Changeset 1102181
- Timestamp:
- 03/01/2015 12:09:07 AM (11 years ago)
- Location:
- abase/trunk
- Files:
-
- 4 edited
-
abase.php (modified) (10 diffs)
-
abase_plugin_options.php (modified) (13 diffs)
-
readme.txt (modified) (5 diffs)
-
version.txt (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
abase/trunk/abase.php
r1098518 r1102181 4 4 Plugin URI: http://abase.com/ 5 5 Description: Create a form, display a table or send an email. Short code: [abase ack="" alink="" center="" cols="" columns="" database="" db="" echo="" elements="" emailbcc="" emailcc="" emailfrom="" emailorigin="" emailsubject="" emailto="" fields="" files="" form="" from="" group="" images="" insert="" left="" limit="" notable="" notitle="" or="" order="" password="" required="" right="" rlink="" rownum="" search="" select="" sql="" style="" table="" update="" where=""]. To setup up to 3 databases and for complete attribute documentation, click Settings link at left. 6 Version: 2. 46 Version: 2.5 7 7 Author: Richard Halverson 8 8 Author URI: http://abase.com/ … … 14 14 // require 'plugin-updates/plugin-update-checker.php'; 15 15 // $MyUpdateChecker = new PluginUpdateChecker('http://abase.com/plugins/abase.json',__FILE__,'abase'); 16 17 /* 18 19 Version 2.5 Added disable wptexturization making using < or > in attribute specifications easier. Database names now default to the user name prefix when only one database setting is displayed. Spaces around commas in attributes now allowed. PHP files are no longer uploadable. 20 21 */ 22 23 if(get_option('bus311mtd_disable_wptexturize')) remove_filter('the_content', 'wptexturize'); 16 24 17 25 add_action( 'admin_menu', 'table_display_plugin_menu' ); … … 205 213 // special characters: ^ | $ > >= = <= < != % 206 214 // <operand> ::= <surrogate> | <integer> | ' <constant> ' 215 $key_in=trim($key_in); 207 216 $wkey=htmlspecialchars_decode($key_in); 208 217 $column_title=''; $column_name=''; $foreign_column=''; $submit_button=''; $button_value=''; $op=''; $operand=''; $got_pct=''; $got_pct0=''; $operand_is_constant=0; $element_style=''; $value_format=''; $delete_value='';$element_type=''; … … 351 360 $error_string=''; 352 361 $fatal_error=0; 362 $rejectFiles='/\.(sh|asp|cgi|php|php3|ph3|php4|ph4|php5|ph5|phtm|phtml)$/'; 353 363 $maxJoinCount=20; 354 364 $maxJoinDepth=20; … … 669 679 $frms=split(',',$form_in); 670 680 foreach($frms as $fm){ 681 $fm=trim($fm); 671 682 $debug_string.=" ,fm=$fm"; 672 683 if(is_numeric($fm)){ … … 794 805 $acks=split(',',$updateack_in); 795 806 foreach($acks as $ak){ 807 $ak=trim($ak); 796 808 $debug_string.=" ,ak=$ak"; 797 809 if($ak>='1' && $ak<='4'){ … … 1229 1241 if($error_string>''){ 1230 1242 $top_output.="<font style='color:$error_color; background-color: white;'>"; 1243 // $top_output.='<STRONG>#'.$GLOBALS['bus311mtd_instance'].'.</STRONG> '.$full_short_code; 1231 1244 $top_output.='<STRONG>#'.$GLOBALS['bus311mtd_instance'].'.</STRONG> '.htmlspecialchars($full_short_code); 1232 1245 $top_output.="<br><STRONG>Non-Fatal Error</STRONG> (".__LINE__.")<br>".substr($error_string,2); 1246 if(strpos($full_short_code,'”')>0 && !get_option('bus311mtd_disable_wptexturize')){ 1247 $top_output.="<BR>You might try disabling <I>wptexturize</I> under Settings."; 1248 }; 1233 1249 $top_output.='</font>'; 1234 1250 $top_output.="<BR>"; … … 1337 1353 if(!is_dir($dir)){mkdir($dir);}; 1338 1354 }; 1339 move_uploaded_file( $_FILES[$key_]['tmp_name'], $target_Pathfile ); 1355 // do not allow \.