osCommerce Online Merchant v2.2 RC1 Upgrade Notes

The following upgrade guide is based on the osCommerce 2.2 Milestone 2 Update 060817 release. If you have not yet updated to this release please review its upgrade guide in the extras directory (update-20060817.txt) before applying these changes.

The following changes should be performed in order on your installation to upgrade it to osCommerce Online Merchant v2.2 RC1. Please note that the following changes are only the recommended changes to make and does not include the new Administration Tool login routine or the Administration Tool index page summary modules that are available with new installations. This is to avoid a conflict with existing Administration Tool securing mechanisms already in place.

[BUGFIX] Caching of the Manufacturers Box

Fix a spelling mistake preventing the manufacturers box being cached.

Affected Files
catalog/includes/functions/cache.php

File: catalog/includes/functions/cache.php
119   function tep_cache_manufacturers_box($auto_expire = false, $refresh = false) { = 119   function tep_cache_manufacturers_box($auto_expire = false, $refresh = false) {
120     global $HTTP_GET_VARS, $language;   120     global $HTTP_GET_VARS, $language;
121     121  
122     $cache_output = '';   122     $cache_output = '';
123     123  
124     $manufacturers_id = '';   124     $manufacturers_id = '';
125     if (isset($HTTP_GET_VARS['manufactuers_id']) && is_numeric($HTTP_GET_VARS['manufacturers_id'])) { <> 125     if (isset($HTTP_GET_VARS['manufacturers_id']) && is_numeric($HTTP_GET_VARS['manufacturers_id'])) {
126       $manufacturers_id = $HTTP_GET_VARS['manufacturers_id']; = 126       $manufacturers_id = $HTTP_GET_VARS['manufacturers_id'];
127     }   127     }
128     128  
129     if (($refresh == true) || !read_cache($cache_output, 'manufacturers_box-' . $language . '.cache' . $manufacturers_id, $auto_expire)) {   129     if (($refresh == true) || !read_cache($cache_output, 'manufacturers_box-' . $language . '.cache' . $manufacturers_id, $auto_expire)) {
130       ob_start();   130       ob_start();
131       include(DIR_WS_BOXES . 'manufacturers.php');   131       include(DIR_WS_BOXES . 'manufacturers.php');

[IMPROVEMENT] Database Backup

Don't store the session and whos online database tables in the database backups.

Affected Files
catalog/admin/backup.php

File: catalog/admin/backup.php
70           $keys_query = tep_db_query("show keys from " . $table); = 70           $keys_query = tep_db_query("show keys from " . $table);
71           while ($keys = tep_db_fetch_array($keys_query)) {   71           while ($keys = tep_db_fetch_array($keys_query)) {
72             $kname = $keys['Key_name'];   72             $kname = $keys['Key_name'];
73     73  
74             if (!isset($index[$kname])) {   74             if (!isset($index[$kname])) {
75               $index[$kname] = array('unique' => !$keys['Non_unique'],   75               $index[$kname] = array('unique' => !$keys['Non_unique'],
    -+ 76                                      'fulltext' => ($keys['Index_type'] == 'FULLTEXT' ? '1' : '0'),
76                                      'columns' => array()); = 77                                      'columns' => array());
77             }   78             }
78     79  
79             $index[$kname]['columns'][] = $keys['Column_name'];   80             $index[$kname]['columns'][] = $keys['Column_name'];
80           }   81           }
81     82  
 
