Index: branches/5.0.x/core/units/modules/modules_event_handler.php =================================================================== diff -u -r12299 -r12365 --- branches/5.0.x/core/units/modules/modules_event_handler.php (.../modules_event_handler.php) (revision 12299) +++ branches/5.0.x/core/units/modules/modules_event_handler.php (.../modules_event_handler.php) (revision 12365) @@ -1,6 +1,6 @@ _getNewModules(); - if (!$new_modules) { + if (!$new_modules || $this->Application->RecallVar('user_id') != -1) { return ; } Index: branches/5.0.x/core/units/users/users_event_handler.php =================================================================== diff -u -r12352 -r12365 --- branches/5.0.x/core/units/users/users_event_handler.php (.../users_event_handler.php) (revision 12352) +++ branches/5.0.x/core/units/users/users_event_handler.php (.../users_event_handler.php) (revision 12365) @@ -1,6 +1,6 @@ GetDBField($status_field) != STATUS_ACTIVE) { // not active user is not allowed to update his record (he could not activate himself manually) - return false; + return false; + } } - } if ($user_id == -1) { $object =& $event->getObject( Array('skip_autoload' => true) ); /* @var $object UsersItem */ - // put salt to user's config + // put salt to user's config $field_options = $object->GetFieldOptions('RootPassword'); - $field_options['salt'] = 'b38'; + $field_options['salt'] = 'b38'; $object->SetFieldOptions('RootPassword', $field_options); $verify_options = $object->GetFieldOptions('VerifyRootPassword'); $verify_options['salt'] = 'b38'; @@ -1326,8 +1326,8 @@ if ($status) { // validation on, password match too $fields_hash = Array ( - 'VariableValue' => $object->GetDBField('RootPassword') - ); + 'VariableValue' => $object->GetDBField('RootPassword') + ); $conf_table = $this->Application->getUnitOption('conf', 'TableName'); $this->Conn->doUpdate($fields_hash, $conf_table, 'VariableName = "RootPass"'); $event->SetRedirectParam('opener', 'u'); @@ -1341,11 +1341,13 @@ else { $object =& $event->getObject(); $object->SetFieldsFromHash($field_values); + if (!$object->Update()) { $event->status = erFAIL; $event->redirect = false; } } + $event->SetRedirectParam('opener', 'u'); $event->redirect == true; } Index: branches/5.0.x/core/kernel/globals.php =================================================================== diff -u -r12299 -r12365 --- branches/5.0.x/core/kernel/globals.php (.../globals.php) (revision 12299) +++ branches/5.0.x/core/kernel/globals.php (.../globals.php) (revision 12365) @@ -1,6 +1,6 @@ _directorySeparator = preg_quote( DIRECTORY_SEPARATOR ); $this->_skipFolders[] = trim(WRITEBALE_BASE, '/'); // system folder (where web server can write) - $this->_skipFolders[] = array_pop( explode('/', trim(EDITOR_PATH, '/')) ); // last of cmseditor folders + + $editor_path = explode('/', trim(EDITOR_PATH, '/')); + $this->_skipFolders[] = array_pop($editor_path); // last of cmseditor folders } function CacheParsedData() Index: branches/5.0.x/core/install.php =================================================================== diff -u -r12277 -r12365 --- branches/5.0.x/core/install.php (.../install.php) (revision 12277) +++ branches/5.0.x/core/install.php (.../install.php) (revision 12365) @@ -1,6 +1,6 @@ toolkit->saveConfigValues($config_values); + // login as "root", when no errors on password screen + $this->Application->SetVar('login', 'root'); + $this->Application->SetVar('password', $this->Application->GetVar('root_password')); + + $login_event = new kEvent('u.current:OnLogin'); + $this->Application->HandleEvent($login_event); + // import base language for core (english) $this->toolkit->ImportLanguage('/core/install/english'); Index: branches/5.0.x/core/units/helpers/search_helper.php =================================================================== diff -u -r12306 -r12365 --- branches/5.0.x/core/units/helpers/search_helper.php (.../search_helper.php) (revision 12306) +++ branches/5.0.x/core/units/helpers/search_helper.php (.../search_helper.php) (revision 12365) @@ -1,6 +1,6 @@ $sign) { + $keyword = $this->Conn->escape($keyword); + switch ($sign) { case '+': $plus_conditions[] = implode(' LIKE "%'.