From 5e8d1a2a39ef04de1d014a7b1984e32856cae5b9 Mon Sep 17 00:00:00 2001 From: Sarjuuk Date: Wed, 13 Mar 2013 21:33:22 +0100 Subject: [PATCH] moved error code for wrong Ids and pageNames to Tempate-Class throw an error if an invalid category-parameter is passed --- includes/class.worldevent.php | 2 +- includes/kernel.php | 41 +++++++++-- pages/account.php | 2 +- pages/achievement.php | 11 +-- pages/error.php | 12 ---- pages/events.php | 60 ++++++++++------ pages/spell.php | 14 +--- pages/title.php | 130 ++++++++++++++++------------------ pages/titles.php | 15 ++-- 9 files changed, 145 insertions(+), 142 deletions(-) delete mode 100644 pages/error.php diff --git a/includes/class.worldevent.php b/includes/class.worldevent.php index 5bed8f48..709682d0 100644 --- a/includes/class.worldevent.php +++ b/includes/class.worldevent.php @@ -73,7 +73,7 @@ class WorldEventList extends BaseType { // template $this->curTpl['name_loc0'] = $this->curTpl['description']; - $this->curTpl['iconString'] = 'INV_Misc_QuestionMark'; + $this->curTpl['iconString'] = 'trade_engineering'; $replace[$this->id] = $this->curTpl; // names diff --git a/includes/kernel.php b/includes/kernel.php index 3e51aa8d..aac5ceda 100644 --- a/includes/kernel.php +++ b/includes/kernel.php @@ -73,18 +73,45 @@ class Smarty_AoWoW extends Smarty public function display($tpl) { // since it's the same for every page, except index.. - if ($this->_tpl_vars['query'][0]) - { - $ann = DB::Aowow()->Select('SELECT * FROM ?_announcements WHERE flags & 0x10 AND (page = ?s OR page = "*")', $this->_tpl_vars['query'][0]); - foreach ($ann as $k => $v) - $ann[$k]['text'] = Util::localizedString($v, 'text'); + if (!$this->_tpl_vars['query'][0]) + return; - $this->_tpl_vars['announcements'] = $ann; - } + // sanitize + if (preg_match('/[^a-z]/i', $this->_tpl_vars['query'][0])) + return; + + $ann = DB::Aowow()->Select('SELECT * FROM ?_announcements WHERE flags & 0x10 AND (page = ?s OR page = "*")', $this->_tpl_vars['query'][0]); + foreach ($ann as $k => $v) + $ann[$k]['text'] = Util::localizedString($v, 'text'); + + $this->_tpl_vars['announcements'] = $ann; parent::display($tpl); } + public function notFound($subject) + { + $this->updatePageVars(array( + 'subject' => ucfirst($subject), + 'id' => intVal($this->_tpl_vars['query'][1]), + 'notFound' => sprintf(Lang::$main['pageNotFound'], $subject), + )); + + $this->assign('lang', Lang::$main); + + $this->display('404.tpl'); + exit(); + } + + public function error() + { + $this->assign('lang', array_merge(Lang::$main, Lang::$error)); + $this->assign('mysql', DB::Aowow()->getStatistics()); + + $this->display('error.tpl'); + exit(); + } + // creates the actual cache file public function saveCache($key, $data) { diff --git a/pages/account.php b/pages/account.php index 2793cf61..55647c1d 100644 --- a/pages/account.php +++ b/pages/account.php @@ -27,7 +27,7 @@ enum(array( // UserPropsLimits */ if (!in_array($pageParam, array('dashboard', '', 'signin', 'signup', 'signout', 'signin_do', 'signup_do', 'forgotpassword', 'forgotusername'))) - require 'error.php'; + $smarty->error(); function signin() { diff --git a/pages/achievement.php b/pages/achievement.php index da10979a..b6f2a9fd 100644 --- a/pages/achievement.php +++ b/pages/achievement.php @@ -55,16 +55,7 @@ if (!