(sh|asp|cgi|php|php3|ph3|php4|ph4|php5|ph5|phtm|phtml)$ 1356 1357 // if(!strpos(substr($target_Pathfile,-6,6),'.php')) move_uploaded_file( $_FILES[$key_]['tmp_name'], $target_Pathfile ); 1358 if(!preg_match($rejectFiles,$target_Pathfile)) move_uploaded_file( $_FILES[$key_]['tmp_name'], $target_Pathfile ); 1340 1359 $set.=", `$key`='".$target_Pathfile."'"; 1341 1360 $wh.=" AND `$key`='".$target_Pathfile."'"; … … 1506 1525 unlink($oldValue); 1507 1526 }; 1508 move_uploaded_file( $_FILES[$key_]['tmp_name'], $target_Pathfile ); 1527 // if(!strpos(substr($target_Pathfile,-6,6),'.php')) move_uploaded_file( $_FILES[$key_]['tmp_name'], $target_Pathfile ); 1528 if(!preg_match($rejectFiles,$target_Pathfile)) move_uploaded_file( $_FILES[$key_]['tmp_name'], $target_Pathfile ); 1509 1529 $set.=", `$key`='".$target_Pathfile."'"; 1510 1530 $numUpdates+=1; … … 2004 2024 $input_style=''; 2005 2025 for($i=0;$i<count($ordr);$i+=1){ 2006 if( $ordr[$i]==$key){2026 if(trim($ordr[$i])==trim($key)){ 2007 2027 $input_style=$styls[$i]; 2008 2028 }; -
abase/trunk/abase_plugin_options.php
r813494 r1102181 15 15 $db1ok.=$_POST['bus311mtd_dbfiles2'].$_POST['bus311mtd_dbfiles3']; 16 16 $cusrlen=strlen($cusr)+1; 17 17 $wpdbname=DB_NAME; $wpdbnamePrefix=substr($wpdbname,0,strpos($wpdbname,'_')); 18 $wpdbuser=DB_USER;$wpdbuserPrefix=substr($wpdbuser,0,strpos($wpdbuser,'_')); 19 $cpanelUser=''; 20 if(strlen($wpdbnamePrefix)>0 && $wpdbnamePrefix==$wpdbuserPrefix){$cpanelUser=$wpdbnamePrefix;}; 21 22 /* 18 23 // do not allow switching from show=3 to show=1 19 24 // if … … 23 28 // any database2 parameter not blank or 24 29 // any database3 parameter not blank 30 31 if(dbshow_old==0 && 32 33 */ 25 34 26 35 if($_POST['bus311mtd_hidden'] == 'Y') { … … 32 41 $dbname_nu=$_POST['bus311mtd_dbname_nu']; 33 42 $dbname=''; 34 if($dbname_nu>''){$dbname=$cusr.'_'.$dbname_nu; $dbname=$dbname_nu;}; 43 if($dbname_nu>''){ 44 $dbname=$cusr.'_'.$dbname_nu; 45 // $dbname=$dbname_nu; 46 }; 35 47 update_option('bus311mtd_dbname', $dbname); 36 48 $dbuser_nu=$_POST['bus311mtd_dbuser_nu']; 37 49 $dbuser=''; 38 if($dbuser_nu>''){$dbuser=$cusr.'_'.$dbuser_nu; $dbuser=$dbuser_nu;}; 50 if($dbuser_nu>''){ 51 $dbuser=$cusr.'_'.$dbuser_nu; 52 // $dbuser=$dbuser_nu; 53 }; 39 54 update_option('bus311mtd_dbuser', $dbuser); 40 55 $dbpwd = $_POST['bus311mtd_dbpwd']; … … 88 103 }; 89 104 }; 105 $disable_wptexturize=$_POST['bus311mtd_disable_wptexturize']; update_option('bus311mtd_disable_wptexturize', $disable_wptexturize); 90 106 $form_min=$_POST['bus311mtd_form_min']; update_option('bus311mtd_form_min', $form_min); 91 107 $form_max=$_POST['bus311mtd_form_max']; update_option('bus311mtd_form_max', $form_max); … … 99 115 100 116 $dbshow='';if(get_option('bus311mtd_show')){$dbshow = get_option('bus311mtd_show');}else{update_option('bus311mtd_show', '');}; 117 118 $disable_wptexturize=''; 119 if(get_option('bus311mtd_disable_wptexturize')){ 120 $disable_wptexturize = get_option('bus311mtd_disable_wptexturize'); 121 }else{ 122 update_option('bus311mtd_disable_wptexturize', ''); 123 }; 101 124 102 125 $form_min='';if(get_option('bus311mtd_form_min')){$form_min = get_option('bus311mtd_form_min');}else{update_option('bus311mtd_form_min', '0');}; … … 144 167 $lp=1;$fs=0; 145 168 if($dbshow>0){$lp=3;$fs=1;}; 146 $fsX=1; //remove default user name for cPanel169 // $fs=1; //remove default user name for cPanel 147 170 for($i=1;$i<=$lp;$i+=1){ 148 171 if($i==1){ … … 172 195 }; 173 196 ?> <table> 174 197 <?php if($i==1){ 175 198 ?> 176 199 … … 180 203 </tr> 181 204 <tr> 205 <td align=right bgcolor="DDDDDD">Texturization:</td> 206 <td> <input type="checkbox" name="bus311mtd_disable_wptexturize" value="1" <?php if($disable_wptexturize=='1') echo 'checked'; ?