// // Alternatively, the contents of this file may be used under the terms of // either the GNU General Public License Version 2 or later (the "GPL"), or // the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), // in which case the provisions of the GPL or the LGPL are applicable instead // of those above. If you wish to allow use of your version of this file only // under the terms of either the GPL or the LGPL, and not to allow others to // use your version of this file under the terms of the MPL, indicate your // decision by deleting the provisions above and replace them with the notice // and other provisions required by the GPL or the LGPL. If you do not delete // the provisions above, a recipient may use your version of this file under // the terms of any one of the MPL, the GPL or the LGPL. // // ***** END LICENSE BLOCK ***** //inc_global.php -- Stuff that needs to be done globally to all of Mozilla Update // --------------------------- // escape_string() -- Quote a variable to make it safe // --------------------------- function escape_string($value) { // Stripslashes if we need to if (get_magic_quotes_gpc()) { $value = stripslashes($value); } // Quote it if it's not an integer if (!is_numeric($value)) { $value = mysql_real_escape_string($value); } return $value; } //Remove HTML tags and escape enities from GET/POST vars. foreach ($_GET as $key => $val) { $_GET["$key"] = htmlentities(str_replace("\\","",strip_tags($_GET["$key"]))); } foreach ($_POST as $key => $val) { if (!is_array($_POST["$key"])) { $_POST["$key"] = htmlentities(str_replace("\\","",strip_tags($_POST["$key"]))); } } // Bug 250596 Fixes for incoming $_GET variables. if ($_GET["application"]) { $_GET["application"] = escape_string(strtolower($_GET["application"])); $sql = "SELECT AppID FROM `applications` WHERE `AppName` = '".ucwords(strtolower($_GET["application"]))."' LIMIT 1"; $sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE); if (mysql_num_rows($sql_result)===0) {unset($_GET["application"]);} } if ($_GET["category"] AND $_GET["category"] !=="All" AND $_GET["category"] !=="Editors Pick" AND $_GET["category"] !=="Popular" AND $_GET["category"] !=="Top Rated" AND $_GET["category"] !=="Newest") { $sql = "SELECT CatName FROM `categories` WHERE `CatName` = '".escape_string(ucwords(strtolower($_GET["category"])))."' LIMIT 1"; $sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE); if (mysql_num_rows($sql_result)===0) {unset($_GET["category"]);} } if (!is_numeric($_GET["id"])) { unset($_GET["id"]); } if (!is_numeric($_GET["vid"])) { unset($_GET["vid"]); } if (!is_numeric($_GET["pageid"])) { unset($_GET["pageid"]); } if (!is_numeric($_GET["numpg"])) { unset($_GET["numpg"]); } // page_error() function function page_error($reason, $custom_message) { global $page_header, $page_footer; echo"Mozilla Update :: Error\n"; include"$page_header"; echo"

"; echo"

Mozilla Update :: Error

\n"; echo"\n"; echo"Mozilla Update has encountered an error and is unable to fulfill your request. Please try your request again later. If the problem continues, please contact the Mozilla Update staff. More information about the error may be found at the end of this message.

Error $reason: $custom_message

«« Go Back to Previous Page"; echo"\n"; echo"

\n"; include"$page_footer"; echo"\n\n"; exit; } function writeFormKey() { $sql = "SELECT UserPass FROM userprofiles WHERE UserID = '".$_SESSION["uid"]."'"; $res = mysql_query($sql) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE); $row = mysql_fetch_array($res); echo "\n"; } function checkFormKey() { $key = $_POST["formkey"]; $sql = "SELECT UserPass FROM userprofiles WHERE UserID = '".$_SESSION["uid"]."'"; $res = mysql_query($sql) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE); $row = mysql_fetch_array($res); if ($key != md5($row["UserPass"])) { echo "
WARNING: FORMKEY MISMATCH!
\n"; return false; } return true; } // ----------------------------- // function uriparams() -- print all the present and valid URI variables. // Usage: string uriparams() // ----------------------------- function uriparams() { global $app_version, $application, $items_per_page, $category, $OS, $uriparams_skip; $uriparams = ""; if ($application and $uriparams_skip !="application") { $uriparams .="application=$application&"; } if ($app_version and $uriparams_skip !="application") { $uriparams .="version=$app_version&"; } if ($OS) { $uriparams .="os=$OS&"; } if ($category and $uriparams_skip !="category") { $uriparams .="category=$category&"; } if ($items_per_page) { $uriparams .="numpg=$items_per_page"; } if (substr($uriparams, -1)==";") { $uriparams = substr($uriparams,0,strlen($uriparams)-5); } return $uriparams; } // ----------------------------- // function installtrigger() -- print installtrigger function for extension/theme installation on page. // Usage null uriparams(string functionname) // ----------------------------- function installtrigger($functionname) { if ($functionname=="extensions") { echo' '; } else if ($functionname=="themes") { echo' '; } } ?>