$smarty->loadCache($cacheKeyPage, $pageData)) { if ($acv->error) - { - $smarty->updatePageVars(array( - 'subject' => ucfirst(Lang::$achievement['achievement']), - 'id' => $id, - 'notFound' => sprintf(Lang::$main['pageNotFound'], Lang::$achievement['achievement']), - )); - $smarty->assign('lang', Lang::$main); - $smarty->display('404.tpl'); - exit(); - } + $smarty->notFound(Lang::$achievement['achievement']); $pageData['path'] = []; $pageData['title'] = [ucfirst(Lang::$achievement['achievement'])]; diff --git a/pages/error.php b/pages/error.php deleted file mode 100644 index 42102a68..00000000 --- a/pages/error.php +++ /dev/null @@ -1,12 +0,0 @@ -assign('lang', array_merge(Lang::$main, Lang::$error)); -$smarty->assign('mysql', DB::Aowow()->getStatistics()); -$smarty->display('error.tpl'); -exit(); - -?> diff --git a/pages/events.php b/pages/events.php index d458d5c0..e9eae803 100644 --- a/pages/events.php +++ b/pages/events.php @@ -3,27 +3,41 @@ if (!defined('AOWOW_REVISION')) die('illegal access'); -@list($cat) = Util::extractURLParams($pageParam); -$condition = []; -$path = [0, 11]; -$cacheKeyPage = implode('_', [CACHETYPE_PAGE, TYPE_WORLDEVENT, -1, $cat, User::$localeId]); -if ($cat) - $path[] = $cat; +$cat = Util::extractURLParams($pageParam)[0]; +$condition = []; +$path = [0, 11]; +$validCats = [0, 1, 2, 3]; +$title = [Lang::$game['events']]; +$cacheKey = implode('_', [CACHETYPE_PAGE, TYPE_WORLDEVENT, -1, $cat, User::$localeId]); -if (!$smarty->loadCache($cacheKeyPage, $pageData)) +if (!in_array($cat, $validCats)) + $smarty->error(); + +$path[] = $cat; + +if (isset($cat)) + array_unshift($title, Lang::$event['category'][$cat]); + +if (!$smarty->loadCache($cacheKey, $pageData)) { - switch ($cat) + if ($cat !== null) { - case 1: - $condition[] = ['h.scheduleType', -1]; - break; - case 2: - $condition[] = ['h.scheduleType', [0, 1]]; - break; - case 3: - $condition[] = ['h.scheduleType', 2]; - break; + switch ($cat) + { + case 0: + $condition[] = ['e.holidayId', 0]; + break; + case 1: + $condition[] = ['h.scheduleType', -1]; + break; + case 2: + $condition[] = ['h.scheduleType', [0, 1]]; + break; + case 3: + $condition[] = ['h.scheduleType', 2]; + break; + } } $events = new WorldEventList($condition); @@ -37,7 +51,7 @@ if (!$smarty->loadCache($cacheKeyPage, $pageData)) $events->addGlobalsToJScript($pageData); - $smarty->saveCache($cacheKeyPage, $pageData); + $smarty->saveCache($cacheKey, $pageData); } // recalculate dates with now(); can't be cached, obviously @@ -48,12 +62,12 @@ foreach ($pageData['page'] as &$data) $data['endDate'] = date(Util::$dateFormatLong, $updated['end']); } -$page = array( - 'tab' => 0, // for g_initHeader($tab) - 'title' => ($cat ? Lang::$event['category'][$cat].' - ' : null) . Lang::$game['events'], - 'path' => json_encode($path, JSON_NUMERIC_CHECK), -); +$page = array( + 'tab' => 0, // for g_initHeader($tab) + 'title' => implode(" - ", $title), + 'path' => "[".implode(", ", $path)."]" +); $smarty->updatePageVars($page); $smarty->assign('lang', Lang::$main); diff --git a/pages/spell.php b/pages/spell.php index 3804ea82..57417e26 100644 --- a/pages/spell.php +++ b/pages/spell.php @@ -594,19 +594,7 @@ if (!