Add some codes from 3.61. Currently files under /nucleus/libs and /nucleus/libs/sql...

[nucleus-jp/nucleus-jp-ancient.git] / utf8 / nucleus / libs / MANAGER.php

diff --git a/utf8/nucleus/libs/MANAGER.php b/utf8/nucleus/libs/MANAGER.php
index 26c283e..4e67cda 100755 (executable)
--- a/utf8/nucleus/libs/MANAGER.php
+++ b/utf8/nucleus/libs/MANAGER.php
@@ -1,7 +1,7 @@
 <?php
 /*
  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
- * Copyright (C) 2002-2009 The Nucleus Group
+ * Copyright (C) 2002-2010 The Nucleus Group
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -19,7 +19,7 @@
  * active at all times. The object can be requested using MANAGER::instance()
  *
  * @license http://nucleuscms.org/license.txt GNU General Public License
- * @copyright Copyright (C) 2002-2009 The Nucleus Group
+ * @copyright Copyright (C) 2002-2010 The Nucleus Group
  * @version $Id$
  * $NucleusJP: MANAGER.php,v 1.8.2.1 2007/09/05 07:00:18 kimitake Exp $
  */
@@ -248,6 +248,9 @@ class MANAGER {
 
                 if (!file_exists($fileName))
                 {
+                    if (!defined('_MANAGER_PLUGINFILE_NOTFOUND')) {
+                        define('_MANAGER_PLUGINFILE_NOTFOUND', 'Plugin %s was not loaded (File not found)');
+                    }
                     ACTIONLOG::add(WARNING, sprintf(_MANAGER_PLUGINFILE_NOTFOUND, $name));
                     return 0;
                 }
@@ -258,6 +261,9 @@ class MANAGER {
                 // check if class exists (avoid errors in eval'd code)
                 if (!class_exists($name))
                 {
+                    if (!defined('_MANAGER_PLUGINFILE_NOCLASS')) {
+                        define('_MANAGER_PLUGINFILE_NOCLASS', "Plugin %s was not loaded (Class not found in file, possible parse error)");
+                    }
                     ACTIONLOG::add(WARNING, sprintf(_MANAGER_PLUGINFILE_NOCLASS, $name));
                     return 0;
                 }
@@ -505,7 +511,7 @@ class MANAGER {
             $memberId = $member->getID();
 
         // check if ticket is a valid one
-        $query = 'SELECT COUNT(*) as result FROM ' . sql_table('tickets') . ' WHERE member=' . intval($memberId). ' and ticket=\''.addslashes($ticket).'\'';
+        $query = 'SELECT COUNT(*) as result FROM ' . sql_table('tickets') . ' WHERE member=' . intval($memberId). ' and ticket=\''.sql_real_escape_string($ticket).'\'';
         if (quickQuery($query) == 1)
         {
             // [in the original implementation, the checked ticket was deleted. This would lead to invalid
@@ -513,7 +519,7 @@ class MANAGER {
             //  leaving the keys in the database is not a real problem, since they're member-specific and
             //  only valid for a period of one hour
             // ]
-            // sql_query('DELETE FROM '.sql_table('tickets').' WHERE member=' . intval($memberId). ' and ticket=\''.addslashes($ticket).'\'');
+            // sql_query('DELETE FROM '.sql_table('tickets').' WHERE member=' . intval($memberId). ' and ticket=\''.sql_real_escape_string($ticket).'\'');
             return true;
         } else {
             // not a valid ticket
@@ -558,7 +564,7 @@ class MANAGER {
 
                 // add in database as non-active
                 $query = 'INSERT INTO ' . sql_table('tickets') . ' (ticket, member, ctime) ';
-                $query .= 'VALUES (\'' . addslashes($ticket). '\', \'' . intval($memberId). '\', \'' . date('Y-m-d H:i:s',time()) . '\')';
+                $query .= 'VALUES (\'' . sql_real_escape_string($ticket). '\', \'' . intval($memberId). '\', \'' . date('Y-m-d H:i:s',time()) . '\')';
                 if (sql_query($query))
                     $ok = true;
             }