83             $schema .= ',' . "\n"; = 84             $schema .= ',' . "\n";
84     85  
85             $columns = implode($info['columns'], ', ');   86             $columns = implode($info['columns'], ', ');
86     87  
87             if ($kname == 'PRIMARY') {   88             if ($kname == 'PRIMARY') {
88               $schema .= '  PRIMARY KEY (' . $columns . ')';   89               $schema .= '  PRIMARY KEY (' . $columns . ')';
    -+ 90             } elseif ( $info['fulltext'] == '1' ) {
      91               $schema .= '  FULLTEXT ' . $kname . ' (' . $columns . ')';
89             } elseif ($info['unique']) { = 92             } elseif ($info['unique']) {
90               $schema .= '  UNIQUE ' . $kname . ' (' . $columns . ')';   93               $schema .= '  UNIQUE ' . $kname . ' (' . $columns . ')';
91             } else {   94             } else {
92               $schema .= '  KEY ' . $kname . ' (' . $columns . ')';   95               $schema .= '  KEY ' . $kname . ' (' . $columns . ')';
93             }   96             }
94           }   97           }
95     98  
96           $schema .= "\n" . ');' . "\n\n";   99           $schema .= "\n" . ');' . "\n\n";
97           fputs($fp, $schema);   100           fputs($fp, $schema);
98     101  
99 // dump the data   102 // dump the data
    <> 103           if ( ($table != TABLE_SESSIONS ) && ($table != TABLE_WHOS_ONLINE) ) {
100           $rows_query = tep_db_query("select " . implode(',', $table_list) . " from " . $table);   104             $rows_query = tep_db_query("select " . implode(',', $table_list) . " from " . $table);
101           while ($rows = tep_db_fetch_array($rows_query)) {   105             while ($rows = tep_db_fetch_array($rows_query)) {
102             $schema = 'insert into ' . $table . ' (' . implode(', ', $table_list) . ') values (';   106               $schema = 'insert into ' . $table . ' (' . implode(', ', $table_list) . ') values (';
103   = 107  
104             reset($table_list); <> 108               reset($table_list);
105             while (list(,$i) = each($table_list)) {   109               while (list(,$i) = each($table_list)) {
106               if (!isset($rows[$i])) {   110                 if (!isset($rows[$i])) {
107                 $schema .= 'NULL, ';   111                   $schema .= 'NULL, ';
108               } elseif (tep_not_null($rows[$i])) {   112                 } elseif (tep_not_null($rows[$i])) {
109                 $row = addslashes($rows[$i]);   113                   $row = addslashes($rows[$i]);
110                 $row = ereg_replace("\n#", "\n".'\#', $row);   114                   $row = ereg_replace("\n#", "\n".'\#', $row);
111   = 115  
112                 $schema .= '\'' . $row . '\', '; <> 116                   $schema .= '\'' . $row . '\', ';
113               } else {   117                 } else {
114                 $schema .= '\'\', ';   118                   $schema .= '\'\', ';
      119                 }
115               } = 120               }
    -+ 121  
      122               $schema = ereg_replace(', $', '', $schema) . ');' . "\n";
      123               fputs($fp, $schema);
116             } = 124             }
117   +-    
118             $schema = ereg_replace(', $', '', $schema) . ');' . "\n";      
119             fputs($fp, $schema);      
120        
121           } = 125           }
122         }   126         }
123     127  
124         fclose($fp);   128         fclose($fp);
125     129  
126         if (isset($HTTP_POST_VARS['download']) && ($HTTP_POST_VARS['download'] == 'yes')) {   130         if (isset($HTTP_POST_VARS['download']) && ($HTTP_POST_VARS['download'] == 'yes')) {
 