>>Disable wptexturize</td> 207 <td colspan=2>Disable wptexturize if you are using less than or greater than symbols in your attributes (< or >), for example, in an SQL WHERE clause. 208 <?php echo $cusr; ?> 209 </td> 210 </tr> 211 <tr> 182 212 <td align=right bgcolor="DDDDDD">Form Life:</td> 183 <td><nobr>Min:<input type="text" name="bus311mtd_form_min" size="1" value="<?php echo $form_min; ?>">,</nobr> <nobr>Max:<input type="text" name="bus311mtd_form_max" size="2" value="<?php echo $form_max; ?>"></nobr> 213 <td><nobr>Min:<input type="text" name="bus311mtd_form_min" size="1" value="<?php echo $form_min; ?>">,</nobr> <nobr>Max:<input type="text" name="bus311mtd_form_max" size="2" value="<?php echo $form_max; ?>"></nobr></td> 184 214 <td colspan=2>in Seconds. Valid form life. Before or afterwards, Insert, Update or Delete<BR>form not valid and database update will not occur. Set Max to 0 for non-enforcement. 185 215 </td> … … 188 218 <tr> 189 219 <td colspan=2><h3>Database Settings:</h3></td> 190 <td colspan=2 align=left>< input type="checkbox" name="bus311mtd_show" value="1" <?php if($dbshow>0){echo "checked"; }; ?>>Expand to full settings220 <td colspan=2 align=left><table><tr><td><input type="checkbox" name="bus311mtd_show" value="1" <?php if($dbshow>0){echo "checked"; }; ?>>Expand to full settings (3 databases)</td><td><?php submit_button() ?></td></tr></table> 191 221 </td> 192 222 </tr> … … 196 226 }; 197 227 $dname_nouser=$dname; 198 //if(substr($dname,0,strlen($cusr)+1)==$cusr.'_'){$dname_nouser=substr($dname,strlen($cusr)+1);};228 if(substr($dname,0,strlen($cusr)+1)==$cusr.'_'){$dname_nouser=substr($dname,strlen($cusr)+1);}; 199 229 $wp_dname_nouser=DB_NAME; 200 //if(substr($wp_dname_nouser,0,strlen($cusr)+1)==$cusr.'_'){$wp_dname_nouser=substr($wp_dname_nouser,strlen($cusr)+1);};230 if(substr($wp_dname_nouser,0,strlen($cusr)+1)==$cusr.'_'){$wp_dname_nouser=substr($wp_dname_nouser,strlen($cusr)+1);}; 201 231 $duser_nouser=$duser; 202 //if(substr($duser,0,strlen($cusr)+1)==$cusr.'_'){$duser_nouser=substr($duser,strlen($cusr)+1);};232 if(substr($duser,0,strlen($cusr)+1)==$cusr.'_'){$duser_nouser=substr($duser,strlen($cusr)+1);}; 203 233 $wp_duser_nouser=DB_USER; 204 //if(substr($wp_duser_nouser,0,strlen($cusr)+1)==$cusr.'_'){$wp_duser_nouser=substr($wp_duser_nouser,strlen($cusr)+1);};234 if(substr($wp_duser_nouser,0,strlen($cusr)+1)==$cusr.'_'){$wp_duser_nouser=substr($wp_duser_nouser,strlen($cusr)+1);}; 205 235 206 236 if($dbshow>0){ ?> … … 209 239 <td colspan=2>leave blank unless you know specifically otherwise (<?php echo "default: ".DB_HOST; ?>)</td> 210 240 </tr> 211 <?php}; ?>241 <?php }; ?> 212 242 <tr><td align=right bgcolor="DDDDDD">Database name<?php echo $sdbn;?>:</td> 213 <td><?php 214 if(!$fs){ 215 // echo $cusr.'_'; 216 ?><input type="text" name="bus311mtd_dbname_nu<?php echo $dbn;?>" value="<?php echo $dname_nouser; ?>" size="20"><?php }else{ ?><input type="text" name="bus311mtd_dbname<?php echo $dbn;?>" value="<?php echo $dname; ?>" size="20"><?php }; ?></td> 243 <td><nobr> 244 <?php if(!$fs){ echo $cusr.'_'; ?><input type="text" name="bus311mtd_dbname_nu<?php echo $dbn;?>" value="<?php echo $dname_nouser; ?>" size="10"> 245 <?php }else{ ?> 246 <input type="text" name="bus311mtd_dbname<?php echo $dbn;?>" value="<?php echo $dname; ?>" size="20"> 247 <?php }; ?> 248 </nobr></td> 217 249 <td><?php echo " leave blank for WordPress database (".DB_NAME.")"; ?></td> 218 250 <?php if($create_databases==1){ ?> … … 226 258 </tr> 227 259 <tr><td align=right bgcolor="DDDDDD">Database user<?php echo $sdbn;?>:</td> 228 <td><?php if(!$fs){ 229 //echo $cusr.'_'; 230 ?><input type="text" name="bus311mtd_dbuser_nu<?php echo $dbn;?