From 3b2faf5c2c69dd380683215e718bcdbee3792421 Mon Sep 17 00:00:00 2001
From: Steve Sutton <steve@gaslightmedia.com>
Date: Thu, 1 Dec 2016 15:13:10 -0500
Subject: [PATCH] Updating Toolbox and contact admin

For php version on ws6
---
 admin/Contact/contact_setup.inc         |  24 ++---
 admin/Contact/query_contact.phtml       |   3 +-
 admin/Contact/update_contact.phtml      | 104 +++++++++---------
 admin/Toolbox/edit_bus.phtml            |  85 +++++++--------
 admin/Toolbox/list_bus_category.phtml   |  21 ++--
 admin/Toolbox/update_bus.phtml          |  14 +--
 admin/Toolbox/update_bus_category.phtml | 134 ++++++++++++------------
 7 files changed, 197 insertions(+), 188 deletions(-)

diff --git a/admin/Contact/contact_setup.inc b/admin/Contact/contact_setup.inc
index 6a059fb..056242d 100755
--- a/admin/Contact/contact_setup.inc
+++ b/admin/Contact/contact_setup.inc
@@ -1,4 +1,4 @@
-<?
+<?php
 //$Id: contact_setup.inc,v 1.1.1.1 2006/07/13 13:53:50 matrix Exp $
 if(!defined("ENTRIES_PER_PAGE"))
 	{
@@ -25,7 +25,7 @@ if(!defined("PRODUCTION_MODE"))
 	}
 if(!defined("NEWSLETTER"))
 	{
-   define("NEWSLETTER",1); //bool- does the contact database mail out a newsletter? 
+   define("NEWSLETTER",1); //bool- does the contact database mail out a newsletter?
 	}
 
 if(!function_exists("template_read"))
@@ -103,34 +103,34 @@ $navWidth = 7;
    "class_registration" => "Class Registration",
    "ticket_sales" 		=> "Ticket Sales",
    "no_preference" 	=> "No Preference",
-   );		
+   );
  */
 
 function interest($field)
-	{		
+	{
 		echo "<table><tr>";
 		$count = 0;
 		foreach($int_array as $key=>$value)
 		{
 			if($count==0)
-				echo "<td>";		
+				echo "<td>";
 			echo "<input type=\"checkbox\" name=\"interest_$count\" value=\"$key\"";
 			if(strstr($field,$key))
-				echo " checked";				
-			echo ">$value<br>";		
+				echo " checked";
+			echo ">$value<br>";
 			if($count==5)
-				echo "</td><td>";		
+				echo "</td><td>";
 			if($count==11)
-				echo "</td>";		
-			$count++;		
-		}		
+				echo "</td>";
+			$count++;
+		}
 		echo "</tr></TABLE>";
 	}
 
 // default query on create_date
 $c_date_from  = contact_date_entry("","","","fc_month","fc_day","fc_year");
 $c_date_to  = contact_date_entry("","","","tc_month","tc_day","tc_year");
-/*	The following is for setting up the defines and arrays that are needed 
+/*	The following is for setting up the defines and arrays that are needed
  *	based on which table ( customer or contact ) in use
  *  formats for arrays
  * 	$DB_fields[] = array( name =>"{FIELD NAME}", title => "{FIELD TITLE}", type => "{FIELD TYPE}")
diff --git a/admin/Contact/query_contact.phtml b/admin/Contact/query_contact.phtml
index 19e7982..6816f0a 100755
--- a/admin/Contact/query_contact.phtml
+++ b/admin/Contact/query_contact.phtml
@@ -4,8 +4,9 @@ include("contact_setup.inc");
 session_start();
 //$Id: query_contact.phtml,v 1.1.1.1 2006/07/13 13:53:50 matrix Exp $
 /* Includes  */
-session_register("sess_vars");
+//session_register("sess_vars");
 $sess_vars = $HTTP_POST_VARS;
+$_SESSION['sess_vars'] = $sess_vars;
 if(!isset($query_no)) {
 	/* The fields array is sent as a string
 		split it out using : as delimiter */
diff --git a/admin/Contact/update_contact.phtml b/admin/Contact/update_contact.phtml
index 3623172..4a6b54b 100755
--- a/admin/Contact/update_contact.phtml
+++ b/admin/Contact/update_contact.phtml
@@ -8,21 +8,21 @@ if(is_array($interest)){
 $interest = "";
 for($i=0;$i<12;$i++)
 	{
-	$temp = "interest_".$i;		
+	$temp = "interest_".$i;
 	if($$temp)
-		$interest .= $$temp.":";		
+		$interest .= $$temp.":";
 	}
 $interest = substr($interest,0,strlen($interest)-1);
 }
 http_strip($url);
 
