diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/ChangeLog zen-cart-v1.2.0-l10n-jp-6/ChangeLog --- zen-cart-v1.2.0-l10n-jp-5/ChangeLog 2006-01-23 19:17:52.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/ChangeLog 2006-02-19 14:05:05.000000000 +0900 @@ -1,3 +1,70 @@ +2006-02-19 14:00 shida + + * INSTALL.TXT: v1.2.0-l10n-jp-6リリース + +2006-02-19 13:58 shida + + * ChangeLog: v1.2.0-l10n-jp-6リリースのためのChangeLog更新 + +2006-02-19 11:48 shida + + * admin/password_forgotten.php, admin/includes/.htaccess, + admin/includes/functions/general.php, + includes/application_top.php, includes/version.php, + includes/classes/order.php, + includes/functions/functions_general.php, + includes/modules/pages/account/header_php.php, + includes/modules/pages/account_edit/header_php.php, + includes/modules/pages/address_book_process/header_php.php, + includes/modules/pages/checkout_confirmation/header_php.php, + includes/modules/pages/checkout_payment_address/header_php.php, + includes/modules/pages/checkout_shipping_address/header_php.php, + includes/modules/pages/checkout_success/header_php.php, + includes/modules/pages/contact_us/header_php.php, + includes/modules/pages/create_account/header_php.php, + includes/modules/pages/download/header_php.php, + includes/modules/pages/gv_faq/header_php.php, + includes/modules/pages/gv_redeem/header_php.php, + includes/modules/pages/gv_send/header_php.php, + includes/modules/pages/popup_image/header_php.php, + includes/modules/pages/popup_image_additional/header_php.php, + includes/modules/pages/product_music_info/main_template_vars.php, + includes/modules/pages/tell_a_friend/header_php.php, + includes/modules/pages/unsubscribe/header_php.php: + zen-cart-v1.2.6dからzen-cart-v1.2.7dの更新箇所のマージ。 + zc_installは含んでいない。 + +2006-02-04 16:44 shida + + * includes/functions/extra_functions/mb-emulator/: mb-emulator.php: + mb_strimwidthの第4引数を省略してしまっている + http://zen-cart.jp/pukiwiki/448.html + + のバグフィクス。 + + mb-emulatorで、弟4引数が必須パラメータになっており、 + そのため、ワーニングがでてしまう。 + + オリジナルの仕様では、mb_strimwidthの第4引数は省略可なので、 + そのように修正。 + +2006-02-04 16:22 shida + + * includes/modules/shipping/: nittsu.php: + 日通ペリカン配送モジュールでDBプレフィクスが設定されていない + http://zen-cart.jp/pukiwiki/463.html のバグフィクス。 + + Yattsさん、対応が遅れちゃって申し訳ありませんでした m(_ _)m + +2006-02-04 16:07 shida + + * includes/templates/template_default/templates/: + tpl_block_checkout_payment_address.php: + 支払い法選択画面での住所変更で住所選択肢の部分が「名」「性」の並び順 + http://zen-cart.jp/pukiwiki/552.html + + のバグフィクス。 + 2006-01-23 17:57 shida * INSTALL.TXT: v1.2.0-l10n-jp-5のリリース diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/INSTALL.TXT zen-cart-v1.2.0-l10n-jp-6/INSTALL.TXT --- zen-cart-v1.2.0-l10n-jp-5/INSTALL.TXT 2006-01-23 17:57:57.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/INSTALL.TXT 2006-02-19 14:02:16.000000000 +0900 @@ -1,6 +1,6 @@ Zen Cart - The Art of E-Commerce -Version 1.2.0-l10n-jp-5 +Version 1.2.0-l10n-jp-6 Zen Cartの導入は自動インストールシステムによって行います。 diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/admin/includes/.htaccess zen-cart-v1.2.0-l10n-jp-6/admin/includes/.htaccess --- zen-cart-v1.2.0-l10n-jp-5/admin/includes/.htaccess 1970-01-01 09:00:00.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/admin/includes/.htaccess 2006-02-19 11:48:12.000000000 +0900 @@ -0,0 +1,14 @@ +# $Id: .htaccess,v 1.1 2006/02/19 02:48:12 shida Exp $ +# +# This is used with Apache WebServers +# The following blocks direct HTTP requests in this directory recursively +# +# This does not affect PHP include/require functions +# +# Example: direct access to http://server/admin/includes/application_top.php will not work with the following installed + + +Order Deny,Allow +Deny from all +Allow from localhost + diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/admin/includes/functions/general.php zen-cart-v1.2.0-l10n-jp-6/admin/includes/functions/general.php --- zen-cart-v1.2.0-l10n-jp-5/admin/includes/functions/general.php 2006-01-22 14:59:47.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/admin/includes/functions/general.php 2006-02-19 11:54:15.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2003 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | | @@ -1490,14 +1490,9 @@ } //// -// Wrapper function for round() for php3 compatibility +// Wrapper function for round() function zen_round($value, $precision) { - if (PHP_VERSION < 4) { - $exp = pow(10, $precision); - return round($value * $exp) / $exp; - } else { - return round($value, $precision); - } + return round($value, $precision); } //// diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/admin/password_forgotten.php zen-cart-v1.2.0-l10n-jp-6/admin/password_forgotten.php --- zen-cart-v1.2.0-l10n-jp-5/admin/password_forgotten.php 2006-01-09 15:44:41.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/admin/password_forgotten.php 2006-02-19 11:54:15.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2003 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | | @@ -92,3 +92,4 @@ + diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/application_top.php zen-cart-v1.2.0-l10n-jp-6/includes/application_top.php --- zen-cart-v1.2.0-l10n-jp-5/includes/application_top.php 2005-04-16 14:46:32.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/application_top.php 2006-02-19 11:54:15.