diff --git a/addons/captcha/captcha.addon.php b/addons/captcha/captcha.addon.php index a80984e2a..f516b160c 100644 --- a/addons/captcha/captcha.addon.php +++ b/addons/captcha/captcha.addon.php @@ -250,15 +250,15 @@ $oAddonCaptcha = &$GLOBALS['__AddonCaptcha__']; - if(method_exists(&$oAddonCaptcha, $called_position)) + if(method_exists($oAddonCaptcha, $called_position)) { - if(!call_user_func(array(&$oAddonCaptcha, $called_position), &$this)) return false; + if(!call_user_func(array(&$oAddonCaptcha, $called_position), $this)) return false; } $addon_act = Context::get('captcha_action'); - if($addon_act && method_exists(&$oAddonCaptcha, $called_position.'_'.$addon_act)) + if($addon_act && method_exists($oAddonCaptcha, $called_position.'_'.$addon_act)) { - if(!call_user_func(array(&$oAddonCaptcha, $called_position.'_'.$addon_act), &$this)) return false; + if(!call_user_func(array(&$oAddonCaptcha, $called_position.'_'.$addon_act), $this)) return false; } ?> diff --git a/addons/mobile/classes/mobile.class.php b/addons/mobile/classes/mobile.class.php index e59b1ebf9..bd460da87 100644 --- a/addons/mobile/classes/mobile.class.php +++ b/addons/mobile/classes/mobile.class.php @@ -174,12 +174,12 @@ $userAgent = $_SERVER['HTTP_USER_AGENT']; $wap_sid = $_SERVER['HTTP_X_UP_SUBNO']; - if(eregi("SKT11", $userAgent) || eregi("skt", $browserAccept)) { + if(preg_match("/SKT11/i", $userAgent) || preg_match("/skt/i", $browserAccept)) { Context::set('mobile_skt',1); return "wml"; } - elseif(eregi("hdml", $browserAccept)) return "hdml"; - elseif(eregi("CellPhone", $userAgent)) return "mhtml"; + elseif(preg_match("/hdml/i", $browserAccept)) return "hdml"; + elseif(preg_match("/CellPhone/i", $userAgent)) return "mhtml"; return null; } diff --git a/classes/db/DBCubrid.class.php b/classes/db/DBCubrid.class.php index d938d4001..06312e12b 100644 --- a/classes/db/DBCubrid.class.php +++ b/classes/db/DBCubrid.class.php @@ -678,7 +678,7 @@ } } } - else $this->_filterNumber(&$value); + else $this->_filterNumber($value); $column_list[] = '"'.$name.'"'; $value_list[] = $value; @@ -731,7 +731,7 @@ $check_column = false; $value = "'".$this->addQuotes ($value)."'"; } - else $this->_filterNumber(&$value); + else $this->_filterNumber($value); $column_list[] = sprintf ("\"%s\" = %s", $name, $value); } diff --git a/classes/db/DBFirebird.class.php b/classes/db/DBFirebird.class.php index c44ae1e1a..f192c6d97 100644 --- a/classes/db/DBFirebird.class.php +++ b/classes/db/DBFirebird.class.php @@ -689,7 +689,7 @@ else if($output->column_type[$name]!='number') { // if(!$value) $value = 'null'; } - else $this->_filterNumber(&$value); + else $this->_filterNumber($value); $column_list[] = '"'.$name.'"'; $value_list[] = $value; diff --git a/classes/db/DBMssql.class.php b/classes/db/DBMssql.class.php index 272412027..c5f965875 100644 --- a/classes/db/DBMssql.class.php +++ b/classes/db/DBMssql.class.php @@ -548,7 +548,7 @@ $value = ''; } // sql injection 문제로 xml 선언이 number인 경우이면서 넘어온 값이 숫자형이 아니면 숫자형으로 강제 형변환 - else $this->_filterNumber(&$value); + else $this->_filterNumber($value); $column_list[] = '['.$name.']'; $value_list[] = '?'; @@ -593,7 +593,7 @@ $column_list[] = sprintf("[%s] = ?", $name); }else{ if(!