Mibew/i18n
1
0
Fork 0
mirror of https://github.com/Mibew/i18n.git synced 2025-02-02 09:34:41 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix bugs with extra escaping of special chars in requests related to operations with threads

Browse Source
This commit is contained in:
Fedor A. Fetisov 2013-09-14 22:31:13 +04:00
parent 2779206a1a
commit 032306866a
4 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/messenger/webim/client.php
View File

@ -142,7 +142,7 @@ if( !isset($_GET['token']) || !isset($_GET['thread']) ) {
} }
if($firstmessage) { if($firstmessage) {
$postedid = post_message_($thread['threadid'],$kind_user,$firstmessage,$link,$visitor['name']); $postedid = post_message_($thread['threadid'],$kind_user,$firstmessage,$link,$visitor['name']);
commit_thread( $thread['threadid'], array('shownmessageid' => $postedid), $link); commit_thread( $thread['threadid'], array('shownmessageid' => intval($postedid)), $link);
} }
notify_operators($thread, $firstmessage, $link); notify_operators($thread, $firstmessage, $link);
mysql_close($link); mysql_close($link);

18
src/messenger/webim/libs/chat.php
View File

@ -456,7 +456,7 @@ function update_thread_access($threadid, $params, $link)
foreach ($params as $k => $v) { foreach ($params as $k => $v) {
if (strlen($clause) > 0) if (strlen($clause) > 0)
$clause .= ", "; $clause .= ", ";
$clause .= "`" . mysql_real_escape_string($k, $link) . "`='" . mysql_real_escape_string($v, $link) . "'"; $clause .= "`" . mysql_real_escape_string($k, $link) . "`=" . $v;
} }
perform_query( perform_query(
"update ${mysqlprefix}chatthread set $clause " . "update ${mysqlprefix}chatthread set $clause " .
@ -474,7 +474,7 @@ function ping_thread($thread, $isuser, $istyping)
$current = $thread['current']; $current = $thread['current'];
if ($thread['istate'] == $state_loading && $isuser) { if ($thread['istate'] == $state_loading && $isuser) {
$params['istate'] = $state_queue; $params['istate'] = intval($state_queue);
commit_thread($thread['threadid'], $params, $link); commit_thread($thread['threadid'], $params, $link);
mysql_close($link); mysql_close($link);
return; return;
@ -489,7 +489,7 @@ function ping_thread($thread, $isuser, $istyping)
$message_to_post = getstring_("chat.status.operator.dead", $thread['locale']); $message_to_post = getstring_("chat.status.operator.dead", $thread['locale']);
post_message_($thread['threadid'], $kind_conn, $message_to_post, $link, null, $lastping + $connection_timeout); post_message_($thread['threadid'], $kind_conn, $message_to_post, $link, null, $lastping + $connection_timeout);
$params['istate'] = $state_waiting; $params['istate'] = intval($state_waiting);
$params['nextagent'] = 0; $params['nextagent'] = 0;
commit_thread($thread['threadid'], $params, $link); commit_thread($thread['threadid'], $params, $link);
mysql_close($link); mysql_close($link);
@ -506,7 +506,7 @@ function commit_thread($threadid, $params, $link)
global $mysqlprefix; global $mysqlprefix;
$query = "update ${mysqlprefix}chatthread t set lrevision = " . intval(next_revision($link)) . ", dtmmodified = CURRENT_TIMESTAMP"; $query = "update ${mysqlprefix}chatthread t set lrevision = " . intval(next_revision($link)) . ", dtmmodified = CURRENT_TIMESTAMP";
foreach ($params as $k => $v) { foreach ($params as $k => $v) {
$query .= ", `" . mysql_real_escape_string($k, $link) . "`='" . mysql_real_escape_string($v, $link) . "'"; $query .= ", `" . mysql_real_escape_string($k, $link) . "`=" . $v;
} }
$query .= " where threadid = " . intval($threadid); $query .= " where threadid = " . intval($threadid);
@ -533,8 +533,8 @@ function close_thread($thread, $isuser)
$link = connect(); $link = connect();
if ($thread['istate'] != $state_closed) { if ($thread['istate'] != $state_closed) {
commit_thread($thread['threadid'], array('istate' => $state_closed, commit_thread($thread['threadid'], array( 'istate' => intval($state_closed),
'messageCount' => "(SELECT COUNT(*) FROM ${mysqlprefix}chatmessage WHERE ${mysqlprefix}chatmessage.threadid = t.threadid AND ikind = 1)"), $link); 'messageCount' => "(SELECT COUNT(*) FROM ${mysqlprefix}chatmessage WHERE ${mysqlprefix}chatmessage.threadid = t.threadid AND ikind = 1)" ), $link);
} }
$message = $isuser ? getstring2_("chat.status.user.left", array($thread['userName']), $thread['locale'], true) $message = $isuser ? getstring2_("chat.status.user.left", array($thread['userName']), $thread['locale'], true)
@ -615,9 +615,9 @@ function do_take_thread($threadid, $operatorId, $operatorName)
global $state_chatting; global $state_chatting;
$link = connect(); $link = connect();
commit_thread($threadid, commit_thread($threadid,
array("istate" => $state_chatting, array("istate" => intval($state_chatting),
"nextagent" => 0, "nextagent" => 0,
"agentId" => $operatorId, "agentId" => intval($operatorId),
"agentName" => "'" . mysql_real_escape_string($operatorName, $link) . "'"), $link); "agentName" => "'" . mysql_real_escape_string($operatorName, $link) . "'"), $link);
mysql_close($link); mysql_close($link);
} }
@ -641,7 +641,7 @@ function reopen_thread($threadid)
if ($thread['istate'] != $state_chatting && $thread['istate'] != $state_queue && $thread['istate'] != $state_loading) { if ($thread['istate'] != $state_chatting && $thread['istate'] != $state_queue && $thread['istate'] != $state_loading) {
commit_thread($threadid, commit_thread($threadid,
array("istate" => $state_waiting, "nextagent" => 0), $link); array("istate" => intval($state_waiting), "nextagent" => 0), $link);
} }
post_message_($thread['threadid'], $kind_events, getstring_("chat.status.user.reopenedthread", $thread['locale'], true), $link); post_message_($thread['threadid'], $kind_events, getstring_("chat.status.user.reopenedthread", $thread['locale'], true), $link);

