>'; |
|
209 |
return tep_draw_selection_field($name, 'radio', $value, $checked, $parameters); |
= |
219 |
return tep_draw_selection_field($name, 'radio', $value, $checked, $parameters); |
210 |
} |
|
220 |
} |
211 |
|
|
221 |
|
212 |
//// |
|
222 |
//// |
213 |
// Output a form textarea field |
|
223 |
// Output a form textarea field |
214 |
function tep_draw_textarea_field($name, $wrap, $width, $height, $text = '', $parameters = '', $reinsert_value = true) { |
|
224 |
function tep_draw_textarea_field($name, $wrap, $width, $height, $text = '', $parameters = '', $reinsert_value = true) { |
|
|
-+ |
225 |
global $HTTP_GET_VARS, $HTTP_POST_VARS; |
|
|
|
226 |
|
215 |
$field = '<textarea name="' . tep_output_string($name) . '" wrap="' . tep_output_string($wrap) . '" cols="' . tep_output_string($width) . '" rows="' . tep_output_string($height) . '"'; |
= |
227 |
$field = '<textarea name="' . tep_output_string($name) . '" wrap="' . tep_output_string($wrap) . '" cols="' . tep_output_string($width) . '" rows="' . tep_output_string($height) . '"'; |
216 |
|
|
228 |
|
217 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
|
229 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
218 |
|
|
230 |
|
219 |
$field .= '>'; |
|
231 |
$field .= '>'; |
220 |
|
|
232 |
|
221 |
if ( (isset($GLOBALS[$name])) && ($reinsert_value == true) ) { |
<> |
233 |
if ( ($reinsert_value == true) && ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) ) { |
|
|
|
234 |
if (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) { |
222 |
$field .= tep_output_string_protected(stripslashes($GLOBALS[$name])); |
|
235 |
$field .= tep_output_string_protected(stripslashes($HTTP_GET_VARS[$name])); |
|
|
|
236 |
} elseif (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) { |
|
|
|
237 |
$field .= tep_output_string_protected(stripslashes($HTTP_POST_VARS[$name])); |
|
|
|
238 |
} |
223 |
} elseif (tep_not_null($text)) { |
= |
239 |
} elseif (tep_not_null($text)) { |
224 |
$field .= tep_output_string_protected($text); |
|
240 |
$field .= tep_output_string_protected($text); |
225 |
} |
|
241 |
} |
226 |
|
|
242 |
|
227 |
$field .= '</textarea>'; |
|
243 |
$field .= '</textarea>'; |
228 |
|
|
244 |
|
229 |
return $field; |
|
245 |
return $field; |
230 |
} |
|
246 |
} |
231 |
|
|
247 |
|
232 |
//// |
|
248 |
//// |
233 |
// Output a form hidden field |
|
249 |
// Output a form hidden field |
234 |
function tep_draw_hidden_field($name, $value = '', $parameters = '') { |
|
250 |
function tep_draw_hidden_field($name, $value = '', $parameters = '') { |
|
|
-+ |
251 |
global $HTTP_GET_VARS, $HTTP_POST_VARS; |
|
|
|
252 |
|
235 |
$field = '<input type="hidden" name="' . tep_output_string($name) . '"'; |
= |
253 |
$field = '<input type="hidden" name="' . tep_output_string($name) . '"'; |
236 |
|
|
254 |
|
237 |
if (tep_not_null($value)) { |
|
255 |
if (tep_not_null($value)) { |
238 |
$field .= ' value="' . tep_output_string($value) . '"'; |
|
256 |
$field .= ' value="' . tep_output_string($value) . '"'; |
239 |
} elseif (isset($GLOBALS[$name])) { |
<> |
257 |
} elseif ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) { |
|
|
|
258 |
if ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) ) { |
240 |
$field .= ' value="' . tep_output_string(stripslashes($GLOBALS[$name])) . '"'; |
|
259 |
$field .= ' value="' . tep_output_string(stripslashes($HTTP_GET_VARS[$name])) . '"'; |
|
|
|
260 |
} elseif ( (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) { |
|
|
|
261 |
$field .= ' value="' . tep_output_string(stripslashes($HTTP_POST_VARS[$name])) . '"'; |
|
|
|
262 |
} |
241 |
} |
= |
263 |
} |
242 |
|
|
264 |
|
243 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
|
265 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
244 |
|
|
266 |
|
245 |
$field .= '>'; |
|
267 |
$field .= '>'; |
246 |
|
|
268 |
|
|
257 |
} |
= |
279 |
} |
258 |
} |
|
280 |
} |
259 |
|
|
281 |
|
260 |
//// |
|
282 |
//// |
261 |
// Output a form pull down menu |
|
283 |
// Output a form pull down menu |
262 |
function tep_draw_pull_down_menu($name, $values, $default = '', $parameters = '', $required = false) { |
|
284 |
function tep_draw_pull_down_menu($name, $values, $default = '', $parameters = '', $required = false) { |
|
|
-+ |
285 |
global $HTTP_GET_VARS, $HTTP_POST_VARS; |
|
|
|
286 |
|
263 |
$field = '<select name="' . tep_output_string($name) . '"'; |
= |
287 |
$field = '<select name="' . tep_output_string($name) . '"'; |
264 |
|
|
288 |
|
265 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
|
289 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
266 |
|
|
290 |
|
267 |
$field .= '>'; |
|
291 |
$field .= '>'; |
268 |
|
|
292 |
|
269 |
if (empty($default) && isset($GLOBALS[$name])) $default = stripslashes($GLOBALS[$name]); |
<> |
293 |
if (empty($default) && ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) ) { |
|
|
|
294 |
if (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) { |
|
|
|
295 |
$default = stripslashes($HTTP_GET_VARS[$name]); |
|
|
|
296 |
} elseif (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) { |
|
|
|
297 |
$default = stripslashes($HTTP_POST_VARS[$name]); |
|
|
|
298 |
} |
|
|
|
299 |
} |
270 |
|
= |
300 |
|
271 |
for ($i=0, $n=sizeof($values); $i<$n; $i++) { |
|
301 |
for ($i=0, $n=sizeof($values); $i<$n; $i++) { |
272 |
$field .= '<option value="' . tep_output_string($values[$i]['id']) . '"'; |
|
302 |
$field .= '<option value="' . tep_output_string($values[$i]['id']) . '"'; |
273 |
if ($default == $values[$i]['id']) { |
|
303 |
if ($default == $values[$i]['id']) { |
274 |
$field .= ' SELECTED'; |
|
304 |
$field .= ' SELECTED'; |
275 |
} |
|
305 |
} |
File: catalog/includes/classes/order.php
128 |
|
= |
128 |
|
129 |
$index++; |
|
129 |
$index++; |
130 |
} |
|
130 |
} |
131 |
} |
|
131 |
} |
132 |
|
|
132 |
|
133 |
function cart() { |
|
133 |
function cart() { |
134 |
global $customer_id, $sendto, $billto, $cart, $languages_id, $currency, $currencies, $shipping, $payment; |
<> |
134 |
global $HTTP_POST_VARS, $customer_id, $sendto, $billto, $cart, $languages_id, $currency, $currencies, $shipping, $payment, $comments; |
135 |
|
= |
135 |
|
136 |
$this->content_type = $cart->get_content_type(); |
|
136 |
$this->content_type = $cart->get_content_type(); |
137 |
|
|
137 |
|
138 |
$customer_address_query = tep_db_query("select c.customers_firstname, c.customers_lastname, c.customers_telephone, c.customers_email_address, ab.entry_company, ab.entry_street_address, ab.entry_suburb, ab.entry_postcode, ab.entry_city, ab.entry_zone_id, z.zone_name, co.countries_id, co.countries_name, co.countries_iso_code_2, co.countries_iso_code_3, co.address_format_id, ab.entry_state from " . TABLE_CUSTOMERS . " c, " . TABLE_ADDRESS_BOOK . " ab left join " . TABLE_ZONES . " z on (ab.entry_zone_id = z.zone_id) left join " . TABLE_COUNTRIES . " co on (ab.entry_country_id = co.countries_id) where c.customers_id = '" . (int)$customer_id . "' and ab.customers_id = '" . (int)$customer_id . "' and c.customers_default_address_id = ab.address_book_id"); |
|
138 |
$customer_address_query = tep_db_query("select c.customers_firstname, c.customers_lastname, c.customers_telephone, c.customers_email_address, ab.entry_company, ab.entry_street_address, ab.entry_suburb, ab.entry_postcode, ab.entry_city, ab.entry_zone_id, z.zone_name, co.countries_id, co.countries_name, co.countries_iso_code_2, co.countries_iso_code_3, co.address_format_id, ab.entry_state from " . TABLE_CUSTOMERS . " c, " . TABLE_ADDRESS_BOOK . " ab left join " . TABLE_ZONES . " z on (ab.entry_zone_id = z.zone_id) left join " . TABLE_COUNTRIES . " co on (ab.entry_country_id = co.countries_id) where c.customers_id = '" . (int)$customer_id . "' and ab.customers_id = '" . (int)$customer_id . "' and c.customers_default_address_id = ab.address_book_id"); |
139 |
$customer_address = tep_db_fetch_array($customer_address_query); |
|
139 |
$customer_address = tep_db_fetch_array($customer_address_query); |
140 |
|
|
140 |
|
|
148 |
$tax_address = tep_db_fetch_array($tax_address_query); |
= |
148 |
$tax_address = tep_db_fetch_array($tax_address_query); |
149 |
|
|
149 |
|
150 |
$this->info = array('order_status' => DEFAULT_ORDERS_STATUS_ID, |
|
150 |
$this->info = array('order_status' => DEFAULT_ORDERS_STATUS_ID, |
151 |
'currency' => $currency, |
|
151 |
'currency' => $currency, |
152 |
'currency_value' => $currencies->currencies[$currency]['value'], |
|
152 |
'currency_value' => $currencies->currencies[$currency]['value'], |
153 |
'payment_method' => $payment, |
|
153 |
'payment_method' => $payment, |
154 |
'cc_type' => (isset($GLOBALS['cc_type']) ? $GLOBALS['cc_type'] : ''), |
<> |
154 |
'cc_type' => (isset($HTTP_POST_VARS['cc_type']) ? $HTTP_POST_VARS['cc_type'] : ''), |
155 |
'cc_owner' => (isset($GLOBALS['cc_owner']) ? $GLOBALS['cc_owner'] : ''), |
|
155 |
'cc_owner' => (isset($HTTP_POST_VARS['cc_owner']) ? $HTTP_POST_VARS['cc_owner'] : ''), |
156 |
'cc_number' => (isset($GLOBALS['cc_number']) ? $GLOBALS['cc_number'] : ''), |
|
156 |
'cc_number' => (isset($HTTP_POST_VARS['cc_number']) ? $HTTP_POST_VARS['cc_number'] : ''), |
157 |
'cc_expires' => (isset($GLOBALS['cc_expires']) ? $GLOBALS['cc_expires'] : ''), |
|
157 |
'cc_expires' => (isset($HTTP_POST_VARS['cc_expires']) ? $HTTP_POST_VARS['cc_expires'] : ''), |
158 |
'shipping_method' => $shipping['title'], |
= |
158 |
'shipping_method' => $shipping['title'], |
159 |
'shipping_cost' => $shipping['cost'], |
|
159 |
'shipping_cost' => $shipping['cost'], |
160 |
'subtotal' => 0, |
|
160 |
'subtotal' => 0, |
161 |
'tax' => 0, |
|
161 |
'tax' => 0, |
162 |
'tax_groups' => array(), |
|
162 |
'tax_groups' => array(), |
163 |
'comments' => (isset($GLOBALS['comments']) ? $GLOBALS['comments'] : '')); |
<> |
163 |
'comments' => (tep_session_is_registered('comments') && !empty($comments) ? $comments : '')); |
164 |
|
= |
164 |
|
165 |
if (isset($GLOBALS[$payment]) && is_object($GLOBALS[$payment])) { |
|
165 |
if (isset($GLOBALS[$payment]) && is_object($GLOBALS[$payment])) { |
166 |
$this->info['payment_method'] = $GLOBALS[$payment]->title; |
|
166 |
$this->info['payment_method'] = $GLOBALS[$payment]->title; |
167 |
|
|
167 |
|
168 |
if ( isset($GLOBALS[$payment]->order_status) && is_numeric($GLOBALS[$payment]->order_status) && ($GLOBALS[$payment]->order_status > 0) ) { |
|
168 |
if ( isset($GLOBALS[$payment]->order_status) && is_numeric($GLOBALS[$payment]->order_status) && ($GLOBALS[$payment]->order_status > 0) ) { |
169 |
$this->info['order_status'] = $GLOBALS[$payment]->order_status; |
|
169 |
$this->info['order_status'] = $GLOBALS[$payment]->order_status; |
File: catalog/includes/modules/address_book_details.php
24 |
<tr> |
= |
24 |
<tr> |
25 |
<td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox"> |
|
25 |
<td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox"> |
26 |
<tr class="infoBoxContents"> |
|
26 |
<tr class="infoBoxContents"> |
27 |
<td><table border="0" cellspacing="2" cellpadding="2"> |
|
27 |
<td><table border="0" cellspacing="2" cellpadding="2"> |
28 |
<?php |
|
28 |
<?php |
29 |
if (ACCOUNT_GENDER == 'true') { |
|
29 |
if (ACCOUNT_GENDER == 'true') { |
|
|
-+ |
30 |
$male = $female = false; |
30 |
if (isset($gender)) { |
= |
31 |
if (isset($gender)) { |
31 |
$male = ($gender == 'm') ? true : false; |
|
32 |
$male = ($gender == 'm') ? true : false; |
32 |
} else { |
<> |
33 |
$female = !$male; |
|
|
|
34 |
} elseif (isset($entry['entry_gender'])) { |
33 |
$male = ($entry['entry_gender'] == 'm') ? true : false; |
= |
35 |
$male = ($entry['entry_gender'] == 'm') ? true : false; |
|
|
-+ |
36 |
$female = !$male; |
34 |
} |
= |
37 |
} |
35 |
$female = !$male; |
+- |
|
|
36 |
?> |
= |
38 |
?> |
37 |
<tr> |
|
39 |
<tr> |
38 |
<td class="main"><?php echo ENTRY_GENDER; ?></td> |
|
40 |
<td class="main"><?php echo ENTRY_GENDER; ?></td> |
39 |
<td class="main"><?php echo tep_draw_radio_field('gender', 'm', $male) . ' ' . MALE . ' ' . tep_draw_radio_field('gender', 'f', $female) . ' ' . FEMALE . ' ' . (tep_not_null(ENTRY_GENDER_TEXT) ? '<span class="inputRequirement">' . ENTRY_GENDER_TEXT . '</span>': ''); ?></td> |
|
41 |
<td class="main"><?php echo tep_draw_radio_field('gender', 'm', $male) . ' ' . MALE . ' ' . tep_draw_radio_field('gender', 'f', $female) . ' ' . FEMALE . ' ' . (tep_not_null(ENTRY_GENDER_TEXT) ? '<span class="inputRequirement">' . ENTRY_GENDER_TEXT . '</span>': ''); ?></td> |
40 |
</tr> |
|
42 |
</tr> |
41 |
<?php |
|
43 |
<?php |
File: catalog/checkout_payment.php
62 |
} |
= |
62 |
} |
63 |
|
|
63 |
|
64 |
require(DIR_WS_CLASSES . 'order.php'); |
|
64 |
require(DIR_WS_CLASSES . 'order.php'); |
65 |
$order = new order; |
|
65 |
$order = new order; |
66 |
|
|
66 |
|
67 |
if (!tep_session_is_registered('comments')) tep_session_register('comments'); |
|
67 |
if (!tep_session_is_registered('comments')) tep_session_register('comments'); |
|
|
-+ |
68 |
if (isset($HTTP_POST_VARS['comments']) && tep_not_null($HTTP_POST_VARS['comments'])) { |
|
|
|
69 |
$comments = tep_db_prepare_input($HTTP_POST_VARS['comments']); |
|
|
|
70 |
} |
68 |
|
= |
71 |
|
69 |
$total_weight = $cart->show_weight(); |
|
72 |
$total_weight = $cart->show_weight(); |
70 |
$total_count = $cart->count_contents(); |
|
73 |
$total_count = $cart->count_contents(); |
71 |
|
|
74 |
|
72 |
// load all enabled payment modules |
|
75 |
// load all enabled payment modules |
73 |
require(DIR_WS_CLASSES . 'payment.php'); |
|
76 |
require(DIR_WS_CLASSES . 'payment.php'); |
|
319 |
</tr> |
= |
322 |
</tr> |
320 |
<tr> |
|
323 |
<tr> |
321 |
<td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox"> |
|
324 |
<td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox"> |
322 |
<tr class="infoBoxContents"> |
|
325 |
<tr class="infoBoxContents"> |
323 |
<td><table border="0" width="100%" cellspacing="0" cellpadding="2"> |
|
326 |
<td><table border="0" width="100%" cellspacing="0" cellpadding="2"> |
324 |
<tr> |
|
327 |
<tr> |
325 |
<td><?php echo tep_draw_textarea_field('comments', 'soft', '60', '5'); ?></td> |
<> |
328 |
<td><?php echo tep_draw_textarea_field('comments', 'soft', '60', '5', $comments); ?></td> |
326 |
</tr> |
= |
329 |
</tr> |
327 |
</table></td> |
|
330 |
</table></td> |
328 |
</tr> |
|
331 |
</tr> |
329 |
</table></td> |
|
332 |
</table></td> |
330 |
</tr> |
|
333 |
</tr> |
331 |
<tr> |
|
334 |
<tr> |
File: catalog/admin/includes/application_top.php
13 |
// Start the clock for the page parse time log |
= |
13 |
// Start the clock for the page parse time log |
14 |
define('PAGE_PARSE_START_TIME', microtime()); |
|
14 |
define('PAGE_PARSE_START_TIME', microtime()); |
15 |
|
|
15 |
|
16 |
// Set the level of error reporting |
|
16 |
// Set the level of error reporting |
17 |
error_reporting(E_ALL & ~E_NOTICE); |
|
17 |
error_reporting(E_ALL & ~E_NOTICE); |
18 |
|
|
18 |
|
19 |
// Check if register_globals is enabled. |
<> |
19 |
// check support for register_globals |
20 |
// Since this is a temporary measure this message is hardcoded. The requirement will be removed before 2.2 is finalized. |
|
20 |
if (function_exists('ini_get') && (ini_get('register_globals') == false) && (PHP_VERSION < 4.3) ) { |
21 |
if (function_exists('ini_get')) { |
|
21 |
exit('Server Requirement Error: register_globals is disabled in your PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in your catalog directory. Please use PHP 4.3+ if register_globals cannot be enabled on the server.'); |
22 |
ini_get('register_globals') or exit('Server Requirement Error: register_globals is disabled in your PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in your catalog directory.'); |
|
|
|
23 |
} |
= |
22 |
} |
24 |
|
|
23 |
|
25 |
// Set the local configuration parameters - mainly for developers |
|
24 |
// Set the local configuration parameters - mainly for developers |
26 |
if (file_exists('includes/local/configure.php')) include('includes/local/configure.php'); |
|
25 |
if (file_exists('includes/local/configure.php')) include('includes/local/configure.php'); |
27 |
|
|
26 |
|
28 |
// Include application configuration parameters |
|
27 |
// Include application configuration parameters |
29 |
require('includes/configure.php'); |
|
28 |
require('includes/configure.php'); |
30 |
|
|
29 |
|
31 |
// Define the project version |
|
30 |
// Define the project version |
32 |
define('PROJECT_VERSION', 'osCommerce 2.2-MS2'); |
|
31 |
define('PROJECT_VERSION', 'osCommerce 2.2-MS2'); |
|
|
-+ |
32 |
|
|
|
|
33 |
// some code to solve compatibility issues |
|
|
|
34 |
require(DIR_WS_FUNCTIONS . 'compatibility.php'); |
33 |
|
= |
35 |
|
34 |
// set php_self in the local scope |
|
36 |
// set php_self in the local scope |
35 |
$PHP_SELF = (isset($HTTP_SERVER_VARS['PHP_SELF']) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_SERVER_VARS['SCRIPT_NAME']); |
|
37 |
$PHP_SELF = (isset($HTTP_SERVER_VARS['PHP_SELF']) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_SERVER_VARS['SCRIPT_NAME']); |
36 |
|
|
38 |
|
37 |
// Used in the "Backup Manager" to compress backups |
|
39 |
// Used in the "Backup Manager" to compress backups |
38 |
define('LOCAL_EXE_GZIP', '/usr/bin/gzip'); |
|
40 |
define('LOCAL_EXE_GZIP', '/usr/bin/gzip'); |
|
73 |
// initialize the logger class |
= |
75 |
// initialize the logger class |
74 |
require(DIR_WS_CLASSES . 'logger.php'); |
|
76 |
require(DIR_WS_CLASSES . 'logger.php'); |
75 |
|
|
77 |
|
76 |
// include shopping cart class |
|
78 |
// include shopping cart class |
77 |
require(DIR_WS_CLASSES . 'shopping_cart.php'); |
|
79 |
require(DIR_WS_CLASSES . 'shopping_cart.php'); |
78 |
|
|
80 |
|
79 |
// some code to solve compatibility issues |
+- |
|
|
80 |
require(DIR_WS_FUNCTIONS . 'compatibility.php'); |
|
|
|
81 |
|
|
|
|
82 |
// check to see if php implemented session management functions - if not, include php3/php4 compatible session class |
= |
81 |
// check to see if php implemented session management functions - if not, include php3/php4 compatible session class |
83 |
if (!function_exists('session_start')) { |
|
82 |
if (!function_exists('session_start')) { |
84 |
define('PHP_SESSION_NAME', 'osCAdminID'); |
|
83 |
define('PHP_SESSION_NAME', 'osCAdminID'); |
85 |
define('PHP_SESSION_PATH', '/'); |
|
84 |
define('PHP_SESSION_PATH', '/'); |
86 |
define('PHP_SESSION_SAVE_PATH', SESSION_WRITE_DIRECTORY); |
|
85 |
define('PHP_SESSION_SAVE_PATH', SESSION_WRITE_DIRECTORY); |
87 |
|
|
86 |
|
|
102 |
ini_set('session.cookie_lifetime', '0'); |
= |
101 |
ini_set('session.cookie_lifetime', '0'); |
103 |
ini_set('session.cookie_path', DIR_WS_ADMIN); |
|
102 |
ini_set('session.cookie_path', DIR_WS_ADMIN); |
104 |
} |
|
103 |
} |
105 |
|
|
104 |
|
106 |
// lets start our session |
|
105 |
// lets start our session |
107 |
tep_session_start(); |