247           tep_db_query("drop table if exists address_book, address_format, banners, banners_history, categories, categories_description, configuration, configuration_group, counter, counter_history, countries, currencies, customers, customers_basket, customers_basket_attributes, customers_info, languages, manufacturers, manufacturers_info, orders, orders_products, orders_status, orders_status_history, orders_products_attributes, orders_products_download, products, products_attributes, products_attributes_download, prodcts_description, products_options, products_options_values, products_options_values_to_products_options, products_to_categories, reviews, reviews_description, sessions, specials, tax_class, tax_rates, geo_zones, whos_online, zones, zones_to_geo_zones"); = 251           tep_db_query("drop table if exists address_book, address_format, banners, banners_history, categories, categories_description, configuration, configuration_group, counter, counter_history, countries, currencies, customers, customers_basket, customers_basket_attributes, customers_info, languages, manufacturers, manufacturers_info, orders, orders_products, orders_status, orders_status_history, orders_products_attributes, orders_products_download, products, products_attributes, products_attributes_download, prodcts_description, products_options, products_options_values, products_options_values_to_products_options, products_to_categories, reviews, reviews_description, sessions, specials, tax_class, tax_rates, geo_zones, whos_online, zones, zones_to_geo_zones");
248     252  
249           for ($i=0, $n=sizeof($sql_array); $i<$n; $i++) {   253           for ($i=0, $n=sizeof($sql_array); $i<$n; $i++) {
250             tep_db_query($sql_array[$i]);   254             tep_db_query($sql_array[$i]);
251           }   255           }
252     256  
    -+ 257           tep_session_close();
      258  
      259           tep_db_query("delete from " . TABLE_WHOS_ONLINE);
      260           tep_db_query("delete from " . TABLE_SESSIONS);
      261  
253           tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'DB_LAST_RESTORE'"); = 262           tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'DB_LAST_RESTORE'");
254           tep_db_query("insert into " . TABLE_CONFIGURATION . " values ('', 'Last Database Restore', 'DB_LAST_RESTORE', '" . $read_from . "', 'Last database restore file', '6', '', '', now(), '', '')");   263           tep_db_query("insert into " . TABLE_CONFIGURATION . " values ('', 'Last Database Restore', 'DB_LAST_RESTORE', '" . $read_from . "', 'Last database restore file', '6', '', '', now(), '', '')");
255     264  
256           if (isset($remove_raw) && ($remove_raw == true)) {   265           if (isset($remove_raw) && ($remove_raw == true)) {
257             unlink($restore_from);   266             unlink($restore_from);
258           }   267           }

[IMPROVEMENT] Input Fields on Checkout Confirmation Page

Allow payment modules to display input fields on the checkout confirmation page. This is for PCI conformance where the credit card number can be directly passed to the payment gateway.

Affected Files
catalog/checkout_confirmation.php

File: catalog/checkout_confirmation.php
107 <?php require(DIR_WS_INCLUDES . 'column_left.php'); ?> = 107 <?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>
108 <!-- left_navigation_eof //-->   108 <!-- left_navigation_eof //-->
109     </table></td>   109     </table></td>
110 <!-- body_text //-->   110 <!-- body_text //-->
111     <td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="0">   111     <td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="0">
112       <tr>   112       <tr>
    <> 113         <td>
      114 <?php
      115   if (isset($$payment->form_action_url)) {
      116     $form_action_url = $$payment->form_action_url;
      117   } else {
      118     $form_action_url = tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL');
      119   }
      120  
      121   echo tep_draw_form('checkout_confirmation', $form_action_url, 'post');
      122 ?>
113         <td><table border="0" width="100%" cellspacing="0" cellpadding="0">   123         <table border="0" width="100%" cellspacing="0" cellpadding="0">
114           <tr> = 124           <tr>
115             <td class="pageHeading"><?php echo HEADING_TITLE; ?></td>   125             <td class="pageHeading"><?php echo HEADING_TITLE; ?></td>
116             <td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_confirmation.gif', HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td>   126             <td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_confirmation.gif', HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td>
117           </tr>   127           </tr>
118         </table></td>   128         </table></td>
119       </tr>   129       </tr>
 