>" value="<?php echo $duser_nouser; ?>" size="20"><?php }else{ ?><input type="text" name="bus311mtd_dbuser<?php echo $dbn;?>" value="<?php echo $duser; ?>" size="20"><?php }; ?></td> 260 <td><?php if(!$fs){ echo $cusr.'_'; ?><input type="text" name="bus311mtd_dbuser_nu<?php echo $dbn;?>" value="<?php echo $duser_nouser; ?>" size="10"> 261 <?php }else{ ?> 262 <input type="text" name="bus311mtd_dbuser<?php echo $dbn;?>" value="<?php echo $duser; ?>" size="20"> 263 <?php }; ?> 264 </td> 231 265 <td colspan=2><?php echo " leave blank if Database name is blank or the WordPress user (".DB_USER.") has permissions to access this database."; ?></td> 232 266 <td></td> … … 246 280 </td> 247 281 </tr> 248 282 <?php }; ?> 249 283 </table> 250 284 <?php -
abase/trunk/readme.txt
r1098518 r1102181 20 20 [abase ack="" alink="" center="" cols="" columns="" database="" db="" echo="" elements="" emailbcc="" emailcc="" emailfrom="" emailorigin="" emailsubject="" emailto="" fields="" files="" form="" from="" group="" images="" insert="" left="" limit="" notable="" notitle="" or="" order="" password="" required="" right="" rlink="" rownum="" search="" select="" sql="" style="" table="" update="" where=""] 21 21 <P> 22 Within the quotes of each attribute can be a parameter value or a list of values separated by commas (,). Empty fields need not be specified. An unrecognized attribute is ignored. Using the shortcode with no (recognizable) attributes ([abase]) lists the database user, database, tables with record counts for the current database. Otherwise, either the <strong>sql</strong>, <strong>from</strong>, or <strong>table</strong> attribute should be used to specify part or all of a database operation, or an email sent, using at least an <strong>emailto</strong> attribute. The attribute names must be lower case. Characters <code><</code> and <code>></code> are illegal within the quotes. The <code><</code> must be replaced with <code>&lt;</code> and <code>></code> must be replaced with <code>&gt;</code>.22 Within the quotes of each attribute can be a parameter value or a list of values separated by commas (,). Empty fields need not be specified. An unrecognized attribute is ignored. Using the shortcode with no (recognizable) attributes ([abase]) lists the database user, database, tables with record counts for the current database. Otherwise, either the <strong>sql</strong>, <strong>from</strong>, or <strong>table</strong> attribute should be used to specify part or all of a database operation, or an email sent, using at least an <strong>emailto</strong> attribute. The attribute names must be lower case. If you are using <code><</code> or <code>></code> within the quotes, be sure to disable wptexturization. 23 23 <P> 24 24 ABASE shortcodes can also be of the form [abase ...]<content>[/abase]. In this form, <content> will be displayed above what [abase ...] produces. The shortcode name "abase" can be all lower-case or all upper-case but not mixed case. Each functions identically but are treated separately. Note that when including a closing shortcode, it must be case identical. <content> can include ABASE tags as long as the alternate case is used. Embedding shortcodes in content is useful when using ABASE to send emails from your website. … … 48 48 <li><strong>fields</strong> - fields=" <field_spec> ( , <field_spec> )" - Specifies the column names to be displayed in record view. Record view is a two column table with the field names in the first column and the values in the second column. 49 49 <ul><li>Meta language: terms in parentheses are optional, vertical bar (|) - OR operator. (Exception - vertical bar (|) preceded <foreign_column>.) 