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2003 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | | @@ -360,14 +360,44 @@ } } -// Sanitize get parameters in the url +/** + * Sanitize $_GET parameters in the URL + */ if (isset($_GET['products_id'])) $_GET['products_id'] = ereg_replace('[^0-9a-f:]', '', $_GET['products_id']); if (isset($_GET['manufacturers_id'])) $_GET['manufacturers_id'] = ereg_replace('[^0-9]', '', $_GET['manufacturers_id']); if (isset($_GET['cPath'])) $_GET['cPath'] = ereg_replace('[^0-9_]', '', $_GET['cPath']); if (isset($_GET['main_page'])) $_GET['main_page'] = ereg_replace('[^0-9a-zA-Z_]', '', $_GET['main_page']); - while (list($key, $value) = each($_GET)) { - $_GET[$key] = ereg_replace('[<>]', '', $value); + if (isset($_GET)) { + while (list($key, $value) = each($_GET)){ + if(is_array($value)){ + foreach($value as $key2 => $val2){ + $_GET[$key][$key2] = ereg_replace('[<>]', '', $val2); + unset($GLOBALS[$key]); + } + } else { + $_GET[$key] = ereg_replace('[<>]', '', $value); + unset($GLOBALS[$key]); + } + } } + if (isset($_POST)) { + while (list($key, $value) = each($_POST)){ + unset($GLOBALS[$key]); + } + } + if (isset($_COOKIE)) { + while (list($key, $value) = each($_COOKIE)){ + unset($GLOBALS[$key]); + } + } + if (isset($_SESSION)) { + while (list($key, $value) = each($_SESSION)){ + unset($GLOBALS[$key]); + } + } + + + // validate products_id for search engines and bookmarks, etc. if (isset($_GET['products_id']) and $_SESSION['check_valid'] != 'false') { diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/classes/order.php zen-cart-v1.2.0-l10n-jp-6/includes/classes/order.php --- zen-cart-v1.2.0-l10n-jp-5/includes/classes/order.php 2004-12-04 13:24:18.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/classes/order.php 2006-02-19 11:54:16.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2003 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | | @@ -462,22 +462,29 @@ $products_tax = $this->products[$index]['tax']; $products_tax_description = $this->products[$index]['tax_description']; + + // calculate the amount of tax "inc"luded in price (used if tax-in pricing is enabled) + $current_row_tax_inc = $shown_price - ($shown_price / (($products_tax < 10) ? "1.0" . str_replace('.', '', $products_tax) : "1." . str_replace('.', '', $products_tax))); + + // calculate the amount of tax for this product (assuming tax is NOT included in the price) + $current_row_tax_exc = zen_round(($products_tax / 100) * $shown_price, $currencies->currencies[$this->info['currency']]['decimal_places']); + if (DISPLAY_PRICE_WITH_TAX == 'true') { - $this->info['tax'] += $shown_price - ($shown_price / (($products_tax < 10) ? "1.0" . str_replace('.', '', $products_tax) : "1." . str_replace('.', '', $products_tax))); + $this->info['tax'] += $current_row_tax_inc; if (isset($this->info['tax_groups']["$products_tax_description"])) { - $this->info['tax_groups']["$products_tax_description"] += $shown_price - ($shown_price / (($products_tax < 10) ? "1.0" . str_replace('.', '', $products_tax) : "1." . str_replace('.', '', $products_tax))); + $this->info['tax_groups']["$products_tax_description"] += $current_row_tax_inc; } else { - $this->info['tax_groups']["$products_tax_description"] = $shown_price - ($shown_price / (($products_tax < 10) ? "1.0" . str_replace('.', '', $products_tax) : "1." . str_replace('.', '', $products_tax))); + $this->info['tax_groups']["$products_tax_description"] = $current_row_tax_inc; } } else { - $this->info['tax'] += ($products_tax / 100) * $shown_price; + // this adds the tax rate for cases where tax is NOT included in the product + $this->info['tax'] += $current_row_tax_exc; if (isset($this->info['tax_groups']["$products_tax_description"])) { - $this->info['tax_groups']["$products_tax_description"] += ($products_tax / 100) * $shown_price; + $this->info['tax_groups']["$products_tax_description"] += $current_row_tax_exc; } else { - $this->info['tax_groups']["$products_tax_description"] = ($products_tax / 100) * $shown_price; + $this->info['tax_groups']["$products_tax_description"] = $current_row_tax_exc; } } - $index++; } diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/functions/extra_functions/mb-emulator/mb-emulator.php zen-cart-v1.2.0-l10n-jp-6/includes/functions/extra_functions/mb-emulator/mb-emulator.php --- zen-cart-v1.2.0-l10n-jp-5/includes/functions/extra_functions/mb-emulator/mb-emulator.php 2005-02-05 15:18:10.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/functions/extra_functions/mb-emulator/mb-emulator.php 2006-02-04 16:46:03.000000000 +0900 @@ -825,7 +825,7 @@ } } -function mb_strimwidth( $str, $start, $width, $trimmarker , $encoding = '') +function mb_strimwidth( $str, $start, $width, $trimmarker = '', $encoding = '') { global $_mb_encoding, $euc_match, $utf8_match, $sjis_match; diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/functions/functions_general.php zen-cart-v1.2.0-l10n-jp-6/includes/functions/functions_general.php --- zen-cart-v1.2.0-l10n-jp-5/includes/functions/functions_general.php 2005-05-06 12:19:32.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/functions/functions_general.php 2006-02-19 11:54:16.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2003 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | | @@ -37,7 +37,8 @@ * @param string The url to redirect to */ function zen_redirect($url) { - if ( (ENABLE_SSL == true) && ($_SERVER['HTTPS'] == 'on') ) { // We are loading an SSL page + global $request_type; + if ( (ENABLE_SSL == true) && ($request_type == 'SSL') ) { // We are loading an SSL page if (substr($url, 0, strlen(HTTP_SERVER)) == HTTP_SERVER) { // NONSSL url $url = HTTPS_SERVER . substr($url, strlen(HTTP_SERVER)); // Change it to SSL } @@ -180,21 +181,8 @@ //// // Wrapper function for round() function zen_round($number, $precision) { - if (strpos($number, '.') && (strlen(substr($number, strpos($number, '.')