306 ?> = 316 ?>
307       <tr>   317       <tr>
308         <td><table border="0" width="100%" cellspacing="0" cellpadding="0">   318         <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
309           <tr>   319           <tr>
310             <td align="right" class="main">   320             <td align="right" class="main">
311 <?php   321 <?php
312   if (isset($$payment->form_action_url)) { +-    
313     $form_action_url = $$payment->form_action_url;      
314   } else {      
315     $form_action_url = tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL');      
316   }      
317        
318   echo tep_draw_form('checkout_confirmation', $form_action_url, 'post');      
319        
320   if (is_array($payment_modules->modules)) { = 322   if (is_array($payment_modules->modules)) {
321     echo $payment_modules->process_button();   323     echo $payment_modules->process_button();
322   }   324   }
323     325  
324   echo tep_image_submit('button_confirm_order.gif', IMAGE_BUTTON_CONFIRM_ORDER) . '</form>' . "\n"; <> 326   echo tep_image_submit('button_confirm_order.gif', IMAGE_BUTTON_CONFIRM_ORDER) . "\n";
325 ?> = 327 ?>
326             </td>   328             </td>
327           </tr>   329           </tr>
328         </table></td>   330         </table></td>
329       </tr>   331       </tr>
330       <tr>   332       <tr>
 
359             <td align="center" width="25%" class="checkoutBarFrom"><?php echo '<a href="' . tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL') . '" class="checkoutBarFrom">' . CHECKOUT_BAR_PAYMENT . '</a>'; ?></td> = 361             <td align="center" width="25%" class="checkoutBarFrom"><?php echo '<a href="' . tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL') . '" class="checkoutBarFrom">' . CHECKOUT_BAR_PAYMENT . '</a>'; ?></td>
360             <td align="center" width="25%" class="checkoutBarCurrent"><?php echo CHECKOUT_BAR_CONFIRMATION; ?></td>   362             <td align="center" width="25%" class="checkoutBarCurrent"><?php echo CHECKOUT_BAR_CONFIRMATION; ?></td>
361             <td align="center" width="25%" class="checkoutBarTo"><?php echo CHECKOUT_BAR_FINISHED; ?></td>   363             <td align="center" width="25%" class="checkoutBarTo"><?php echo CHECKOUT_BAR_FINISHED; ?></td>
362           </tr>   364           </tr>
363         </table></td>   365         </table></td>
364       </tr>   366       </tr>
365     </table></td> <> 367     </table></form></td>
366 <!-- body_text_eof //--> = 368 <!-- body_text_eof //-->
367     <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">   369     <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
368 <!-- right_navigation //-->   370 <!-- right_navigation //-->
369 <?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>   371 <?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>
370 <!-- right_navigation_eof //-->   372 <!-- right_navigation_eof //-->
371     </table></td>   373     </table></td>

[IMPROVEMENT] register_globals Compatibility for PHP 4.3+ Servers

Add a register_globals compatibility layer for PHP 4.3+ servers.

Affected Files
catalog/includes/application_top.php
catalog/includes/functions/compatibility.php
catalog/includes/functions/sessions.php
catalog/includes/functions/html_output.php
catalog/includes/classes/order.php
catalog/includes/modules/address_book_details.php
catalog/checkout_payment.php
catalog/admin/includes/application_top.php
catalog/admin/includes/functions/compatibility.php
catalog/admin/includes/functions/sessions.php
catalog/admin/includes/functions/html_output.php
catalog/admin/includes/classes/upload.php
catalog/admin/file_manager.php

File: catalog/includes/application_top.php
13 // start the timer for the page parse time log = 13 // start the timer for the page parse time log
14   define('PAGE_PARSE_START_TIME', microtime());   14   define('PAGE_PARSE_START_TIME', microtime());
15     15  
16 // set the level of error reporting   16 // set the level of error reporting
17   error_reporting(E_ALL & ~E_NOTICE);   17   error_reporting(E_ALL & ~E_NOTICE);
18     18  
19 // check if register_globals is enabled. <> 19 // check support for register_globals
20 // since this is a temporary measure this message is hardcoded. The requirement will be removed before 2.2 is finalized.   20   if (function_exists('ini_get') && (ini_get('register_globals') == false) && (PHP_VERSION < 4.3) ) {
21   if (function_exists('ini_get')) {   21     exit('Server Requirement Error: register_globals is disabled in your PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in your catalog directory. Please use PHP 4.3+ if register_globals cannot be enabled on the server.');
22     ini_get('register_globals') or exit('Server Requirement Error: register_globals is disabled in your PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in your catalog directory.');      
23   } = 22   }
24     23  
25 // Set the local configuration parameters - mainly for developers   24 // Set the local configuration parameters - mainly for developers
26   if (file_exists('includes/local/configure.php')) include('includes/local/configure.php');   25   if (file_exists('includes/local/configure.php')) include('includes/local/configure.php');
27     26  
28 // include server parameters   27 // include server parameters
 
