X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2Fcommon.lib.php;h=ac0b6825f77c7b69c3be8f7c793b59da03d35dd6;hb=4af7dd7e10968588fe4c2828be5402f41d53ebc5;hp=4fa43777a9d7dcc27deef87e91f7e8756e7270a6;hpb=88ea8b988a90105b46ac7dd1e53dc8c99de3880c;p=timetracker.git

diff --git a/WEB-INF/lib/common.lib.php b/WEB-INF/lib/common.lib.php
index 4fa43777..ac0b6825 100644
--- a/WEB-INF/lib/common.lib.php
+++ b/WEB-INF/lib/common.lib.php
@@ -28,10 +28,10 @@
 
 // import() function loads a class.
 function import($class_name) {
-	    $libs = array(
-			dirname($_SERVER["SCRIPT_FILENAME"]),
-			LIBRARY_DIR
-		);
+  $libs = array(
+    dirname($_SERVER["SCRIPT_FILENAME"]),
+    LIBRARY_DIR
+  );
 
 	    $pos = strpos($class_name, ".");
         if (!($pos === false)) {
@@ -122,7 +122,6 @@ function import($class_name) {
     			die($mdb2->getMessage());
 			}
 
-			$mdb2->setOption('debug', true);
 			$mdb2->setFetchMode(MDB2_FETCHMODE_ASSOC);
 			
    			$GLOBALS["_MDB2_CONNECTION"] = $mdb2;
@@ -131,13 +130,6 @@ function import($class_name) {
 	}
 
 
-	function closeConnection() {
-		if (isset($GLOBALS["_DB_CONNECTION"])) {
-			$GLOBALS["_DB_CONNECTION"]->close();
-			unset($GLOBALS["_DB_CONNECTION"]);
-		}
-	}
-
 // time_to_decimal converts a time string such as 1:15 to its decimal representation such as 1.25 or 1,25.
 function time_to_decimal($val) {
   global $user;
@@ -158,11 +150,9 @@ function sec_to_time_fmt_hm($sec)
 
 function magic_quotes_off()
 {
-  // if (get_magic_quotes_gpc()) { // This check is now done before calling this function.
-    $_POST = array_map('stripslashes_deep', $_POST);
-    $_GET = array_map('stripslashes_deep', $_GET);
-    $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
-  // }
+  $_POST = array_map('stripslashes_deep', $_POST);
+  $_GET = array_map('stripslashes_deep', $_GET);
+  $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
 }
 
 // check_extension checks whether a required PHP extension is loaded and dies if not so.
@@ -318,6 +308,23 @@ function ttValidCronSpec($val)
   return true;
 }
 
+// ttValidCondition is used to check user input to validate a notification condition.
+function ttValidCondition($val, $emptyValid = true)
+{
+  $val = trim($val);
+  if (strlen($val) == 0)
+    return ($emptyValid ? true : false);
+
+  // String must not be XSS evil (to insert JavaScript).
+  if (stristr($val, '<script>') || stristr($val, '<script '))
+    return false;
+
+  if (!preg_match("/^count\s?>\s?\d+$/", $val))
+    return false;
+
+  return true;
+}
+
 // ttAccessCheck is used to check whether user is allowed to proceed. This function is used
 // as an initial check on all publicly available pages.
 function ttAccessCheck($required_rights)