+1)) > $precision)) { - $number = substr($number, 0, strpos($number, '.') + 1 + $precision + 1); - - if (substr($number, -1) >= 5) { - if ($precision > 1) { - $number = substr($number, 0, -1) + ('0.' . str_repeat(0, $precision-1) . '1'); - } elseif ($precision == 1) { - $number = substr($number, 0, -1) + 0.1; - } else { - $number = substr($number, 0, -1) + 1; - } - } else { - $number = substr($number, 0, -1); - } - } +/// fix rounding error on GVs etc. + $number = round($number, $precision); return $number; } @@ -702,6 +690,7 @@ //// function zen_array_to_string($array, $exclude = '', $equals = '=', $separator = '&') { if (!is_array($exclude)) $exclude = array(); + if (!is_array($array)) $array = array(); $get_string = ''; if (sizeof($array) > 0) { @@ -865,7 +854,7 @@ if ($coupons->RecordCount() == 0) return true; $product_valid = true; while (!$coupons->EOF) { - if (($coupons->fields['product_id'] != 0) && ($coupons->fields['product_id'] != $product_id)) $product_valid = false; + if (($coupons->fields['product_id'] != 0) && ($coupons->fields['product_id'] != (int)$product_id)) $product_valid = false; if (($coupons->fields['category_id'] !=0) && (!zen_product_in_category($product_id, $coupons->fields['category_id'])) && ($coupons->fields['coupon_restrict']=='N')) $product_valid = false; if (($coupons->fields['product_id'] == (int)$product_id) && ($coupons->fields['coupon_restrict']=='N')) $product_valid = true; if (($coupons->fields['category_id'] !=0) && (zen_product_in_category($product_id, $coupons->fields['category_id'])) && ($coupons->fields['coupon_restrict']=='N')) $product_valid = true; diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/account/header_php.php zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/account/header_php.php --- zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/account/header_php.php 2004-09-01 13:47:42.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/account/header_php.php 2006-02-19 11:54:16.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2003 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | | @@ -25,7 +25,7 @@ } $gv_query = "select amount from " . TABLE_COUPON_GV_CUSTOMER . " - where customer_id = '" . $_SESSION['customer_id'] . "'"; + where customer_id = '" . (int)$_SESSION['customer_id'] . "'"; $gv_result = $db->Execute($gv_query); if ($gv_result->fields['amount'] > 0 ) { @@ -38,7 +38,7 @@ if ($_SESSION['customer_id']) { $gv_query = "select amount from " . TABLE_COUPON_GV_CUSTOMER . " - where customer_id = '" . $_SESSION['customer_id'] . "'"; + where customer_id = '" . (int)$_SESSION['customer_id'] . "'"; $gv_result = $db->Execute($gv_query); if ($gv_result->fields['amount'] > 0 ) { diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/account_edit/header_php.php zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/account_edit/header_php.php --- zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/account_edit/header_php.php 2004-12-04 13:24:19.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/account_edit/header_php.php 2006-02-19 11:54:16.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2003 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | | @@ -148,4 +148,4 @@ $breadcrumb->add(NAVBAR_TITLE_1, zen_href_link(FILENAME_ACCOUNT, '', 'SSL')); $breadcrumb->add(NAVBAR_TITLE_2); -?> +?> \ No newline at end of file diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/address_book_process/header_php.php zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/address_book_process/header_php.php --- zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/address_book_process/header_php.php 2006-01-22 11:39:48.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/address_book_process/header_php.php 2006-02-19 11:54:16.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2003 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | | diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/checkout_confirmation/header_php.php zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/checkout_confirmation/header_php.php --- zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/checkout_confirmation/header_php.php 2004-09-01 13:47:40.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/checkout_confirmation/header_php.php 2006-02-19 11:54:16.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2003 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | | diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/checkout_payment_address/header_php.php zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/checkout_payment_address/header_php.php --- zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/checkout_payment_address/header_php.php 2006-01-22 11:39:49.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/checkout_payment_address/header_php.php 2006-02-19 11:54:16.