33       header('Location: install/index.php'); = 32       header('Location: install/index.php');
34     }   33     }
35   }   34   }
36     35  
37 // define the project version   36 // define the project version
38   define('PROJECT_VERSION', 'osCommerce 2.2-MS2');   37   define('PROJECT_VERSION', 'osCommerce 2.2-MS2');
    -+ 38  
      39 // some code to solve compatibility issues
      40   require(DIR_WS_FUNCTIONS . 'compatibility.php');
39   = 41  
40 // set the type of request (secure or not)   42 // set the type of request (secure or not)
41   $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';   43   $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
42     44  
43 // set php_self in the local scope   45 // set php_self in the local scope
44   if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];   46   if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];
 
122 // include shopping cart class = 124 // include shopping cart class
123   require(DIR_WS_CLASSES . 'shopping_cart.php');   125   require(DIR_WS_CLASSES . 'shopping_cart.php');
124     126  
125 // include navigation history class   127 // include navigation history class
126   require(DIR_WS_CLASSES . 'navigation_history.php');   128   require(DIR_WS_CLASSES . 'navigation_history.php');
127     129  
128 // some code to solve compatibility issues +-    
129   require(DIR_WS_FUNCTIONS . 'compatibility.php');      
130        
131 // check if sessions are supported, otherwise use the php3 compatible session class = 130 // check if sessions are supported, otherwise use the php3 compatible session class
132   if (!function_exists('session_start')) {   131   if (!function_exists('session_start')) {
133     define('PHP_SESSION_NAME', 'osCsid');   132     define('PHP_SESSION_NAME', 'osCsid');
134     define('PHP_SESSION_PATH', $cookie_path);   133     define('PHP_SESSION_PATH', $cookie_path);
135     define('PHP_SESSION_DOMAIN', $cookie_domain);   134     define('PHP_SESSION_DOMAIN', $cookie_domain);
136     define('PHP_SESSION_SAVE_PATH', SESSION_WRITE_DIRECTORY);   135     define('PHP_SESSION_SAVE_PATH', SESSION_WRITE_DIRECTORY);
 
191       tep_session_start(); = 190       tep_session_start();
192       $session_started = true;   191       $session_started = true;
193     }   192     }
194   } else {   193   } else {
195     tep_session_start();   194     tep_session_start();
196     $session_started = true;   195     $session_started = true;
    -+ 196   }
      197  
      198   if ( ($session_started == true) && (PHP_VERSION >= 4.3) && function_exists('ini_get') && (ini_get('register_globals') == false) ) {
      199     extract($_SESSION, EXTR_OVERWRITE+EXTR_REFS);
197   } = 200   }
198     201  
199 // set SID once, even if empty   202 // set SID once, even if empty
200   $SID = (defined('SID') ? SID : '');   203   $SID = (defined('SID') ? SID : '');
201     204  
202 // verify the ssl_session_id if the feature is enabled   205 // verify the ssl_session_id if the feature is enabled