$value) $value = ''; - $this->_filterNumber(&$value); + $this->_filterNumber($value); $column_list[] = sprintf("[%s] = %s", $name, $value); } } diff --git a/classes/db/DBMysql.class.php b/classes/db/DBMysql.class.php index 59501f161..0a2160f86 100644 --- a/classes/db/DBMysql.class.php +++ b/classes/db/DBMysql.class.php @@ -116,7 +116,7 @@ **/ function addQuotes($string) { if(version_compare(PHP_VERSION, "5.9.0", "<") && get_magic_quotes_gpc()) $string = stripslashes(str_replace("\\","\\\\",$string)); - if(!is_numeric($string)) $string = @mysql_escape_string($string); + if(!is_numeric($string)) $string = @mysql_real_escape_string($string, $this->fd); return $string; } @@ -445,7 +445,7 @@ } //elseif(!$value || is_numeric($value)) $value = (int)$value; - else $this->_filterNumber(&$value); + else $this->_filterNumber($value); $column_list[] = '`'.$name.'`'; $value_list[] = $value; @@ -475,7 +475,7 @@ if(strpos($name,'.')!==false&&strpos($value,'.')!==false) $column_list[] = $name.' = '.$value; else { if($output->column_type[$name]!='number') $value = "'".$this->addQuotes($value)."'"; - else $this->_filterNumber(&$value); + else $this->_filterNumber($value); $column_list[] = sprintf("`%s` = %s", $name, $value); } diff --git a/classes/db/DBPostgresql.class.php b/classes/db/DBPostgresql.class.php index 94e0fdeff..fdaa1a1fe 100644 --- a/classes/db/DBPostgresql.class.php +++ b/classes/db/DBPostgresql.class.php @@ -569,7 +569,7 @@ class DBPostgresql extends DB } // sql injection 문제로 xml 선언이 number인 경우이면서 넘어온 값이 숫자형이 아니면 숫자형으로 강제 형변환 // elseif (!$value || is_numeric($value)) $value = (int)$value; - else $this->_filterNumber(&$value); + else $this->_filterNumber($value); $column_list[] = $name; $value_list[] = $value; @@ -602,7 +602,7 @@ class DBPostgresql extends DB if ($output->column_type[$name] != 'number') $value = "'" . $this->addQuotes($value) . "'"; // sql injection 문제로 xml 선언이 number인 경우이면서 넘어온 값이 숫자형이 아니면 숫자형으로 강제 형변환 - else $this->_filterNumber(&$value); + else $this->_filterNumber($value); $column_list[] = sprintf("%s = %s", $name, $value); } diff --git a/classes/db/DBSqlite2.class.php b/classes/db/DBSqlite2.class.php index 93f05c941..7802e50e1 100644 --- a/classes/db/DBSqlite2.class.php +++ b/classes/db/DBSqlite2.class.php @@ -425,7 +425,7 @@ } // sql injection 문제로 xml 선언이 number인 경우이면서 넘어온 값이 숫자형이 아니면 숫자형으로 강제 형변환 // elseif(!$value || is_numeric($value)) $value = (int)$value; - else $this->_filterNumber(&$value); + else $this->_filterNumber($value); $column_list[] = $name; $value_list[] = $value; @@ -454,7 +454,7 @@ else { if($output->column_type[$name]!='number') $value = "'".$this->addQuotes($value)."'"; // sql injection 문제로 xml 선언이 number인 경우이면서 넘어온 값이 숫자형이 아니면 숫자형으로 강제 형변환 - else $this->_filterNumber(&$value); + else $this->_filterNumber($value); $column_list[] = sprintf("%s = %s", $name, $value); } @@ -473,7 +473,7 @@ // List the conditional clause $condition = $this->getCondition($output); foreach($table_list as $key => $val) { - $condition = eregi_replace($key.'\\.', $val.'.', $condition); + $condition = preg_replace('/'.$key.'\\./i', $val.'.', $condition); } // List columns foreach($output->columns as $key => $val) { diff --git a/classes/db/DBSqlite3_pdo.class.php b/classes/db/DBSqlite3_pdo.class.php index b2f9abd00..e8a619c61 100644 --- a/classes/db/DBSqlite3_pdo.class.php +++ b/classes/db/DBSqlite3_pdo.class.php @@ -460,7 +460,7 @@ if($output->column_type[$name]!='number') $val_list[] = $this->addQuotes($value); else { - $this->_filterNumber(&$value); + $this->_filterNumber($value); $val_list[] = $value; } @@ -495,7 +495,7 @@ if(strpos($name,'.')!==false&&strpos($value,'.')!==false) $column_list[] = $name.' = '.$value; else { if($output->column_type[$name]!='number') $value = "'".