|
106 |
tep_session_start(); |
|
|
-+ |
107 |
|
|
|
|
108 |
if ( (PHP_VERSION >= 4.3) && function_exists('ini_get') && (ini_get('register_globals') == false) ) { |
|
|
|
109 |
extract($_SESSION, EXTR_OVERWRITE+EXTR_REFS); |
|
|
|
110 |
} |
108 |
|
= |
111 |
|
109 |
// set the language |
|
112 |
// set the language |
110 |
if (!tep_session_is_registered('language') || isset($HTTP_GET_VARS['language'])) { |
|
113 |
if (!tep_session_is_registered('language') || isset($HTTP_GET_VARS['language'])) { |
111 |
if (!tep_session_is_registered('language')) { |
|
114 |
if (!tep_session_is_registered('language')) { |
112 |
tep_session_register('language'); |
|
115 |
tep_session_register('language'); |
113 |
tep_session_register('languages_id'); |
|
116 |
tep_session_register('languages_id'); |
File: catalog/admin/includes/functions/compatibility.php
24 |
} else { |
= |
24 |
} else { |
25 |
$ar[$key] = addslashes($value); |
|
25 |
$ar[$key] = addslashes($value); |
26 |
} |
|
26 |
} |
27 |
} |
|
27 |
} |
28 |
} |
|
28 |
} |
29 |
|
|
29 |
|
30 |
// $HTTP_xxx_VARS are always set on php4 |
<> |
30 |
if (PHP_VERSION >= 4.1) { |
|
|
|
31 |
$HTTP_GET_VARS =& $_GET; |
|
|
|
32 |
$HTTP_POST_VARS =& $_POST; |
|
|
|
33 |
$HTTP_COOKIE_VARS =& $_COOKIE; |
|
|
|
34 |
$HTTP_SESSION_VARS =& $_SESSION; |
|
|
|
35 |
$HTTP_POST_FILES =& $_FILES; |
|
|
|
36 |
$HTTP_SERVER_VARS =& $_SERVER; |
|
|
|
37 |
} else { |
31 |
if (!is_array($HTTP_GET_VARS)) $HTTP_GET_VARS = array(); |
|
38 |
if (!is_array($HTTP_GET_VARS)) $HTTP_GET_VARS = array(); |
32 |
if (!is_array($HTTP_POST_VARS)) $HTTP_POST_VARS = array(); |
|
39 |
if (!is_array($HTTP_POST_VARS)) $HTTP_POST_VARS = array(); |
33 |
if (!is_array($HTTP_COOKIE_VARS)) $HTTP_COOKIE_VARS = array(); |
|
40 |
if (!is_array($HTTP_COOKIE_VARS)) $HTTP_COOKIE_VARS = array(); |
|
|
|
41 |
} |
34 |
|
= |
42 |
|
35 |
// handle magic_quotes_gpc turned off. |
|
43 |
// handle magic_quotes_gpc turned off. |
36 |
if (!get_magic_quotes_gpc()) { |
|
44 |
if (!get_magic_quotes_gpc()) { |
37 |
do_magic_quotes_gpc($HTTP_GET_VARS); |
|
45 |
do_magic_quotes_gpc($HTTP_GET_VARS); |
38 |
do_magic_quotes_gpc($HTTP_POST_VARS); |
|
46 |
do_magic_quotes_gpc($HTTP_POST_VARS); |
39 |
do_magic_quotes_gpc($HTTP_COOKIE_VARS); |
|
47 |
do_magic_quotes_gpc($HTTP_COOKIE_VARS); |
File: catalog/admin/includes/functions/sessions.php
21 |
|
= |
21 |
|
22 |
function _sess_close() { |
|
22 |
function _sess_close() { |
23 |
return true; |
|
23 |
return true; |
24 |
} |
|
24 |
} |
25 |
|
|
25 |
|
26 |
function _sess_read($key) { |
|
26 |
function _sess_read($key) { |
27 |
$qid = tep_db_query("select value from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input($key) . "' and expiry > '" . time() . "'"); |
<> |
27 |
$value_query = tep_db_query("select value from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input($key) . "' and expiry > '" . time() . "'"); |
|
|
|
28 |
$value = tep_db_fetch_array($value_query); |
28 |
|
= |
29 |
|
29 |
$value = tep_db_fetch_array($qid); |
<> |
|
|
30 |
if ($value['value']) { |
|
30 |
if (isset($value['value'])) { |
31 |
return $value['value']; |
= |
31 |
return $value['value']; |
32 |
} |
|
32 |
} |
33 |
|
|
33 |
|
34 |
return false; |
|
34 |
return false; |
35 |
} |
|
35 |
} |
36 |
|
|
36 |
|
37 |
function _sess_write($key, $val) { |
|
37 |
function _sess_write($key, $val) { |
38 |
global $SESS_LIFE; |
|
38 |
global $SESS_LIFE; |
39 |
|
|
39 |
|
40 |
$expiry = time() + $SESS_LIFE; |
|
40 |
$expiry = time() + $SESS_LIFE; |
41 |
$value = $val; |
|
41 |
$value = $val; |
42 |
|
|
42 |
|
43 |
$qid = tep_db_query("select count(*) as total from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input($key) . "'"); |
<> |
43 |
$check_query = tep_db_query("select count(*) as total from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input($key) . "'"); |
44 |
$total = tep_db_fetch_array($qid); |
|
44 |
$check = tep_db_fetch_array($check_query); |
45 |
|
= |
45 |
|
46 |
if ($total['total'] > 0) { |
<> |
46 |
if ($check['total'] > 0) { |
47 |
return tep_db_query("update " . TABLE_SESSIONS . " set expiry = '" . tep_db_input($expiry) . "', value = '" . tep_db_input($value) . "' where sesskey = '" . tep_db_input($key) . "'"); |
= |
47 |
return tep_db_query("update " . TABLE_SESSIONS . " set expiry = '" . tep_db_input($expiry) . "', value = '" . tep_db_input($value) . "' where sesskey = '" . tep_db_input($key) . "'"); |
48 |
} else { |
|
48 |
} else { |
49 |
return tep_db_query("insert into " . TABLE_SESSIONS . " values ('" . tep_db_input($key) . "', '" . tep_db_input($expiry) . "', '" . tep_db_input($value) . "')"); |
|
49 |
return tep_db_query("insert into " . TABLE_SESSIONS . " values ('" . tep_db_input($key) . "', '" . tep_db_input($expiry) . "', '" . tep_db_input($value) . "')"); |
50 |
} |
|
50 |
} |
51 |
} |
|
51 |
} |
52 |
|
|
52 |
|
|
61 |
} |
= |
61 |
} |
62 |
|
|
62 |
|
63 |
session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc'); |
|
63 |
session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc'); |
64 |
} |
|
64 |
} |
65 |
|
|
65 |
|
66 |
function tep_session_start() { |
|
66 |
function tep_session_start() { |
|
|
-+ |
67 |
global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS; |
|
|
|
68 |
|
|
|
|
69 |
$sane_session_id = true; |
|
|
|
70 |
|
|
|
|
71 |
if (isset($HTTP_GET_VARS[tep_session_name()])) { |
|
|
|
72 |
if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_GET_VARS[tep_session_name()]) == false) { |
|
|
|
73 |
unset($HTTP_GET_VARS[tep_session_name()]); |
|
|
|
74 |
|
|
|
|
75 |
$sane_session_id = false; |
|
|
|
76 |
} |
|
|
|
77 |
} elseif (isset($HTTP_POST_VARS[tep_session_name()])) { |
|
|
|
78 |
if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_POST_VARS[tep_session_name()]) == false) { |
|
|
|
79 |
unset($HTTP_POST_VARS[tep_session_name()]); |
|
|
|
80 |
|
|
|
|
81 |
$sane_session_id = false; |
|
|
|
82 |
} |
|
|
|
83 |
} elseif (isset($HTTP_COOKIE_VARS[tep_session_name()])) { |
|
|
|
84 |
if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_COOKIE_VARS[tep_session_name()]) == false) { |
|
|
|
85 |
$session_data = session_get_cookie_params(); |
|
|
|
86 |
|
|
|
|
87 |
setcookie(tep_session_name(), '', time()-42000, $session_data['path'], $session_data['domain']); |
|
|
|
88 |
|
|
|
|
89 |
$sane_session_id = false; |
|
|
|
90 |
} |
|
|
|
91 |
} |
|
|
|
92 |
|
|
|
|
93 |
if ($sane_session_id == false) { |
|
|
|
94 |
tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false)); |
|
|
|
95 |
} |
|
|
|
96 |
|
67 |
return session_start(); |
= |
97 |
return session_start(); |
68 |
} |
|
98 |
} |
69 |
|
|
99 |
|
70 |
function tep_session_register($variable) { |
|
100 |
function tep_session_register($variable) { |
|
|
<> |
101 |
if (PHP_VERSION < 4.3) { |
71 |
return session_register($variable); |
|
102 |
return session_register($variable); |
|
|
|
103 |
} else { |
|
|
|
104 |
if (isset($GLOBALS[$variable])) { |
|
|
|
105 |
$_SESSION[$variable] =& $GLOBALS[$variable]; |
|
|
|
106 |
} else { |
|
|
|
107 |
$_SESSION[$variable] = null; |
|
|
|
108 |
} |
|
|
|
109 |
$GLOBALS[$variable] =& $_SESSION[$variable]; |
|
|
|
110 |
} |
|
|
|
111 |
|
|
|
|
112 |
return false; |
72 |
} |
= |
113 |
} |
73 |
|
|
114 |
|
74 |
function tep_session_is_registered($variable) { |
|
115 |
function tep_session_is_registered($variable) { |
|
|
<> |
116 |
if (PHP_VERSION < 4.3) { |
75 |
return session_is_registered($variable); |
|
117 |
return session_is_registered($variable); |
|
|
|
118 |
} else { |
|
|
|
119 |
return isset($_SESSION[$variable]); |
|
|
|
120 |
} |
76 |
} |
= |
121 |
} |
77 |
|
|
122 |
|
78 |
function tep_session_unregister($variable) { |
|
123 |
function tep_session_unregister($variable) { |
|
|
<> |
124 |
if (PHP_VERSION < 4.3) { |
79 |
return session_unregister($variable); |
|
125 |
return session_unregister($variable); |
|
|
|
126 |
} else { |
|
|
|
127 |
unset($_SESSION[$variable]); |
|
|
|
128 |
} |
80 |
} |
= |
129 |
} |
81 |
|
|
130 |
|
82 |
function tep_session_id($sessid = '') { |
|
131 |
function tep_session_id($sessid = '') { |
83 |
if ($sessid != '') { |
|
132 |
if ($sessid != '') { |
84 |
return session_id($sessid); |
|
133 |
return session_id($sessid); |
85 |
} else { |
|
134 |
} else { |
|
93 |
} else { |
= |
142 |
} else { |
94 |
return session_name(); |
|
143 |
return session_name(); |
95 |
} |
|
144 |
} |
96 |
} |
|
145 |
} |
97 |
|
|
146 |
|
98 |
function tep_session_close() { |
|
147 |
function tep_session_close() { |
|
|
<> |
148 |
if (PHP_VERSION >= '4.0.4') { |
|
|
|
149 |
return session_write_close(); |
99 |
if (function_exists('session_close')) { |
|
150 |
} elseif (function_exists('session_close')) { |
100 |
return session_close(); |
= |
151 |
return session_close(); |
101 |
} |
|
152 |
} |
102 |
} |
|
153 |
} |
103 |
|
|
154 |
|
104 |
function tep_session_destroy() { |
|
155 |
function tep_session_destroy() { |
105 |
return session_destroy(); |
|
156 |
return session_destroy(); |
File: catalog/admin/includes/functions/html_output.php
167 |
return $form; |
= |
167 |
return $form; |
168 |
} |
|
168 |
} |
169 |
|
|
169 |
|
170 |
//// |
|
170 |
//// |
171 |
// Output a form input field |
|
171 |
// Output a form input field |
172 |
function tep_draw_input_field($name, $value = '', $parameters = '', $required = false, $type = 'text', $reinsert_value = true) { |
|
172 |
function tep_draw_input_field($name, $value = '', $parameters = '', $required = false, $type = 'text', $reinsert_value = true) { |
|
|
-+ |
173 |
global $HTTP_GET_VARS, $HTTP_POST_VARS; |
|
|
|
174 |
|
173 |
$field = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"'; |
= |
175 |
$field = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"'; |
174 |
|
|
176 |
|
175 |
if (isset($GLOBALS[$name]) && ($reinsert_value == true) && is_string($GLOBALS[$name])) { |
<> |
177 |
if ( ($reinsert_value == true) && ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) ) { |
176 |
$field .= ' value="' . tep_output_string(stripslashes($GLOBALS[$name])) . '"'; |
|
178 |
if (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) { |
|
|
|
179 |
$value = stripslashes($HTTP_GET_VARS[$name]); |
|
|
|
180 |
} elseif (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) { |
|
|
|
181 |
$value = stripslashes($HTTP_POST_VARS[$name]); |
|
|
|
182 |
} |
|
|
|
183 |
} |
|
|
|
184 |
|
177 |
} elseif (tep_not_null($value)) { |
|
185 |
if (tep_not_null($value)) { |
178 |
$field .= ' value="' . tep_output_string($value) . '"'; |
= |
186 |
$field .= ' value="' . tep_output_string($value) . '"'; |
179 |
} |
|
187 |
} |
180 |
|
|
188 |
|
181 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
|
189 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
182 |
|
|
190 |
|
183 |
$field .= '>'; |
|
191 |
$field .= '>'; |
|
203 |
return $field; |
= |
211 |
return $field; |
204 |
} |
|
212 |
} |
205 |
|
|
213 |
|
206 |
//// |
|
214 |
//// |
207 |
// Output a selection field - alias function for tep_draw_checkbox_field() and tep_draw_radio_field() |
|
215 |
// Output a selection field - alias function for tep_draw_checkbox_field() and tep_draw_radio_field() |
208 |
function tep_draw_selection_field($name, $type, $value = '', $checked = false, $compare = '') { |
|
216 |
function tep_draw_selection_field($name, $type, $value = '', $checked = false, $compare = '') { |
|
|
-+ |
217 |
global $HTTP_GET_VARS, $HTTP_POST_VARS; |
|
|
|
218 |
|
209 |
$selection = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"'; |
= |
219 |
$selection = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"'; |
210 |
|
|
220 |
|
211 |
if (tep_not_null($value)) $selection .= ' value="' . tep_output_string($value) . '"'; |
|
221 |
if (tep_not_null($value)) $selection .= ' value="' . tep_output_string($value) . '"'; |
212 |
|
|
222 |
|
213 |
if ( ($checked == true) || (isset($GLOBALS[$name]) && is_string($GLOBALS[$name]) && ($GLOBALS[$name] == 'on')) || (isset($value) && isset($GLOBALS[$name]) && (stripslashes($GLOBALS[$name]) == $value)) || (tep_not_null($value) && tep_not_null($compare) && ($value == $compare)) ) { |
<> |
223 |
if ( ($checked == true) || (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name]) && (($HTTP_GET_VARS[$name] == 'on') || (stripslashes($HTTP_GET_VARS[$name]) == $value))) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name]) && (($HTTP_POST_VARS[$name] == 'on') || (stripslashes($HTTP_POST_VARS[$name]) == $value))) || (tep_not_null($compare) && ($value == $compare)) ) { |
214 |
$selection .= ' CHECKED'; |
= |
224 |
$selection .= ' CHECKED'; |
215 |
} |
|
225 |
} |
216 |
|
|
226 |
|
217 |
$selection .= '>'; |
|
227 |
$selection .= '>'; |
218 |
|
|
228 |
|
219 |
return $selection; |
|
229 |
return $selection; |
|
231 |
return tep_draw_selection_field($name, 'radio', $value, $checked, $compare); |
= |
241 |
return tep_draw_selection_field($name, 'radio', $value, $checked, $compare); |
232 |
} |
|
242 |
} |
233 |
|
|
243 |
|
234 |
//// |
|
244 |
//// |
235 |
// Output a form textarea field |
|
245 |
// Output a form textarea field |
236 |
function tep_draw_textarea_field($name, $wrap, $width, $height, $text = '', $parameters = '', $reinsert_value = true) { |
|
246 |
function tep_draw_textarea_field($name, $wrap, $width, $height, $text = '', $parameters = '', $reinsert_value = true) { |
|
|
-+ |
247 |
global $HTTP_GET_VARS, $HTTP_POST_VARS; |
|
|
|
248 |
|
237 |
$field = '<textarea name="' . tep_output_string($name) . '" wrap="' . tep_output_string($wrap) . '" cols="' . tep_output_string($width) . '" rows="' . tep_output_string($height) . '"'; |
= |
249 |
$field = '<textarea name="' . tep_output_string($name) . '" wrap="' . tep_output_string($wrap) . '" cols="' . tep_output_string($width) . '" rows="' . tep_output_string($height) . '"'; |
238 |
|
|
250 |
|
239 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
|
251 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
240 |
|
|
252 |
|
241 |
$field .= '>'; |
|
253 |
$field .= '>'; |
242 |
|
|
254 |
|
243 |
if ( (isset($GLOBALS[$name])) && ($reinsert_value == true) ) { |
<> |
255 |
if ( ($reinsert_value == true) && ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) ) { |
|
|
|
256 |
if (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) { |
244 |
$field .= tep_output_string_protected(stripslashes($GLOBALS[$name])); |
|
257 |
$field .= tep_output_string_protected(stripslashes($HTTP_GET_VARS[$name])); |
|
|
|
258 |
} elseif (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) { |
|
|
|
259 |
$field .= tep_output_string_protected(stripslashes($HTTP_POST_VARS[$name])); |
|
|
|
260 |
} |
245 |
} elseif (tep_not_null($text)) { |
= |
261 |
} elseif (tep_not_null($text)) { |
246 |
$field .= tep_output_string_protected($text); |
|
262 |
$field .= tep_output_string_protected($text); |
247 |
} |
|
263 |
} |
248 |
|
|
264 |
|
249 |
$field .= '</textarea>'; |
|
265 |
$field .= '</textarea>'; |
250 |
|
|
266 |
|
251 |
return $field; |
|
267 |
return $field; |
252 |
} |
|
268 |
} |
253 |
|
|
269 |
|
254 |
//// |
|
270 |
//// |
255 |
// Output a form hidden field |
|
271 |
// Output a form hidden field |
256 |
function tep_draw_hidden_field($name, $value = '', $parameters = '') { |
|
272 |
function tep_draw_hidden_field($name, $value = '', $parameters = '') { |
|
|
-+ |
273 |
global $HTTP_GET_VARS, $HTTP_POST_VARS; |
|
|
|
274 |
|
257 |
$field = '<input type="hidden" name="' . tep_output_string($name) . '"'; |
= |
275 |
$field = '<input type="hidden" name="' . tep_output_string($name) . '"'; |
258 |
|
|
276 |
|
259 |
if (tep_not_null($value)) { |
|
277 |
if (tep_not_null($value)) { |
260 |
$field .= ' value="' . tep_output_string($value) . '"'; |
|
278 |
$field .= ' value="' . tep_output_string($value) . '"'; |
261 |
} elseif (isset($GLOBALS[$name]) && is_string($GLOBALS[$name])) { |
<> |
279 |
} elseif ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) { |
|
|
|
280 |
if ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) ) { |
262 |
$field .= ' value="' . tep_output_string(stripslashes($GLOBALS[$name])) . '"'; |
|
281 |
$field .= ' value="' . tep_output_string(stripslashes($HTTP_GET_VARS[$name])) . '"'; |
|
|
|
282 |
} elseif ( (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) { |
|
|
|
283 |
$field .= ' value="' . tep_output_string(stripslashes($HTTP_POST_VARS[$name])) . '"'; |
|
|
|
284 |
} |
263 |
} |
= |
285 |
} |
264 |
|
|
286 |
|
265 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
|
287 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
266 |
|
|
288 |
|
267 |
$field .= '>'; |
|
289 |
$field .= '>'; |
268 |
|
|
290 |
|
269 |
return $field; |
|
291 |
return $field; |
270 |
} |
|
292 |
} |
271 |
|
|
293 |
|
272 |
//// |
|
294 |
//// |
273 |
// Output a form pull down menu |
|
295 |
// Output a form pull down menu |
274 |
function tep_draw_pull_down_menu($name, $values, $default = '', $parameters = '', $required = false) { |
|
296 |
function tep_draw_pull_down_menu($name, $values, $default = '', $parameters = '', $required = false) { |
|
|
-+ |
297 |
global $HTTP_GET_VARS, $HTTP_POST_VARS; |
|
|
|
298 |
|
275 |
$field = '<select name="' . tep_output_string($name) . '"'; |
= |
299 |
$field = '<select name="' . tep_output_string($name) . '"'; |
276 |
|
|
300 |
|
277 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
|
301 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
278 |
|
|
302 |
|
279 |
$field .= '>'; |
|
303 |
$field .= '>'; |
280 |
|
|
304 |
|
281 |
if (empty($default) && isset($GLOBALS[$name])) $default = stripslashes($GLOBALS[$name]); |
<> |
305 |
if (empty($default) && ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) ) { |
|
|
|
306 |
if (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) { |
|
|
|
307 |
$default = stripslashes($HTTP_GET_VARS[$name]); |
|
|
|
308 |
} elseif (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) { |
|
|
|
309 |
$default = stripslashes($HTTP_POST_VARS[$name]); |
|
|
|
310 |
} |
|
|
|
311 |
} |
282 |
|
= |
312 |
|
283 |
for ($i=0, $n=sizeof($values); $i<$n; $i++) { |
|
313 |
for ($i=0, $n=sizeof($values); $i<$n; $i++) { |
284 |
$field .= '<option value="' . tep_output_string($values[$i]['id']) . '"'; |
|
314 |
$field .= '<option value="' . tep_output_string($values[$i]['id']) . '"'; |
285 |
if ($default == $values[$i]['id']) { |
|
315 |
if ($default == $values[$i]['id']) { |
286 |
$field .= ' SELECTED'; |
|
316 |
$field .= ' SELECTED'; |
287 |
} |
|
317 |
} |
File: catalog/admin/includes/classes/upload.php
30 |
return false; |
= |
30 |
return false; |
31 |
} |
|
31 |
} |
32 |
} |
|
32 |
} |
33 |
} |
|
33 |
} |
34 |
|
|
34 |
|
35 |
function parse() { |
|
35 |
function parse() { |
36 |
global $messageStack; |
<> |
36 |
global $HTTP_POST_FILES, $messageStack; |
37 |
|
= |
37 |
|
|
|
-+ |
38 |
$file = array(); |
|
|
|
39 |
|
38 |