 $LAST = count($DB_fields)-1;
-if($REQUEST_METHOD == "POST" || $Command == "Delete") 
+if($_POST || $Command == "Delete")
 	{
-	switch($Command) 
+	switch($Command)
 		{
 		case "Update":
-		for($i=0;$i<count($DB_fields);$i++) 
+		for($i=0;$i<count($DB_fields);$i++)
 			{
 			if($DB_fields[$i][type]=="img")
 				{
@@ -30,16 +30,16 @@ if($REQUEST_METHOD == "POST" || $Command == "Delete")
 				$image = $$tmp;
 				$oldimage = ${$tmp."_old"};
 				$image_name = ${$tmp."_name"};
-				if($image == "none" || $image == "") 
+				if($image == "none" || $image == "")
 					{
 					$image_name = $oldimage;
 					}
-				else 
-					{ 
+				else
+					{
 					$image_name = process_image($image,$image_name);
 					}
 				$delete = ${"delete".$tmp};
-				if($delete==1) 
+				if($delete==1)
 					{
 					$image_name = "";
 					@unlink(ORIGINAL_PATH."/".$oldimage);
@@ -47,13 +47,13 @@ if($REQUEST_METHOD == "POST" || $Command == "Delete")
 					@unlink(THUMB_PATH.$oldimage);
 					@unlink(MIDSIZED_PATH.$oldimage);
 					}
-				}	
+				}
 			}
 		$DB_fields = array_reverse($DB_fields);
 		$qs = "UPDATE ".TABLE." SET ";
-		for($i=0;$i<count($DB_fields);$i++) 
+		for($i=0;$i<count($DB_fields);$i++)
 			{
-			if($DB_fields[$i][type]=="date") 
+			if($DB_fields[$i][type]=="date")
 				{
 				$month =  $DB_fields[$i][name]."_month";
 				$day = $DB_fields[$i][name]."_day";
@@ -63,7 +63,7 @@ if($REQUEST_METHOD == "POST" || $Command == "Delete")
 				if($i != $LAST)
 					$qs .= ",";
 				}
-			elseif($DB_fields[$i][type]=="datetime") 
+			elseif($DB_fields[$i][type]=="datetime")
 				{
 				$month =  $DB_fields[$i][name]."_month";
 				$day = $DB_fields[$i][name]."_day";
@@ -72,98 +72,98 @@ if($REQUEST_METHOD == "POST" || $Command == "Delete")
 				$mm = $DB_fields[$i][name]."_mm";
 				if($$mm == "PM")
 					$$H = $$H + 12;
-				$m = $DB_fields[$i][name]."_min"; 
+				$m = $DB_fields[$i][name]."_min";
 				$date = date("Y-m-d H:i:s T",mktime($$H,$$m,0,$$month,$$day,$$year));
 				$qs .= $DB_fields[$i][name]." = '$date'";
 				if($i != $LAST)
 					$qs .= ",";
 				}
-			elseif($DB_fields[$i][name]!=ID) 
+			elseif($DB_fields[$i][name]!=ID)
 				{
-				if($DB_fields[$i][type]=="img") 
+				if($DB_fields[$i][type]=="img")
 					{
 					$qs .= $DB_fields[$i][name]." = '".$image_name."'";
 					if($i != $LAST)
 						$qs .= ",";
-					}	
+					}
 				elseif($DB_fields[$i][type]=="static")
 					{
 					}
-				elseif($DB_fields[$i][type]=="password") 
+				elseif($DB_fields[$i][type]=="password")
 					{
-					if(($password && $password2) && ($password == $password2)) 
+					if(($password && $password2) && ($password == $password2))
 						{
 						$qs .= $DB_fields[$i][name]." = '".$$DB_fields[$i][name]."'";
 						if($i != $LAST)
 							$qs .= ",";
-						}		
+						}
 					}
-				else 
+				else
 					{
-					$qs .= $DB_fields[$i][name]." = '".$$DB_fields[$i][name]."'";
+					$qs .= $DB_fields[$i][name]." = '".addslashes(stripslashes($$DB_fields[$i][name]))."'";
 					if($i != $LAST)
 						$qs .= ",";
 					}
 				}
-			else 
+			else
 				{
 				$qs = substr($qs,0,strlen($qs)-1);
 				$qs .= " WHERE ".$DB_fields[$i][name]." = ".$$DB_fields[$i][name];
-				}	
+				}
 			}
 		$DB_fields = array_reverse($DB_fields);
-		if(!db_auto_exec($qs)) 
+		if(!db_auto_exec($qs))
 			$ERRORS .= pg_errormessage($dbd).$qs;
-			
+
 	break;
 