$this->addQuotes($value)."'"; - else $this->_filterNumber(&$value); + else $this->_filterNumber($value); $column_list[] = sprintf("%s = %s", $name, $value); } @@ -514,7 +514,7 @@ // List where cluase $condition = $this->getCondition($output); foreach($table_list as $key => $val) { - $condition = eregi_replace($key.'\\.', $val.'.', $condition); + $condition = preg_replace('/'.$key.'\\./i', $val.'.', $condition); } // List columns foreach($output->columns as $key => $val) { diff --git a/modules/comment/comment.admin.controller.php b/modules/comment/comment.admin.controller.php index 2c1b585cc..59065bcce 100644 --- a/modules/comment/comment.admin.controller.php +++ b/modules/comment/comment.admin.controller.php @@ -33,7 +33,7 @@ $oDB->begin(); // comment into trash - if($isTrash == 'true') $this->_moveCommentToTrash($comment_srl_list, &$oCommentController, &$oDB); + if($isTrash == 'true') $this->_moveCommentToTrash($comment_srl_list, $oCommentController, $oDB); $deleted_count = 0; // Delete the comment posting diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php index c5fd1037b..c66ed8f43 100644 --- a/modules/document/document.controller.php +++ b/modules/document/document.controller.php @@ -143,7 +143,7 @@ class documentController extends document { // List variables if($obj->comment_status) $obj->commentStatus = $obj->comment_status; if(!$obj->commentStatus) $obj->commentStatus = 'DENY'; - if($obj->commentStatus == 'DENY') $this->_checkCommentStatusForOldVersion(&$obj); + if($obj->commentStatus == 'DENY') $this->_checkCommentStatusForOldVersion($obj); if($obj->allow_trackback!='Y') $obj->allow_trackback = 'N'; if($obj->homepage && !preg_match('/^[a-z]+:\/\//i',$obj->homepage)) $obj->homepage = 'http://'.$obj->homepage; if($obj->notify_message != 'Y') $obj->notify_message = 'N'; @@ -202,7 +202,7 @@ class documentController extends document { $obj->lang_code = Context::getLangType(); // Insert data into the DB - if(!$obj->status) $this->_checkDocumentStatusForOldVersion(&$obj); + if(!$obj->status) $this->_checkDocumentStatusForOldVersion($obj); $output = executeQuery('document.insertDocument', $obj); if(!$output->toBool()) { $oDB->rollback(); @@ -278,7 +278,7 @@ class documentController extends document { } // List variables if(!$obj->commentStatus) $obj->commentStatus = 'DENY'; - if($obj->commentStatus == 'DENY') $this->_checkCommentStatusForOldVersion(&$obj); + if($obj->commentStatus == 'DENY') $this->_checkCommentStatusForOldVersion($obj); if($obj->allow_trackback!='Y') $obj->allow_trackback = 'N'; if($obj->homepage && !preg_match('/^[a-z]+:\/\//i',$obj->homepage)) $obj->homepage = 'http://'.$obj->homepage; if($obj->notify_message != 'Y') $obj->notify_message = 'N'; diff --git a/modules/layout/layout.admin.controller.php b/modules/layout/layout.admin.controller.php index 05cb1a49b..f8093645d 100644 --- a/modules/layout/layout.admin.controller.php +++ b/modules/layout/layout.admin.controller.php @@ -404,21 +404,21 @@ **/ function addExtension($layout_srl,$arg,$content){ $oLayoutModel = &getModel('layout'); - $reg = '(<\!\-\- start\-e1 \-\->)(.*)(<\!\-\- end\-e1 \-\->)'; + $reg = '/(<\!\-\- start\-e1 \-\->)(.*)(<\!\-\- end\-e1 \-\->)/i'; $extension_content = '\1' .stripslashes($arg->e1) . '\3'; - $content = eregi_replace($reg,$extension_content,$content); + $content = preg_replace($reg,$extension_content,$content); - $reg = '(<\!\-\- start\-e2 \-\->)(.*)(<\!\-\- end\-e2 \-\->)'; + $reg = '/(<\!\-\- start\-e2 \-\->)(.*)(<\!