File: catalog/includes/functions/compatibility.php
2 /* = 2 /*
3   $Id: compatibility.php,v 1.19 2003/04/09 16:12:54 project3000 Exp $   3   $Id: compatibility.php,v 1.19 2003/04/09 16:12:54 project3000 Exp $
4     4  
5   osCommerce, Open Source E-Commerce Solutions   5   osCommerce, Open Source E-Commerce Solutions
6   http://www.oscommerce.com   6   http://www.oscommerce.com
7     7  
8   Copyright (c) 2006 osCommerce   8   Copyright (c) 2007 osCommerce
9     9  
10   Released under the GNU General Public License   10   Released under the GNU General Public License
11   +-    
12   Modified by Marco Canini, <m.canini@libero.it>      
13   - Fixed a bug with arrays in $HTTP_xxx_VARS      
14 */ = 11 */
15     12  
16 ////   13 ////
17 // Recursively handle magic_quotes_gpc turned off.   14 // Recursively handle magic_quotes_gpc turned off.
18 // This is due to the possibility of have an array in   15 // This is due to the possibility of have an array in
19 // $HTTP_xxx_VARS   16 // $HTTP_xxx_VARS
 
27       } else { = 24       } else {
28         $ar[$key] = addslashes($value);   25         $ar[$key] = addslashes($value);
29       }   26       }
30     }   27     }
31   }   28   }
32     29  
33 // $HTTP_xxx_VARS are always set on php4 <> 30   if (PHP_VERSION >= 4.1) {
      31     $HTTP_GET_VARS =& $_GET;
      32     $HTTP_POST_VARS =& $_POST;
      33     $HTTP_COOKIE_VARS =& $_COOKIE;
      34     $HTTP_SESSION_VARS =& $_SESSION;
      35     $HTTP_POST_FILES =& $_FILES;
      36     $HTTP_SERVER_VARS =& $_SERVER;
      37   } else {
34   if (!is_array($HTTP_GET_VARS)) $HTTP_GET_VARS = array();   38     if (!is_array($HTTP_GET_VARS)) $HTTP_GET_VARS = array();
35   if (!is_array($HTTP_POST_VARS)) $HTTP_POST_VARS = array();   39     if (!is_array($HTTP_POST_VARS)) $HTTP_POST_VARS = array();
36   if (!is_array($HTTP_COOKIE_VARS)) $HTTP_COOKIE_VARS = array();   40     if (!is_array($HTTP_COOKIE_VARS)) $HTTP_COOKIE_VARS = array();
      41   }
37   = 42  
38 // handle magic_quotes_gpc turned off.   43 // handle magic_quotes_gpc turned off.
39   if (!get_magic_quotes_gpc()) {   44   if (!get_magic_quotes_gpc()) {
40     do_magic_quotes_gpc($HTTP_GET_VARS);   45     do_magic_quotes_gpc($HTTP_GET_VARS);
41     do_magic_quotes_gpc($HTTP_POST_VARS);   46     do_magic_quotes_gpc($HTTP_POST_VARS);
42     do_magic_quotes_gpc($HTTP_COOKIE_VARS);   47     do_magic_quotes_gpc($HTTP_COOKIE_VARS);

File: catalog/includes/functions/sessions.php
98   } = 98   }
99     99  
100   function tep_session_register($variable) {   100   function tep_session_register($variable) {
101     global $session_started;   101     global $session_started;
102     102  
103     if ($session_started == true) {   103     if ($session_started == true) {
    <> 104       if (PHP_VERSION < 4.3) {
104       return session_register($variable);   105         return session_register($variable);
105     } else {   106       } else {
      107         $_SESSION[$variable] = (isset($GLOBALS[$variable])) ? $GLOBALS[$variable] : null;
      108  
      109         $GLOBALS[$variable] =& $_SESSION[$variable];
106       return false;   110       }
107     } = 111     }
    -+ 112  
      113     return false;
108   } = 114   }
109     115  
110   function tep_session_is_registered($variable) {   116   function tep_session_is_registered($variable) {
    <> 117     if (PHP_VERSION < 4.3) {
111     return session_is_registered($variable);   118       return session_is_registered($variable);
      119     } else {
      120       return isset($_SESSION[$variable]);
      121     }
112   } = 122   }
113     123  
114   function tep_session_unregister($variable) {   124   function tep_session_unregister($variable) {
    <> 125     if (PHP_VERSION < 4.3) {
115     return session_unregister($variable);   126       return session_unregister($variable);
      127     } else {
      128       unset($_SESSION[$variable]);
      129     }
116   } = 130   }
117     131  
118   function tep_session_id($sessid = '') {   132   function tep_session_id($sessid = '') {
119     if (!empty($sessid)) {   133     if (!empty($sessid)) {
120       return session_id($sessid);   134       return session_id($sessid);
121     } else {   135     } else {

