asp net mvc generate pdf from view itextsharp : Break password pdf application SDK cloud html winforms asp.net class oscom23-old16-part1224

@@ -145,13 +145,19 @@
////
// Output a form
-  function tep_draw_form($name, $action, $method = 'post', $parameters = '') {
+  function tep_draw_form($name, $action, $method = 'post', $parameters = '', $tokenize = 
) {
false
+    global $sessiontoken;
+
$form = '<form name=
action=
"' . tep_output_string($name) . '"
"' . tep_output_string($action)
method=
';
. '"
"' . tep_output_string($method) . '"
(tep_not_null($parameters)) $form .= ' ' . $parameters;
if
$form .= '>';
+    
( ($tokenize == 
) && isset($sessiontoken) ) {
if
true
+      $form .= '<input type=
name=
value=
"hidden"
"formid"
"' . tep_output_string($sessiontoken) .
>';
'"
+    }
+
$form;
return
}
catalog/login.php
@@ -20,7 +20,7 @@
require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_LOGIN);
$error = 
;
false
-  
(isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
if
+  
(isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process') &&
if
isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken)) {
$email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
$password = tep_db_prepare_input($HTTP_POST_VARS['password']);
@@ -54,6 +54,9 @@
tep_db_query(
. TABLE_CUSTOMERS_INFO . 
"update "
" set customers_info_date_of_last_logon =
now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id
. (
)$customer_id . 
);
= '"
int
"'"
+// reset session token
+        $sessiontoken = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand());
+
// restore cart contents
$cart->restore_contents();
@@ -101,7 +104,7 @@ function session_win() {
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
-    <td width=
valign=
><?php echo tep_draw_form('login', tep_href_link(FILENAME_LOGIN,
"100%"
"top"
'action=process', 'SSL')); ?><table border=
width=
cellspacing=
cellpadding=
>
"0"
"100%"
"0"
"0"
+    <td width=
valign=
><?php echo tep_draw_form('login', tep_href_link(FILENAME_LOGIN,
"100%"
"top"
'action=process', 'SSL'), 'post', '', 
); ?><table border=
width=
cellspacing=
true
"0"
"100%"
"0"
cellpadding=
>
"0"
<tr>
<td><table border=
width=
cellspacing=
cellpadding=
>
"0"
"100%"
"0"
"0"
<tr>
catalog/password_forgotten.php
Break password pdf - Split, seperate PDF into multiple files in C#.net, ASP.NET, MVC, Ajax, WinForms, WPF
Explain How to Split PDF Document in Visual C#.NET Application
break up pdf into individual pages; acrobat separate pdf pages
Break password pdf - VB.NET PDF File Split Library: Split, seperate PDF into multiple files in vb.net, ASP.NET, MVC, Ajax, WinForms, WPF
VB.NET PDF Document Splitter Control to Disassemble PDF Document
split pdf by bookmark; can't cut and paste from pdf
@@ -14,7 +14,7 @@
require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_PASSWORD_FORGOTTEN);
-  
(isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
if
+  
(isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process') &&
if
isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken)) {
$email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
$check_customer_query = tep_db_query("select customers_firstname, customers_lastname,
. TABLE_CUSTOMERS . 
.
customers_password, customers_id from "
" where customers_email_address = '"
tep_db_input($email_address) . 
);
"'"
@@ -61,7 +61,7 @@
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
-    <td width=
valign=
><?php echo tep_draw_form('password_forgotten',
"100%"
"top"
tep_href_link(FILENAME_PASSWORD_FORGOTTEN, 'action=process', 'SSL')); ?><table border=
width=
"0"
cellspacing=
cellpadding=
>
"100%"
"0"
"0"
+    <td width=
valign=
><?php echo tep_draw_form('password_forgotten',
"100%"
"top"
tep_href_link(FILENAME_PASSWORD_FORGOTTEN, 'action=process', 'SSL'), 'post', '', 
); ?><table
true
border=
width=
cellspacing=
cellpadding=
>
"0"
"100%"
"0"
"0"
<tr>
<td><table border=
width=
cellspacing=
cellpadding=
>
"0"
"100%"
"0"
"0"
<tr>
catalog/product_reviews_write.php
@@ -27,7 +27,7 @@
$customer_query = tep_db_query(
.