if (isset($_FILES[$this->file])) { |
= |
40 |
if (isset($_FILES[$this->file])) { |
39 |
$file = array('name' => $_FILES[$this->file]['name'], |
|
41 |
$file = array('name' => $_FILES[$this->file]['name'], |
40 |
'type' => $_FILES[$this->file]['type'], |
|
42 |
'type' => $_FILES[$this->file]['type'], |
41 |
'size' => $_FILES[$this->file]['size'], |
|
43 |
'size' => $_FILES[$this->file]['size'], |
42 |
'tmp_name' => $_FILES[$this->file]['tmp_name']); |
|
44 |
'tmp_name' => $_FILES[$this->file]['tmp_name']); |
43 |
} elseif (isset($GLOBALS['HTTP_POST_FILES'][$this->file])) { |
<> |
45 |
} elseif (isset($HTTP_POST_FILES[$this->file])) { |
44 |
global $HTTP_POST_FILES; |
|
|
|
45 |
|
|
|
|
46 |
$file = array('name' => $HTTP_POST_FILES[$this->file]['name'], |
= |
46 |
$file = array('name' => $HTTP_POST_FILES[$this->file]['name'], |
47 |
'type' => $HTTP_POST_FILES[$this->file]['type'], |
|
47 |
'type' => $HTTP_POST_FILES[$this->file]['type'], |
48 |
'size' => $HTTP_POST_FILES[$this->file]['size'], |
|
48 |
'size' => $HTTP_POST_FILES[$this->file]['size'], |
49 |
'tmp_name' => $HTTP_POST_FILES[$this->file]['tmp_name']); |
|
49 |
'tmp_name' => $HTTP_POST_FILES[$this->file]['tmp_name']); |
50 |
} else { |
+- |
|
|
51 |
$file = array('name' => (isset($GLOBALS[$this->file . '_name']) ? $GLOBALS[$this->file . '_name'] : ''), |
|
|
|
52 |
'type' => (isset($GLOBALS[$this->file . '_type']) ? $GLOBALS[$this->file . '_type'] : ''), |
|
|
|
53 |
'size' => (isset($GLOBALS[$this->file . '_size']) ? $GLOBALS[$this->file . '_size'] : ''), |
|
|
|
54 |
'tmp_name' => (isset($GLOBALS[$this->file]) ? $GLOBALS[$this->file] : '')); |
|
|
|
55 |
} |
= |
50 |
} |
56 |
|
|
51 |
|
57 |
if ( tep_not_null($file['tmp_name']) && ($file['tmp_name'] != 'none') && is_uploaded_file($file['tmp_name']) ) { |
|
52 |
if ( tep_not_null($file['tmp_name']) && ($file['tmp_name'] != 'none') && is_uploaded_file($file['tmp_name']) ) { |
58 |
if (sizeof($this->extensions) > 0) { |
|
53 |
if (sizeof($this->extensions) > 0) { |
59 |
if (!in_array(strtolower(substr($file['name'], strrpos($file['name'], '.')+1)), $this->extensions)) { |
|
54 |
if (!in_array(strtolower(substr($file['name'], strrpos($file['name'], '.')+1)), $this->extensions)) { |
60 |
if ($this->message_location == 'direct') { |
|
55 |
if ($this->message_location == 'direct') { |
File: catalog/admin/file_manager.php
53 |
fclose($fp); |
= |
53 |
fclose($fp); |
54 |
tep_redirect(tep_href_link(FILENAME_FILE_MANAGER, 'info=' . urlencode($HTTP_POST_VARS['filename']))); |
|
54 |
tep_redirect(tep_href_link(FILENAME_FILE_MANAGER, 'info=' . urlencode($HTTP_POST_VARS['filename']))); |
55 |
} |
|
55 |
} |
56 |
break; |
|
56 |
break; |
57 |
case 'processuploads': |
|
57 |
case 'processuploads': |
58 |
for ($i=1; $i<6; $i++) { |
|
58 |
for ($i=1; $i<6; $i++) { |
59 |
if (isset($GLOBALS['file_' . $i]) && tep_not_null($GLOBALS['file_' . $i])) { |
<> |
59 |
if (is_uploaded_file($HTTP_POST_FILES['file_' . $i]['tmp_name'])) { |
60 |
new upload('file_' . $i, $current_path); |
= |
60 |
new upload('file_' . $i, $current_path); |
61 |
} |
|
61 |
} |
62 |
} |
|
62 |
} |
63 |
|
|
63 |
|
64 |
tep_redirect(tep_href_link(FILENAME_FILE_MANAGER)); |
|
64 |
tep_redirect(tep_href_link(FILENAME_FILE_MANAGER)); |
65 |
break; |
|
65 |
break; |
[BUGFIX] Currency Case-Sensitivity
Use the currency code from the currencies database table instead of the value checked on to make sure the currency is valid.
Affected Files
catalog/includes/application_top.php
catalog/includes/functions/general.php
File: catalog/includes/application_top.php
288 |
require(DIR_WS_LANGUAGES . $language . '.php'); |
= |
288 |
require(DIR_WS_LANGUAGES . $language . '.php'); |
289 |
|
|
289 |
|
290 |
// currency |
|
290 |
// currency |
291 |
if (!tep_session_is_registered('currency') || isset($HTTP_GET_VARS['currency']) || ( (USE_DEFAULT_LANGUAGE_CURRENCY == 'true') && (LANGUAGE_CURRENCY != $currency) ) ) { |
|
291 |
if (!tep_session_is_registered('currency') || isset($HTTP_GET_VARS['currency']) || ( (USE_DEFAULT_LANGUAGE_CURRENCY == 'true') && (LANGUAGE_CURRENCY != $currency) ) ) { |
292 |
if (!tep_session_is_registered('currency')) tep_session_register('currency'); |
|
292 |
if (!tep_session_is_registered('currency')) tep_session_register('currency'); |
293 |
|
|
293 |
|
294 |
if (isset($HTTP_GET_VARS['currency'])) { |
<> |
294 |
if (isset($HTTP_GET_VARS['currency']) && $currencies->is_set($HTTP_GET_VARS['currency'])) { |
295 |
if (!$currency = tep_currency_exists($HTTP_GET_VARS['currency'])) $currency = (USE_DEFAULT_LANGUAGE_CURRENCY == 'true') ? LANGUAGE_CURRENCY : DEFAULT_CURRENCY; |
|
295 |
$currency = $HTTP_GET_VARS['currency']; |
296 |
} else { |
= |
296 |
} else { |
297 |
$currency = (USE_DEFAULT_LANGUAGE_CURRENCY == 'true') ? LANGUAGE_CURRENCY : DEFAULT_CURRENCY; |
|
297 |
$currency = (USE_DEFAULT_LANGUAGE_CURRENCY == 'true') ? LANGUAGE_CURRENCY : DEFAULT_CURRENCY; |
298 |
} |
|
298 |
} |
299 |
} |
|
299 |
} |
300 |
|
|
300 |
|
301 |
// navigation history |
|
301 |
// navigation history |
File: catalog/includes/functions/general.php
1168 |
//// |
= |
1168 |
//// |
1169 |
// Checks to see if the currency code exists as a currency |
|
1169 |
// Checks to see if the currency code exists as a currency |
1170 |
// TABLES: currencies |
|
1170 |
// TABLES: currencies |
1171 |
function tep_currency_exists($code) { |
|
1171 |
function tep_currency_exists($code) { |
1172 |
$code = tep_db_prepare_input($code); |
|
1172 |
$code = tep_db_prepare_input($code); |
1173 |
|
|
1173 |
|
1174 |
$currency_code = tep_db_query("select currencies_id from " . TABLE_CURRENCIES . " where code = '" . tep_db_input($code) . "'"); |
<> |
1174 |
$currency_query = tep_db_query("select code from " . TABLE_CURRENCIES . " where code = '" . tep_db_input($code) . "' limit 1"); |
1175 |
if (tep_db_num_rows($currency_code)) { |
|
1175 |
if (tep_db_num_rows($currency_query)) { |
|
|
|
1176 |
$currency = tep_db_fetch_array($currency_query); |
1176 |
return $code; |
|
1177 |
return $currency['code']; |
1177 |
} else { |
= |
1178 |
} else { |
1178 |
return false; |
|
1179 |
return false; |
1179 |
} |
|
1180 |
} |
1180 |
} |
|
1181 |
} |
1181 |
|
|
1182 |
|
1182 |
function tep_string_to_int($string) { |
|
1183 |
function tep_string_to_int($string) { |
[BUGFIX] Invoice and Packing Slip Billing Address
Correct the display of the billing address on the invoice and packing slip pages.
Affected Files
catalog/admin/invoice.php
catalog/admin/packingslip.php
File: catalog/admin/invoice.php
48 |
<tr> |
= |
48 |
<tr> |
49 |
<td valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="2"> |
|
49 |
<td valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="2"> |
50 |
<tr> |
|
50 |
<tr> |
51 |
<td class="main"><b><?php echo ENTRY_SOLD_TO; ?></b></td> |
|
51 |
<td class="main"><b><?php echo ENTRY_SOLD_TO; ?></b></td> |
52 |
</tr> |
|
52 |
</tr> |
53 |
<tr> |
|
53 |
<tr> |
54 |
<td class="main"><?php echo tep_address_format($order->customer['format_id'], $order->customer, 1, '', '<br>'); ?></td> |
<> |
54 |
<td class="main"><?php echo tep_address_format($order->customer['format_id'], $order->billing, 1, '', '<br>'); ?></td> |
55 |
</tr> |
= |
55 |
</tr> |
56 |
<tr> |
|
56 |
<tr> |
57 |
<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '5'); ?></td> |
|
57 |
<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '5'); ?></td> |
58 |
</tr> |
|
58 |
</tr> |
59 |
<tr> |
|
59 |
<tr> |
60 |
<td class="main"><?php echo $order->customer['telephone']; ?></td> |
|
60 |
<td class="main"><?php echo $order->customer['telephone']; ?></td> |
File: catalog/admin/packingslip.php
47 |
<tr> |
= |
47 |
<tr> |
48 |
<td valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="2"> |
|
48 |
<td valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="2"> |
49 |
<tr> |
|
49 |
<tr> |
50 |
<td class="main"><b><?php echo ENTRY_SOLD_TO; ?></b></td> |
|
50 |
<td class="main"><b><?php echo ENTRY_SOLD_TO; ?></b></td> |
51 |
</tr> |
|
51 |
</tr> |
52 |
<tr> |
|
52 |
<tr> |
53 |
<td class="main"><?php echo tep_address_format($order->customer['format_id'], $order->customer, 1, '', '<br>'); ?></td> |
<> |
53 |
<td class="main"><?php echo tep_address_format($order->customer['format_id'], $order->billing, 1, '', '<br>'); ?></td> |
54 |
</tr> |
= |
54 |
</tr> |
55 |
<tr> |
|
55 |
<tr> |
56 |
<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '5'); ?></td> |
|
56 |
<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '5'); ?></td> |
57 |
</tr> |
|
57 |
</tr> |
58 |
<tr> |
|
58 |
<tr> |
59 |
<td class="main"><?php echo $order->customer['telephone']; ?></td> |
|
59 |
<td class="main"><?php echo $order->customer['telephone']; ?></td> |
[IMPROVEMENT] Configuration -> Minimum Values Settings
Respect the Configuration -> Minimum Values settings when editing a customer on the Administration Tool.
Affected Files
catalog/includes/form_check.js.php
catalog/admin/customers.php
File: catalog/includes/form_check.js.php
17 |
var error_message = ""; |
= |
17 |
var error_message = ""; |
18 |
|
|
18 |
|
19 |
function check_input(field_name, field_size, message) { |
|
19 |
function check_input(field_name, field_size, message) { |
20 |
if (form.elements[field_name] && (form.elements[field_name].type != "hidden")) { |
|
20 |
if (form.elements[field_name] && (form.elements[field_name].type != "hidden")) { |
21 |
var field_value = form.elements[field_name].value; |
|
21 |
var field_value = form.elements[field_name].value; |
22 |
|
|
22 |
|
23 |
if (field_value == '' || field_value.length < field_size) { |
<> |
23 |
if (field_value.length < field_size) { |
24 |
error_message = error_message + "* " + message + "\n"; |
= |
24 |
error_message = error_message + "* " + message + "\n"; |
25 |
error = true; |
|
25 |
error = true; |
26 |
} |
|
26 |
} |
27 |
} |
|
27 |
} |
28 |
} |
|
28 |
} |
29 |
|
|
29 |
|
|
60 |
|
= |
60 |
|
61 |
function check_password(field_name_1, field_name_2, field_size, message_1, message_2) { |
|
61 |
function check_password(field_name_1, field_name_2, field_size, message_1, message_2) { |
62 |
if (form.elements[field_name_1] && (form.elements[field_name_1].type != "hidden")) { |
|
62 |
if (form.elements[field_name_1] && (form.elements[field_name_1].type != "hidden")) { |
63 |
var password = form.elements[field_name_1].value; |
|
63 |
var password = form.elements[field_name_1].value; |
64 |
var confirmation = form.elements[field_name_2].value; |
|
64 |
var confirmation = form.elements[field_name_2].value; |
65 |
|
|
65 |
|
66 |
if (password == '' || password.length < field_size) { |
<> |
66 |
if (password.length < field_size) { |
67 |
error_message = error_message + "* " + message_1 + "\n"; |
= |
67 |
error_message = error_message + "* " + message_1 + "\n"; |
68 |
error = true; |
|
68 |
error = true; |
69 |
} else if (password != confirmation) { |
|
69 |
} else if (password != confirmation) { |
70 |
error_message = error_message + "* " + message_2 + "\n"; |
|
70 |
error_message = error_message + "* " + message_2 + "\n"; |
71 |
error = true; |
|
71 |
error = true; |
72 |
} |
|
72 |
} |
|
76 |
function check_password_new(field_name_1, field_name_2, field_name_3, field_size, message_1, message_2, message_3) { |
= |
76 |
function check_password_new(field_name_1, field_name_2, field_name_3, field_size, message_1, message_2, message_3) { |
77 |
if (form.elements[field_name_1] && (form.elements[field_name_1].type != "hidden")) { |
|
77 |
if (form.elements[field_name_1] && (form.elements[field_name_1].type != "hidden")) { |
78 |
var password_current = form.elements[field_name_1].value; |
|
78 |
var password_current = form.elements[field_name_1].value; |
79 |
var password_new = form.elements[field_name_2].value; |
|
79 |
var password_new = form.elements[field_name_2].value; |
80 |
var password_confirmation = form.elements[field_name_3].value; |
|
80 |
var password_confirmation = form.elements[field_name_3].value; |
81 |
|
|
81 |
|
82 |
if (password_current == '' || password_current.length < field_size) { |
<> |
82 |
if (password_current.length < field_size) { |
83 |
error_message = error_message + "* " + message_1 + "\n"; |
= |
83 |
error_message = error_message + "* " + message_1 + "\n"; |
84 |
error = true; |
|
84 |
error = true; |
85 |
} else if (password_new == '' || password_new.length < field_size) { |
<> |
85 |
} else if (password_new.length < field_size) { |
86 |
error_message = error_message + "* " + message_2 + "\n"; |
= |
86 |
error_message = error_message + "* " + message_2 + "\n"; |
87 |
error = true; |
|
87 |
error = true; |
88 |
} else if (password_new != password_confirmation) { |
|
88 |
} else if (password_new != password_confirmation) { |
89 |
error_message = error_message + "* " + message_3 + "\n"; |
|
89 |
error_message = error_message + "* " + message_3 + "\n"; |
90 |
error = true; |
|
90 |
error = true; |
91 |
} |
|
91 |
} |
File: catalog/admin/customers.php
123 |
$entry_zone_id = $zone_values['zone_id']; |
= |
123 |
$entry_zone_id = $zone_values['zone_id']; |
124 |
} else { |
|
124 |
} else { |
125 |
$error = true; |
|
125 |
$error = true; |
126 |
$entry_state_error = true; |
|
126 |
$entry_state_error = true; |
127 |
} |
|
127 |
} |
128 |
} else { |
|
128 |
} else { |
129 |
if ($entry_state == false) { |
<> |
129 |
if (strlen($entry_state) < ENTRY_STATE_MIN_LENGTH) { |
130 |
$error = true; |
= |
130 |
$error = true; |
131 |
$entry_state_error = true; |
|
131 |
$entry_state_error = true; |
132 |
} |
|
132 |
} |
133 |
} |
|
133 |
} |
134 |
} |
|
134 |
} |
135 |
} |
|
135 |
} |
|
258 |
} else { |
= |
258 |
} else { |
259 |
error_message = error_message + "<?php echo JS_GENDER; ?>"; |
|
259 |
error_message = error_message + "<?php echo JS_GENDER; ?>"; |
260 |
error = 1; |
|
260 |
error = 1; |
261 |
} |
|
261 |
} |
262 |
<?php } ?> |
|
262 |
<?php } ?> |
263 |
|
|
263 |
|
264 |
if (customers_firstname == "" || customers_firstname.length < <?php echo ENTRY_FIRST_NAME_MIN_LENGTH; ?>) { |
<> |
264 |
if (customers_firstname.length < <?php echo ENTRY_FIRST_NAME_MIN_LENGTH; ?>) { |
265 |
error_message = error_message + "<?php echo JS_FIRST_NAME; ?>"; |
= |
265 |
error_message = error_message + "<?php echo JS_FIRST_NAME; ?>"; |
266 |
error = 1; |
|
266 |
error = 1; |
267 |
} |
|
267 |
} |
268 |
|
|
268 |
|
269 |
if (customers_lastname == "" || customers_lastname.length < <?php echo ENTRY_LAST_NAME_MIN_LENGTH; ?>) { |
<> |
269 |
if (customers_lastname.length < <?php echo ENTRY_LAST_NAME_MIN_LENGTH; ?>) { |
270 |
error_message = error_message + "<?php echo JS_LAST_NAME; ?>"; |
= |
270 |
error_message = error_message + "<?php echo JS_LAST_NAME; ?>"; |
271 |
error = 1; |
|
271 |
error = 1; |
272 |
} |
|
272 |
} |
273 |
|
|
273 |
|
274 |
<?php if (ACCOUNT_DOB == 'true') { ?> |
|
274 |
<?php if (ACCOUNT_DOB == 'true') { ?> |
275 |
if (customers_dob == "" || customers_dob.length < <?php echo ENTRY_DOB_MIN_LENGTH; ?>) { |
<> |
275 |
if (customers_dob.length < <?php echo ENTRY_DOB_MIN_LENGTH; ?>) { |
276 |
error_message = error_message + "<?php echo JS_DOB; ?>"; |
= |
276 |
error_message = error_message + "<?php echo JS_DOB; ?>"; |
277 |
error = 1; |
|
277 |
error = 1; |
278 |
} |
|
278 |
} |
279 |
<?php } ?> |
|
279 |
<?php } ?> |
280 |
|
|
280 |
|
281 |
if (customers_email_address == "" || customers_email_address.length < <?php echo ENTRY_EMAIL_ADDRESS_MIN_LENGTH; ?>) { |
<> |
281 |
if (customers_email_address.length < <?php echo ENTRY_EMAIL_ADDRESS_MIN_LENGTH; ?>) { |
282 |
error_message = error_message + "<?php echo JS_EMAIL_ADDRESS; ?>"; |
= |
282 |
error_message = error_message + "<?php echo JS_EMAIL_ADDRESS; ?>"; |
283 |
error = 1; |
|
283 |
error = 1; |
284 |
} |
|
284 |
} |
285 |
|
|
285 |
|
286 |
if (entry_street_address == "" || entry_street_address.length < <?php echo ENTRY_STREET_ADDRESS_MIN_LENGTH; ?>) { |
<> |
286 |
if (entry_street_address.length < <?php echo ENTRY_STREET_ADDRESS_MIN_LENGTH; ?>) { |
287 |
error_message = error_message + "<?php echo JS_ADDRESS; ?>"; |
= |
287 |
error_message = error_message + "<?php echo JS_ADDRESS; ?>"; |
288 |
error = 1; |
|
288 |
error = 1; |
289 |
} |
|
289 |
} |
290 |
|
|
290 |
|
291 |
if (entry_postcode == "" || entry_postcode.length < <?php echo ENTRY_POSTCODE_MIN_LENGTH; ?>) { |
<> |
291 |
if (entry_postcode.length < <?php echo ENTRY_POSTCODE_MIN_LENGTH; ?>) { |
292 |
error_message = error_message + "<?php echo JS_POST_CODE; ?>"; |
= |
292 |
error_message = error_message + "<?php echo JS_POST_CODE; ?>"; |
293 |
error = 1; |
|
293 |
error = 1; |
294 |
} |
|
294 |
} |
295 |
|
|
295 |
|
296 |
if (entry_city == "" || entry_city.length < <?php echo ENTRY_CITY_MIN_LENGTH; ?>) { |
<> |
296 |
if (entry_city.length < <?php echo ENTRY_CITY_MIN_LENGTH; ?>) { |
297 |
error_message = error_message + "<?php echo JS_CITY; ?>"; |
= |
297 |
error_message = error_message + "<?php echo JS_CITY; ?>"; |
298 |
error = 1; |
|
298 |
error = 1; |
299 |
} |
|
299 |
} |
300 |
|
|
300 |
|
301 |
<?php |
|
301 |
<?php |
302 |
if (ACCOUNT_STATE == 'true') { |
|
302 |
if (ACCOUNT_STATE == 'true') { |
303 |
?> |
|
303 |
?> |
304 |
if (document.customers.elements['entry_state'].type != "hidden") { |
|
304 |
if (document.customers.elements['entry_state'].type != "hidden") { |
305 |
if (document.customers.entry_state.value == '' || document.customers.entry_state.value.length < <?php echo ENTRY_STATE_MIN_LENGTH; ?> ) { |
<> |
305 |
if (document.customers.entry_state.value.length < <?php echo ENTRY_STATE_MIN_LENGTH; ?>) { |
306 |
error_message = error_message + "<?php echo JS_STATE; ?>"; |
= |
306 |
error_message = error_message + "<?php echo JS_STATE; ?>"; |
307 |
error = 1; |
|
307 |
error = 1; |
308 |
} |
|
308 |
} |
309 |
} |
|
309 |
} |
310 |
<?php |
|
310 |
<?php |
311 |
} |
|
311 |
} |
|
315 |
if (document.customers.entry_country_id.value == 0) { |
= |
315 |
if (document.customers.entry_country_id.value == 0) { |
316 |
error_message = error_message + "<?php echo JS_COUNTRY; ?>"; |
|
316 |
error_message = error_message + "<?php echo JS_COUNTRY; ?>"; |
317 |
error = 1; |
|
317 |
error = 1; |
318 |
} |
|
318 |
} |
319 |
} |
|
319 |
} |
320 |
|
|
320 |
|
321 |
if (customers_telephone == "" || customers_telephone.length < <?php echo ENTRY_TELEPHONE_MIN_LENGTH; ?>) { |
<> |
321 |
if (customers_telephone.length < <?php echo ENTRY_TELEPHONE_MIN_LENGTH; ?>) { |
322 |
error_message = error_message + "<?php echo JS_TELEPHONE; ?>"; |
= |
322 |
error_message = error_message + "<?php echo JS_TELEPHONE; ?>"; |
323 |
error = 1; |
|
323 |
error = 1; |
324 |
} |
|
324 |
} |
325 |
|
|
325 |
|
326 |
if (error == 1) { |
|
326 |
if (error == 1) { |
327 |
alert(error_message); |
|
327 |
alert(error_message); |
[BUGFIX] Compatibility Array Index
Reset compatibility array indexes when working through its elements.