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2003 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | | @@ -143,7 +143,7 @@ } if ($error == false) { - $sql_data_array = array('customers_id' => $_SESSION['customer_id'], + $sql_data_array = array('customers_id' => (int)$_SESSION['customer_id'], 'entry_firstname' => $firstname, 'entry_lastname' => $lastname, 'entry_telephone' => $telephone, @@ -151,14 +151,14 @@ 'entry_street_address' => $street_address, 'entry_postcode' => $postcode, 'entry_city' => $city, - 'entry_country_id' => $country); + 'entry_country_id' => (int)$country); if (ACCOUNT_GENDER == 'true') $sql_data_array['entry_gender'] = $gender; if (ACCOUNT_COMPANY == 'true') $sql_data_array['entry_company'] = $company; if (ACCOUNT_SUBURB == 'true') $sql_data_array['entry_suburb'] = $suburb; if (ACCOUNT_STATE == 'true') { if ($zone_id > 0) { - $sql_data_array['entry_zone_id'] = $zone_id; + $sql_data_array['entry_zone_id'] = (int)$zone_id; $sql_data_array['entry_state'] = ''; } else { $sql_data_array['entry_zone_id'] = '0'; @@ -193,8 +193,8 @@ $_SESSION['billto'] = $_POST['address']; $check_address_query = "select count(*) as total from " . TABLE_ADDRESS_BOOK . " - where customers_id = '" . $_SESSION['customer_id'] . "' - and address_book_id = '" . $_SESSION['billto'] . "'"; + where customers_id = '" . (int)$_SESSION['customer_id'] . "' + and address_book_id = '" . (int)$_SESSION['billto'] . "'"; $check_address = $db->Execute($check_address_query); @@ -221,4 +221,4 @@ $breadcrumb->add(NAVBAR_TITLE_2); $addresses_count = zen_count_customer_address_book_entries(); -?> +?> \ No newline at end of file diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/checkout_shipping_address/header_php.php zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/checkout_shipping_address/header_php.php --- zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/checkout_shipping_address/header_php.php 2006-01-22 11:39:49.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/checkout_shipping_address/header_php.php 2006-02-19 11:54:17.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2003 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | | @@ -161,7 +161,7 @@ } if ($error == false) { - $sql_data_array = array('customers_id' => $_SESSION['customer_id'], + $sql_data_array = array('customers_id' => (int)$_SESSION['customer_id'], 'entry_firstname' => $firstname, 'entry_lastname' => $lastname, 'entry_telephone' => $telephone, @@ -169,14 +169,14 @@ 'entry_street_address' => $street_address, 'entry_postcode' => $postcode, 'entry_city' => $city, - 'entry_country_id' => $country); + 'entry_country_id' => (int)$country); if (ACCOUNT_GENDER == 'true') $sql_data_array['entry_gender'] = $gender; if (ACCOUNT_COMPANY == 'true') $sql_data_array['entry_company'] = $company; if (ACCOUNT_SUBURB == 'true') $sql_data_array['entry_suburb'] = $suburb; if (ACCOUNT_STATE == 'true') { if ($zone_id > 0) { - $sql_data_array['entry_zone_id'] = $zone_id; + $sql_data_array['entry_zone_id'] = (int)$zone_id; $sql_data_array['entry_state'] = ''; } else { $sql_data_array['entry_zone_id'] = '0'; diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/checkout_success/header_php.php zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/checkout_success/header_php.php --- zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/checkout_success/header_php.php 2004-09-01 13:47:42.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/checkout_success/header_php.php 2006-02-19 11:54:17.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2003 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | | diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/contact_us/header_php.php zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/contact_us/header_php.php --- zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/contact_us/header_php.php 2005-05-06 14:17:13.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/contact_us/header_php.php 2006-02-19 11:54:17.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2003 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | | @@ -37,7 +37,7 @@ // auto complete when logged in if($_SESSION['customer_id']) { - $check_customer = $db->Execute("select customers_id, customers_firstname, customers_lastname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_id = '" . $customer_id . "'"); + $check_customer = $db->Execute("select customers_id, customers_firstname, customers_lastname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$_SESSION['customer_id'] . "'"); $customer_email= $check_customer->fields['customers_email_address']; //Change for Japanese NAME format [lastname firstname] $customer_name= $check_customer->fields['customers_lastname'] . ' ' . $check_customer->fields['customers_firstname']; @@ -84,7 +84,7 @@ // default email and name if customer is logged in if($_SESSION['customer_id']) { - $check_customer = $db->Execute("select customers_id, customers_firstname, customers_lastname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_id = '" . $_SESSION['customer_id'] . "'"); + $check_customer = $db->Execute("select customers_id, customers_firstname, customers_lastname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$_SESSION['customer_id'] . "'"); $email= $check_customer->fields['customers_email_address']; //Change for Japanese NAME format [lastname firstname] $name= $check_customer->fields['customers_lastname'] . ' ' . $check_customer->fields['customers_firstname']; @@ -100,4 +100,4 @@ $define_contact_us = zen_get_file_directory(DIR_WS_LANGUAGES . $_SESSION['language'] . '/html_includes/', FILENAME_DEFINE_CONTACT_US, 'false'); $breadcrumb->add(NAVBAR_TITLE); -?