"select customers_firstname, customers_lastname from "
TABLE_CUSTOMERS . 
. (
)$customer_id . 
);
" where customers_id = '"
int
"'"
$customer = tep_db_fetch_array($customer_query);
-  
(isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
if
+  
(isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process') &&
if
isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken)) {
$rating = tep_db_prepare_input($HTTP_POST_VARS['rating']);
$review = tep_db_prepare_input($HTTP_POST_VARS['review']);
@@ -122,7 +122,7 @@ function popupWindow(url) {
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
-    <td width=
valign=
><?php echo tep_draw_form('product_reviews_write',
"100%"
"top"
tep_href_link(FILENAME_PRODUCT_REVIEWS_WRITE, 'action=process&products_id=' .
$HTTP_GET_VARS['products_id']), 'post', 'onSubmit=
'); ?><table border=
"
checkForm();"
return
"0"
width=
cellspacing=
cellpadding=
>
"100%"
"0"
"0"
+    <td width=
valign=
><?php echo tep_draw_form('product_reviews_write',
"100%"
"top"
tep_href_link(FILENAME_PRODUCT_REVIEWS_WRITE, 'action=process&products_id=' .
$HTTP_GET_VARS['products_id']), 'post', 'onSubmit=
', 
); ?><table border=
"
checkForm();"
return
true
width=
cellspacing=
cellpadding=
>
"0"
"100%"
"0"
"0"
<tr>
<td><table border=
width=
cellspacing=
cellpadding=
>
"0"
"100%"
"0"
"0"
<tr>
catalog/tell_a_friend.php
C# PDF Convert: How to Convert Jpeg, Png, Bmp, & Gif Raster Images
Success"); break; case ConvertResult.FILE_TYPE_UNSUPPORT: Console.WriteLine("Fail: can not convert to PDF, file type unsupport"); break; case ConvertResult
split pdf into individual pages; pdf split pages
C# Image Convert: How to Convert Word to Jpeg, Png, Bmp, and Gif
RasterEdge.XDoc.PDF.dll. FileType.IMG_JPEG); switch (result) { case ConvertResult. NO_ERROR: Console.WriteLine("Success"); break; case ConvertResult
cannot select text in pdf file; break a pdf file into parts
@@ -33,7 +33,7 @@
require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_TELL_A_FRIEND);
-  
(isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
if
+  
(isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process') &&
if
isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken)) {
$error = 
;
false
$to_email_address = tep_db_prepare_input($HTTP_POST_VARS['to_email_address']);
@@ -115,7 +115,7 @@
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
-    <td width=
valign=
><?php echo tep_draw_form('email_friend',
"100%"
"top"
tep_href_link(FILENAME_TELL_A_FRIEND, 'action=process&products_id=' .
$HTTP_GET_VARS['products_id'])); ?><table border=
width=
cellspacing=
cellpadding=
>
"0"
"100%"
"0"
"0"
+    <td width=
valign=
><?php echo tep_draw_form('email_friend',
"100%"
"top"
tep_href_link(FILENAME_TELL_A_FRIEND, 'action=process&products_id=' .
$HTTP_GET_VARS['products_id']), 'post', '', 
); ?><table border=
width=
cellspacing=
true
"0"
"100%"
cellpadding=
>
"0"
"0"
<tr>
<td><table border=
width=
cellspacing=
cellpadding=
>
"0"
"100%"
"0"
"0"
<tr>
(C) (BUG) Validate Removal of Customer Address
(C) (BUG) Validate Removal of Customer Address
Importance: High | Difficulty: Easy
Validate the address being deleted is not assigned as the customers default address.
Affected Files
catalog/address_book_process.php
View Changes Online
catalog/address_book_process.php
@@ -21,9 +21,13 @@
require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ADDRESS_BOOK_PROCESS);
(isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'deleteconfirm') &&
if
isset($HTTP_GET_VARS['delete']) && is_numeric($HTTP_GET_VARS['delete']) &&
isset($HTTP_GET_VARS['formid']) && ($HTTP_GET_VARS['formid'] == md5($sessiontoken))) {
-    tep_db_query(
. TABLE_ADDRESS_BOOK . 
. (
"delete from "
" where address_book_id = '"
int
)$HTTP_GET_VARS['delete'] . 