Affected Files
catalog/includes/functions/compatibility.php
catalog/admin/includes/functions/compatibility.php
File: catalog/includes/functions/compatibility.php
15 |
// This is due to the possibility of have an array in |
= |
15 |
// This is due to the possibility of have an array in |
16 |
// $HTTP_xxx_VARS |
|
16 |
// $HTTP_xxx_VARS |
17 |
// Ie, products attributes |
|
17 |
// Ie, products attributes |
18 |
function do_magic_quotes_gpc(&$ar) { |
|
18 |
function do_magic_quotes_gpc(&$ar) { |
19 |
if (!is_array($ar)) return false; |
|
19 |
if (!is_array($ar)) return false; |
20 |
|
|
20 |
|
|
|
-+ |
21 |
reset($ar); |
21 |
while (list($key, $value) = each($ar)) { |
= |
22 |
while (list($key, $value) = each($ar)) { |
22 |
if (is_array($ar[$key])) { |
|
23 |
if (is_array($ar[$key])) { |
23 |
do_magic_quotes_gpc($ar[$key]); |
|
24 |
do_magic_quotes_gpc($ar[$key]); |
24 |
} else { |
|
25 |
} else { |
25 |
$ar[$key] = addslashes($value); |
|
26 |
$ar[$key] = addslashes($value); |
26 |
} |
|
27 |
} |
27 |
} |
|
28 |
} |
|
|
-+ |
29 |
reset($ar); |
28 |
} |
= |
30 |
} |
29 |
|
|
31 |
|
30 |
if (PHP_VERSION >= 4.1) { |
|
32 |
if (PHP_VERSION >= 4.1) { |
31 |
$HTTP_GET_VARS =& $_GET; |
|
33 |
$HTTP_GET_VARS =& $_GET; |
32 |
$HTTP_POST_VARS =& $_POST; |
|
34 |
$HTTP_POST_VARS =& $_POST; |
33 |
$HTTP_COOKIE_VARS =& $_COOKIE; |
|
35 |
$HTTP_COOKIE_VARS =& $_COOKIE; |
File: catalog/admin/includes/functions/compatibility.php
15 |
// This is due to the possibility of have an array in |
= |
15 |
// This is due to the possibility of have an array in |
16 |
// $HTTP_xxx_VARS |
|
16 |
// $HTTP_xxx_VARS |
17 |
// Ie, products attributes |
|
17 |
// Ie, products attributes |
18 |
function do_magic_quotes_gpc(&$ar) { |
|
18 |
function do_magic_quotes_gpc(&$ar) { |
19 |
if (!is_array($ar)) return false; |
|
19 |
if (!is_array($ar)) return false; |
20 |
|
|
20 |
|
|
|
-+ |
21 |
reset($ar); |
21 |
while (list($key, $value) = each($ar)) { |
= |
22 |
while (list($key, $value) = each($ar)) { |
22 |
if (is_array($ar[$key])) { |
|
23 |
if (is_array($ar[$key])) { |
23 |
do_magic_quotes_gpc($ar[$key]); |
|
24 |
do_magic_quotes_gpc($ar[$key]); |
24 |
} else { |
|
25 |
} else { |
25 |
$ar[$key] = addslashes($value); |
|
26 |
$ar[$key] = addslashes($value); |
26 |
} |
|
27 |
} |
27 |
} |
|
28 |
} |
|
|
-+ |
29 |
reset($ar); |
28 |
} |
= |
30 |
} |
29 |
|
|
31 |
|
30 |
if (PHP_VERSION >= 4.1) { |
|
32 |
if (PHP_VERSION >= 4.1) { |
31 |
$HTTP_GET_VARS =& $_GET; |
|
33 |
$HTTP_GET_VARS =& $_GET; |
32 |
$HTTP_POST_VARS =& $_POST; |
|
34 |
$HTTP_POST_VARS =& $_POST; |
33 |
$HTTP_COOKIE_VARS =& $_COOKIE; |
|
35 |
$HTTP_COOKIE_VARS =& $_COOKIE; |
[IMPROVEMENT] MySQL Database Connection Identifier Link
Pass the MySQL connection identifier link to the mysql_insert_id() function.
Affected Files
catalog/includes/functions/database.php
catalog/admin/includes/functions/database.php
File: catalog/includes/functions/database.php
104 |
} |
= |
104 |
} |
105 |
|
|
105 |
|
106 |
function tep_db_data_seek($db_query, $row_number) { |
|
106 |
function tep_db_data_seek($db_query, $row_number) { |
107 |
return mysql_data_seek($db_query, $row_number); |
|
107 |
return mysql_data_seek($db_query, $row_number); |
108 |
} |
|
108 |
} |
109 |
|
|
109 |
|
110 |
function tep_db_insert_id() { |
<> |
110 |
function tep_db_insert_id($link = 'db_link') { |
|
|
|
111 |
global $$link; |
|
|
|
112 |
|
111 |
return mysql_insert_id(); |
|
113 |
return mysql_insert_id($$link); |
112 |
} |
= |
114 |
} |
113 |
|
|
115 |
|
114 |
function tep_db_free_result($db_query) { |
|
116 |
function tep_db_free_result($db_query) { |
115 |
return mysql_free_result($db_query); |
|
117 |
return mysql_free_result($db_query); |
116 |
} |
|
118 |
} |
117 |
|
|
119 |
|
File: catalog/admin/includes/functions/database.php
108 |
} |
= |
108 |
} |
109 |
|
|
109 |
|
110 |
function tep_db_data_seek($db_query, $row_number) { |
|
110 |
function tep_db_data_seek($db_query, $row_number) { |
111 |
return mysql_data_seek($db_query, $row_number); |
|
111 |
return mysql_data_seek($db_query, $row_number); |
112 |
} |
|
112 |
} |
113 |
|
|
113 |
|
114 |
function tep_db_insert_id() { |
<> |
114 |
function tep_db_insert_id($link = 'db_link') { |
|
|
|
115 |
global $$link; |
|
|
|
116 |
|
115 |
return mysql_insert_id(); |
|
117 |
return mysql_insert_id($$link); |
116 |
} |
= |
118 |
} |
117 |
|
|
119 |
|
118 |
function tep_db_free_result($db_query) { |
|
120 |
function tep_db_free_result($db_query) { |
119 |
return mysql_free_result($db_query); |
|
121 |
return mysql_free_result($db_query); |
120 |
} |
|
122 |
} |
121 |
|
|
123 |
|
[BUGFIX] Product Sorting SQL Injection Vulnerability
Fix an SQL injection vulnerability when sorting products on the index listing.
Affected Files
catalog/index.php
File: catalog/index.php
185 |
} else { |
= |
185 |
} else { |
186 |
// We show them all |
|
186 |
// We show them all |
187 |
$listing_sql = "select " . $select_column_list . " p.products_id, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_PRODUCTS . " p left join " . TABLE_MANUFACTURERS . " m on p.manufacturers_id = m.manufacturers_id left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where p.products_status = '1' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '" . (int)$languages_id . "' and p2c.categories_id = '" . (int)$current_category_id . "'"; |
|
187 |
$listing_sql = "select " . $select_column_list . " p.products_id, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_PRODUCTS . " p left join " . TABLE_MANUFACTURERS . " m on p.manufacturers_id = m.manufacturers_id left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where p.products_status = '1' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '" . (int)$languages_id . "' and p2c.categories_id = '" . (int)$current_category_id . "'"; |
188 |
} |
|
188 |
} |
189 |
} |
|
189 |
} |
190 |
|
|
190 |
|
191 |
if ( (!isset($HTTP_GET_VARS['sort'])) || (!ereg('[1-8][ad]', $HTTP_GET_VARS['sort'])) || (substr($HTTP_GET_VARS['sort'], 0, 1) > sizeof($column_list)) ) { |
<> |
191 |
if ( (!isset($HTTP_GET_VARS['sort'])) || (!ereg('^[1-8][ad]$', $HTTP_GET_VARS['sort'])) || (substr($HTTP_GET_VARS['sort'], 0, 1) > sizeof($column_list)) ) { |
192 |
for ($i=0, $n=sizeof($column_list); $i<$n; $i++) { |
= |
192 |
for ($i=0, $n=sizeof($column_list); $i<$n; $i++) { |
193 |
if ($column_list[$i] == 'PRODUCT_LIST_NAME') { |
|
193 |
if ($column_list[$i] == 'PRODUCT_LIST_NAME') { |
194 |
$HTTP_GET_VARS['sort'] = $i+1 . 'a'; |
|
194 |
$HTTP_GET_VARS['sort'] = $i+1 . 'a'; |
195 |
$listing_sql .= " order by pd.products_name"; |
|
195 |
$listing_sql .= " order by pd.products_name"; |
196 |
break; |
|
196 |
break; |
197 |
} |
|
197 |
} |
198 |
} |
|
198 |
} |
199 |
} else { |
|
199 |
} else { |
200 |
$sort_col = substr($HTTP_GET_VARS['sort'], 0 , 1); |
|
200 |
$sort_col = substr($HTTP_GET_VARS['sort'], 0 , 1); |
201 |
$sort_order = substr($HTTP_GET_VARS['sort'], 1); |
|
201 |
$sort_order = substr($HTTP_GET_VARS['sort'], 1); |
202 |
$listing_sql .= ' order by '; |
<> |
202 |
|
203 |
switch ($column_list[$sort_col-1]) { |
= |
203 |
switch ($column_list[$sort_col-1]) { |
204 |
case 'PRODUCT_LIST_MODEL': |
|
204 |
case 'PRODUCT_LIST_MODEL': |
205 |
$listing_sql .= "p.products_model " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; |
<> |
205 |
$listing_sql .= " order by p.products_model " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; |
206 |
break; |
= |
206 |
break; |
207 |
case 'PRODUCT_LIST_NAME': |
|
207 |
case 'PRODUCT_LIST_NAME': |
208 |
$listing_sql .= "pd.products_name " . ($sort_order == 'd' ? 'desc' : ''); |
<> |
208 |
$listing_sql .= " order by pd.products_name " . ($sort_order == 'd' ? 'desc' : ''); |
209 |
break; |
= |
209 |
break; |
210 |
case 'PRODUCT_LIST_MANUFACTURER': |
|
210 |
case 'PRODUCT_LIST_MANUFACTURER': |
211 |
$listing_sql .= "m.manufacturers_name " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; |
<> |
211 |
$listing_sql .= " order by m.manufacturers_name " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; |
212 |
break; |
= |
212 |
break; |
213 |
case 'PRODUCT_LIST_QUANTITY': |
|
213 |
case 'PRODUCT_LIST_QUANTITY': |
214 |
$listing_sql .= "p.products_quantity " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; |
<> |
214 |
$listing_sql .= " order by p.products_quantity " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; |
215 |
break; |
= |
215 |
break; |
216 |
case 'PRODUCT_LIST_IMAGE': |
|
216 |
case 'PRODUCT_LIST_IMAGE': |
217 |
$listing_sql .= "pd.products_name"; |
<> |
217 |
$listing_sql .= " order by pd.products_name"; |
218 |
break; |
= |
218 |
break; |
219 |
case 'PRODUCT_LIST_WEIGHT': |
|
219 |
case 'PRODUCT_LIST_WEIGHT': |
220 |
$listing_sql .= "p.products_weight " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; |
<> |
220 |
$listing_sql .= " order by p.products_weight " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; |
221 |
break; |
= |
221 |
break; |
222 |
case 'PRODUCT_LIST_PRICE': |
|
222 |
case 'PRODUCT_LIST_PRICE': |
223 |
$listing_sql .= "final_price " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; |
<> |
223 |
$listing_sql .= " order by final_price " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; |
224 |
break; |
= |
224 |
break; |
225 |
} |
|
225 |
} |
226 |
} |
|
226 |
} |
227 |
?> |
|
227 |
?> |
228 |
<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
|
228 |
<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
229 |
<tr> |
|
229 |
<tr> |
[BUGFIX] Product Price Calculations
Don't calculate product prices with tax by rounding the net value as this brings down the default precision of 4 to the decimal places of the selected currency.