50 <li><field_spec> ::= ( <column_title>^ ) <column_name> ( |<foreign_column> ) ( ! ( '( <element_type> <space> ) <element_style>' ) ) ( [>|>=|=|<=|<|!=] ( % ) <operand> ) ( % ) ( $ ( <button_value> ) ) <strong>Note:</strong> characters <code><</code> and <code>></code> are illegal for less-than or greater-than in an expression, so replace <code><</code> with <code>&lt;</code> and <code>></code> with <code>&gt;</code>.50 <li><field_spec> ::= ( <column_title>^ ) <column_name> ( |<foreign_column> ) ( ! ( '( <element_type> <space> ) <element_style>' ) ) ( [>|>=|=|<=|<|!=] ( % ) <operand> ) ( % ) ( $ ( <button_value> ) ) <strong>Note:</strong> If you are using <code><</code> or <code>></code>, be sure to disable wptexturization. 51 51 <li><operand> ::= <surrogate> | <integer> | ' <constant> ' 52 52 <li><column_title> = optionally precedes <column_name> using a carrot (^) character. It replaces <column_name> as column title in table view and field name in record view. … … 96 96 <li><strong>search</strong> - search="" (depreciated. Use form="search".) 97 97 <li><strong>select</strong> - Specifies the select_expr clause in the MySQL SELECT statement. Default is * (all columns). 98 <li><strong>sql</strong> - Specifies a complete MySQL statement to be executed. Characters <code><</code> and <code>></code> are illegal for less-than or greater-than in an expression, so replace <code><</code> with <code>&lt;</code> and <code>></code> with <code>&gt;</code>.98 <li><strong>sql</strong> - Specifies a complete MySQL statement to be executed. If you are using <code><</code> or <code>></code>, be sure to disable wptexturization. 99 99 <li><strong>style</strong> - This will specify a style="" attribute for the table that encloses the shortcode display. 100 100 <li><strong>table</strong> - Specifies the database table to be searched or updated. 101 101 <li><strong>update</strong> - update="" (depreciated. Use form="update".) 102 <li><strong>where</strong> - Specifies the where_condition clause in the MySQL SELECT statement. If it begins with "AND " or "OR " it will be concatenated to (instead of overridding) any other where expression. Characters <code><</code> and <code>></code> are illegal for less-than or greater-than in an expression, so replace <code><</code> with <code>&lt;</code> and <code>></code> with <code>&gt;</code>.102 <li><strong>where</strong> - Specifies the where_condition clause in the MySQL SELECT statement. If it begins with "AND " or "OR " it will be concatenated to (instead of overridding) any other where expression. Be sure to disable wptexturization if you are using <code><</code> or <code>></code>. 103 103 </ul> 104 104 <h3>Displaying Fields</h3> … … 287 287 == Changelog == 288 288 289 = 2.5 = 290 291 Added disable wptexturization making using < or > in attribute specifications easier. Database names now default to the user name prefix when only one database setting is displayed. Spaces around commas in attributes now allowed. PHP files are no longer uploadable. 292 289 293 = 2.4 = 290 294 … … 357 361 == Upgrade notice == 358 362 363 = 2.5 = 364 365 Added disable wptexturization making using < or > in attribute specifications easier. Database names now default to the user name prefix when only one database setting is displayed. Spaces around commas in attributes now allowed. PHP files are no longer uploadable. 366 359 367 = 2.4 = 360 368 -
abase/trunk/version.txt
r1098518 r1102181 1 Version: 2. 4 Updated: February 14, 2015.1 Version: 2.5 Updated: February 28, 2015.
Note: See TracChangeset
for help on using the changeset viewer.