$keyword.'%" OR ', $fields).' LIKE "%'.$keyword.'%"'; @@ -249,9 +251,10 @@ $multiple = array_key_exists('multiple', $field_options) && $field_options['multiple']; foreach ($field_options['options'] as $key => $val) { + $match_to = mb_strtolower($use_phrases ? $this->Application->Phrase($val) : $val); + foreach ($search_keywords as $keyword => $sign) { - $pattern = '#'.$keyword.'#i'; - if (!preg_match($pattern, $use_phrases ? $this->Application->Phrase($val) : $val)) { + if (strpos($match_to, mb_strtolower($keyword)) === false) { if ($sign == '+') { $filter_value = $table_name.'`'.$field_name.'` = NULL'; break; @@ -263,7 +266,7 @@ if ($sign == '+' || $sign == '') { // don't add single quotes to found option ids when multiselect (but escape string anyway) - $search_keys[$key] = $multiple ? mysql_real_escape_string($key) : $this->Conn->qstr($key); + $search_keys[$key] = $multiple ? $this->Conn->escape($key) : $this->Conn->qstr($key); } elseif($sign == '-') { // if same value if found as exclusive too, then remove from search result @@ -304,7 +307,9 @@ case 'numeric': $search_keys = Array(); foreach ($search_keywords as $keyword => $sign) { - if (!is_numeric($keyword) || ($sign == '-')) continue; + if (!is_numeric($keyword) || ($sign == '-')) { + continue; + } $search_keys[] = $this->Conn->qstr($keyword); } @@ -558,7 +563,7 @@ break; case 'picker': - $field_value = strlen($field_options['submit_value']) ? $field_options['submit_value'] : false; + $field_value = strlen($field_options['submit_value']) ? $this->Conn->escape($field_options['submit_value']) : false; if ($field_value) { $filter_value = $table_name.'`'.$field_name.'` LIKE "%|'.$field_value.'|%"'; } Index: branches/5.0.x/core/kernel/db/cat_event_handler.php =================================================================== diff -u -r12343 -r12365 --- branches/5.0.x/core/kernel/db/cat_event_handler.php (.../cat_event_handler.php) (revision 12343) +++ branches/5.0.x/core/kernel/db/cat_event_handler.php (.../cat_event_handler.php) (revision 12365) @@ -1,6 +1,6 @@ Application->RecallVar('user_id'); $owner_field = $this->getOwnerField($event->Prefix); - if (($status == -2 || $status == STATUS_PENDING) && ($object->GetDBField($owner_field) == $user_id)) { + if (($status == STATUS_PENDING_EDITING || $status == STATUS_PENDING) && ($object->GetDBField($owner_field) == $user_id)) { return true; } Index: branches/5.0.x/core/units/modules/modules_tag_processor.php =================================================================== diff -u -r12299 -r12365 --- branches/5.0.x/core/units/modules/modules_tag_processor.php (.../modules_tag_processor.php) (revision 12299) +++ branches/5.0.x/core/units/modules/modules_tag_processor.php (.../modules_tag_processor.php) (revision 12365) @@ -1,6 +1,6 @@ Application->isModuleEnabled($params['name']); } + function _hasPrivileges() + { + return $this->Application->RecallVar('user_id') == -1; + } + function AlreadyInstalled($params) { + if (!$this->_hasPrivileges()) { + // don't show licenses status for non-privileged users + return true; + } + $object =& $this->getObject($params); /* @var $object kDBList */ @@ -34,6 +44,11 @@ function ModuleLicensed($params) { + if (!$this->_hasPrivileges()) { + // don't show licenses status for non-privileged users + return true; + } + $object =& $this->getObject($params); /* @var $object kDBList */ Index: branches/5.0.x/core/kernel/db/db_connection.php =================================================================== diff -u -r12299 -r12365 --- branches/5.0.x/core/kernel/db/db_connection.php (.../db_connection.php) (revision 12299) +++ branches/5.0.x/core/kernel/db/db_connection.php (.../db_connection.php) (revision 12365) @@ -1,6 +1,6 @@ connectionID); + } + + /** * Returns last error code occured * * @return int