File: catalog/includes/functions/html_output.php
155     return $form; = 155     return $form;
156   }   156   }
157     157  
158 ////   158 ////
159 // Output a form input field   159 // Output a form input field
160   function tep_draw_input_field($name, $value = '', $parameters = '', $type = 'text', $reinsert_value = true) {   160   function tep_draw_input_field($name, $value = '', $parameters = '', $type = 'text', $reinsert_value = true) {
    -+ 161     global $HTTP_GET_VARS, $HTTP_POST_VARS;
      162  
161     $field = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"'; = 163     $field = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"';
162     164  
163     if ( (isset($GLOBALS[$name])) && ($reinsert_value == true) ) { <> 165     if ( ($reinsert_value == true) && ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) ) {
164       $field .= ' value="' . tep_output_string(stripslashes($GLOBALS[$name])) . '"';   166       if (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) {
      167         $value = stripslashes($HTTP_GET_VARS[$name]);
      168       } elseif (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) {
      169         $value = stripslashes($HTTP_POST_VARS[$name]);
      170       }
      171     }
      172  
165     } elseif (tep_not_null($value)) {   173     if (tep_not_null($value)) {
166       $field .= ' value="' . tep_output_string($value) . '"'; = 174       $field .= ' value="' . tep_output_string($value) . '"';
167     }   175     }
168     176  
169     if (tep_not_null($parameters)) $field .= ' ' . $parameters;   177     if (tep_not_null($parameters)) $field .= ' ' . $parameters;
170     178  
171     $field .= '>';   179     $field .= '>';
 
179     return tep_draw_input_field($name, $value, $parameters, 'password', false); = 187     return tep_draw_input_field($name, $value, $parameters, 'password', false);
180   }   188   }
181     189  
182 ////   190 ////
183 // Output a selection field - alias function for tep_draw_checkbox_field() and tep_draw_radio_field()   191 // Output a selection field - alias function for tep_draw_checkbox_field() and tep_draw_radio_field()
184   function tep_draw_selection_field($name, $type, $value = '', $checked = false, $parameters = '') {   192   function tep_draw_selection_field($name, $type, $value = '', $checked = false, $parameters = '') {
    -+ 193     global $HTTP_GET_VARS, $HTTP_POST_VARS;
      194  
185     $selection = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"'; = 195     $selection = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"';
186     196  
187     if (tep_not_null($value)) $selection .= ' value="' . tep_output_string($value) . '"';   197     if (tep_not_null($value)) $selection .= ' value="' . tep_output_string($value) . '"';
188     198  
189     if ( ($checked == true) || ( isset($GLOBALS[$name]) && is_string($GLOBALS[$name]) && ( ($GLOBALS[$name] == 'on') || (isset($value) && (stripslashes($GLOBALS[$name]) == $value)) ) ) ) { <> 199     if ( ($checked == true) || (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name]) && (($HTTP_GET_VARS[$name] == 'on') || (stripslashes($HTTP_GET_VARS[$name]) == $value))) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name]) && (($HTTP_POST_VARS[$name] == 'on') || (stripslashes($HTTP_POST_VARS[$name]) == $value))) ) {
190       $selection .= ' CHECKED'; = 200       $selection .= ' CHECKED';
191     }   201     }
192     202  
193     if (tep_not_null($parameters)) $selection .= ' ' . $parameters;   203     if (tep_not_null($parameters)) $selection .= ' ' . $parameters;
194     204  
195     $selection .= '>';   205     $selection .= '>';
 