$smarty->loadCache($cacheKeyPage, $pageData)) $smarty->saveCache($cacheKeyPage, $pageData); } else - { - $smarty->updatePageVars(array( - 'subject' => ucfirst(Lang::$game['spell']), - 'id' => $id, - 'notFound' => sprintf(Lang::$main['pageNotFound'], Lang::$game['spell']), - )); - - $smarty->assign('lang', Lang::$main); - $smarty->display('404.tpl'); - - exit(); - } - + $smarty->notFound(Lang::$game['spell']); } $smarty->updatePageVars(array( diff --git a/pages/title.php b/pages/title.php index a6512aad..c25aa744 100644 --- a/pages/title.php +++ b/pages/title.php @@ -14,83 +14,73 @@ if (!$smarty->loadCache($cacheKeyPage, $pageData)) { $title = new TitleList(array(['id', $id])); if ($title->error) - { - $smarty->updatePageVars(array( - 'subject' => ucfirst(Lang::$game['title']), - 'id' => $id, - 'notFound' => sprintf(Lang::$main['pageNotFound'], Lang::$game['title']), - )); - $smarty->assign('lang', Lang::$main); - $smarty->display('404.tpl'); - exit(); - } + $smarty->notFound(Lang::$game['title']); + + $title->addGlobalsToJscript($pageData); + + $infobox = []; + $colon = User::$localeId == LOCALE_FR ? ' : ' : ': '; // Je suis un prick! <_< + if ($title->getField('side') == 1) + $infobox[] = Lang::$main['side'].$colon.'[span class=alliance-icon]'.Lang::$game['alliance'].'[/span]'; + else if ($title->getField('side') == 2) + $infobox[] = Lang::$main['side'].$colon.'[span class=horde-icon]'.Lang::$game['horde'].'[/span]'; else + $infobox[] = Lang::$main['side'].$colon.Lang::$main['both']; + + if ($g = $title->getField('gender')) + $infobox[] = Lang::$main['gender'].$colon.'[span class='.($g == 2 ? 'female' : 'male').'-icon]'.Lang::$main['sex'][$g].'[/span]'; + + if ($e = $title->getField('eventId')) + $infobox[] = Lang::$game['eventShort'].$colon.'[url=?event='.$e.']'.WorldEvent::getName($e).'[/url]'; + + $title->reset(); + $pageData = array( + 'page' => array( + 'name' => $title->getHtmlizedName(), + 'id' => $id, + 'expansion' => Util::$expansionString[$title->getField('expansion')] + ), + 'infobox' => '[li][ul]'.implode('[/ul][ul]', $infobox).'[/ul][/li]', + ); + + foreach ($title->sources[$id] as $type => $entries) { - $title->addGlobalsToJscript($pageData); - - $infobox = []; - $colon = User::$localeId == LOCALE_FR ? ' : ' : ': '; // Je suis un prick! <_< - if ($title->getField('side') == 1) - $infobox[] = Lang::$main['side'].$colon.'[span class=alliance-icon]'.Lang::$game['alliance'].'[/span]'; - else if ($title->getField('side') == 2) - $infobox[] = Lang::$main['side'].$colon.'[span class=horde-icon]'.Lang::$game['horde'].'[/span]'; - else - $infobox[] = Lang::$main['side'].$colon.Lang::$main['both']; - - if ($g = $title->getField('gender')) - $infobox[] = Lang::$main['gender'].$colon.'[span class='.($g == 2 ? 'female' : 'male').'-icon]'.Lang::$main['sex'][$g].'[/span]'; - - if ($e = $title->getField('eventId')) - $infobox[] = Lang::$game['eventShort'].$colon.'[url=?event='.$e.']'.WorldEvent::getName($e).'[/url]'; - - $pageData = array( - 'page' => array( - 'name' => $title->getHtmlizedName(), - 'id' => $id, - 'expansion' => Util::$expansionString[$title->getField('expansion')] - ), - 'infobox' => '[li][ul]'.implode('[/ul][ul]', $infobox).'