\-\- end\-e2 \-\->)/i'; $extension_content = '\1' .stripslashes($arg->e2) . '\3'; - $content = eregi_replace($reg,$extension_content,$content); + $content = preg_replace($reg,$extension_content,$content); - $reg = '(<\!\-\- start\-neck \-\->)(.*)(<\!\-\- end\-neck \-\->)'; + $reg = '/(<\!\-\- start\-neck \-\->)(.*)(<\!\-\- end\-neck \-\->)/i'; $extension_content = '\1' .stripslashes($arg->neck) . '\3'; - $content = eregi_replace($reg,$extension_content,$content); + $content = preg_replace($reg,$extension_content,$content); - $reg = '(<\!\-\- start\-knee \-\->)(.*)(<\!\-\- end\-knee \-\->)'; + $reg = '/(<\!\-\- start\-knee \-\->)(.*)(<\!\-\- end\-knee \-\->)/i'; $extension_content = '\1' .stripslashes($arg->knee) . '\3'; - $content = eregi_replace($reg,$extension_content,$content); + $content = preg_replace($reg,$extension_content,$content); return $content; } diff --git a/modules/page/page.api.php b/modules/page/page.api.php index 3cbbc53b1..01c622ef4 100644 --- a/modules/page/page.api.php +++ b/modules/page/page.api.php @@ -16,7 +16,7 @@ $requestMethod = Context::getRequestMethod(); Context::setResponseMethod('HTML'); - $oWidgetController->triggerWidgetCompile(&$page_content); + $oWidgetController->triggerWidgetCompile($page_content); Context::setResponseMethod($requestMethod); $oModule->add('page_content',$page_content); diff --git a/modules/page/page.view.php b/modules/page/page.view.php index 6a9ec03d3..6a01300a6 100644 --- a/modules/page/page.view.php +++ b/modules/page/page.view.php @@ -45,7 +45,9 @@ if($this->module_srl) Context::set('module_srl',$this->module_srl); $page_type_name = strtolower($this->module_info->page_type); - $page_content = call_user_method('_get'.ucfirst($page_type_name).'Content', &$this); + $method = '_get' . ucfirst($page_type_name) . 'Content'; + if (method_exists($this, $method)) $page_content = $this->{$method}(); + else return new Object(-1, sprintf('%s method is not exists', $method)); Context::set('module_info', $this->module_info); Context::set('page_content', $page_content); diff --git a/modules/syndication/syndication.admin.controller.php b/modules/syndication/syndication.admin.controller.php index aa50082e2..c81870c57 100644 --- a/modules/syndication/syndication.admin.controller.php +++ b/modules/syndication/syndication.admin.controller.php @@ -85,7 +85,7 @@ $site_url = preg_replace('/^(http|https):\/\//i','',$config->site_url); $method = 'getSyndicationStatus' . ucfirst(strtolower($target_service)); - if(!method_exists(&$this, $method)) return new Object(-1,'msg_syndication_status_not_support'); + if(!method_exists($this, $method)) return new Object(-1,'msg_syndication_status_not_support'); $output = call_user_func(array(&$this,$method),$site_url); if(!$output->toBool()) return $output; diff --git a/modules/trash/trash.model.php b/modules/trash/trash.model.php index ece45eb89..eb26d5f2e 100644 --- a/modules/trash/trash.model.php +++ b/modules/trash/trash.model.php @@ -13,7 +13,7 @@ class trashModel extends trash $args->trashSrl = $trashSrl; $output = executeQuery('trash.getTrash', $args, $columnList); - $this->_setTrashObject(&$oTrashVO, $output->data); + $this->_setTrashObject($oTrashVO, $output->data); $output->data = $oTrashVO; return $output; @@ -31,7 +31,7 @@ class trashModel extends trash foreach($output->data AS $key=>$value) { $oTrashVO = new TrashVO(); - $this->_setTrashObject(&$oTrashVO, $value); + $this->_setTrashObject($oTrashVO, $value); $output->data[$key] = $oTrashVO; } }