--- mambo/branches/4.6/administrator/components/com_categories/admin.categories.php	2007/04/25 07:31:17	1079
+++ mambo/branches/4.6/administrator/components/com_categories/admin.categories.php	2009/05/28 06:41:09	1756
@@ -2,10 +2,17 @@
 /**
 * @package Mambo
 * @subpackage Categories
-* @copyright  Refer to copyright.php
-* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
 * @author Mambo Foundation Inc see README.php
-*/ 
+* @copyright (C) 2000 - 2009 Mambo Foundation Inc.
+* See COPYRIGHT.php for copyright notices and details.
+* @license GNU/GPL Version 2, see LICENSE.php
+*
+* Redistributions of files must retain the above copyright notice.
+*
+* Mambo is free software; you can redistribute it and/or
+* modify it under the terms of the GNU General Public License
+* as published by the Free Software Foundation; version 2 of the License.
+*/
 
 /** ensure this file is being included by a parent file */
 defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );
@@ -16,7 +23,7 @@
 // get parameters from the URL or submitted form
 $section 	= mosGetParam( $_REQUEST, 'section', 'content' );
 $cid 		= mosGetParam( $_REQUEST, 'cid', array(0) );
-if (!$cid) $id = mosGetParam( $_REQUEST, ‘id’, 0 ); 
+if (!$cid) $id = mosGetParam( $_REQUEST, 'id', 0 ); 
 
 switch ($task) {
 	case 'new':
@@ -118,6 +125,7 @@
 	if (intval( $section ) > 0) {
 		$table = 'content';
 
+		// @RawSQLUse, trivial_implementation, SELECT
 		$query = "SELECT name FROM #__sections WHERE id='$section'";
 		$database->setQuery( $query );
 		$section_name = $database->loadResult();
@@ -127,6 +135,7 @@
 	} else if (strpos( $section, 'com_' ) === 0) {
 		$table = substr( $section, 4 );
 
+		// @RawSQLUse, trivial_implementation, SELECT
 		$query = "SELECT name FROM #__components WHERE link='option=$section'";
 		$database->setQuery( $query );
 		$section_name = $database->loadResult();
@@ -144,6 +153,7 @@
 	}
 
 	// get the total number of records
+	// @RawSQLUse, trivial_implementation, SELECT
 	$query = "SELECT count(*) FROM #__categories WHERE section='$section'";
 	$database->setQuery( $query );
 	$total = $database->loadResult();
@@ -191,6 +201,12 @@
 	;
 	$database->setQuery( $query );
 	$rows = $database->loadObjectList();
+	if ($rows) {
+		foreach($rows as $row) {
+			$row->name = htmlspecialchars( str_replace( '&amp;', '&', $row->name ) );
+			$row->title = htmlspecialchars( str_replace( '&amp;', '&', $row->title ) );
+		}
+	}
 	if ($database->getErrorNum()) {
 		echo $database->stderr();
 		return;
@@ -210,6 +226,7 @@
 	}
 	// number of Trashed Items
 	for ( $i = 0; $i < $count; $i++ ) {
+		// @RawSQLUse, trivial_implementation, SELECT
 		$query = "SELECT COUNT( a.id )"
 		. "\n FROM #__content AS a"
 		. "\n WHERE a.catid = ". $rows[$i]->id
@@ -288,6 +305,7 @@
 
 	// make order list
 	$order = array();
+	// @RawSQLUse, trivial_implementation, SELECT
 	$database->setQuery( "SELECT COUNT(*) FROM #__categories WHERE section='$row->section'" );
 	$max = intval( $database->loadResult() ) + 1;
 
@@ -297,6 +315,7 @@
 
 	// build the html select list for sections
 	if ( $section == 'content' ) {
+		// @RawSQLUse, trivial_implementation, SELECT
 		$query = "SELECT s.id AS value, s.title AS text"
 		. "\n FROM #__sections AS s"
 		. "\n ORDER BY s.ordering"
@@ -333,6 +352,7 @@
 	$lists['link_type'] 		= mosHTML::selectList( $types, 'link_type', 'class="inputbox" size="1"', 'value', 'text' );;
 