. (
)$customer_id . 
);
"' and customers_id = '"
int
"'"
+    
($HTTP_GET_VARS['delete'] == $customer_default_address_id) {
if
+      $messageStack->add_session('addressbook', WARNING_PRIMARY_ADDRESS_DELETION, 'warning');
+    } 
{
else
+      tep_db_query(
. TABLE_ADDRESS_BOOK . 
. (
"delete from "
" where address_book_id = '"
int
)$HTTP_GET_VARS['delete'] . 
. (
)$customer_id . 
);
"' and customers_id = '"
int
"'"
-    $messageStack->add_session('addressbook', SUCCESS_ADDRESS_BOOK_ENTRY_DELETED, 'success');
+      $messageStack->add_session('addressbook', SUCCESS_ADDRESS_BOOK_ENTRY_DELETED, 'success');
+    }
tep_redirect(tep_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));
}
(AC) (BUG) Sanitize Parameters
(AC) (BUG) Sanitize Parameters
VB.NET PDF Page Insert Library: insert pages into PDF file in vb.
Forms. Support adding PDF page number. Offer PDF page break inserting function. Free SDK library for Visual Studio .NET. Independent
a pdf page cut; split pdf
C# PDF Page Insert Library: insert pages into PDF file in C#.net
Ability to add PDF page number in preview. Offer PDF page break inserting function. Free components and online source codes for .NET framework 2.0+.
break a pdf into parts; break pdf file into parts
Importance: High | Difficulty: Medium
Sanitize parameters.
Affected Files
catalog/account_edit.php
catalog/address_book_process.php
catalog/admin/includes/classes/phplot.php
catalog/admin/includes/functions/compatibility.php
catalog/admin/includes/functions/html_output.php
catalog/admin/login.php
catalog/checkout_confirmation.php
catalog/checkout_payment_address.php
catalog/checkout_process.php
catalog/create_account.php
catalog/includes/application_top.php
catalog/includes/boxes/currencies.php
catalog/includes/boxes/tell_a_friend.php
catalog/includes/functions/compatibility.php
catalog/includes/functions/general.php
catalog/includes/functions/html_output.php
catalog/product_info.php
catalog/tell_a_friend.php
View Changes Online
catalog/account_edit.php
@@ -52,7 +52,7 @@
}
(ACCOUNT_DOB == '
') {
if
true
-      
(!checkdate(substr(tep_date_raw($dob), 4, 2), substr(tep_date_raw($dob), 6, 2),
if
substr(tep_date_raw($dob), 0, 4))) {
+      
((is_numeric(tep_date_raw($dob)) == 
) || (@checkdate(substr(tep_date_raw($dob), 4,
if
false
2), substr(tep_date_raw($dob), 6, 2), substr(tep_date_raw($dob), 0, 4)) == 
)) {
false
$error = 
;
true
$messageStack->add('account_edit', ENTRY_DATE_OF_BIRTH_ERROR);
catalog/address_book_process.php
@@ -21,7 +21,7 @@
require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ADDRESS_BOOK_PROCESS);
(isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'deleteconfirm') &&
if
isset($HTTP_GET_VARS['delete']) && is_numeric($HTTP_GET_VARS['delete']) &&
isset($HTTP_GET_VARS['formid']) && ($HTTP_GET_VARS['formid'] == md5($sessiontoken))) {
-    
($HTTP_GET_VARS['delete'] == $customer_default_address_id) {
if
+    
((
)$HTTP_GET_VARS['delete'] == $customer_default_address_id) {
if
int
$messageStack->add_session('addressbook', WARNING_PRIMARY_ADDRESS_DELETION, 'warning');
{
else
tep_db_query(
. TABLE_ADDRESS_BOOK . 
. (
"delete from "
" where address_book_id = '"
int
)$HTTP_GET_VARS['delete'] . 
. (
)$customer_id . 