> +?> \ No newline at end of file diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/create_account/header_php.php zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/create_account/header_php.php --- zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/create_account/header_php.php 2006-01-22 11:39:49.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/create_account/header_php.php 2006-02-19 11:54:17.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2003 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | | @@ -148,7 +148,7 @@ require($sniffer->phpBB['phpbb_path'] . 'config.php'); $db_phpbb = new queryFactory(); $db_phpbb->connect($dbhost, $dbuser, $dbpasswd, $dbname, USE_PCONNECT, false); - $sql = "select * from " . $table_prefix . TABLE_PHPBB_USERS . " where username = '" . $nick . "'"; + $sql = "select * from " . $table_prefix . TABLE_PHPBB_USERS . " where username = '" . zen_db_input($nick) . "'"; //echo $sql; $phpbb_users = $db_phpbb->Execute($sql); //echo "count=".$phpbb_users->RecordCount(); @@ -272,7 +272,7 @@ $_SESSION['customer_id'] = $db->Insert_ID(); - $sql_data_array = array('customers_id' => $_SESSION['customer_id'], + $sql_data_array = array('customers_id' => (int)$_SESSION['customer_id'], 'entry_firstname' => $firstname, 'entry_lastname' => $lastname, 'entry_telephone' => $telephone, @@ -280,14 +280,14 @@ 'entry_street_address' => $street_address, 'entry_postcode' => $postcode, 'entry_city' => $city, - 'entry_country_id' => $country); + 'entry_country_id' => (int)$country); if (ACCOUNT_GENDER == 'true') $sql_data_array['entry_gender'] = $gender; if (ACCOUNT_COMPANY == 'true') $sql_data_array['entry_company'] = $company; if (ACCOUNT_SUBURB == 'true') $sql_data_array['entry_suburb'] = $suburb; if (ACCOUNT_STATE == 'true') { if ($zone_id > 0) { - $sql_data_array['entry_zone_id'] = $zone_id; + $sql_data_array['entry_zone_id'] = (int)$zone_id; $sql_data_array['entry_state'] = ''; } else { $sql_data_array['entry_zone_id'] = '0'; @@ -324,7 +324,7 @@ $sql = "insert into " . $table_prefix . TABLE_PHPBB_USERS . " (user_id, username, user_password, user_email, user_regdate) values - ('" . (int)$user_id . "', '" . $nick . "', '" . md5($_POST['password']) . "', '" . $email_address . "', '" . time() ."')"; + ('" . (int)$user_id . "', '" . zen_db_input($nick) . "', '" . md5($_POST['password']) . "', '" . zen_db_input($email_address) . "', '" . time() ."')"; $db_phpbb->Execute($sql); $sql = "INSERT INTO " . $table_prefix . TABLE_PHPBB_GROUPS . " (group_name, group_description, group_single_user, group_moderator) @@ -376,8 +376,8 @@ if (NEW_SIGNUP_DISCOUNT_COUPON != '' and NEW_SIGNUP_DISCOUNT_COUPON != '0') { $coupon_id = NEW_SIGNUP_DISCOUNT_COUPON; $coupon = $db->Execute("select * from " . TABLE_COUPONS . " where coupon_id = '" . $coupon_id . "'"); - $coupon_desc = $db->Execute("select coupon_description from " . TABLE_COUPONS_DESCRIPTION . " where coupon_id = '" . $coupon_id . "' and language_id = '" . $_SESSION['languages_id'] . "'"); - $db->Execute("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $coupon_id ."', '0', 'Admin', '" . $email_address . "', now() )"); + $coupon_desc = $db->Execute("select coupon_description from " . TABLE_COUPONS_DESCRIPTION . " where coupon_id = '" . $coupon_id . "' and language_id = '" . (int)$_SESSION['languages_id'] . "'"); + $db->Execute("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $coupon_id ."', '0', 'Admin', '" . zen_db_input($email_address) . "', now() )"); // if on, add in Discount Coupon explanation // $email_text .= EMAIL_COUPON_INCENTIVE_HEADER . @@ -395,7 +395,7 @@ $coupon_code = zen_create_coupon_code(); $insert_query = $db->Execute("insert into " . TABLE_COUPONS . " (coupon_code, coupon_type, coupon_amount, date_created) values ('" . $coupon_code . "', 'G', '" . NEW_SIGNUP_GIFT_VOUCHER_AMOUNT . "', now())"); $insert_id = $db->Insert_ID(); - $db->Execute("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $insert_id ."', '0', 'Admin', '" . $email_address . "', now() )"); + $db->Execute("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $insert_id ."', '0', 'Admin', '" . zen_db_input($email_address) . "', now() )"); // if on, add in GV explanation $email_text .= "\n\n" . sprintf(EMAIL_GV_INCENTIVE_HEADER, $currencies->format(NEW_SIGNUP_GIFT_VOUCHER_AMOUNT)) . diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/download/header_php.php zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/download/header_php.php --- zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/download/header_php.php 2005-04-16 14:46:32.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/download/header_php.php 2006-02-19 11:54:17.