 	// build the html select list for ordering
+	// @RawSQLUse, trivial_implementation, SELECT, CONCEPT
 	$query = "SELECT ordering AS value, title AS text"
 	. "\n FROM #__categories"
 	. "\n WHERE section = '$row->section'"
@@ -386,6 +406,7 @@
 
 	if ( $oldtitle ) {
 		if ($oldtitle != $row->title) {
+			// @RawSQLUse, trivial_implementation, UPDATE
 			$database->setQuery( "UPDATE #__menu SET name='$row->title' WHERE name='$oldtitle' AND type='content_category'" );
 			$database->query();
 		}
@@ -395,6 +416,7 @@
 	if ($row->section != 'com_contact_details' &&
 		$row->section != 'com_newsfeeds' &&
 		$row->section != 'com_weblinks') {
+		// @RawSQLUse, trivial_implementation, UPDATE, CONCEPT
 		$query = "UPDATE #__sections SET count=count+1"
 		. "\n WHERE id = '$row->section'"
 		;
@@ -420,13 +442,13 @@
 			break;
 
 		case 'apply':
-			$msg = 'Changes to Category saved';
+			$msg = T_('Changes to Category saved');
 			mosRedirect( 'index2.php?option=com_categories&section='. $redirect .'&task=editA&hidemainmenu=1&id='. $row->id, $msg );
 			break;
 
 			case 'save':
 		default:
-			$msg = 'Category saved';
+			$msg = T_('Category saved');
 			mosRedirect( 'index2.php?option=com_categories&section='. $redirect, $msg );
 			break;
 	}
@@ -483,6 +505,7 @@
 
 	if (count( $cid )) {
 		$cids = implode( ',', $cid );
+		// @RawSQLUse, trivial_implementation, DELETE
 		$database->setQuery( "DELETE FROM #__categories WHERE id IN ($cids)" );
 		if (!$database->query()) {
 			echo "<script> alert('".$database->getErrorMsg()."'); window.history.go(-1); </script>\n";
@@ -587,16 +610,19 @@
 
 	## query to list selected categories
 	$cids = implode( ',', $cid );
+	// @RawSQLUse, trivial_implementation, SELECT
 	$query = "SELECT a.name, a.section FROM #__categories AS a WHERE a.id IN ( ". $cids ." )";
 	$database->setQuery( $query );
 	$items = $database->loadObjectList();
 
 	## query to list items from categories
+	// @RawSQLUse, trivial_implementation, SELECT
 	$query = "SELECT a.title FROM #__content AS a WHERE a.catid IN ( ". $cids ." ) ORDER BY a.catid, a.title";
 	$database->setQuery( $query );
 	$contents = $database->loadObjectList();
 
 	## query to choose section to move to
+	// @RawSQLUse, trivial_implementation, SELECT
 	$query = "SELECT a.name AS `text`, a.id AS `value` FROM #__sections AS a WHERE a.published = '1' ORDER BY a.name";
 	$database->setQuery( $query );
 	$sections = $database->loadObjectList();
@@ -619,6 +645,7 @@
 	$cids = implode( ',', $cid );
 	$total = count( $cid );
 
+	// @RawSQLUse, trivial_implementation, UPDATE
 	$query = 	"UPDATE #__categories SET section = '". $sectionMove ."' "
 	. "WHERE id IN ( ". $cids ." )"
 	;
@@ -627,6 +654,7 @@
 		echo "<script> alert('". $database->getErrorMsg() ."'); window.history.go(-1); </script>\n";
 		exit();
 	}
+	// @RawSQLUse, trivial_implementation, UPDATE
 	$query = 	"UPDATE #__content SET sectionid = '". $sectionMove ."' "
 	. "WHERE catid IN ( ". $cids ." )"
 	;
@@ -657,16 +685,19 @@
 
 	## query to list selected categories
 	$cids = implode( ',', $cid );
+	// @RawSQLUse, trivial_implementation, SELECT
 	$query = "SELECT a.name, a.section FROM #__categories AS a WHERE a.id IN ( ". $cids ." )";
 	$database->setQuery( $query );
 	$items = $database->loadObjectList();
 
 	## query to list items from categories
+	// @RawSQLUse, trivial_implementation, SELECT
 	$query = "SELECT a.title, a.id FROM #__content AS a WHERE a.catid IN ( ". $cids ." ) ORDER BY a.catid, a.title";
 	$database->setQuery( $query );
 	$contents = $database->loadObjectList();
 
 	## query to choose section to move to
+	// @RawSQLUse, trivial_implementation, SELECT
 	$query = "SELECT a.name AS `text`, a.id AS `value` FROM #__sections AS a WHERE a.published = '1' ORDER BY a.name";
 	$database->setQuery( $query );
 	$sections = $database->loadObjectList();
@@ -852,8 +883,8 @@
 	    }
 	}
 	// execute updateOrder for each group
-	foreach ($sections as $section=>$rowid) {
-		$row->updateOrder("section='$section'");
+	foreach ($sections as $sectionid=>$rowid) {
+		$row->updateOrder("section='$sectionid'");
 	} // foreach
 	$msg 	= T_('New ordering saved');
 	mosRedirect( 'index2.php?option=com_categories&section='. $section, $msg );