);
"' and customers_id = '"
int
"'"
catalog/admin/includes/classes/phplot.php
C# TWAIN - Query & Set Device Abilities in C#
device.TwainTransferMode = method; break; } if (method == TwainTransferMethod.TWSX_FILE) device.TransferMethod = method; } // If it's not supported tell stop.
break a pdf password; how to split pdf file by pages
C# TWAIN - Install, Deploy and Distribute XImage.Twain Control
RasterEdge.XDoc.PDF.dll. device.TwainTransferMode = method; break; } if (method == TwainTransferMethod.TWSX_FILE) device.TransferMethod = method; } // If it's
break pdf into separate pages; pdf specification
@@ -672,12 +672,12 @@
$which_xpos, $which_ypos, $which_color, $which_font, $which_text); 
else
($which_valign == 'top') { 
if
-    $which_ypos = $which_ypos - ImageFontHeight($which_font);
+    $which_ypos = $which_ypos - ImageFontHeight((
)$which_font);
int
}
$which_text = preg_replace(
,"",$which_text);
"/\r/"
$str = explode(
,$which_text); 
"\n"
//multiple lines submitted by Remi Ricard
-   $height = ImageFontHeight($which_font);
-   $width = ImageFontWidth($which_font);
+   $height = ImageFontHeight((
)$which_font);
int
+   $width = ImageFontWidth((
)$which_font);
int
($which_angle == 90) {  
if
//Vertical Code Submitted by Marlin Viss
($i=0;$i<count($str);$i++) { 
for
ImageStringUp($
->img, $which_font, ($i*$height + $which_xpos), $which_ypos, $str[$i],
this
$which_color);
@@ -686,9 +686,9 @@
($i=0;$i<count($str);$i++) { 
for
($which_halign == 'center') { 
if
$xpos = $which_xpos - strlen($str[$i]) * $width/2;
-       ImageString($
->img, $which_font, $xpos, ($i*$height + $which_ypos), $str[$i],
this
$which_color);
+      ImageString($
->img, (
)$which_font, $xpos, ($i*$height + $which_ypos), $str[$i],
this
int
$which_color);
else
-      ImageString($
->img, $which_font, $which_xpos, ($i*$height + $which_ypos), $str[$i],
this
$which_color); 
+      ImageString($
->img, (
)$which_font, $which_xpos, ($i*$height + $which_ypos),
this
int
$str[$i], $which_color);
}
}
catalog/admin/includes/functions/compatibility.php
@@ -85,7 +85,7 @@
(!function_exists('checkdnsrr')) {
if
function checkdnsrr($host, $type) {
(tep_not_null($host) && tep_not_null($type)) {
if
-        @exec(
, $output);
"nslookup -type=$type $host"
+        @exec(
. escapeshellarg($type) . 
. escapeshellarg($host), $output);
"nslookup -type="
" "
(list($k, $line) = each($output)) {
while
(preg_match(
, $line)) {
if
"/^$host/i"
;
return true
catalog/admin/includes/functions/html_output.php
C# TWAIN - Specify Size and Location to Scan
foreach (TwainStaticFrameSizeType frame in frames) { if (frame == TwainStaticFrameSizeType.LetterUS) { this.device.FrameSize = frame; break; } } }.
c# split pdf; break a pdf into multiple files
C# TWAIN - Acquire or Save Image to File
RasterEdge.XDoc.PDF.dll. if (device.Compression != TwainCompressionMode.Group4) device.Compression = TwainCompressionMode.Group3; break; } } acq.FileTranfer
combine pages of pdf documents into one; pdf rotate single page
@@ -13,6 +13,8 @@
////
// The HTML href link wrapper function
function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL') {
+    $page = tep_output_string($page);
+
($page == '') {
if
die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"
><b>Error!</b></font><br><br><b>Unable to determine the page link!<br><br>Function
used:<br><br>tep_href_link(\'' . $page . '\', \'' . $parameters . '\', \'' . $connection .
'\')</b>');
}
@@ -30,7 +32,7 @@
($parameters == '') {
if
$link = $link . $page . '?' . SID;
{
else
-      $link = $link . $page . '?' . $parameters . '&' . SID;
+      $link = $link . $page . '?' . tep_output_string($parameters) . '&' . SID;
}
( (substr($link, -1) == '&') || (substr($link, -1) == '?') ) $link = substr($link, 0,
while
-1);
catalog/admin/login.php
@@ -69,7 +69,7 @@
$username = tep_db_prepare_input($HTTP_POST_VARS['username']);
$password = tep_db_prepare_input($HTTP_POST_VARS['password']);
-          tep_db_query('insert into ' . TABLE_ADMINISTRATORS . ' (user_name, user_password)
values (
)');
"' . $username . '"
"' . tep_encrypt_password($password) . '"
+          tep_db_query(
. TABLE_ADMINISTRATORS . 