209     return tep_draw_selection_field($name, 'radio', $value, $checked, $parameters); = 219     return tep_draw_selection_field($name, 'radio', $value, $checked, $parameters);
210   }   220   }
211     221  
212 ////   222 ////
213 // Output a form textarea field   223 // Output a form textarea field
214   function tep_draw_textarea_field($name, $wrap, $width, $height, $text = '', $parameters = '', $reinsert_value = true) {   224   function tep_draw_textarea_field($name, $wrap, $width, $height, $text = '', $parameters = '', $reinsert_value = true) {
    -+ 225     global $HTTP_GET_VARS, $HTTP_POST_VARS;
      226  
215     $field = '<textarea name="' . tep_output_string($name) . '" wrap="' . tep_output_string($wrap) . '" cols="' . tep_output_string($width) . '" rows="' . tep_output_string($height) . '"'; = 227     $field = '<textarea name="' . tep_output_string($name) . '" wrap="' . tep_output_string($wrap) . '" cols="' . tep_output_string($width) . '" rows="' . tep_output_string($height) . '"';
216     228  
217     if (tep_not_null($parameters)) $field .= ' ' . $parameters;   229     if (tep_not_null($parameters)) $field .= ' ' . $parameters;
218     230  
219     $field .= '>';   231     $field .= '>';
220     232  
221     if ( (isset($GLOBALS[$name])) && ($reinsert_value == true) ) { <> 233     if ( ($reinsert_value == true) && ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) ) {
      234       if (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) {
222       $field .= tep_output_string_protected(stripslashes($GLOBALS[$name]));   235         $field .= tep_output_string_protected(stripslashes($HTTP_GET_VARS[$name]));
      236       } elseif (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) {
      237         $field .= tep_output_string_protected(stripslashes($HTTP_POST_VARS[$name]));
      238       }
223     } elseif (tep_not_null($text)) { = 239     } elseif (tep_not_null($text)) {
224       $field .= tep_output_string_protected($text);   240       $field .= tep_output_string_protected($text);
225     }   241     }
226     242  
227     $field .= '</textarea>';   243     $field .= '</textarea>';
228     244  
229     return $field;   245     return $field;
230   }   246   }
231     247  
232 ////   248 ////
233 // Output a form hidden field   249 // Output a form hidden field
234   function tep_draw_hidden_field($name, $value = '', $parameters = '') {   250   function tep_draw_hidden_field($name, $value = '', $parameters = '') {
    -+ 251     global $HTTP_GET_VARS, $HTTP_POST_VARS;
      252  
235     $field = '<input type="hidden" name="' . tep_output_string($name) . '"'; = 253     $field = '<input type="hidden" name="' . tep_output_string($name) . '"';
236     254  
237     if (tep_not_null($value)) {   255     if (tep_not_null($value)) {
238       $field .= ' value="' . tep_output_string($value) . '"';   256       $field .= ' value="' . tep_output_string($value) . '"';
239     } elseif (isset($GLOBALS[$name])) { <> 257     } elseif ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) {
      258       if ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) ) {
240       $field .= ' value="' . tep_output_string(stripslashes($GLOBALS[$name])) . '"';   259         $field .= ' value="' . tep_output_string(stripslashes($HTTP_GET_VARS[$name])) . '"';
      260       } elseif ( (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) {
      261         $field .= ' value="' . tep_output_string(stripslashes($HTTP_POST_VARS[$name])) . '"';
      262       }
241     } = 263     }
242     264  
243     if (tep_not_null($parameters)) $field .= ' ' . $parameters;   265     if (tep_not_null($parameters)) $field .= ' ' . $parameters;
244     266  
245     $field .= '>';   267     $field .= '>';
246     268  
 
257     } = 279     }
258   }   280   }
259     281  
260 ////   282 ////
261 // Output a form pull down menu   283 // Output a form pull down menu
262   function tep_draw_pull_down_menu($name, $values, $default = '', $parameters = '', $required = false) {   284   function tep_draw_pull_down_menu($name, $values, $default = '', $parameters = '', $required = false) {
    -+ 285     global $HTTP_GET_V