Index: branches/5.3.x/core/units/admin/admin_tag_processor.php
===================================================================
diff -u -N -r15483 -r15677
--- branches/5.3.x/core/units/admin/admin_tag_processor.php	(.../admin_tag_processor.php)	(revision 15483)
+++ branches/5.3.x/core/units/admin/admin_tag_processor.php	(.../admin_tag_processor.php)	(revision 15677)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: admin_tag_processor.php 15421 2012-06-29 13:06:20Z alex $
+* @version	$Id: admin_tag_processor.php 15677 2013-01-17 18:52:50Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -203,10 +203,10 @@
 			$params['name'] = $this->SelectParam($params, 'name,render_as,block');
 			$params['section_name'] = $section_name;
 
-			$template = $section_data['url']['t'];
-			unset($section_data['url']['t']);
+			$url_params = $section_data['url'];
+			unset($url_params['t']);
 
-			$section_data['section_url'] = $this->Application->HREF($template, '', $section_data['url']);
+			$section_data['section_url'] = $this->Application->HREF($section_data['url']['t'], '', $url_params);
 			$ret = $this->Application->ParseBlock( array_merge($params, $section_data) );
 
 			return $ret;
@@ -654,64 +654,49 @@
 		 * Allows to set popup size (key - current template name)
 		 *
 		 * @param Array $params
+		 * @return string
+		 * @access protected
 		 */
-		function SetPopupSize($params)
+		protected function SetPopupSize($params)
 		{
 			$width = $params['width'];
 			$height = $params['height'];
 
-			if ($this->Application->GetVar('ajax') == 'yes') {
+			if ( $this->Application->GetVar('ajax') == 'yes' ) {
 				// during AJAX request just output size
-				die($width.'x'.$height);
+				die($width . 'x' . $height);
 			}
 
-			if (!$this->UsePopups($params)) {
-				return ;
+			if ( !$this->UsePopups($params) ) {
+				return;
 			}
 
 			$t = $this->Application->GetVar('t');
+
 			$sql = 'SELECT *
-					FROM '.TABLE_PREFIX.'PopupSizes
-					WHERE TemplateName = '.$this->Conn->qstr($t);
+					FROM ' . TABLE_PREFIX . 'PopupSizes
+					WHERE TemplateName = ' . $this->Conn->qstr($t);
 			$popup_info = $this->Conn->GetRow($sql);
-			if (!$popup_info) {
+
+			if ( !$popup_info ) {
 				// create new popup size record
-				$fields_hash = 	Array (
-										'TemplateName'	=>	$t,
-										'PopupWidth'	=>	$width,
-										'PopupHeight'	=>	$height,
-								);
-				$this->Conn->doInsert($fields_hash, TABLE_PREFIX.'PopupSizes');
+				$fields_hash = Array (
+					'TemplateName' => $t,
+					'PopupWidth' => $width,
+					'PopupHeight' => $height,
+				);
+
+				$this->Conn->doInsert($fields_hash, TABLE_PREFIX . 'PopupSizes');
 			}
-			elseif ($popup_info['PopupWidth'] != $width || $popup_info['PopupHeight'] != $height) {
+			elseif ( $popup_info['PopupWidth'] != $width || $popup_info['PopupHeight'] != $height ) {
 				// popup found and size in tag differs from one in db -> update in db
-				$fields_hash = 	Array (
-										'PopupWidth'	=>	$width,
-										'PopupHeight'	=>	$height,
-								);
-				$this->Conn->doUpdate($fields_hash, TABLE_PREFIX.'PopupSizes', 'PopupId = '.$popup_info['PopupId']);
-			}
-		}
+				$fields_hash = Array (
+					'PopupWidth' => $width,
+					'PopupHeight' => $height,
+				);
 
-		/**
-		 * Returns popup size (by template), if not cached, then parse template to get value
-		 *
-		 * @param Array $params
-		 * @return string
-		 */
-		function GetPopupSize($params)
-		{
-			$t = $this->Application->GetVar('template_name');
-			$sql = 'SELECT *
-					FROM '.TABLE_PREFIX.'PopupSizes
-					WHERE TemplateName = '.$this->Conn->qstr($t);
-			$popup_info = $this->Conn->GetRow($sql);
-			if (!$popup_info) {
-				$this->Application->InitParser();
-				$this->Application->ParseBlock(array('name' => $t)); // dies when SetPopupSize tag found & in ajax requrest
-				return '750x400'; // tag SetPopupSize not found in template -> use default size
+				$this->Conn->doUpdate($fields_hash, TABLE_PREFIX . 'PopupSizes', 'PopupId = ' . $popup_info['PopupId']);
 			}
-			return $popup_info['PopupWidth'].'x'.$popup_info['PopupHeight'];
 		}
 