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2003 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | | @@ -37,7 +37,7 @@ } // Check that order_id, customer_id and filename match - $downloads = $db->Execute("select date_format(o.date_purchased, '%Y-%m-%d') as date_purchased_day, opd.download_maxdays, opd.download_count, opd.download_maxdays, opd.orders_products_filename from " . TABLE_ORDERS . " o, " . TABLE_ORDERS_PRODUCTS . " op, " . TABLE_ORDERS_PRODUCTS_DOWNLOAD . " opd where o.customers_id = '" . $_SESSION['customer_id'] . "' and o.orders_id = '" . (int)$_GET['order'] . "' and o.orders_id = op.orders_id and op.orders_products_id = opd.orders_products_id and opd.orders_products_download_id = '" . (int)$_GET['id'] . "' and opd.orders_products_filename != ''"); + $downloads = $db->Execute("select date_format(o.date_purchased, '%Y-%m-%d') as date_purchased_day, opd.download_maxdays, opd.download_count, opd.download_maxdays, opd.orders_products_filename from " . TABLE_ORDERS . " o, " . TABLE_ORDERS_PRODUCTS . " op, " . TABLE_ORDERS_PRODUCTS_DOWNLOAD . " opd where o.customers_id = '" . (int)$_SESSION['customer_id'] . "' and o.orders_id = '" . (int)$_GET['order'] . "' and o.orders_id = op.orders_id and op.orders_products_id = opd.orders_products_id and opd.orders_products_download_id = '" . (int)$_GET['id'] . "' and opd.orders_products_filename != ''"); if ($downloads->RecordCount() <= 0 ) die; // MySQL 3.22 does not have INTERVAL list($dt_year, $dt_month, $dt_day) = explode('-', $downloads->fields['date_purchased_day']); diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/gv_faq/header_php.php zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/gv_faq/header_php.php --- zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/gv_faq/header_php.php 2004-09-01 13:47:41.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/gv_faq/header_php.php 2006-02-19 11:54:17.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2003 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | | @@ -24,14 +24,14 @@ if ($_SESSION['customer_id']) { $gv_query = "select amount from " . TABLE_COUPON_GV_CUSTOMER . " - where customer_id = '" . $_SESSION['customer_id'] . "'"; + where customer_id = '" . (int)$_SESSION['customer_id'] . "'"; $gv_result = $db->Execute($gv_query); if ($gv_result->fields['amount'] > 0 ) $has_gv_balance = true; } if ($_SESSION['gv_id']) { $gv_query = "select coupon_amount from " . TABLE_COUPONS . " - where coupon_id = '" . $_SESSION['gv_id'] . "'"; + where coupon_id = '" . (int)$_SESSION['gv_id'] . "'"; $coupon = $db->Execute($gv_query); } diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/gv_redeem/header_php.php zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/gv_redeem/header_php.php --- zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/gv_redeem/header_php.php 2004-09-01 13:47:43.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/gv_redeem/header_php.php 2006-02-19 11:54:17.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2003 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | | @@ -29,7 +29,7 @@ $error = true; $gv_query = "select c.coupon_id, c.coupon_amount from " . TABLE_COUPONS . " c, " . TABLE_COUPON_EMAIL_TRACK . " et - where coupon_code = '" . $_GET['gv_no'] . "' + where coupon_code = '" . zen_db_input($_GET['gv_no']) . "' and c.coupon_id = et.coupon_id"; $coupon = $db->Execute($gv_query); @@ -37,7 +37,7 @@ if ($coupon->RecordCount() >0) { $redeem_query = "select coupon_id from ". TABLE_COUPON_REDEEM_TRACK . " - where coupon_id = '" . $coupon->fields['coupon_id'] . "'"; + where coupon_id = '" . (int)$coupon->fields['coupon_id'] . "'"; $redeem = $db->Execute($redeem_query); @@ -56,14 +56,14 @@ // Update redeem status $gv_query = "insert into " . TABLE_COUPON_REDEEM_TRACK . " (coupon_id, customer_id, redeem_date, redeem_ip) - values ('" . $coupon->fields['coupon_id'] . "', '" . $_SESSION['customer_id'] . "', - now(),'" . $REMOTE_ADDR . "')"; + values ('" . (int)$coupon->fields['coupon_id'] . "', '" . (int)$_SESSION['customer_id'] . "', + now(),'" . zen_db_input($REMOTE_ADDR) . "')"; $db->Execute($gv_query); $gv_update = "update " . TABLE_COUPONS . " set coupon_active = 'N' - where coupon_id = '" . $coupon['coupon_id'] . "'"; + where coupon_id = '" . (int)$coupon['coupon_id'] . "'"; $db->Execute($gv_update); diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/gv_send/header_php.php zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/gv_send/header_php.php --- zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/gv_send/header_php.php 2005-01-12 18:16:23.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/gv_send/header_php.php 2006-02-19 11:54:18.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2003 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | | @@ -34,7 +34,7 @@ $gv_query = "select amount from " . TABLE_COUPON_GV_CUSTOMER . " - where customer_id = '" . $_SESSION['customer_id'] . "'"; + where customer_id = '" . (int)$_SESSION['customer_id'] . "'"; $gv_result = $db->Execute($gv_query); @@ -88,8 +88,8 @@ } else { $_GET['action'] = 'complete'; $gv_query="update " . TABLE_COUPON_GV_CUSTOMER . " - set amount = '" . $new_amount . "' - where customer_id = '" . $_SESSION['customer_id'] . "'"; + set amount = '" . zen_db_input($new_amount) . "' + where customer_id = '" . (int)$_SESSION['customer_id'] . "'"; $db->Execute($gv_query); @@ -100,7 +100,7 @@ $gv_customer=$db->Execute($gv_query); $gv_query="insert into " . TABLE_COUPONS . " (coupon_type, coupon_code, date_created, coupon_amount) - values ('G', '" . $id1 . "', NOW(), '" . $currencies->value($_POST['amount'], true, DEFAULT_CURRENCY) . "')"; + values ('G', '" . zen_db_input($id1) . "', NOW(), '" . $currencies->value($_POST['amount'], true, DEFAULT_CURRENCY) . "')"; $gv = $db->Execute($gv_query); @@ -108,10 +108,10 @@ $gv_query="insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, sent_lastname, emailed_to, date_sent) - values ('" . $insert_id . "' ,'" . $_SESSION['customer_id'] . "', '" . - $gv_customer->fields['customers_firstname'] . "', '" . - $gv_customer->fields['customers_lastname'] . "', '" . - $_POST['email'] . "', now())"; + values ('" . (int)$insert_id . "' ,'" . (int)$_SESSION['customer_id'] . "', '" . + zen_db_input($gv_customer->fields['customers_firstname']) . "', '" . + zen_db_input($gv_customer->fields['customers_lastname']) . "', '" . + zen_db_input(zen_db_prepare_input($_POST['email'])) . "', now())"; $db->Execute($gv_query); @@ -122,8 +122,8 @@ sprintf(EMAIL_GV_FROM, $_POST['send_name']) . "\n"; $html_msg['EMAIL_GV_TEXT_HEADER'] = sprintf(EMAIL_GV_TEXT_HEADER, ''); - $html_msg['EMAIL_GV_AMOUNT'] = $currencies->format($_POST['amount'], false); - $html_msg['EMAIL_GV_FROM'] = sprintf(EMAIL_GV_FROM, $_POST['send_name']) ; + $html_msg['EMAIL_GV_AMOUNT'] = $currencies->format(zen_db_prepare_input($_POST['amount']), false); + $html_msg['EMAIL_GV_FROM'] = sprintf(EMAIL_GV_FROM, zen_db_prepare_input($_POST['send_name'])) ; if (isset($_POST['message'])) { $gv_email .= EMAIL_GV_MESSAGE . "\n\n"; @@ -131,11 +131,11 @@ if (isset($_POST['to_name'])) { $gv_email .= sprintf(EMAIL_GV_SEND_TO, $_POST['to_name']) . "\n\n"; - $html_msg['EMAIL_GV_SEND_TO'] = ''.sprintf(EMAIL_GV_SEND_TO, $_POST['to_name']). '
'; + $html_msg['EMAIL_GV_SEND_TO'] = ''.sprintf(EMAIL_GV_SEND_TO, zen_db_prepare_input($_POST['to_name'])). '
'; } $gv_email .= stripslashes($_POST['message']) . "\n\n"; $gv_email .= EMAIL_SEPARATOR . "\n\n"; - $html_msg['EMAIL_MESSAGE_HTML'] = stripslashes($_POST['message']); + $html_msg['EMAIL_MESSAGE_HTML'] = stripslashes(zen_db_prepare_input($_POST['message'])); } $html_msg['GV_REDEEM_HOW'] = sprintf(EMAIL_GV_REDEEM, '' . $id1 . ''); @@ -148,7 +148,7 @@ $gv_email .= EMAIL_GV_FIXED_FOOTER . "\n\n"; $gv_email .= EMAIL_GV_SHOP_FOOTER; - $gv_email_subject = sprintf(EMAIL_GV_TEXT_SUBJECT, $_POST['send_name']); + $gv_email_subject = sprintf(EMAIL_GV_TEXT_SUBJECT, zen_db_prepare_input($_POST['send_name'])); // include disclaimer $gv_email .= "\n\n" . EMAIL_ADVISORY . "\n\n"; @@ -157,7 +157,7 @@ $html_msg['EMAIL_GV_SHOP_FOOTER'] = EMAIL_GV_SHOP_FOOTER; // send the email - zen_mail('', $_POST['email'], $gv_email_subject, nl2br($gv_email), STORE_NAME, EMAIL_FROM, $html_msg,'gv_send'); + zen_mail('', zen_db_prepare_input($_POST['email']), $gv_email_subject, nl2br($gv_email), STORE_NAME, EMAIL_FROM, $html_msg,'gv_send'); // send additional emails if (SEND_EXTRA_GV_CUSTOMER_EMAILS_TO_STATUS == '1' and SEND_EXTRA_GV_CUSTOMER_EMAILS_TO !='') { @@ -178,7 +178,7 @@ // do a fresh calculation after sending an email $gv_query = "select amount from " . TABLE_COUPON_GV_CUSTOMER . " - where customer_id = '" . $_SESSION['customer_id'] . "'"; + where customer_id = '" . (int)$_SESSION['customer_id'] . "'"; $gv_result = $db->Execute($gv_query); } diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/popup_image/header_php.php zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/popup_image/header_php.php --- zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/popup_image/header_php.php 2004-09-01 13:47:41.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/popup_image/header_php.php 2006-02-19 11:54:18.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2003 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | | @@ -26,8 +26,8 @@ left join " . TABLE_PRODUCTS_DESCRIPTION . " pd on p.products_id = pd.products_id where p.products_status = '1' - and p.products_id = '" . $_GET['pID'] . "' - and pd.language_id = '" . $_SESSION['languages_id'] . "'"); + and p.products_id = '" . (int)$_GET['pID'] . "' + and pd.language_id = '" . (int)$_SESSION['languages_id'] . "'"); $products_image = $products_values->fields['products_image']; diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/popup_image_additional/header_php.php zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/popup_image_additional/header_php.php --- zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/popup_image_additional/header_php.php 2004-09-01 13:47:42.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/popup_image_additional/header_php.php 2006-02-19 11:54:18.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2003 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | | @@ -26,8 +26,8 @@ left join " . TABLE_PRODUCTS_DESCRIPTION . " pd on p.products_id = pd.products_id where p.products_status = '1' - and p.products_id = '" . $_GET['pID'] . "' - and pd.language_id = '" . $_SESSION['languages_id'] . "'"); + and p.products_id = '" . (int)$_GET['pID'] . "' + and pd.language_id = '" . (int)$_SESSION['languages_id'] . "'"); $products_image = $products_values->fields['products_image']; diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/product_music_info/main_template_vars.php zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/product_music_info/main_template_vars.php --- zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/product_music_info/main_template_vars.php 2004-09-01 13:47:42.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/product_music_info/main_template_vars.php 2006-02-19 11:54:18.