Affected Files
catalog/includes/classes/currencies.php
catalog/includes/classes/order.php
catalog/includes/classes/shopping_cart.php
catalog/includes/functions/general.php
catalog/admin/includes/classes/currencies.php
catalog/admin/includes/functions/general.php
catalog/admin/orders.php
catalog/admin/invoice.php
File: catalog/includes/classes/currencies.php
49 |
$format_string = $this->currencies[$currency_type]['symbol_left'] . number_format(tep_round($number, $this->currencies[$currency_type]['decimal_places']), $this->currencies[$currency_type]['decimal_places'], $this->currencies[$currency_type]['decimal_point'], $this->currencies[$currency_type]['thousands_point']) . $this->currencies[$currency_type]['symbol_right']; |
= |
49 |
$format_string = $this->currencies[$currency_type]['symbol_left'] . number_format(tep_round($number, $this->currencies[$currency_type]['decimal_places']), $this->currencies[$currency_type]['decimal_places'], $this->currencies[$currency_type]['decimal_point'], $this->currencies[$currency_type]['thousands_point']) . $this->currencies[$currency_type]['symbol_right']; |
50 |
} |
|
50 |
} |
51 |
|
|
51 |
|
52 |
return $format_string; |
|
52 |
return $format_string; |
53 |
} |
|
53 |
} |
54 |
|
|
54 |
|
|
|
-+ |
55 |
function calculate_price($products_price, $products_tax, $quantity = 1) { |
|
|
|
56 |
global $currency; |
|
|
|
57 |
|
|
|
|
58 |
return tep_round(tep_add_tax($products_price, $products_tax), $this->currencies[$currency]['decimal_places']) * $quantity; |
|
|
|
59 |
} |
|
|
|
60 |
|
55 |
function is_set($code) { |
= |
61 |
function is_set($code) { |
56 |
if (isset($this->currencies[$code]) && tep_not_null($this->currencies[$code])) { |
|
62 |
if (isset($this->currencies[$code]) && tep_not_null($this->currencies[$code])) { |
57 |
return true; |
|
63 |
return true; |
58 |
} else { |
|
64 |
} else { |
59 |
return false; |
|
65 |
return false; |
60 |
} |
|
66 |
} |
|
66 |
|
= |
72 |
|
67 |
function get_decimal_places($code) { |
|
73 |
function get_decimal_places($code) { |
68 |
return $this->currencies[$code]['decimal_places']; |
|
74 |
return $this->currencies[$code]['decimal_places']; |
69 |
} |
|
75 |
} |
70 |
|
|
76 |
|
71 |
function display_price($products_price, $products_tax, $quantity = 1) { |
|
77 |
function display_price($products_price, $products_tax, $quantity = 1) { |
72 |
return $this->format(tep_add_tax($products_price, $products_tax) * $quantity); |
<> |
78 |
return $this->format($this->calculate_price($products_price, $products_tax, $quantity)); |
73 |
} |
= |
79 |
} |
74 |
} |
|
80 |
} |
75 |
?> |
|
81 |
?> |
File: catalog/includes/classes/order.php
238 |
'price' => $attributes['options_values_price']); |
= |
238 |
'price' => $attributes['options_values_price']); |
239 |
|
|
239 |
|
240 |
$subindex++; |
|
240 |
$subindex++; |
241 |
} |
|
241 |
} |
242 |
} |
|
242 |
} |
243 |
|
|
243 |
|
244 |
$shown_price = tep_add_tax($this->products[$index]['final_price'], $this->products[$index]['tax']) * $this->products[$index]['qty']; |
<> |
244 |
$shown_price = $currencies->calculate_price($this->products[$index]['final_price'], $this->products[$index]['tax'], $this->products[$index]['qty']); |
245 |
$this->info['subtotal'] += $shown_price; |
= |
245 |
$this->info['subtotal'] += $shown_price; |
246 |
|
|
246 |
|
247 |
$products_tax = $this->products[$index]['tax']; |
|
247 |
$products_tax = $this->products[$index]['tax']; |
248 |
$products_tax_description = $this->products[$index]['tax_description']; |
|
248 |
$products_tax_description = $this->products[$index]['tax_description']; |
249 |
if (DISPLAY_PRICE_WITH_TAX == 'true') { |
|
249 |
if (DISPLAY_PRICE_WITH_TAX == 'true') { |
250 |
$this->info['tax'] += $shown_price - ($shown_price / (($products_tax < 10) ? "1.0" . str_replace('.', '', $products_tax) : "1." . str_replace('.', '', $products_tax))); |
|
250 |
$this->info['tax'] += $shown_price - ($shown_price / (($products_tax < 10) ? "1.0" . str_replace('.', '', $products_tax) : "1." . str_replace('.', '', $products_tax))); |
File: catalog/includes/classes/shopping_cart.php
26 |
if (is_array($this->contents)) { |
= |
26 |
if (is_array($this->contents)) { |
27 |
reset($this->contents); |
|
27 |
reset($this->contents); |
28 |
while (list($products_id, ) = each($this->contents)) { |
|
28 |
while (list($products_id, ) = each($this->contents)) { |
29 |
$qty = $this->contents[$products_id]['qty']; |
|
29 |
$qty = $this->contents[$products_id]['qty']; |
30 |
$product_query = tep_db_query("select products_id from " . TABLE_CUSTOMERS_BASKET . " where customers_id = '" . (int)$customer_id . "' and products_id = '" . tep_db_input($products_id) . "'"); |
|
30 |
$product_query = tep_db_query("select products_id from " . TABLE_CUSTOMERS_BASKET . " where customers_id = '" . (int)$customer_id . "' and products_id = '" . tep_db_input($products_id) . "'"); |
31 |
if (!tep_db_num_rows($product_query)) { |
|
31 |
if (!tep_db_num_rows($product_query)) { |
32 |
tep_db_query("insert into " . TABLE_CUSTOMERS_BASKET . " (customers_id, products_id, customers_basket_quantity, customers_basket_date_added) values ('" . (int)$customer_id . "', '" . tep_db_input($products_id) . "', '" . $qty . "', '" . date('Ymd') . "')"); |
<> |
32 |
tep_db_query("insert into " . TABLE_CUSTOMERS_BASKET . " (customers_id, products_id, customers_basket_quantity, customers_basket_date_added) values ('" . (int)$customer_id . "', '" . tep_db_input($products_id) . "', '" . tep_db_input($qty) . "', '" . date('Ymd') . "')"); |
33 |
if (isset($this->contents[$products_id]['attributes'])) { |
= |
33 |
if (isset($this->contents[$products_id]['attributes'])) { |
34 |
reset($this->contents[$products_id]['attributes']); |
|
34 |
reset($this->contents[$products_id]['attributes']); |
35 |
while (list($option, $value) = each($this->contents[$products_id]['attributes'])) { |
|
35 |
while (list($option, $value) = each($this->contents[$products_id]['attributes'])) { |
36 |
tep_db_query("insert into " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " (customers_id, products_id, products_options_id, products_options_value_id) values ('" . (int)$customer_id . "', '" . tep_db_input($products_id) . "', '" . (int)$option . "', '" . (int)$value . "')"); |
|
36 |
tep_db_query("insert into " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " (customers_id, products_id, products_options_id, products_options_value_id) values ('" . (int)$customer_id . "', '" . tep_db_input($products_id) . "', '" . (int)$option . "', '" . (int)$value . "')"); |
37 |
} |
|
37 |
} |
38 |
} |
|
38 |
} |
39 |
} else { |
|
39 |
} else { |
40 |
tep_db_query("update " . TABLE_CUSTOMERS_BASKET . " set customers_basket_quantity = '" . $qty . "' where customers_id = '" . (int)$customer_id . "' and products_id = '" . tep_db_input($products_id) . "'"); |
<> |
40 |
tep_db_query("update " . TABLE_CUSTOMERS_BASKET . " set customers_basket_quantity = '" . tep_db_input($qty) . "' where customers_id = '" . (int)$customer_id . "' and products_id = '" . tep_db_input($products_id) . "'"); |
41 |
} |
= |
41 |
} |
42 |
} |
|
42 |
} |
43 |
} |
|
43 |
} |
44 |
|
|
44 |
|
45 |
// reset per-session cart contents, but not the database contents |
|
45 |
// reset per-session cart contents, but not the database contents |
46 |
$this->reset(false); |
|
46 |
$this->reset(false); |
|
234 |
} |
= |
234 |
} |
235 |
|
|
235 |
|
236 |
return substr($product_id_list, 2); |
|
236 |
return substr($product_id_list, 2); |
237 |
} |
|
237 |
} |
238 |
|
|
238 |
|
239 |
function calculate() { |
|
239 |
function calculate() { |
|
|
-+ |
240 |
global $currencies; |
|
|
|
241 |
|
240 |
$this->total = 0; |
= |
242 |
$this->total = 0; |
241 |
$this->weight = 0; |
|
243 |
$this->weight = 0; |
242 |
if (!is_array($this->contents)) return 0; |
|
244 |
if (!is_array($this->contents)) return 0; |
243 |
|
|
245 |
|
244 |
reset($this->contents); |
|
246 |
reset($this->contents); |
245 |
while (list($products_id, ) = each($this->contents)) { |
|
247 |
while (list($products_id, ) = each($this->contents)) { |
|
256 |
$specials_query = tep_db_query("select specials_new_products_price from " . TABLE_SPECIALS . " where products_id = '" . (int)$prid . "' and status = '1'"); |
= |
258 |
$specials_query = tep_db_query("select specials_new_products_price from " . TABLE_SPECIALS . " where products_id = '" . (int)$prid . "' and status = '1'"); |
257 |
if (tep_db_num_rows ($specials_query)) { |
|
259 |
if (tep_db_num_rows ($specials_query)) { |
258 |
$specials = tep_db_fetch_array($specials_query); |
|
260 |
$specials = tep_db_fetch_array($specials_query); |
259 |
$products_price = $specials['specials_new_products_price']; |
|
261 |
$products_price = $specials['specials_new_products_price']; |
260 |
} |
|
262 |
} |
261 |
|
|
263 |
|
262 |
$this->total += tep_add_tax($products_price, $products_tax) * $qty; |
<> |
264 |
$this->total += $currencies->calculate_price($products_price, $products_tax, $qty); |
263 |
$this->weight += ($qty * $products_weight); |
= |
265 |
$this->weight += ($qty * $products_weight); |
264 |
} |
|
266 |
} |
265 |
|
|
267 |
|
266 |
// attributes price |
|
268 |
// attributes price |
267 |
if (isset($this->contents[$products_id]['attributes'])) { |
|
269 |
if (isset($this->contents[$products_id]['attributes'])) { |
268 |
reset($this->contents[$products_id]['attributes']); |
|
270 |
reset($this->contents[$products_id]['attributes']); |
269 |
while (list($option, $value) = each($this->contents[$products_id]['attributes'])) { |
|
271 |
while (list($option, $value) = each($this->contents[$products_id]['attributes'])) { |
270 |
$attribute_price_query = tep_db_query("select options_values_price, price_prefix from " . TABLE_PRODUCTS_ATTRIBUTES . " where products_id = '" . (int)$prid . "' and options_id = '" . (int)$option . "' and options_values_id = '" . (int)$value . "'"); |
|
272 |
$attribute_price_query = tep_db_query("select options_values_price, price_prefix from " . TABLE_PRODUCTS_ATTRIBUTES . " where products_id = '" . (int)$prid . "' and options_id = '" . (int)$option . "' and options_values_id = '" . (int)$value . "'"); |
271 |
$attribute_price = tep_db_fetch_array($attribute_price_query); |
|
273 |
$attribute_price = tep_db_fetch_array($attribute_price_query); |
272 |
if ($attribute_price['price_prefix'] == '+') { |
|
274 |
if ($attribute_price['price_prefix'] == '+') { |
273 |
$this->total += $qty * tep_add_tax($attribute_price['options_values_price'], $products_tax); |
<> |
275 |
$this->total += $currencies->calculate_price($attribute_price['options_values_price'], $products_tax, $qty); |
274 |
} else { |
= |
276 |
} else { |
275 |
$this->total -= $qty * tep_add_tax($attribute_price['options_values_price'], $products_tax); |
<> |
277 |
$this->total -= $currencies->calculate_price($attribute_price['options_values_price'], $products_tax, $qty); |
276 |
} |
= |
278 |
} |
277 |
} |
|
279 |
} |
278 |
} |
|
280 |
} |
279 |
} |
|
281 |
} |
280 |
} |
|
282 |
} |
281 |
|
|
283 |
|
File: catalog/includes/functions/general.php
352 |
} |
= |
352 |
} |
353 |
} |
|
353 |
} |
354 |
|
|
354 |
|
355 |
//// |
|
355 |
//// |
356 |
// Add tax to a products price |
|
356 |
// Add tax to a products price |
357 |
function tep_add_tax($price, $tax) { |
|
357 |
function tep_add_tax($price, $tax) { |
358 |
global $currencies; |
+- |
|
|
359 |
|
|
|
|
360 |
if ( (DISPLAY_PRICE_WITH_TAX == 'true') && ($tax > 0) ) { |
= |
358 |
if ( (DISPLAY_PRICE_WITH_TAX == 'true') && ($tax > 0) ) { |
361 |
return tep_round($price, $currencies->currencies[DEFAULT_CURRENCY]['decimal_places']) + tep_calculate_tax($price, $tax); |
<> |
359 |
return $price + tep_calculate_tax($price, $tax); |
362 |
} else { |
= |
360 |
} else { |
363 |
return tep_round($price, $currencies->currencies[DEFAULT_CURRENCY]['decimal_places']); |
<> |
361 |
return $price; |
364 |
} |
= |
362 |
} |
365 |
} |
|
363 |
} |
366 |
|
|
364 |
|
367 |
// Calculates Tax rounding the result |
|
365 |
// Calculates Tax rounding the result |
368 |
function tep_calculate_tax($price, $tax) { |
|
366 |
function tep_calculate_tax($price, $tax) { |
369 |
global $currencies; |
<> |
367 |
return $price * $tax / 100; |
370 |
|
|
|
|
371 |
return tep_round($price * $tax / 100, $currencies->currencies[DEFAULT_CURRENCY]['decimal_places']); |
|
|
|
372 |
} |
= |
368 |
} |
373 |
|
|
369 |
|
374 |
//// |
|
370 |
//// |
375 |
// Return the number of products in a category |
|
371 |
// Return the number of products in a category |
376 |
// TABLES: products, products_to_categories, categories |
|
372 |
// TABLES: products, products_to_categories, categories |
377 |
function tep_count_products_in_category($category_id, $include_inactive = false) { |
|
373 |
function tep_count_products_in_category($category_id, $include_inactive = false) { |
File: catalog/admin/includes/classes/currencies.php
49 |
} |
= |
49 |
} |
50 |
|
|
50 |
|
51 |
function get_value($code) { |
|
51 |
function get_value($code) { |
52 |
return $this->currencies[$code]['value']; |
|
52 |
return $this->currencies[$code]['value']; |
53 |
} |
|
53 |
} |
54 |
|
|
54 |
|
55 |
function display_price($products_price, $products_tax, $quantity = 1) { |
<> |
55 |
function display_price($products_price, $products_tax, $quantity = 1, $currency_type = DEFAULT_CURRENCY) { |
56 |
return $this->format(tep_add_tax($products_price, $products_tax) * $quantity); |
|
56 |
return $this->format(tep_round(tep_add_tax($products_price, $products_tax), $this->currencies[$currency_type]['decimal_places']) * $quantity); |
57 |
} |
= |
57 |
} |
58 |
} |
|
58 |
} |
59 |
?> |
|
59 |
?> |
File: catalog/admin/includes/functions/general.php
1130 |
return round($value, $precision); |
= |
1130 |
return round($value, $precision); |
1131 |
} |
|
1131 |
} |
1132 |
} |
|
1132 |
} |
1133 |
|
|
1133 |
|
1134 |
//// |
|
1134 |
//// |
1135 |
// Add tax to a products price |
|
1135 |
// Add tax to a products price |
1136 |
function tep_add_tax($price, $tax) { |
<> |
1136 |
function tep_add_tax($price, $tax, $override = false) { |
1137 |
global $currencies; |
|
1137 |
if ( ( (DISPLAY_PRICE_WITH_TAX == 'true') || ($override == true) ) && ($tax > 0) ) { |
1138 |
|
|
1138 |
return $price + tep_calculate_tax($price, $tax); |
1139 |
if (DISPLAY_PRICE_WITH_TAX == 'true') { |
|
|
|
1140 |
return tep_round($price, $currencies->currencies[DEFAULT_CURRENCY]['decimal_places']) + tep_calculate_tax($price, $tax); |
|
|
|
1141 |
} else { |
= |
1139 |
} else { |
1142 |
return tep_round($price, $currencies->currencies[DEFAULT_CURRENCY]['decimal_places']); |
<> |
1140 |
return $price; |
1143 |
} |
= |
1141 |
} |
1144 |
} |
|
1142 |
} |
1145 |
|
|
1143 |
|
1146 |
// Calculates Tax rounding the result |
|
1144 |
// Calculates Tax rounding the result |
1147 |
function tep_calculate_tax($price, $tax) { |
|
1145 |
function tep_calculate_tax($price, $tax) { |
1148 |
global $currencies; |
<> |
1146 |
return $price * $tax / 100; |
1149 |
|
|
|
|
1150 |
return tep_round($price * $tax / 100, $currencies->currencies[DEFAULT_CURRENCY]['decimal_places']); |
|
|
|
1151 |
} |
= |
1147 |
} |
1152 |
|
|
1148 |
|
1153 |
//// |
|
1149 |
//// |
1154 |
// Returns the tax rate for a zone / class |
|
1150 |
// Returns the tax rate for a zone / class |
1155 |
// TABLES: tax_rates, zones_to_geo_zones |
|
1151 |
// TABLES: tax_rates, zones_to_geo_zones |
1156 |
function tep_get_tax_rate($class_id, $country_id = -1, $zone_id = -1) { |
|
1152 |
function tep_get_tax_rate($class_id, $country_id = -1, $zone_id = -1) { |
File: catalog/admin/orders.php
231 |
} |
= |
231 |
} |
232 |
|
|
232 |
|
233 |
echo ' </td>' . "\n" . |
|
233 |
echo ' </td>' . "\n" . |
234 |
' <td class="dataTableContent" valign="top">' . $order->products[$i]['model'] . '</td>' . "\n" . |
|
234 |
' <td class="dataTableContent" valign="top">' . $order->products[$i]['model'] . '</td>' . "\n" . |
235 |
' <td class="dataTableContent" align="right" valign="top">' . tep_display_tax_value($order->products[$i]['tax']) . '%</td>' . "\n" . |
|
235 |
' <td class="dataTableContent" align="right" valign="top">' . tep_display_tax_value($order->products[$i]['tax']) . '%</td>' . "\n" . |
236 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format($order->products[$i]['final_price'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
|
236 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format($order->products[$i]['final_price'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
237 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format(tep_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax']), true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
<> |
237 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format(tep_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax'], true), true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
238 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format($order->products[$i]['final_price'] * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
= |
238 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format($order->products[$i]['final_price'] * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
239 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format(tep_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax']) * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n"; |
<> |
239 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format(tep_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax'], true) * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n"; |
240 |
echo ' </tr>' . "\n"; |
= |
240 |
echo ' </tr>' . "\n"; |
241 |
} |
|
241 |
} |
242 |
?> |
|
242 |
?> |
243 |
<tr> |
|
243 |
<tr> |
244 |
<td align="right" colspan="8"><table border="0" cellspacing="0" cellpadding="2"> |
|
244 |
<td align="right" colspan="8"><table border="0" cellspacing="0" cellpadding="2"> |
245 |
<?php |
|
245 |
<?php |
File: catalog/admin/invoice.php
114 |
} |
= |
114 |
} |
115 |
|
|
115 |
|
116 |
echo ' </td>' . "\n" . |
|
116 |
echo ' </td>' . "\n" . |
117 |
' <td class="dataTableContent" valign="top">' . $order->products[$i]['model'] . '</td>' . "\n"; |
|
117 |
' <td class="dataTableContent" valign="top">' . $order->products[$i]['model'] . '</td>' . "\n"; |
118 |
echo ' <td class="dataTableContent" align="right" valign="top">' . tep_display_tax_value($order->products[$i]['tax']) . '%</td>' . "\n" . |
|
118 |
echo ' <td class="dataTableContent" align="right" valign="top">' . tep_display_tax_value($order->products[$i]['tax']) . '%</td>' . "\n" . |
119 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format($order->products[$i]['final_price'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
|
119 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format($order->products[$i]['final_price'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
120 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format(tep_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax']), true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
<> |
120 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format(tep_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax'], true), true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
121 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format($order->products[$i]['final_price'] * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
= |
121 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format($order->products[$i]['final_price'] * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
122 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format(tep_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax']) * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n"; |
<> |
122 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format(tep_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax'], true) * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n"; |
123 |
echo ' </tr>' . "\n"; |
= |
123 |
echo ' </tr>' . "\n"; |
124 |
} |
|
124 |
} |
125 |
?> |
|
125 |
?> |
126 |
<tr> |
|
126 |
<tr> |
127 |
<td align="right" colspan="8"><table border="0" cellspacing="0" cellpadding="2"> |
|
127 |
<td align="right" colspan="8"><table border="0" cellspacing="0" cellpadding="2"> |
128 |
<?php |
|
128 |
<?php |
[BUGFIX] Country Name on the Order History Page
Fix the display of the country name on the order history page.
Affected Files
catalog/includes/classes/order.php
File: catalog/includes/classes/order.php
68 |
'company' => $order['customers_company'], |
= |
68 |
'company' => $order['customers_company'], |
69 |
'street_address' => $order['customers_street_address'], |
|
69 |
'street_address' => $order['customers_street_address'], |
70 |
'suburb' => $order['customers_suburb'], |
|
70 |
'suburb' => $order['customers_suburb'], |
71 |
'city' => $order['customers_city'], |
|
71 |
'city' => $order['customers_city'], |
72 |
'postcode' => $order['customers_postcode'], |
|
72 |
'postcode' => $order['customers_postcode'], |
73 |
'state' => $order['customers_state'], |
|
73 |
'state' => $order['customers_state'], |
74 |
'country' => $order['customers_country'], |
<> |
74 |
'country' => array('title' => $order['customers_country']), |
75 |
'format_id' => $order['customers_address_format_id'], |
= |
75 |
'format_id' => $order['customers_address_format_id'], |
76 |
'telephone' => $order['customers_telephone'], |
|
76 |
'telephone' => $order['customers_telephone'], |
77 |
'email_address' => $order['customers_email_address']); |
|
77 |
'email_address' => $order['customers_email_address']); |
78 |
|
|
78 |
|
79 |
$this->delivery = array('name' => $order['delivery_name'], |
|
79 |
$this->delivery = array('name' => $order['delivery_name'], |
80 |
'company' => $order['delivery_company'], |
|
80 |
'company' => $order['delivery_company'], |
81 |
'street_address' => $order['delivery_street_address'], |
|
81 |
'street_address' => $order['delivery_street_address'], |
82 |
'suburb' => $order['delivery_suburb'], |
|
82 |
'suburb' => $order['delivery_suburb'], |
83 |
'city' => $order['delivery_city'], |
|
83 |
'city' => $order['delivery_city'], |
84 |
'postcode' => $order['delivery_postcode'], |
|
84 |
'postcode' => $order['delivery_postcode'], |
85 |
'state' => $order['delivery_state'], |
|
85 |
'state' => $order['delivery_state'], |
86 |
'country' => $order['delivery_country'], |
<> |
86 |
'country' => array('title' => $order['delivery_country']), |
87 |
'format_id' => $order['delivery_address_format_id']); |
= |
87 |
'format_id' => $order['delivery_address_format_id']); |
88 |
|
|
88 |
|
89 |
if (empty($this->delivery['name']) && empty($this->delivery['street_address'])) { |
|
89 |
if (empty($this->delivery['name']) && empty($this->delivery['street_address'])) { |
90 |
$this->delivery = false; |
|
90 |
$this->delivery = false; |
91 |
} |
|
91 |
} |
92 |
|
|
92 |
|
|
94 |
'company' => $order['billing_company'], |
= |
94 |
'company' => $order['billing_company'], |
95 |
'street_address' => $order['billing_street_address'], |
|
95 |
'street_address' => $order['billing_street_address'], |
96 |
'suburb' => $order['billing_suburb'], |
|
96 |
'suburb' => $order['billing_suburb'], |
97 |
'city' => $order['billing_city'], |
|
97 |
'city' => $order['billing_city'], |
98 |
'postcode' => $order['billing_postcode'], |
|
98 |
'postcode' => $order['billing_postcode'], |
99 |
'state' => $order['billing_state'], |
|
99 |
'state' => $order['billing_state'], |
100 |
'country' => $order['billing_country'], |
<> |
100 |
'country' => array('title' => $order['billing_country']), |
101 |
'format_id' => $order['billing_address_format_id']); |
= |
101 |
'format_id' => $order['billing_address_format_id']); |
102 |
|
|
102 |
|
103 |
$index = 0; |
|
103 |
$index = 0; |
104 |
$orders_products_query = tep_db_query("select orders_products_id, products_id, products_name, products_model, products_price, products_tax, products_quantity, final_price from " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . (int)$order_id . "'"); |
|
104 |
$orders_products_query = tep_db_query("select orders_products_id, products_id, products_name, products_model, products_price, products_tax, products_quantity, final_price from " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . (int)$order_id . "'"); |
105 |
while ($orders_products = tep_db_fetch_array($orders_products_query)) { |
|
105 |
while ($orders_products = tep_db_fetch_array($orders_products_query)) { |
106 |
$this->products[$index] = array('qty' => $orders_products['products_quantity'], |
|
106 |
$this->products[$index] = array('qty' => $orders_products['products_quantity'], |
[BUGFIX] Shopping Cart Product Quantity as Integer Value
The product quantity is added to the database shopping cart table as an integer so the value in the shopping cart session should also be treated as an integer.