[/ul][/li]', - ); - - foreach ($title->sources[$id] as $type => $entries) + // todo: hidden-/visibleCols by actual use + switch ($type) { - // todo: hidden-/visibleCols by actual use - switch ($type) - { - case 4: - $quests = new QuestList(array(['id', $entries])); - $quests->addRewardsToJscript($pageData); + case 4: + $quests = new QuestList(array(['id', $entries])); + $quests->addRewardsToJscript($pageData); - $pageData['page']['questReward'] = $quests->getListviewData(); - $pageData['page']['questParams'] = array( - 'id' => 'reward-from-quest', - 'name' => '$LANG.tab_rewardfrom', - 'hiddenCols' => "$['side']", - 'visibleCols' => "$['category']" - ); - break; - case 12: - $acvs = new AchievementList(array(['id', $entries])); - $acvs->addGlobalsToJscript($pageData); - $acvs->addRewardsToJscript($pageData); + $pageData['page']['questReward'] = $quests->getListviewData(); + $pageData['page']['questParams'] = array( + 'id' => 'reward-from-quest', + 'name' => '$LANG.tab_rewardfrom', + 'hiddenCols' => "$['side']", + 'visibleCols' => "$['category']" + ); + break; + case 12: + $acvs = new AchievementList(array(['id', $entries])); + $acvs->addGlobalsToJscript($pageData); + $acvs->addRewardsToJscript($pageData); - $pageData['page']['acvReward'] = $acvs->getListviewData(); - $pageData['page']['acvParams'] = array( - 'id' => 'reward-from-achievement', - 'name' => '$LANG.tab_rewardfrom', - 'visibleCols' => "$['category']", - 'sort' => "$['reqlevel', 'name']" - ); - break; - case 13: - // not displayed - } + $pageData['page']['acvReward'] = $acvs->getListviewData(); + $pageData['page']['acvParams'] = array( + 'id' => 'reward-from-achievement', + 'name' => '$LANG.tab_rewardfrom', + 'visibleCols' => "$['category']", + 'sort' => "$['reqlevel', 'name']" + ); + break; + // case 13: + // not displayed } - $pageData['title'] = ucFirst(trim(str_replace('%s', '', str_replace(',', '', $title->name[0])))); - $pageData['path'] = '[0, 10, '.$title->getField('category').']'; - - $smarty->saveCache($cacheKeyPage, $pageData); } + $pageData['title'] = ucFirst(trim(str_replace('%s', '', str_replace(',', '', $title->names[$title->id][0])))); + $pageData['path'] = '[0, 10, '.$title->getField('category').']'; + + $smarty->saveCache($cacheKeyPage, $pageData); } $smarty->updatePageVars(array( diff --git a/pages/titles.php b/pages/titles.php index 212c4b0a..522363da 100644 --- a/pages/titles.php +++ b/pages/titles.php @@ -4,10 +4,14 @@ if (!defined('AOWOW_REVISION')) die('illegal access'); -$cat = Util::extractURLParams($pageParam)[0]; -$path = [0, 10]; -$cacheKey = implode('_', [CACHETYPE_PAGE, TYPE_TITLE, -1, isset($cat) ? $cat : -1, User::$localeId]); -$title = [ucFirst(Lang::$game['titles'])]; +$cat = Util::extractURLParams($pageParam)[0]; +$path = [0, 10]; +$validCats = [0, 1, 2, 3, 4, 5, 6]; +$title = [ucFirst(Lang::$game['titles'])]; +$cacheKey = implode('_', [CACHETYPE_PAGE, TYPE_TITLE, -1, isset($cat) ? $cat : -1, User::$localeId]); + +if (!in_array($cat, $validCats)) + $smarty->error(); $path[] = $cat; // should be only one parameter anyway @@ -36,10 +40,11 @@ if (!$smarty->loadCache($cacheKey, $pageData)) $smarty->saveCache($cacheKey, $pageData); } + $page = array( 'tab' => 0, // for g_initHeader($tab) 'title' => implode(" - ", $title), - 'path' => "[".implode(", ", $path)."]", + 'path' => "[".implode(", ", $path)."]" ); $smarty->updatePageVars($page);