"insert into "
" (user_name, user_password)
. tep_db_input($username) . 
. tep_db_input(tep_encrypt_password($password)) . 
values ('"
"', '"
);
"')"
}
tep_redirect(tep_href_link(FILENAME_LOGIN));
catalog/checkout_confirmation.php
@@ -52,7 +52,7 @@
$payment_modules->update_status();
-  
( ( is_array($payment_modules->modules) && (sizeof($payment_modules->modules) > 1) &&
if
!is_object($$payment) ) || (is_object($$payment) && ($$payment->enabled == 
)) ) {
false
+  
( ($payment_modules->selected_module != $payment) || ( is_array($payment_modules->modules)
if
&& (sizeof($payment_modules->modules) > 1) && !is_object($$payment) ) || (is_object($$payment) &&
($$payment->enabled == 
)) ) {
false
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' .
urlencode(ERROR_NO_PAYMENT_MODULE_SELECTED), 'SSL'));
}
catalog/checkout_payment_address.php
@@ -166,7 +166,7 @@
$billto = $HTTP_POST_VARS['address'];
-      $check_address_query = tep_db_query(
. TABLE_ADDRESS_BOOK .
"select count(*) as total from "
. $customer_id . 
. $billto . 
);
" where customers_id = '"
"' and address_book_id = '"
"'"
+      $check_address_query = tep_db_query(
. TABLE_ADDRESS_BOOK .
"select count(*) as total from "
. (
)$customer_id . 
. (
)$billto . 
);
" where customers_id = '"
int
"' and address_book_id = '"
int
"'"
$check_address = tep_db_fetch_array($check_address_query);
($check_address['total'] == '1') {
if
catalog/checkout_process.php
@@ -68,7 +68,7 @@
$payment_modules->update_status();
-  
( ( is_array($payment_modules->modules) && (sizeof($payment_modules->modules) > 1) &&
if
!is_object($$payment) ) || (is_object($$payment) && ($$payment->enabled == 
)) ) {
false
+  
( ($payment_modules->selected_module != $payment) || ( is_array($payment_modules->modules)
if
&& (sizeof($payment_modules->modules) > 1) && !is_object($$payment) ) || (is_object($$payment) &&
($$payment->enabled == 
)) ) {
false
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' .
urlencode(ERROR_NO_PAYMENT_MODULE_SELECTED), 'SSL'));
}
catalog/create_account.php
@@ -77,7 +77,7 @@
}
(ACCOUNT_DOB == '
') {
if
true
-      
(checkdate(substr(tep_date_raw($dob), 4, 2), substr(tep_date_raw($dob), 6, 2),
if
substr(tep_date_raw($dob), 0, 4)) == 
) {
false
+      
((is_numeric(tep_date_raw($dob)) == 
) || (@checkdate(substr(tep_date_raw($dob), 4,
if
false
2), substr(tep_date_raw($dob), 6, 2), substr(tep_date_raw($dob), 0, 4)) == 
)) {
false
$error = 
;
true
$messageStack->add('create_account', ENTRY_DATE_OF_BIRTH_ERROR);
catalog/includes/application_top.php
@@ -93,6 +93,7 @@
$GET_array = array();
$PHP_SELF = str_replace(getenv('PATH_INFO'), '', $PHP_SELF);
$vars = explode('/', substr(getenv('PATH_INFO'), 1));
+      do_magic_quotes_gpc($vars);
($i=0, $n=sizeof($vars); $i<$n; $i++) {
for
(strpos($vars[$i], '[]')) {
if
$GET_array[substr($vars[$i], 0, -2)][] = $vars[$i+1];
catalog/includes/boxes/currencies.php
@@ -30,7 +30,7 @@
$hidden_get_variables = '';
reset($HTTP_GET_VARS);
(list($key, $value) = each($HTTP_GET_VARS)) {
while
-      
( ($key != 'currency') && ($key != tep_session_name()) && ($key != 'x') && ($key != 'y')
if
) {
+      
( is_string($value) && ($key != 'currency') && ($key != tep_session_name()) && ($key !=
if
'x') && ($key != 'y') ) {
$hidden_get_variables .= tep_draw_hidden_field($key, $value);
}
}
catalog/includes/boxes/tell_a_friend.php
@@ -22,7 +22,7 @@
$info_box_contents = array();
$info_box_contents[] = array('form' => tep_draw_form('tell_a_friend',
tep_href_link(FILENAME_TELL_A_FRIEND, '', 'NONSSL', 
), 'get'),
false
'align' => 'center',
-                               'text' => tep_draw_input_field('to_email_address', '', 'size="10"
') . '&nbsp;' . tep_image_submit('button_tell_a_friend.gif', BOX_HEADING_TELL_A_FRIEND) .