4
src/messenger/webim/operator/redirect.php
View File

@ -43,7 +43,7 @@ if (isset($_GET['nextGroup'])) {
if ($thread['istate'] == $state_chatting) { if ($thread['istate'] == $state_chatting) {
$link = connect(); $link = connect();
commit_thread($threadid, commit_thread($threadid,
array("istate" => $state_waiting, "nextagent" => 0, "groupid" => $nextid, "agentId" => 0, "agentName" => "''"), $link); array("istate" => intval($state_waiting), "nextagent" => 0, "groupid" => intval($nextid), "agentId" => 0, "agentName" => "''"), $link);
post_message_($thread['threadid'], $kind_events, post_message_($thread['threadid'], $kind_events,
getstring2_("chat.status.operator.redirect", getstring2_("chat.status.operator.redirect",
array(get_operator_name($operator)), $thread['locale'], true), $link); array(get_operator_name($operator)), $thread['locale'], true), $link);
@ -63,7 +63,7 @@ if (isset($_GET['nextGroup'])) {
$page['message'] = getlocal2("chat.redirected.content", array(safe_htmlspecialchars(topage(get_operator_name($nextOperator))))); $page['message'] = getlocal2("chat.redirected.content", array(safe_htmlspecialchars(topage(get_operator_name($nextOperator)))));
if ($thread['istate'] == $state_chatting) { if ($thread['istate'] == $state_chatting) {
$link = connect(); $link = connect();
$threadupdate = array("istate" => $state_waiting, "nextagent" => $nextid, "agentId" => 0); $threadupdate = array("istate" => intval($state_waiting), "nextagent" => intval($nextid), "agentId" => 0);
if ($thread['groupid'] != 0) { if ($thread['groupid'] != 0) {
if (FALSE === select_one_row("select groupid from ${mysqlprefix}chatgroupoperator where operatorid = " . intval($nextid) . " and groupid = " . intval($thread['groupid']), $link)) { if (FALSE === select_one_row("select groupid from ${mysqlprefix}chatgroupoperator where operatorid = " . intval($nextid) . " and groupid = " . intval($thread['groupid']), $link)) {
$threadupdate['groupid'] = 0; $threadupdate['groupid'] = 0;

2
src/messenger/webim/thread.php
View File

@ -76,7 +76,7 @@ if( $act == "refresh" ) {
$link = connect(); $link = connect();
$postedid = post_message_($threadid,$kind,$message,$link,$from,null,$isuser ? null : $operator['operatorid'] ); $postedid = post_message_($threadid,$kind,$message,$link,$from,null,$isuser ? null : $operator['operatorid'] );
if($isuser && $thread["shownmessageid"] == 0) { if($isuser && $thread["shownmessageid"] == 0) {
commit_thread( $thread['threadid'], array('shownmessageid' => $postedid), $link); commit_thread( $thread['threadid'], array('shownmessageid' => intval($postedid)), $link);
} }
mysql_close($link); mysql_close($link);
print_thread_messages($thread, $token, $lastid, $isuser, $outformat, $isuser ? null : $operator['operatorid']); print_thread_messages($thread, $token, $lastid, $isuser, $outformat, $isuser ? null : $operator['operatorid']);