 		/**
@@ -972,34 +957,36 @@
 
 		function PrintSqlCols($params)
 		{
-			$a_data = unserialize($this->Application->GetVar('sql_rows'));
 			$ret = '';
 			$block = $params['render_as'];
-			foreach ($a_data AS $a_row)
-			{
-				foreach ($a_row AS $col => $value)
-				{
-					$ret .= $this->Application->ParseBlock(Array('name'=>$block, 'value'=>$col));
-				}
-				break;
+			$a_data = unserialize($this->Application->GetVar('sql_rows'));
+
+			$a_row = current($a_data);
+
+			foreach ($a_row AS $col => $value) {
+				$ret .= $this->Application->ParseBlock(Array ('name' => $block, 'value' => $col));
 			}
+
 			return $ret;
 		}
 
 		function PrintSqlRows($params)
 		{
-			$a_data = unserialize($this->Application->GetVar('sql_rows'));
 			$ret = '';
 			$block = $params['render_as'];
-			foreach ($a_data AS $a_row)
-			{
+			$a_data = unserialize($this->Application->GetVar('sql_rows'));
+
+			foreach ($a_data as $a_row) {
 				$cells = '';
-				foreach ($a_row AS $col => $value)
-				{
-					$cells .= '<td>'.$value.'</td>';
+				$a_row = array_map('htmlspecialchars', $a_row);
+
+				foreach ($a_row as $value) {
+					$cells .= '<td>' . $value . '</td>';
 				}
-				$ret .= $this->Application->ParseBlock(Array('name'=>$block, 'cells'=>$cells));
+
+				$ret .= $this->Application->ParseBlock(Array ('name' => $block, 'cells' => $cells));
 			}
+
 			return $ret;
 		}
 
@@ -1070,41 +1057,40 @@
 		 * Performs HTTP Authentification for administrative console
 		 *
 		 * @param Array $params
+		 * @return bool
 		 */
 		function HTTPAuth($params)
 		{
-			if (!$this->Application->ConfigValue('UseHTTPAuth')) {
+			if ( !$this->Application->ConfigValue('UseHTTPAuth') ) {
 				// http authentification not required
 				return true;
 			}
 
 			$super_admin_ips = defined('SA_IP') ? SA_IP : false;
 			$auth_bypass_ips = $this->Application->ConfigValue('HTTPAuthBypassIPs');
 
-			if (($auth_bypass_ips && kUtil::ipMatch($auth_bypass_ips)) || ($super_admin_ips && kUtil::ipMatch($super_admin_ips))) {
+			if ( ($auth_bypass_ips && kUtil::ipMatch($auth_bypass_ips)) || ($super_admin_ips && kUtil::ipMatch($super_admin_ips)) ) {
 				// user ip is in ip bypass list
 				return true;
 			}
 
-			if (!array_key_exists('PHP_AUTH_USER', $_SERVER)) {
+			if ( !array_key_exists('PHP_AUTH_USER', $_SERVER) ) {
 				// ask user to authentificate, when not authentificated before
 				return $this->_httpAuthentificate();
 			}
 			else {
 				// validate user credentials (browsers remembers user/password
 				// and sends them each time page is visited, so no need to save
 				// authentification result in session)
-				if ($this->Application->ConfigValue('HTTPAuthUsername') != $_SERVER['PHP_AUTH_USER']) {
+				if ( $this->Application->ConfigValue('HTTPAuthUsername') != $_SERVER['PHP_AUTH_USER'] ) {
 					// incorrect username
 					return $this->_httpAuthentificate();
 				}
 
 				$password_formatter = $this->Application->recallObject('kPasswordFormatter');
 				/* @var $password_formatter kPasswordFormatter */
 
-				$password = $password_formatter->EncryptPassword($_SERVER['PHP_AUTH_PW'], 'b38');
-
-				if ($this->Application->ConfigValue('HTTPAuthPassword') != $password) {
+				if ( !$password_formatter->checkPasswordFromSetting('HTTPAuthPassword', $_SERVER['PHP_AUTH_PW']) ) {
 					// incorrect password
 					return $this->_httpAuthentificate();
 				}
@@ -1116,7 +1102,7 @@
 		/**
 		 * Ask user to authentificate
 		 *
-		 * @return false
+		 * @return bool
 		 */
 		function _httpAuthentificate()
 		{