tep_draw_hidden_field('products_id', $HTTP_GET_VARS['products_id']) . tep_hide_session_id() .
'<br>' . BOX_TELL_A_FRIEND_TEXT);
+                               'text' => tep_draw_input_field('to_email_address', '', 'size="10"
') . '&nbsp;' . tep_image_submit('button_tell_a_friend.gif', BOX_HEADING_TELL_A_FRIEND) .
tep_draw_hidden_field('products_id', (
)$HTTP_GET_VARS['products_id']) . tep_hide_session_id() .
int
'<br>' . BOX_TELL_A_FRIEND_TEXT);
infoBox($info_box_contents);
new
?>
catalog/includes/functions/compatibility.php
@@ -171,7 +171,7 @@
(!function_exists('checkdnsrr')) {
if
function checkdnsrr($host, $type) {
(tep_not_null($host) && tep_not_null($type)) {
if
-        @exec(
, $output);
"nslookup -type=$type $host"
+        @exec(
. escapeshellarg($type) . 
. escapeshellarg($host), $output);
"nslookup -type="
" "
(list($k, $line) = each($output)) {
while
(preg_match(
, $line)) {
if
"/^$host/i"
;
return true
catalog/includes/functions/general.php
@@ -160,7 +160,7 @@
(is_array($HTTP_GET_VARS) && (sizeof($HTTP_GET_VARS) > 0)) {
if
reset($HTTP_GET_VARS);
(list($key, $value) = each($HTTP_GET_VARS)) {
while
-        
( (strlen($value) > 0) && ($key != tep_session_name()) && ($key != 'error') &&
if
(!in_array($key, $exclude_array)) && ($key != 'x') && ($key != 'y') ) {
+        
( is_string($value) && (strlen($value) > 0) && ($key != tep_session_name()) && ($key
if
!= 'error') && (!in_array($key, $exclude_array)) && ($key != 'x') && ($key != 'y') ) {
$get_url .= $key . '=' . rawurlencode(stripslashes($value)) . '&';
}
}
@@ -914,7 +914,7 @@
// Return a product ID with attributes
function tep_get_uprid($prid, $params) {
(is_numeric($prid)) {
if
-      $uprid = $prid;
+      $uprid = (
)$prid;
int
(is_array($params) && (sizeof($params) > 0)) {
if
$attributes_check = 
;
true
@@ -974,7 +974,7 @@
$pieces = explode('{', $uprid);
(is_numeric($pieces[0])) {
if
-      
$pieces[0];
return
+      
(
)$pieces[0];
return
int
{
else
;
return false
}
catalog/includes/functions/html_output.php
@@ -15,6 +15,8 @@
function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = 
, $search_engine_safe = 
) {
true
true
global $request_type, $session_started, $SID;
+    $page = tep_output_string($page);
+
(!tep_not_null($page)) {
if
die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"
><b>Error!</b></font><br><br><b>Unable to determine the page link!<br><br>');
}
catalog/product_info.php
@@ -139,7 +139,7 @@
}
}
-        if
(isset($cart->contents[$HTTP_GET_VARS['products_id']]['attributes'][$products_options_name['products_options_id']]))
{
+        
(is_string($HTTP_GET_VARS['products_id']) &&
if
isset($cart->contents[$HTTP_GET_VARS['products_id']]['attributes'][$products_options_name['products_options_id']]))
{
$selected_attribute =
$cart->contents[$HTTP_GET_VARS['products_id']]['attributes'][$products_options_name['products_options_id']];
{
else
$selected_attribute = 
;
false
catalog/tell_a_friend.php
@@ -28,7 +28,7 @@
}
($valid_product == 
) {
if
false
-    tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' .