Affected Files
catalog/includes/classes/shopping_cart.php
File: catalog/includes/classes/shopping_cart.php
103 |
tep_session_register('new_products_id_in_cart'); |
= |
103 |
tep_session_register('new_products_id_in_cart'); |
104 |
} |
|
104 |
} |
105 |
|
|
105 |
|
106 |
if ($this->in_cart($products_id_string)) { |
|
106 |
if ($this->in_cart($products_id_string)) { |
107 |
$this->update_quantity($products_id_string, $qty, $attributes); |
|
107 |
$this->update_quantity($products_id_string, $qty, $attributes); |
108 |
} else { |
|
108 |
} else { |
109 |
$this->contents[$products_id_string] = array('qty' => $qty); |
<> |
109 |
$this->contents[$products_id_string] = array('qty' => (int)$qty); |
110 |
// insert into database |
= |
110 |
// insert into database |
111 |
if (tep_session_is_registered('customer_id')) tep_db_query("insert into " . TABLE_CUSTOMERS_BASKET . " (customers_id, products_id, customers_basket_quantity, customers_basket_date_added) values ('" . (int)$customer_id . "', '" . tep_db_input($products_id_string) . "', '" . (int)$qty . "', '" . date('Ymd') . "')"); |
|
111 |
if (tep_session_is_registered('customer_id')) tep_db_query("insert into " . TABLE_CUSTOMERS_BASKET . " (customers_id, products_id, customers_basket_quantity, customers_basket_date_added) values ('" . (int)$customer_id . "', '" . tep_db_input($products_id_string) . "', '" . (int)$qty . "', '" . date('Ymd') . "')"); |
112 |
|
|
112 |
|
113 |
if (is_array($attributes)) { |
|
113 |
if (is_array($attributes)) { |
114 |
reset($attributes); |
|
114 |
reset($attributes); |
115 |
while (list($option, $value) = each($attributes)) { |
|
115 |
while (list($option, $value) = each($attributes)) { |
|
144 |
break; |
= |
144 |
break; |
145 |
} |
|
145 |
} |
146 |
} |
|
146 |
} |
147 |
} |
|
147 |
} |
148 |
|
|
148 |
|
149 |
if (is_numeric($products_id) && isset($this->contents[$products_id_string]) && is_numeric($quantity) && ($attributes_pass_check == true)) { |
|
149 |
if (is_numeric($products_id) && isset($this->contents[$products_id_string]) && is_numeric($quantity) && ($attributes_pass_check == true)) { |
150 |
$this->contents[$products_id_string] = array('qty' => $quantity); |
<> |
150 |
$this->contents[$products_id_string] = array('qty' => (int)$quantity); |
151 |
// update database |
= |
151 |
// update database |
152 |
if (tep_session_is_registered('customer_id')) tep_db_query("update " . TABLE_CUSTOMERS_BASKET . " set customers_basket_quantity = '" . (int)$quantity . "' where customers_id = '" . (int)$customer_id . "' and products_id = '" . tep_db_input($products_id_string) . "'"); |
|
152 |
if (tep_session_is_registered('customer_id')) tep_db_query("update " . TABLE_CUSTOMERS_BASKET . " set customers_basket_quantity = '" . (int)$quantity . "' where customers_id = '" . (int)$customer_id . "' and products_id = '" . tep_db_input($products_id_string) . "'"); |
153 |
|
|
153 |
|
154 |
if (is_array($attributes)) { |
|
154 |
if (is_array($attributes)) { |
155 |
reset($attributes); |
|
155 |
reset($attributes); |
156 |
while (list($option, $value) = each($attributes)) { |
|
156 |
while (list($option, $value) = each($attributes)) { |
[IMPROVEMENT] Maximum Order Product Quantities [+SQL]
Add a new configuration parameter to control the maximum quantity number a product can be ordered (default 99).
Database Changes to Perform:
INSERT INTO configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) VALUES ('Product Quantities In Shopping Cart', 'MAX_QTY_IN_CART', '99', 'Maximum number of product quantities that can be added to the shopping cart (0 for no limit)', '3', '19', now());
Affected Files
catalog/includes/classes/shopping_cart.php
File: catalog/includes/classes/shopping_cart.php
78 |
function add_cart($products_id, $qty = '1', $attributes = '', $notify = true) { |
= |
78 |
function add_cart($products_id, $qty = '1', $attributes = '', $notify = true) { |
79 |
global $new_products_id_in_cart, $customer_id; |
|
79 |
global $new_products_id_in_cart, $customer_id; |
80 |
|
|
80 |
|
81 |
$products_id_string = tep_get_uprid($products_id, $attributes); |
|
81 |
$products_id_string = tep_get_uprid($products_id, $attributes); |
82 |
$products_id = tep_get_prid($products_id_string); |
|
82 |
$products_id = tep_get_prid($products_id_string); |
83 |
|
|
83 |
|
|
|
-+ |
84 |
if (defined('MAX_QTY_IN_CART') && (MAX_QTY_IN_CART > 0) && ((int)$qty > MAX_QTY_IN_CART)) { |
|
|
|
85 |
$qty = MAX_QTY_IN_CART; |
|
|
|
86 |
} |
|
|
|
87 |
|
84 |
$attributes_pass_check = true; |
= |
88 |
$attributes_pass_check = true; |
85 |
|
|
89 |
|
86 |
if (is_array($attributes)) { |
|
90 |
if (is_array($attributes)) { |
87 |
reset($attributes); |
|
91 |
reset($attributes); |
88 |
while (list($option, $value) = each($attributes)) { |
|
92 |
while (list($option, $value) = each($attributes)) { |
89 |
if (!is_numeric($option) || !is_numeric($value)) { |
|
93 |
if (!is_numeric($option) || !is_numeric($value)) { |
|
130 |
|
= |
134 |
|
131 |
function update_quantity($products_id, $quantity = '', $attributes = '') { |
|
135 |
function update_quantity($products_id, $quantity = '', $attributes = '') { |
132 |
global $customer_id; |
|
136 |
global $customer_id; |
133 |
|
|
137 |
|
134 |
$products_id_string = tep_get_uprid($products_id, $attributes); |
|
138 |
$products_id_string = tep_get_uprid($products_id, $attributes); |
135 |
$products_id = tep_get_prid($products_id_string); |
|
139 |
$products_id = tep_get_prid($products_id_string); |
|
|
-+ |
140 |
|
|
|
|
141 |
if (defined('MAX_QTY_IN_CART') && (MAX_QTY_IN_CART > 0) && ((int)$quantity > MAX_QTY_IN_CART)) { |
|
|
|
142 |
$quantity = MAX_QTY_IN_CART; |
|
|
|
143 |
} |
136 |
|
= |
144 |
|
137 |
$attributes_pass_check = true; |
|
145 |
$attributes_pass_check = true; |
138 |
|
|
146 |
|
139 |
if (is_array($attributes)) { |
|
147 |
if (is_array($attributes)) { |
140 |
reset($attributes); |
|
148 |
reset($attributes); |
141 |
while (list($option, $value) = each($attributes)) { |
|
149 |
while (list($option, $value) = each($attributes)) { |
[IMPROVEMENT] Accepting State Names
Improve the logic of accepting state names.
Affected Files
catalog/address_book_process.php
catalog/checkout_payment_address.php
catalog/checkout_shipping_address.php
catalog/create_account.php
File: catalog/address_book_process.php
99 |
if (ACCOUNT_STATE == 'true') { |
= |
99 |
if (ACCOUNT_STATE == 'true') { |
100 |
$zone_id = 0; |
|
100 |
$zone_id = 0; |
101 |
$check_query = tep_db_query("select count(*) as total from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "'"); |
|
101 |
$check_query = tep_db_query("select count(*) as total from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "'"); |
102 |
$check = tep_db_fetch_array($check_query); |
|
102 |
$check = tep_db_fetch_array($check_query); |
103 |
$entry_state_has_zones = ($check['total'] > 0); |
|
103 |
$entry_state_has_zones = ($check['total'] > 0); |
104 |
if ($entry_state_has_zones == true) { |
|
104 |
if ($entry_state_has_zones == true) { |
105 |
$zone_query = tep_db_query("select distinct zone_id from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "' and (zone_name like '" . tep_db_input($state) . "%' or zone_code like '%" . tep_db_input($state) . "%')"); |
<> |
105 |
$zone_query = tep_db_query("select distinct zone_id from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "' and (zone_name = '" . tep_db_input($state) . "' or zone_code = '" . tep_db_input($state) . "')"); |
106 |
if (tep_db_num_rows($zone_query) == 1) { |
= |
106 |
if (tep_db_num_rows($zone_query) == 1) { |
107 |
$zone = tep_db_fetch_array($zone_query); |
|
107 |
$zone = tep_db_fetch_array($zone_query); |
108 |
$zone_id = $zone['zone_id']; |
|
108 |
$zone_id = $zone['zone_id']; |
109 |
} else { |
|
109 |
} else { |
110 |
$error = true; |
|
110 |
$error = true; |
111 |
|
|
111 |
|
File: catalog/checkout_payment_address.php
92 |
if (ACCOUNT_STATE == 'true') { |
= |
92 |
if (ACCOUNT_STATE == 'true') { |
93 |
$zone_id = 0; |
|
93 |
$zone_id = 0; |
94 |
$check_query = tep_db_query("select count(*) as total from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "'"); |
|
94 |
$check_query = tep_db_query("select count(*) as total from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "'"); |
95 |
$check = tep_db_fetch_array($check_query); |
|
95 |
$check = tep_db_fetch_array($check_query); |
96 |
$entry_state_has_zones = ($check['total'] > 0); |
|
96 |
$entry_state_has_zones = ($check['total'] > 0); |
97 |
if ($entry_state_has_zones == true) { |
|
97 |
if ($entry_state_has_zones == true) { |
98 |
$zone_query = tep_db_query("select distinct zone_id from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "' and (zone_name like '" . tep_db_input($state) . "%' or zone_code like '%" . tep_db_input($state) . "%')"); |
<> |
98 |
$zone_query = tep_db_query("select distinct zone_id from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "' and (zone_name = '" . tep_db_input($state) . "' or zone_code = '" . tep_db_input($state) . "')"); |
99 |
if (tep_db_num_rows($zone_query) == 1) { |
= |
99 |
if (tep_db_num_rows($zone_query) == 1) { |
100 |
$zone = tep_db_fetch_array($zone_query); |
|
100 |
$zone = tep_db_fetch_array($zone_query); |
101 |
$zone_id = $zone['zone_id']; |
|
101 |
$zone_id = $zone['zone_id']; |
102 |
} else { |
|
102 |
} else { |
103 |
$error = true; |
|
103 |
$error = true; |
104 |
|
|
104 |
|
File: catalog/checkout_shipping_address.php
105 |
if (ACCOUNT_STATE == 'true') { |
= |
105 |
if (ACCOUNT_STATE == 'true') { |
106 |
$zone_id = 0; |
|
106 |
$zone_id = 0; |
107 |
$check_query = tep_db_query("select count(*) as total from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "'"); |
|
107 |
$check_query = tep_db_query("select count(*) as total from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "'"); |
108 |
$check = tep_db_fetch_array($check_query); |
|
108 |
$check = tep_db_fetch_array($check_query); |
109 |
$entry_state_has_zones = ($check['total'] > 0); |
|
109 |
$entry_state_has_zones = ($check['total'] > 0); |
110 |
if ($entry_state_has_zones == true) { |
|
110 |
if ($entry_state_has_zones == true) { |
111 |
$zone_query = tep_db_query("select distinct zone_id from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "' and (zone_name like '" . tep_db_input($state) . "%' or zone_code like '%" . tep_db_input($state) . "%')"); |
<> |
111 |
$zone_query = tep_db_query("select distinct zone_id from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "' and (zone_name = '" . tep_db_input($state) . "' or zone_code = '" . tep_db_input($state) . "')"); |
112 |
if (tep_db_num_rows($zone_query) == 1) { |
= |
112 |
if (tep_db_num_rows($zone_query) == 1) { |
113 |
$zone = tep_db_fetch_array($zone_query); |
|
113 |
$zone = tep_db_fetch_array($zone_query); |
114 |
$zone_id = $zone['zone_id']; |
|
114 |
$zone_id = $zone['zone_id']; |
115 |
} else { |
|
115 |
} else { |
116 |
$error = true; |
|
116 |
$error = true; |
117 |
|
|
117 |
|
File: catalog/create_account.php
129 |
if (ACCOUNT_STATE == 'true') { |
= |
129 |
if (ACCOUNT_STATE == 'true') { |
130 |
$zone_id = 0; |
|
130 |
$zone_id = 0; |
131 |
$check_query = tep_db_query("select count(*) as total from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "'"); |
|
131 |
$check_query = tep_db_query("select count(*) as total from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "'"); |
132 |
$check = tep_db_fetch_array($check_query); |
|
132 |
$check = tep_db_fetch_array($check_query); |
133 |
$entry_state_has_zones = ($check['total'] > 0); |
|
133 |
$entry_state_has_zones = ($check['total'] > 0); |
134 |
if ($entry_state_has_zones == true) { |
|
134 |
if ($entry_state_has_zones == true) { |
135 |
$zone_query = tep_db_query("select distinct zone_id from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "' and (zone_name like '" . tep_db_input($state) . "%' or zone_code like '%" . tep_db_input($state) . "%')"); |
<> |
135 |
$zone_query = tep_db_query("select distinct zone_id from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "' and (zone_name = '" . tep_db_input($state) . "' or zone_code = '" . tep_db_input($state) . "')"); |
136 |
if (tep_db_num_rows($zone_query) == 1) { |
= |
136 |
if (tep_db_num_rows($zone_query) == 1) { |
137 |
$zone = tep_db_fetch_array($zone_query); |
|
137 |
$zone = tep_db_fetch_array($zone_query); |
138 |
$zone_id = $zone['zone_id']; |
|
138 |
$zone_id = $zone['zone_id']; |
139 |
} else { |
|
139 |
} else { |
140 |
$error = true; |
|
140 |
$error = true; |
141 |
|
|
141 |
|
[BUGFIX] Load the Order Total Modules Before Loading the Payment Modules
The order total modules should be loaded before the payment modules so the payment modules have access to the order total values.
Affected Files
catalog/checkout_process.php
File: catalog/checkout_process.php
43 |
require(DIR_WS_CLASSES . 'shipping.php'); |
= |
43 |
require(DIR_WS_CLASSES . 'shipping.php'); |
44 |
$shipping_modules = new shipping($shipping); |
|
44 |
$shipping_modules = new shipping($shipping); |
45 |
|
|
45 |
|
46 |
require(DIR_WS_CLASSES . 'order.php'); |
|
46 |
require(DIR_WS_CLASSES . 'order.php'); |
47 |
$order = new order; |
|
47 |
$order = new order; |
48 |
|
|
48 |
|
49 |
// load the before_process function from the payment modules |
+- |
|
|
50 |
$payment_modules->before_process(); |
|
|
|
51 |
|
|
|
|
52 |
require(DIR_WS_CLASSES . 'order_total.php'); |
= |
49 |
require(DIR_WS_CLASSES . 'order_total.php'); |
53 |
$order_total_modules = new order_total; |
|
50 |
$order_total_modules = new order_total; |
54 |
|
|
51 |
|
55 |
$order_totals = $order_total_modules->process(); |
|
52 |
$order_totals = $order_total_modules->process(); |
|
|
-+ |
53 |
|
|
|
|
54 |
// load the before_process function from the payment modules |
|
|
|
55 |
$payment_modules->before_process(); |
56 |
|
= |
56 |
|
57 |
$sql_data_array = array('customers_id' => $customer_id, |
|
57 |
$sql_data_array = array('customers_id' => $customer_id, |
58 |
'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'], |
|
58 |
'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'], |
59 |
'customers_company' => $order->customer['company'], |
|
59 |
'customers_company' => $order->customer['company'], |
60 |
'customers_street_address' => $order->customer['street_address'], |
|
60 |
'customers_street_address' => $order->customer['street_address'], |
61 |
'customers_suburb' => $order->customer['suburb'], |
|
61 |
'customers_suburb' => $order->customer['suburb'], |
[BUGFIX] Payment Module Selection
Pass the selected module code to its radio button to have it selected by default if a payment method has already been selected.
Affected Files
catalog/checkout_payment.php
File: catalog/checkout_payment.php
255 |
?> |
= |
255 |
?> |
256 |
<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> |
|
256 |
<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> |
257 |
<td class="main" colspan="3"><b><?php echo $selection[$i]['module']; ?></b></td> |
|
257 |
<td class="main" colspan="3"><b><?php echo $selection[$i]['module']; ?></b></td> |
258 |
<td class="main" align="right"> |
|
258 |
<td class="main" align="right"> |
259 |
<?php |
|
259 |
<?php |
260 |
if (sizeof($selection) > 1) { |
|
260 |
if (sizeof($selection) > 1) { |
261 |
echo tep_draw_radio_field('payment', $selection[$i]['id']); |
<> |
261 |
echo tep_draw_radio_field('payment', $selection[$i]['id'], ($selection[$i]['id'] == $payment)); |
262 |
} else { |
= |
262 |
} else { |
263 |
echo tep_draw_hidden_field('payment', $selection[$i]['id']); |
|
263 |
echo tep_draw_hidden_field('payment', $selection[$i]['id']); |
264 |
} |
|
264 |
} |
265 |
?> |
|
265 |
?> |
266 |
</td> |
|
266 |
</td> |
267 |
<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> |
|
267 |
<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> |
[BUGFIX] Category Image Removal
Don't delete the category image when editing its values without uploading a new image.
Affected Files
catalog/admin/categories.php
File: catalog/admin/categories.php
74 |
tep_db_perform(TABLE_CATEGORIES_DESCRIPTION, $sql_data_array); |
= |
74 |
tep_db_perform(TABLE_CATEGORIES_DESCRIPTION, $sql_data_array); |
75 |
} elseif ($action == 'update_category') { |
|
75 |
} elseif ($action == 'update_category') { |
76 |
tep_db_perform(TABLE_CATEGORIES_DESCRIPTION, $sql_data_array, 'update', "categories_id = '" . (int)$categories_id . "' and language_id = '" . (int)$languages[$i]['id'] . "'"); |
|
76 |
tep_db_perform(TABLE_CATEGORIES_DESCRIPTION, $sql_data_array, 'update', "categories_id = '" . (int)$categories_id . "' and language_id = '" . (int)$languages[$i]['id'] . "'"); |
77 |
} |
|
77 |
} |
78 |
} |
|
78 |
} |
79 |
|
|
79 |
|
80 |
if ($categories_image = new upload('categories_image', DIR_FS_CATALOG_IMAGES)) { |
<> |
80 |
$categories_image = new upload('categories_image'); |
|
|
|
81 |
$categories_image->set_destination(DIR_FS_CATALOG_IMAGES); |
|
|
|
82 |
|
|
|
|
83 |
if ($categories_image->parse() && $categories_image->save()) { |
81 |
tep_db_query("update " . TABLE_CATEGORIES . " set categories_image = '" . tep_db_input($categories_image->filename) . "' where categories_id = '" . (int)$categories_id . "'"); |
= |
84 |
tep_db_query("update " . TABLE_CATEGORIES . " set categories_image = '" . tep_db_input($categories_image->filename) . "' where categories_id = '" . (int)$categories_id . "'"); |
82 |
} |
|
85 |
} |
83 |
|
|
86 |
|
84 |
if (USE_CACHE == 'true') { |
|
87 |
if (USE_CACHE == 'true') { |
85 |
tep_reset_cache_block('categories'); |
|
88 |
tep_reset_cache_block('categories'); |
86 |
tep_reset_cache_block('also_purchased'); |
|
89 |
tep_reset_cache_block('also_purchased'); |
[BUGFIX] Add the Session ID to GET Based Forms
Add the session ID to GET based forms incase the browser has cookies disabled.