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2004 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | | @@ -282,7 +282,7 @@ if (is_dir(DIR_WS_TEMPLATE . $current_page_base . '/extra_main_template_vars')) { if ($za_dir = @dir(DIR_WS_TEMPLATE . $current_page_base. '/extra_main_template_vars')) { while ($zv_file = $za_dir->read()) { - if (!strstr($zv_file, '*.php') ) { + if (strstr($zv_file, '*.php') ) { require(DIR_WS_TEMPLATE . $current_page_base . '/extra_main_template_vars/' . $zv_file); } } diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/tell_a_friend/header_php.php zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/tell_a_friend/header_php.php --- zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/tell_a_friend/header_php.php 2004-11-22 17:53:25.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/tell_a_friend/header_php.php 2006-02-19 11:54:18.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2003 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | | @@ -43,7 +43,7 @@ } if ($valid_product == false) { - zen_redirect(zen_href_link(zen_get_info_page($_GET['products_id']), 'products_id=' . $_GET['products_id'])); + zen_redirect(zen_href_link(zen_get_info_page((int)$_GET['products_id']), 'products_id=' . (int)$_GET['products_id'])); } require(DIR_WS_MODULES . 'require_languages.php'); @@ -77,7 +77,6 @@ if (!zen_validate_email($to_email_address)) { $error = true; - $messageStack->add('friend', ERROR_TO_ADDRESS); } diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/unsubscribe/header_php.php zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/unsubscribe/header_php.php --- zen-cart-v1.2.0-l10n-jp-5/includes/modules/pages/unsubscribe/header_php.php 2004-09-01 13:47:42.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/modules/pages/unsubscribe/header_php.php 2006-02-19 11:54:18.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2004 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | | @@ -34,16 +34,16 @@ // if they clicked on the "confirm unsubscribe" then process it: if (isset($_GET['action']) && ($_GET['action'] == 'unsubscribe')) { - $unsubscribe_address = zen_db_prepare_input($_GET['unsubscribe_address']); + $unsubscribe_address = zen_db_prepare_input($_GET['unsubscribe_address']); /// Check and see if the email exists in the database, and is subscribed to the newsletter. - $unsubscribe_count_query = "select 1 from " . TABLE_CUSTOMERS . " where customers_newsletter = '1' and customers_email_address = '" . $unsubscribe_address . "'"; + $unsubscribe_count_query = "select 1 from " . TABLE_CUSTOMERS . " where customers_newsletter = '1' and customers_email_address = '" . zen_db_input($unsubscribe_address) . "'"; $unsubscribe = $db->Execute($unsubscribe_count_query); // If we found the customer's email address, and they currently subscribe if ($unsubscribe->RecordCount() >0) { - $unsubscribe_query = "UPDATE " . TABLE_CUSTOMERS . " SET customers_newsletter = '0' WHERE customers_email_address = '" . $unsubscribe_address . "'"; + $unsubscribe_query = "UPDATE " . TABLE_CUSTOMERS . " SET customers_newsletter = '0' WHERE customers_email_address = '" . zen_db_input($unsubscribe_address) . "'"; $unsubscribe = $db->Execute($unsubscribe_query); - $status_display= UNSUBSCRIBE_DONE_TEXT_INFORMATION . $unsubscribe_address; + $status_display = UNSUBSCRIBE_DONE_TEXT_INFORMATION . $unsubscribe_address; } else { // If not found, we want to display an error message (This should never occur, unless they try to unsubscribe twice) $status_display = UNSUBSCRIBE_ERROR_INFORMATION . $unsubscribe_address; diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/modules/shipping/nittsu.php zen-cart-v1.2.0-l10n-jp-6/includes/modules/shipping/nittsu.php --- zen-cart-v1.2.0-l10n-jp-5/includes/modules/shipping/nittsu.php 2005-04-16 15:01:02.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/modules/shipping/nittsu.php 2006-02-04 16:23:47.000000000 +0900 @@ -92,7 +92,7 @@ $zone_id = $order->delivery['zone_id']; if (in_array($country_id, $this->nittsu_countries_nbr)) { - $zoneinfo = $db->Execute("SELECT zone_code FROM zones WHERE zone_id = '".$zone_id."'"); + $zoneinfo = $db->Execute("SELECT zone_code FROM ".TABLE_ZONES." WHERE zone_id = '".$zone_id."'"); $a_zonevalues = $zoneinfo->fields; $s_zone_code = $a_zonevalues['zone_code']; @@ -208,4 +208,4 @@ ); } } -?> \ No newline at end of file +?> diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/templates/template_default/templates/tpl_block_checkout_payment_address.php zen-cart-v1.2.0-l10n-jp-6/includes/templates/template_default/templates/tpl_block_checkout_payment_address.php --- zen-cart-v1.2.0-l10n-jp-5/includes/templates/template_default/templates/tpl_block_checkout_payment_address.php 2004-09-01 13:47:56.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/templates/template_default/templates/tpl_block_checkout_payment_address.php 2006-02-04 16:09:16.000000000 +0900 @@ -29,7 +29,7 @@ echo ' ' . "\n"; } ?> - fields['firstname'] . ' ' . $addresses->fields['lastname']); ?> + fields['lastname'] . ' ' . $addresses->fields['firstname']); ?> fields['address_book_id'], ($addresses->fields['address_book_id'] == $_SESSION['sendto'])); ?> diff -u -r -N -I '$Id' zen-cart-v1.2.0-l10n-jp-5/includes/version.php zen-cart-v1.2.0-l10n-jp-6/includes/version.php --- zen-cart-v1.2.0-l10n-jp-5/includes/version.php 2004-09-01 13:47:34.000000000 +0900 +++ zen-cart-v1.2.0-l10n-jp-6/includes/version.php 2006-02-19 11:54:15.000000000 +0900 @@ -3,7 +3,7 @@ // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +----------------------------------------------------------------------+ -// | Copyright (c) 2003 The zen-cart developers | +// | Copyright (c) 2006 The zen-cart developers | // | | // | http://www.zen-cart.com/index.php | // | |