$HTTP_GET_VARS['products_id']));
+    tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . (int
)$HTTP_GET_VARS['products_id']));
}
require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_TELL_A_FRIEND);
@@ -74,14 +74,14 @@
$email_body .= $message . 
;
"\n\n"
}
-      $email_body .= sprintf(TEXT_EMAIL_LINK, tep_href_link(FILENAME_PRODUCT_INFO, 'products_id='
. $HTTP_GET_VARS['products_id'], 'NONSSL', 
)) . 
.
false
"\n\n"
+      $email_body .= sprintf(TEXT_EMAIL_LINK, tep_href_link(FILENAME_PRODUCT_INFO, 'products_id='
. (
)$HTTP_GET_VARS['products_id'], 'NONSSL', 
)) . 
.
int
false
"\n\n"
sprintf(TEXT_EMAIL_SIGNATURE, STORE_NAME . 
. HTTP_SERVER .
"\n"
DIR_WS_CATALOG . 
);
"\n"
tep_mail($to_name, $to_email_address, $email_subject, $email_body, $from_name,
$from_email_address);
$messageStack->add_session('header', sprintf(TEXT_EMAIL_SUCCESSFUL_SENT,
$product_info['products_name'], tep_output_string_protected($to_name)), 'success');
-      tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' .
$HTTP_GET_VARS['products_id']));
+      tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . (int
)$HTTP_GET_VARS['products_id']));
}
} elseif (tep_session_is_registered('customer_id')) {
$account_query = tep_db_query("select customers_firstname, customers_lastname,
. TABLE_CUSTOMERS . 
. (
)$customer_id .
customers_email_address from "
" where customers_id = '"
int
);
"'"
@@ -91,7 +91,7 @@
$from_email_address = $account['customers_email_address'];
}
-  $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_TELL_A_FRIEND, 'products_id=' .
$HTTP_GET_VARS['products_id']));
+  $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_TELL_A_FRIEND, 'products_id=' . (int
)$HTTP_GET_VARS['products_id']));
?>
<!doctype html 
public "-
>
//W3C//DTD HTML 4.01 Transitional//EN"
<html <?php echo HTML_PARAMS; ?>>
@@ -115,7 +115,7 @@
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
-    <td width=
valign=
><?php echo tep_draw_form('email_friend',
"100%"
"top"
tep_href_link(FILENAME_TELL_A_FRIEND, 'action=process&products_id=' .
$HTTP_GET_VARS['products_id']), 'post', '', 
); ?><table border=
width=
cellspacing=
true
"0"
"100%"
cellpadding=
>
"0"
"0"
+    <td width=
valign=
><?php echo tep_draw_form('email_friend',
"100%"
"top"
tep_href_link(FILENAME_TELL_A_FRIEND, 'action=process&products_id=' . (int
)$HTTP_GET_VARS['products_id']), 'post', '', 
); ?><table border=
width=
cellspacing=
true
"0"
"100%"
cellpadding=
>
"0"
"0"
<tr>
<td><table border=
width=
cellspacing=
cellpadding=
>
"0"
"100%"
"0"
"0"
<tr>
@@ -211,7 +211,7 @@
<td><table border=
width=
cellspacing=
cellpadding=
>
"0"
"100%"
"0"
"2"
<tr>
<td width=
><?php echo tep_draw_separator('pixel_trans.gif', '10', '1');
"10"
?></td>
-                <td><?php echo '<a href="' . tep_href_link(FILENAME_PRODUCT_INFO, 'products_id='
>' . tep_image_button('button_back.gif', IMAGE_BUTTON_BACK) .
. $HTTP_GET_VARS['products_id']) . '"
'</a>'; ?></td>
+                <td><?php echo '<a href="' . tep_href_link(FILENAME_PRODUCT_INFO, 'products_id='
>' . tep_image_button('button_back.gif',
. (
)$HTTP_GET_VARS['products_id']) . '"
int
IMAGE_BUTTON_BACK) . '</a>'; ?></td>
<td align=
><?php echo tep_image_submit('button_continue.gif',
"right"
IMAGE_BUTTON_CONTINUE); ?></td>
<td width=
><?php echo tep_draw_separator('pixel_trans.gif', '10', '1');
"10"
Documents you may be interested
Documents you may be interested