Affected Files
catalog/index.php
catalog/admin/includes/classes/split_page_results.php
catalog/admin/includes/functions/html_output.php
catalog/admin/banner_statistics.php
catalog/admin/categories.php
catalog/admin/customers.php
catalog/admin/define_language.php
catalog/admin/file_manager.php
catalog/admin/index.php
catalog/admin/orders.php
File: catalog/index.php
250 |
} |
= |
250 |
} |
251 |
echo tep_draw_hidden_field('sort', $HTTP_GET_VARS['sort']); |
|
251 |
echo tep_draw_hidden_field('sort', $HTTP_GET_VARS['sort']); |
252 |
while ($filterlist = tep_db_fetch_array($filterlist_query)) { |
|
252 |
while ($filterlist = tep_db_fetch_array($filterlist_query)) { |
253 |
$options[] = array('id' => $filterlist['id'], 'text' => $filterlist['name']); |
|
253 |
$options[] = array('id' => $filterlist['id'], 'text' => $filterlist['name']); |
254 |
} |
|
254 |
} |
255 |
echo tep_draw_pull_down_menu('filter_id', $options, (isset($HTTP_GET_VARS['filter_id']) ? $HTTP_GET_VARS['filter_id'] : ''), 'onchange="this.form.submit()"'); |
|
255 |
echo tep_draw_pull_down_menu('filter_id', $options, (isset($HTTP_GET_VARS['filter_id']) ? $HTTP_GET_VARS['filter_id'] : ''), 'onchange="this.form.submit()"'); |
256 |
echo '</form></td>' . "\n"; |
<> |
256 |
echo tep_hide_session_id() . '</form></td>' . "\n"; |
257 |
} |
= |
257 |
} |
258 |
} |
|
258 |
} |
259 |
|
|
259 |
|
260 |
// Get the right image for the top-right |
|
260 |
// Get the right image for the top-right |
261 |
$image = DIR_WS_IMAGES . 'table_background_list.gif'; |
|
261 |
$image = DIR_WS_IMAGES . 'table_background_list.gif'; |
262 |
if (isset($HTTP_GET_VARS['manufacturers_id'])) { |
|
262 |
if (isset($HTTP_GET_VARS['manufacturers_id'])) { |
File: catalog/admin/includes/classes/split_page_results.php
74 |
while (list(, $pair) = each($pairs)) { |
= |
74 |
while (list(, $pair) = each($pairs)) { |
75 |
list($key,$value) = explode('=', $pair); |
|
75 |
list($key,$value) = explode('=', $pair); |
76 |
$display_links .= tep_draw_hidden_field(rawurldecode($key), rawurldecode($value)); |
|
76 |
$display_links .= tep_draw_hidden_field(rawurldecode($key), rawurldecode($value)); |
77 |
} |
|
77 |
} |
78 |
} |
|
78 |
} |
79 |
|
|
79 |
|
80 |
if (SID) $display_links .= tep_draw_hidden_field(tep_session_name(), tep_session_id()); |
<> |
|
|
81 |
|
|
|
|
82 |
$display_links .= '</form>'; |
|
80 |
$display_links .= tep_hide_session_id() . '</form>'; |
83 |
} else { |
= |
81 |
} else { |
84 |
$display_links = sprintf(TEXT_RESULT_PAGE, $num_pages, $num_pages); |
|
82 |
$display_links = sprintf(TEXT_RESULT_PAGE, $num_pages, $num_pages); |
85 |
} |
|
83 |
} |
86 |
|
|
84 |
|
87 |
return $display_links; |
|
85 |
return $display_links; |
88 |
} |
|
86 |
} |
File: catalog/admin/includes/functions/html_output.php
289 |
$field .= '>'; |
= |
289 |
$field .= '>'; |
290 |
|
|
290 |
|
291 |
return $field; |
|
291 |
return $field; |
292 |
} |
|
292 |
} |
293 |
|
|
293 |
|
294 |
//// |
|
294 |
//// |
|
|
-+ |
295 |
// Hide form elements |
|
|
|
296 |
function tep_hide_session_id() { |
|
|
|
297 |
$string = ''; |
|
|
|
298 |
|
|
|
|
299 |
if (defined('SID') && tep_not_null(SID)) { |
|
|
|
300 |
$string = tep_draw_hidden_field(tep_session_name(), tep_session_id()); |
|
|
|
301 |
} |
|
|
|
302 |
|
|
|
|
303 |
return $string; |
|
|
|
304 |
} |
|
|
|
305 |
|
|
|
|
306 |
//// |
295 |
// Output a form pull down menu |
= |
307 |
// Output a form pull down menu |
296 |
function tep_draw_pull_down_menu($name, $values, $default = '', $parameters = '', $required = false) { |
|
308 |
function tep_draw_pull_down_menu($name, $values, $default = '', $parameters = '', $required = false) { |
297 |
global $HTTP_GET_VARS, $HTTP_POST_VARS; |
|
309 |
global $HTTP_GET_VARS, $HTTP_POST_VARS; |
298 |
|
|
310 |
|
299 |
$field = '<select name="' . tep_output_string($name) . '"'; |
|
311 |
$field = '<select name="' . tep_output_string($name) . '"'; |
300 |
|
|
312 |
|
File: catalog/admin/banner_statistics.php
91 |
case 'daily': |
= |
91 |
case 'daily': |
92 |
echo TITLE_MONTH . ' ' . tep_draw_pull_down_menu('month', $months_array, (isset($HTTP_GET_VARS['month']) ? $HTTP_GET_VARS['month'] : date('n')), 'onChange="this.form.submit();"') . '<noscript><input type="submit" value="GO"></noscript><br>' . TITLE_YEAR . ' ' . tep_draw_pull_down_menu('year', $years_array, (isset($HTTP_GET_VARS['year']) ? $HTTP_GET_VARS['year'] : date('Y')), 'onChange="this.form.submit();"') . '<noscript><input type="submit" value="GO"></noscript>'; |
|
92 |
echo TITLE_MONTH . ' ' . tep_draw_pull_down_menu('month', $months_array, (isset($HTTP_GET_VARS['month']) ? $HTTP_GET_VARS['month'] : date('n')), 'onChange="this.form.submit();"') . '<noscript><input type="submit" value="GO"></noscript><br>' . TITLE_YEAR . ' ' . tep_draw_pull_down_menu('year', $years_array, (isset($HTTP_GET_VARS['year']) ? $HTTP_GET_VARS['year'] : date('Y')), 'onChange="this.form.submit();"') . '<noscript><input type="submit" value="GO"></noscript>'; |
93 |
break; |
|
93 |
break; |
94 |
} |
|
94 |
} |
95 |
?> |
|
95 |
?> |
96 |
</td> |
|
96 |
</td> |
97 |
<?php echo tep_draw_hidden_field('page', $HTTP_GET_VARS['page']) . tep_draw_hidden_field('bID', $HTTP_GET_VARS['bID']); ?></form></tr> |
<> |
97 |
<?php echo tep_draw_hidden_field('page', $HTTP_GET_VARS['page']) . tep_draw_hidden_field('bID', $HTTP_GET_VARS['bID']) . tep_hide_session_id(); ?></form></tr> |
98 |
</table></td> |
= |
98 |
</table></td> |
99 |
</tr> |
|
99 |
</tr> |
100 |
<tr> |
|
100 |
<tr> |
101 |
<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td> |
|
101 |
<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td> |
102 |
</tr> |
|
102 |
</tr> |
103 |
<tr> |
|
103 |
<tr> |
File: catalog/admin/categories.php
740 |
<td align="right"><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
= |
740 |
<td align="right"><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
741 |
<tr> |
|
741 |
<tr> |
742 |
<td class="smallText" align="right"> |
|
742 |
<td class="smallText" align="right"> |
743 |
<?php |
|
743 |
<?php |
744 |
echo tep_draw_form('search', FILENAME_CATEGORIES, '', 'get'); |
|
744 |
echo tep_draw_form('search', FILENAME_CATEGORIES, '', 'get'); |
745 |
echo HEADING_TITLE_SEARCH . ' ' . tep_draw_input_field('search'); |
|
745 |
echo HEADING_TITLE_SEARCH . ' ' . tep_draw_input_field('search'); |
746 |
echo '</form>'; |
<> |
746 |
echo tep_hide_session_id() . '</form>'; |
747 |
?> |
= |
747 |
?> |
748 |
</td> |
|
748 |
</td> |
749 |
</tr> |
|
749 |
</tr> |
750 |
<tr> |
|
750 |
<tr> |
751 |
<td class="smallText" align="right"> |
|
751 |
<td class="smallText" align="right"> |
752 |
<?php |
|
752 |
<?php |
753 |
echo tep_draw_form('goto', FILENAME_CATEGORIES, '', 'get'); |
|
753 |
echo tep_draw_form('goto', FILENAME_CATEGORIES, '', 'get'); |
754 |
echo HEADING_TITLE_GOTO . ' ' . tep_draw_pull_down_menu('cPath', tep_get_category_tree(), $current_category_id, 'onChange="this.form.submit();"'); |
|
754 |
echo HEADING_TITLE_GOTO . ' ' . tep_draw_pull_down_menu('cPath', tep_get_category_tree(), $current_category_id, 'onChange="this.form.submit();"'); |
755 |
echo '</form>'; |
<> |
755 |
echo tep_hide_session_id() . '</form>'; |
756 |
?> |
= |
756 |
?> |
757 |
</td> |
|
757 |
</td> |
758 |
</tr> |
|
758 |
</tr> |
759 |
</table></td> |
|
759 |
</table></td> |
760 |
</tr> |
|
760 |
</tr> |
761 |
</table></td> |
|
761 |
</table></td> |
File: catalog/admin/customers.php
694 |
<tr> |
= |
694 |
<tr> |
695 |
<td><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
|
695 |
<td><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
696 |
<tr><?php echo tep_draw_form('search', FILENAME_CUSTOMERS, '', 'get'); ?> |
|
696 |
<tr><?php echo tep_draw_form('search', FILENAME_CUSTOMERS, '', 'get'); ?> |
697 |
<td class="pageHeading"><?php echo HEADING_TITLE; ?></td> |
|
697 |
<td class="pageHeading"><?php echo HEADING_TITLE; ?></td> |
698 |
<td class="pageHeading" align="right"><?php echo tep_draw_separator('pixel_trans.gif', 1, HEADING_IMAGE_HEIGHT); ?></td> |
|
698 |
<td class="pageHeading" align="right"><?php echo tep_draw_separator('pixel_trans.gif', 1, HEADING_IMAGE_HEIGHT); ?></td> |
699 |
<td class="smallText" align="right"><?php echo HEADING_TITLE_SEARCH . ' ' . tep_draw_input_field('search'); ?></td> |
|
699 |
<td class="smallText" align="right"><?php echo HEADING_TITLE_SEARCH . ' ' . tep_draw_input_field('search'); ?></td> |
700 |
</form></tr> |
<> |
700 |
<?php echo tep_hide_session_id(); ?></form></tr> |
701 |
</table></td> |
= |
701 |
</table></td> |
702 |
</tr> |
|
702 |
</tr> |
703 |
<tr> |
|
703 |
<tr> |
704 |
<td><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
|
704 |
<td><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
705 |
<tr> |
|
705 |
<tr> |
706 |
<td valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2"> |
|
706 |
<td valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2"> |
File: catalog/admin/define_language.php
81 |
<tr> |
= |
81 |
<tr> |
82 |
<td><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
|
82 |
<td><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
83 |
<tr><?php echo tep_draw_form('lng', FILENAME_DEFINE_LANGUAGE, '', 'get'); ?> |
|
83 |
<tr><?php echo tep_draw_form('lng', FILENAME_DEFINE_LANGUAGE, '', 'get'); ?> |
84 |
<td class="pageHeading"><?php echo HEADING_TITLE; ?></td> |
|
84 |
<td class="pageHeading"><?php echo HEADING_TITLE; ?></td> |
85 |
<td class="pageHeading" align="right"><?php echo tep_draw_separator('pixel_trans.gif', '1', HEADING_IMAGE_HEIGHT); ?></td> |
|
85 |
<td class="pageHeading" align="right"><?php echo tep_draw_separator('pixel_trans.gif', '1', HEADING_IMAGE_HEIGHT); ?></td> |
86 |
<td class="pageHeading" align="right"><?php echo tep_draw_pull_down_menu('lngdir', $languages_array, $language, 'onChange="this.form.submit();"'); ?></td> |
|
86 |
<td class="pageHeading" align="right"><?php echo tep_draw_pull_down_menu('lngdir', $languages_array, $language, 'onChange="this.form.submit();"'); ?></td> |
87 |
</form></tr> |
<> |
87 |
<?php echo tep_hide_session_id(); ?></form></tr> |
88 |
</table></td> |
= |
88 |
</table></td> |
89 |
</tr> |
|
89 |
</tr> |
90 |
<tr> |
|
90 |
<tr> |
91 |
<td><table border="0" width="100%" cellspacing="0" cellpadding="2"> |
|
91 |
<td><table border="0" width="100%" cellspacing="0" cellpadding="2"> |
92 |
<?php |
|
92 |
<?php |
93 |
if (isset($HTTP_GET_VARS['lngdir']) && isset($HTTP_GET_VARS['filename'])) { |
|
93 |
if (isset($HTTP_GET_VARS['lngdir']) && isset($HTTP_GET_VARS['filename'])) { |
File: catalog/admin/file_manager.php
129 |
<tr> |
= |
129 |
<tr> |
130 |
<td width="100%"><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
|
130 |
<td width="100%"><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
131 |
<tr><?php echo tep_draw_form('goto', FILENAME_FILE_MANAGER, '', 'get'); ?> |
|
131 |
<tr><?php echo tep_draw_form('goto', FILENAME_FILE_MANAGER, '', 'get'); ?> |
132 |
<td class="pageHeading"><?php echo HEADING_TITLE . '<br><span class="smallText">' . $current_path . '</span>'; ?></td> |
|
132 |
<td class="pageHeading"><?php echo HEADING_TITLE . '<br><span class="smallText">' . $current_path . '</span>'; ?></td> |
133 |
<td class="pageHeading" align="right"><?php echo tep_draw_separator('pixel_trans.gif', '1', HEADING_IMAGE_HEIGHT); ?></td> |
|
133 |
<td class="pageHeading" align="right"><?php echo tep_draw_separator('pixel_trans.gif', '1', HEADING_IMAGE_HEIGHT); ?></td> |
134 |
<td class="pageHeading" align="right"><?php echo tep_draw_pull_down_menu('goto', $goto_array, $current_path, 'onChange="this.form.submit();"'); ?></td> |
|
134 |
<td class="pageHeading" align="right"><?php echo tep_draw_pull_down_menu('goto', $goto_array, $current_path, 'onChange="this.form.submit();"'); ?></td> |
135 |
</form></tr> |
<> |
135 |
<?php echo tep_hide_session_id(); ?></form></tr> |
136 |
</table></td> |
= |
136 |
</table></td> |
137 |
</tr> |
|
137 |
</tr> |
138 |
<?php |
|
138 |
<?php |
139 |
if ( (($action == 'new_file') && ($directory_writeable == true)) || ($action == 'edit') ) { |
|
139 |
if ( (($action == 'new_file') && ($directory_writeable == true)) || ($action == 'edit') ) { |
140 |
if (isset($HTTP_GET_VARS['info']) && strstr($HTTP_GET_VARS['info'], '..')) tep_redirect(tep_href_link(FILENAME_FILE_MANAGER)); |
|
140 |
if (isset($HTTP_GET_VARS['info']) && strstr($HTTP_GET_VARS['info'], '..')) tep_redirect(tep_href_link(FILENAME_FILE_MANAGER)); |
141 |
|
|
141 |
|
File: catalog/admin/index.php
189 |
<td width="460"><table border="0" width="460" height="390" cellspacing="0" cellpadding="2"> |
= |
189 |
<td width="460"><table border="0" width="460" height="390" cellspacing="0" cellpadding="2"> |
190 |
<tr> |
|
190 |
<tr> |
191 |
<td colspan="2"><table border="0" width="100%" cellspacing="0" cellpadding="2"> |
|
191 |
<td colspan="2"><table border="0" width="100%" cellspacing="0" cellpadding="2"> |
192 |
<tr><?php echo tep_draw_form('languages', 'index.php', '', 'get'); ?> |
|
192 |
<tr><?php echo tep_draw_form('languages', 'index.php', '', 'get'); ?> |
193 |
<td class="heading"><?php echo HEADING_TITLE; ?></td> |
|
193 |
<td class="heading"><?php echo HEADING_TITLE; ?></td> |
194 |
<td align="right"><?php echo tep_draw_pull_down_menu('language', $languages_array, $languages_selected, 'onChange="this.form.submit();"'); ?></td> |
|
194 |
<td align="right"><?php echo tep_draw_pull_down_menu('language', $languages_array, $languages_selected, 'onChange="this.form.submit();"'); ?></td> |
195 |
</form></tr> |
<> |
195 |
<?php echo tep_hide_session_id(); ?></form></tr> |
196 |
</table></td> |
= |
196 |
</table></td> |
197 |
</tr> |
|
197 |
</tr> |
198 |
<?php |
|
198 |
<?php |
199 |
$col = 2; |
|
199 |
$col = 2; |
200 |
$counter = 0; |
|
200 |
$counter = 0; |
201 |
for ($i = 0, $n = sizeof($cat); $i < $n; $i++) { |
|
201 |
for ($i = 0, $n = sizeof($cat); $i < $n; $i++) { |
File: catalog/admin/orders.php
328 |
<tr> |
= |
328 |
<tr> |
329 |
<td class="pageHeading"><?php echo HEADING_TITLE; ?></td> |
|
329 |
<td class="pageHeading"><?php echo HEADING_TITLE; ?></td> |
330 |
<td class="pageHeading" align="right"><?php echo tep_draw_separator('pixel_trans.gif', 1, HEADING_IMAGE_HEIGHT); ?></td> |
|
330 |
<td class="pageHeading" align="right"><?php echo tep_draw_separator('pixel_trans.gif', 1, HEADING_IMAGE_HEIGHT); ?></td> |
331 |
<td align="right"><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
|
331 |
<td align="right"><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
332 |
<tr><?php echo tep_draw_form('orders', FILENAME_ORDERS, '', 'get'); ?> |
|
332 |
<tr><?php echo tep_draw_form('orders', FILENAME_ORDERS, '', 'get'); ?> |
333 |
<td class="smallText" align="right"><?php echo HEADING_TITLE_SEARCH . ' ' . tep_draw_input_field('oID', '', 'size="12"') . tep_draw_hidden_field('action', 'edit'); ?></td> |
|
333 |
<td class="smallText" align="right"><?php echo HEADING_TITLE_SEARCH . ' ' . tep_draw_input_field('oID', '', 'size="12"') . tep_draw_hidden_field('action', 'edit'); ?></td> |
334 |
</form></tr> |
<> |
334 |
<?php echo tep_hide_session_id(); ?></form></tr> |
335 |
<tr><?php echo tep_draw_form('status', FILENAME_ORDERS, '', 'get'); ?> |
= |
335 |
<tr><?php echo tep_draw_form('status', FILENAME_ORDERS, '', 'get'); ?> |
336 |
<td class="smallText" align="right"><?php echo HEADING_TITLE_STATUS . ' ' . tep_draw_pull_down_menu('status', array_merge(array(array('id' => '', 'text' => TEXT_ALL_ORDERS)), $orders_statuses), '', 'onChange="this.form.submit();"'); ?></td> |
|
336 |
<td class="smallText" align="right"><?php echo HEADING_TITLE_STATUS . ' ' . tep_draw_pull_down_menu('status', array_merge(array(array('id' => '', 'text' => TEXT_ALL_ORDERS)), $orders_statuses), '', 'onChange="this.form.submit();"'); ?></td> |
337 |
</form></tr> |
<> |
337 |
<?php echo tep_hide_session_id(); ?></form></tr> |
338 |
</table></td> |
= |
338 |
</table></td> |
339 |
</tr> |
|
339 |
</tr> |
340 |
</table></td> |
|
340 |
</table></td> |
341 |
</tr> |
|
341 |
</tr> |
342 |
<tr> |
|
342 |
<tr> |
343 |
<td><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
|
343 |
<td><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
[BUGFIX] Fix Typo on the Products New Page
Fix typo on the products new page.
Affected Files
catalog/products_new.php
File: catalog/products_new.php
87 |
<tr> |
= |
87 |
<tr> |
88 |
<td width="<?php echo SMALL_IMAGE_WIDTH + 10; ?>" valign="top" class="main"><?php echo '<a href="' . tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $products_new['products_id']) . '">' . tep_image(DIR_WS_IMAGES . $products_new['products_image'], $products_new['products_name'], SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT) . '</a>'; ?></td> |
|
88 |
<td width="<?php echo SMALL_IMAGE_WIDTH + 10; ?>" valign="top" class="main"><?php echo '<a href="' . tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $products_new['products_id']) . '">' . tep_image(DIR_WS_IMAGES . $products_new['products_image'], $products_new['products_name'], SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT) . '</a>'; ?></td> |
89 |
<td valign="top" class="main"><?php echo '<a href="' . tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $products_new['products_id']) . '"><b><u>' . $products_new['products_name'] . '</u></b></a><br>' . TEXT_DATE_ADDED . ' ' . tep_date_long($products_new['products_date_added']) . '<br>' . TEXT_MANUFACTURER . ' ' . $products_new['manufacturers_name'] . '<br><br>' . TEXT_PRICE . ' ' . $products_price; ?></td> |
|
89 |
<td valign="top" class="main"><?php echo '<a href="' . tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $products_new['products_id']) . '"><b><u>' . $products_new['products_name'] . '</u></b></a><br>' . TEXT_DATE_ADDED . ' ' . tep_date_long($products_new['products_date_added']) . '<br>' . TEXT_MANUFACTURER . ' ' . $products_new['manufacturers_name'] . '<br><br>' . TEXT_PRICE . ' ' . $products_price; ?></td> |
90 |
<td align="right" valign="middle" class="main"><?php echo '<a href="' . tep_href_link(FILENAME_PRODUCTS_NEW, tep_get_all_get_params(array('action')) . 'action=buy_now&products_id=' . $products_new['products_id']) . '">' . tep_image_button('button_in_cart.gif', IMAGE_BUTTON_IN_CART) . '</a>'; ?></td> |
|
90 |
<td align="right" valign="middle" class="main"><?php echo '<a href="' . tep_href_link(FILENAME_PRODUCTS_NEW, tep_get_all_get_params(array('action')) . 'action=buy_now&products_id=' . $products_new['products_id']) . '">' . tep_image_button('button_in_cart.gif', IMAGE_BUTTON_IN_CART) . '</a>'; ?></td> |
91 |
</tr> |
|
91 |
</tr> |
92 |
<tr> |
|
92 |
<tr> |
93 |
<td colspΓΌan="3"><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td> |
<> |
93 |
<td colspan="3"><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td> |
94 |
</tr> |
= |
94 |
</tr> |
95 |
<?php |
|
95 |
<?php |
96 |
} |
|
96 |
} |
97 |
} else { |
|
97 |
} else { |
98 |
?> |
|
98 |
?> |
99 |
<tr> |
|
99 |
<tr> |
[BUGFIX] Process the Order Total Modules Earlier on the Checkout Confirmation Page
Process the order total modules on the checkout confirmation page.
Affected Files
catalog/checkout_confirmation.php
File: catalog/checkout_confirmation.php
63 |
// load the selected shipping module |
= |
63 |
// load the selected shipping module |
64 |
require(DIR_WS_CLASSES . 'shipping.php'); |
|
64 |
require(DIR_WS_CLASSES . 'shipping.php'); |
65 |
$shipping_modules = new shipping($shipping); |
|
65 |
$shipping_modules = new shipping($shipping); |
66 |
|
|
66 |
|
67 |
require(DIR_WS_CLASSES . 'order_total.php'); |
|
67 |
require(DIR_WS_CLASSES . 'order_total.php'); |
68 |
$order_total_modules = new order_total; |
|
68 |
$order_total_modules = new order_total; |
|
|
-+ |
69 |
$order_total_modules->process(); |
69 |
|
= |
70 |
|
70 |
// Stock Check |
|
71 |
// Stock Check |
71 |
$any_out_of_stock = false; |
|
72 |
$any_out_of_stock = false; |
72 |
if (STOCK_CHECK == 'true') { |
|
73 |
if (STOCK_CHECK == 'true') { |
73 |
for ($i=0, $n=sizeof($order->products); $i<$n; $i++) { |
|
74 |
for ($i=0, $n=sizeof($order->products); $i<$n; $i++) { |
74 |
if (tep_check_stock($order->products[$i]['id'], $order->products[$i]['qty'])) { |
|
75 |
if (tep_check_stock($order->products[$i]['id'], $order->products[$i]['qty'])) { |
|
234 |
<td class="main"><?php echo $order->info['payment_method']; ?></td> |
= |
235 |
<td class="main"><?php echo $order->info['payment_method']; ?></td> |
235 |
</tr> |
|
236 |
</tr> |
236 |
</table></td> |
|
237 |
</table></td> |
237 |
<td width="70%" valign="top" align="right"><table border="0" cellspacing="0" cellpadding="2"> |
|
238 |
<td width="70%" valign="top" align="right"><table border="0" cellspacing="0" cellpadding="2"> |
238 |
<?php |
|
239 |
<?php |
239 |
if (MODULE_ORDER_TOTAL_INSTALLED) { |
|
240 |
if (MODULE_ORDER_TOTAL_INSTALLED) { |
240 |
$order_total_modules->process(); |
+- |
|
|
241 |
echo $order_total_modules->output(); |
= |
241 |
echo $order_total_modules->output(); |
242 |
} |
|
242 |
} |
243 |
?> |
|
243 |
?> |
244 |
</table></td> |
|
244 |
</table></td> |
245 |
</tr> |
|
245 |
</tr> |
246 |
</table></td> |
|
246 |
</table></td> |
[BUGFIX] PHP < 4.1 Compatibility Update
Use $HTTP_SERVER_VARS instead of $_SERVER.
Affected Files
catalog/includes/functions/general.php
File: catalog/includes/functions/general.php
1221 |
|
= |
1221 |
|
1222 |
function tep_setcookie($name, $value = '', $expire = 0, $path = '/', $domain = '', $secure = 0) { |
|
1222 |
function tep_setcookie($name, $value = '', $expire = 0, $path = '/', $domain = '', $secure = 0) { |
1223 |
setcookie($name, $value, $expire, $path, (tep_not_null($domain) ? $domain : ''), $secure); |
|
1223 |
setcookie($name, $value, $expire, $path, (tep_not_null($domain) ? $domain : ''), $secure); |
1224 |
} |
|
1224 |
} |
1225 |
|
|
1225 |
|
1226 |
function tep_get_ip_address() { |
|
1226 |
function tep_get_ip_address() { |
|
|
<> |
1227 |
global $HTTP_SERVER_VARS; |
|
|
|
1228 |
|
1227 |
if (isset($_SERVER)) { |
|
1229 |
if (isset($HTTP_SERVER_VARS)) { |
1228 |
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { |
|
1230 |
if (isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])) { |
1229 |
$ip = $_SERVER['HTTP_X_FORWARDED_FOR']; |
|
1231 |
$ip = $HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']; |
1230 |
} elseif (isset($_SERVER['HTTP_CLIENT_IP'])) { |
|
1232 |
} elseif (isset($HTTP_SERVER_VARS['HTTP_CLIENT_IP'])) { |
1231 |
$ip = $_SERVER['HTTP_CLIENT_IP']; |
|
1233 |
$ip = $HTTP_SERVER_VARS['HTTP_CLIENT_IP']; |
1232 |
} else { |
= |
1234 |
} else { |
1233 |
$ip = $_SERVER['REMOTE_ADDR']; |
<> |
1235 |
$ip = $HTTP_SERVER_VARS['REMOTE_ADDR']; |
1234 |
} |
= |
1236 |
} |
1235 |
} else { |
|
1237 |
} else { |
1236 |
if (getenv('HTTP_X_FORWARDED_FOR')) { |
|
1238 |
if (getenv('HTTP_X_FORWARDED_FOR')) { |
1237 |
$ip = getenv('HTTP_X_FORWARDED_FOR'); |
|
1239 |
$ip = getenv('HTTP_X_FORWARDED_FOR'); |
1238 |
} elseif (getenv('HTTP_CLIENT_IP')) { |
|
1240 |
} elseif (getenv('HTTP_CLIENT_IP')) { |
1239 |
$ip = getenv('HTTP_CLIENT_IP'); |
|
1241 |
$ip = getenv('HTTP_CLIENT_IP'); |
[BUGFIX] Strip Additional Slashes When Editing Reviews
Strip additional slashes when editing reviews.
Affected Files
catalog/admin/reviews.php
File: catalog/admin/reviews.php
159 |
<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td> |
= |
159 |
<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td> |
160 |
</tr> |
|
160 |
</tr> |
161 |
<?php |
|
161 |
<?php |
162 |
if (tep_not_null($HTTP_POST_VARS)) { |
|
162 |
if (tep_not_null($HTTP_POST_VARS)) { |
163 |
/* Re-Post all POST'ed variables */ |
|
163 |
/* Re-Post all POST'ed variables */ |
164 |
reset($HTTP_POST_VARS); |
|
164 |
reset($HTTP_POST_VARS); |
165 |
while(list($key, $value) = each($HTTP_POST_VARS)) echo tep_draw_hidden_field($key, $value); |
<> |
165 |
while (list($key, $value) = each($HTTP_POST_VARS)) echo tep_draw_hidden_field($key, htmlspecialchars(stripslashes($value))); |
166 |
?> |
= |
166 |
?> |
167 |
<tr> |
|
167 |
<tr> |
168 |
<td align="right" class="smallText"><?php echo '<a href="' . tep_href_link(FILENAME_REVIEWS, 'page=' . $HTTP_GET_VARS['page'] . '&rID=' . $rInfo->reviews_id . '&action=edit') . '">' . tep_image_button('button_back.gif', IMAGE_BACK) . '</a> ' . tep_image_submit('button_update.gif', IMAGE_UPDATE) . ' <a href="' . tep_href_link(FILENAME_REVIEWS, 'page=' . $HTTP_GET_VARS['page'] . '&rID=' . $rInfo->reviews_id) . '">' . tep_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>'; ?></td> |
|
168 |
<td align="right" class="smallText"><?php echo '<a href="' . tep_href_link(FILENAME_REVIEWS, 'page=' . $HTTP_GET_VARS['page'] . '&rID=' . $rInfo->reviews_id . '&action=edit') . '">' . tep_image_button('button_back.gif', IMAGE_BACK) . '</a> ' . tep_image_submit('button_update.gif', IMAGE_UPDATE) . ' <a href="' . tep_href_link(FILENAME_REVIEWS, 'page=' . $HTTP_GET_VARS['page'] . '&rID=' . $rInfo->reviews_id) . '">' . tep_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>'; ?></td> |
169 |
</form></tr> |
|
169 |
</form></tr> |
170 |
<?php |
|
170 |
<?php |
171 |
} else { |
|
171 |
} else { |
[IMPROVEMENT] New Public Title for Payment Modules
Add a public title for the payment modules to show "Credit Card" instead of the name of the payment servicer provider.
Affected Files
catalog/includes/classes/order.php
catalog/checkout_process.php
File: catalog/includes/classes/order.php
160 |
'subtotal' => 0, |
= |
160 |
'subtotal' => 0, |
161 |
'tax' => 0, |
|
161 |
'tax' => 0, |
162 |
'tax_groups' => array(), |
|
162 |
'tax_groups' => array(), |
163 |
'comments' => (tep_session_is_registered('comments') && !empty($comments) ? $comments : '')); |
|
163 |
'comments' => (tep_session_is_registered('comments') && !empty($comments) ? $comments : '')); |
164 |
|
|
164 |
|
165 |
if (isset($GLOBALS[$payment]) && is_object($GLOBALS[$payment])) { |
|
165 |
if (isset($GLOBALS[$payment]) && is_object($GLOBALS[$payment])) { |
|
|
<> |
166 |
if (isset($GLOBALS[$payment]->public_title)) { |
|
|
|
167 |
$this->info['payment_method'] = $GLOBALS[$payment]->public_title; |
|
|
|
168 |
} else { |
166 |
$this->info['payment_method'] = $GLOBALS[$payment]->title; |
|
169 |
$this->info['payment_method'] = $GLOBALS[$payment]->title; |
|
|
|
170 |
} |
167 |
|
= |
171 |
|
168 |
if ( isset($GLOBALS[$payment]->order_status) && is_numeric($GLOBALS[$payment]->order_status) && ($GLOBALS[$payment]->order_status > 0) ) { |
|
172 |
if ( isset($GLOBALS[$payment]->order_status) && is_numeric($GLOBALS[$payment]->order_status) && ($GLOBALS[$payment]->order_status > 0) ) { |
169 |
$this->info['order_status'] = $GLOBALS[$payment]->order_status; |
|
173 |
$this->info['order_status'] = $GLOBALS[$payment]->order_status; |
170 |
} |
|
174 |
} |
171 |
} |
|
175 |
} |
172 |
|
|
176 |
|
File: catalog/checkout_process.php
247 |
EMAIL_SEPARATOR . "\n" . |
= |
247 |
EMAIL_SEPARATOR . "\n" . |
248 |
tep_address_label($customer_id, $billto, 0, '', "\n") . "\n\n"; |
|
248 |
tep_address_label($customer_id, $billto, 0, '', "\n") . "\n\n"; |
249 |
if (is_object($$payment)) { |
|
249 |
if (is_object($$payment)) { |
250 |
$email_order .= EMAIL_TEXT_PAYMENT_METHOD . "\n" . |
|
250 |
$email_order .= EMAIL_TEXT_PAYMENT_METHOD . "\n" . |
251 |
EMAIL_SEPARATOR . "\n"; |
|
251 |
EMAIL_SEPARATOR . "\n"; |
252 |
$payment_class = $$payment; |
|
252 |
$payment_class = $$payment; |
253 |
$email_order .= $payment_class->title . "\n\n"; |
<> |
253 |
$email_order .= $order->info['payment_method'] . "\n\n"; |
254 |
if ($payment_class->email_footer) { |
= |
254 |
if ($payment_class->email_footer) { |
255 |
$email_order .= $payment_class->email_footer . "\n\n"; |
|
255 |
$email_order .= $payment_class->email_footer . "\n\n"; |
256 |
} |
|
256 |
} |
257 |
} |
|
257 |
} |
258 |
tep_mail($order->customer['firstname'] . ' ' . $order->customer['lastname'], $order->customer['email_address'], EMAIL_TEXT_SUBJECT, $email_order, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); |
|
258 |
tep_mail($order->customer['firstname'] . ' ' . $order->customer['lastname'], $order->customer['email_address'], EMAIL_TEXT_SUBJECT, $email_order, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); |
259 |
|
|
259 |
|
[IMPROVEMENT] Navigation History Parameter Filter
Filter parameter names containing "_nh_dns" out of the navigation history session data.
Affected Files
catalog/includes/classes/navigation_history.php
File: catalog/includes/classes/navigation_history.php
57 |
} |
= |
57 |
} |
58 |
} |
|
58 |
} |
59 |
|
|
59 |
|
60 |
if ($set == 'true') { |
|
60 |
if ($set == 'true') { |
61 |
$this->path[] = array('page' => basename($PHP_SELF), |
|
61 |
$this->path[] = array('page' => basename($PHP_SELF), |
62 |
'mode' => $request_type, |
|
62 |
'mode' => $request_type, |
63 |
'get' => $HTTP_GET_VARS, |
<> |
63 |
'get' => $this->filter_parameters($HTTP_GET_VARS), |
64 |
'post' => $HTTP_POST_VARS); |
|
64 |
'post' => $this->filter_parameters($HTTP_POST_VARS)); |
65 |
} |
= |
65 |
} |
66 |
} |
|
66 |
} |
67 |
|
|
67 |
|
68 |
function remove_current_page() { |
|
68 |
function remove_current_page() { |
69 |
global $PHP_SELF; |
|
69 |
global $PHP_SELF; |
70 |
|
|
70 |
|
|
77 |
function set_snapshot($page = '') { |
= |
77 |
function set_snapshot($page = '') { |
78 |
global $PHP_SELF, $HTTP_GET_VARS, $HTTP_POST_VARS, $request_type; |
|
78 |
global $PHP_SELF, $HTTP_GET_VARS, $HTTP_POST_VARS, $request_type; |
79 |
|
|
79 |
|
80 |
if (is_array($page)) { |
|
80 |
if (is_array($page)) { |
81 |
$this->snapshot = array('page' => $page['page'], |
|
81 |
$this->snapshot = array('page' => $page['page'], |
82 |
'mode' => $page['mode'], |
|
82 |
'mode' => $page['mode'], |
83 |
'get' => $page['get'], |
<> |
83 |
'get' => $this->filter_parameters($page['get']), |
84 |
'post' => $page['post']); |
|
84 |
'post' => $this->filter_parameters($page['post'])); |
85 |
} else { |
= |
85 |
} else { |
86 |
$this->snapshot = array('page' => basename($PHP_SELF), |
|
86 |
$this->snapshot = array('page' => basename($PHP_SELF), |
87 |
'mode' => $request_type, |
|
87 |
'mode' => $request_type, |
88 |
'get' => $HTTP_GET_VARS, |
<> |
88 |
'get' => $this->filter_parameters($HTTP_GET_VARS), |
89 |
'post' => $HTTP_POST_VARS); |
|
89 |
'post' => $this->filter_parameters($HTTP_POST_VARS)); |
90 |
} |
= |
90 |
} |
91 |
} |
|
91 |
} |
92 |
|
|
92 |
|
93 |
function clear_snapshot() { |
|
93 |
function clear_snapshot() { |
94 |
$this->snapshot = array(); |
|
94 |
$this->snapshot = array(); |
95 |
} |
|
95 |
} |
|
121 |
echo '<br><br>'; |
= |
121 |
echo '<br><br>'; |
122 |
|
|
122 |
|
123 |
echo $this->snapshot['mode'] . ' ' . $this->snapshot['page'] . '?' . tep_array_to_string($this->snapshot['get'], array(tep_session_name())) . '<br>'; |
|
123 |
echo $this->snapshot['mode'] . ' ' . $this->snapshot['page'] . '?' . tep_array_to_string($this->snapshot['get'], array(tep_session_name())) . '<br>'; |
124 |
} |
|
124 |
} |
125 |
} |
|
125 |
} |
126 |
|
|
126 |
|
|
|
-+ |
127 |
function filter_parameters($parameters) { |
|
|
|
128 |
$clean = array(); |
|
|
|
129 |
|
|
|
|
130 |
reset($parameters); |
|
|
|
131 |
while (list($key, $value) = each($parameters)) { |
|
|
|
132 |
if (strpos($key, '_nh-dns') < 1) { |
|
|
|
133 |
$clean[$key] = $value; |
|
|
|
134 |
} |
|
|
|
135 |
} |
|
|
|
136 |
|
|
|
|
137 |
return $clean; |
|
|
|
138 |
} |
|
|
|
139 |
|
127 |
function unserialize($broken) { |
= |
140 |
function unserialize($broken) { |
128 |
for(reset($broken);$kv=each($broken);) { |
|
141 |
for(reset($broken);$kv=each($broken);) { |
129 |
$key=$kv['key']; |
|
142 |
$key=$kv['key']; |
130 |
if (gettype($this->$key)!="user function") |
|
143 |
if (gettype($this->$key)!="user function") |
131 |
$this->$key=$kv['value']; |
|
144 |
$this->$key=$kv['value']; |
132 |
} |
|
145 |
} |
133 |
} |
|
146 |
} |
134 |
} |
|
147 |
} |
135 |
?> |
|
148 |
?> |
[IMPROVEMENT] Increase Configuration Key and Title Database Field Sizes [SQL]
Increase the sizes of the configuration key and configuration title database fields.
Database Changes to Perform:
alter table configuration modify configuration_title varchar(255) NOT NULL;
alter table configuration modify configuration_key varchar(255) NOT NULL;
[BUGFIX] Strip Additional Slashes When Editing Files Through the File Manager
Strip additional slashes when editing files through the Administration Tool -> Tools -> File Manager section.
Affected Files
catalog/admin/file_manager.php
File: catalog/admin/file_manager.php
142 |
if (!isset($file_writeable)) $file_writeable = true; |
= |
142 |
if (!isset($file_writeable)) $file_writeable = true; |
143 |
$file_contents = ''; |
|
143 |
$file_contents = ''; |
144 |
if ($action == 'new_file') { |
|
144 |
if ($action == 'new_file') { |
145 |
$filename_input_field = tep_draw_input_field('filename'); |
|
145 |
$filename_input_field = tep_draw_input_field('filename'); |
146 |
} elseif ($action == 'edit') { |
|
146 |
} elseif ($action == 'edit') { |
147 |
if ($file_array = file($current_path . '/' . $HTTP_GET_VARS['info'])) { |
|
147 |
if ($file_array = file($current_path . '/' . $HTTP_GET_VARS['info'])) { |
148 |
$file_contents = addslashes(implode('', $file_array)); |
<> |
148 |
$file_contents = implode('', $file_array); |
149 |
} |
= |
149 |
} |
150 |
$filename_input_field = $HTTP_GET_VARS['info'] . tep_draw_hidden_field('filename', $HTTP_GET_VARS['info']); |
|
150 |
$filename_input_field = $HTTP_GET_VARS['info'] . tep_draw_hidden_field('filename', $HTTP_GET_VARS['info']); |
151 |
} |
|
151 |
} |
152 |
?> |
|
152 |
?> |
153 |
<tr> |
|
153 |
<tr> |
154 |
<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td> |
|
154 |
<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td> |