 	case "Insert":
 		$create_date = date("m-d-Y");
-		for($i=0;$i<count($DB_fields);$i++) 
+		for($i=0;$i<count($DB_fields);$i++)
 			{
 			if($DB_fields[$i][type]=="img")
 				{
 				$tmp = $DB_fields[$i]['name'];
 				$image = $$tmp;
 				$image_name = ${$tmp."_name"};
-				if($image == "none" || $image == "") 
+				if($image == "none" || $image == "")
 					{
 					$image_name = $oldimage;
 					}
-				else 
-					{ 
+				else
+					{
 					$image_name = process_image($image,$image_name);
 					}
-				}	
+				}
 			}
 		$tmp = "";
 		$tmp_value = "";
-		for($i=0;$i<count($DB_fields);$i++) 
+		for($i=0;$i<count($DB_fields);$i++)
 			{
-			if($DB_fields[$i][name]!=ID) 
+			if($DB_fields[$i][name]!=ID)
 				{
 				if($DB_fields[$i][type]!="static")
 					{
 					$tmp .= $DB_fields[$i][name];
-					$tmp .= ",";	
+					$tmp .= ",";
 					}
 				}
 			}
-		for($i=0;$i<count($DB_fields);$i++) 
+		for($i=0;$i<count($DB_fields);$i++)
 			{
-			if($DB_fields[$i][type]=="date") 
+			if($DB_fields[$i][type]=="date")
 				{
 				$month =  $DB_fields[$i][name]."_month";
 				$day = $DB_fields[$i][name]."_day";
 				$year = $DB_fields[$i][name]."_year";
 				$date = date("Y-m-d H:i:s T",mktime(0,0,0,$$month,$$day,$$year));
 				$tmp_value .= "'$date'";
-				$tmp_value .= ",";	
+				$tmp_value .= ",";
 				}
-			elseif($DB_fields[$i][type]=="static") 
+			elseif($DB_fields[$i][type]=="static")
 				{
 				}
-			elseif($DB_fields[$i][type]=="datetime") 
+			elseif($DB_fields[$i][type]=="datetime")
 				{
 				$month =  $DB_fields[$i][name]."_month";
 				$day = $DB_fields[$i][name]."_day";
@@ -172,33 +172,33 @@ if($REQUEST_METHOD == "POST" || $Command == "Delete")
 				$mm = $DB_fields[$i][name]."_mm";
 				if($$mm == "PM")
 					$$H = $$H + 12;
-				$m = $DB_fields[$i][name]."_min"; 
+				$m = $DB_fields[$i][name]."_min";
 				$date = date("Y-m-d H:i:s T",mktime($$H,$$m,0,$$month,$$day,$$year));
 				$tmp_value .= "'$date'";
-				$tmp_value .= ",";	
+				$tmp_value .= ",";
 				}
 			elseif($DB_fields[$i][type]=="img")
 				{
 				$tmp_value .= "'".$image_name."'";
-				$tmp_value .= ",";	
+				$tmp_value .= ",";
 				}
-			elseif($DB_fields[$i][name]!=ID) 
+			elseif($DB_fields[$i][name]!=ID)
 				{
-				$tmp_value .= "'".$$DB_fields[$i][name]."'";
-				$tmp_value .= ",";	
+				$tmp_value .= "'".addslashes(stripslashes($$DB_fields[$i][name]))."'";
+				$tmp_value .= ",";
 				}
 			}
 	  	// check for all blanks
 		$tmp_blank = str_replace("'","",$tmp_value);
 		$tmp_blank = str_replace(",","",$tmp_blank);
-		if($tmp_blank) 
+		if($tmp_blank)
 			{
-			$qs = "INSERT INTO ".TABLE." 
+			$qs = "INSERT INTO ".TABLE."
 						(".ID.", $tmp create_date)
 				   VALUES
 						(nextval('".SEQUENCE."'), $tmp_value '$create_date')";
-	
-			if(!db_auto_exec($qs)) 
+
+			if(!db_auto_exec($qs))
 				$ERRORS .= pg_errormessage($dbd).$qs;
 			}
 	break;
@@ -207,9 +207,9 @@ if($REQUEST_METHOD == "POST" || $Command == "Delete")
 		$qs = "DELETE FROM ".TABLE."
 			   WHERE ".ID." = $id";
 
-		if(!db_auto_exec($qs)) 
+		if(!db_auto_exec($qs))
 			$ERRORS .= pg_errormessage($dbd).$qs;
-	
+
 	break;
 
 	case "Cancel":
@@ -218,7 +218,7 @@ if($REQUEST_METHOD == "POST" || $Command == "Delete")
 	default:
 		 $ERRORS .= "incorrect value for Command";
 	break;
-	
+
 	}
 
 header("Location: $location");
diff --git a/admin/Toolbox/edit_bus.phtml b/admin/Toolbox/edit_bus.phtml
index 86d6a9c..d723ce7 100755
--- a/admin/Toolbox/edit_bus.phtml
+++ b/admin/Toolbox/edit_bus.phtml
@@ -3,12 +3,12 @@
 include("../../setup.phtml");
 include("toolbox_setup.inc");
 
-if(!$dbd = db_connect()) 
+if(!$dbd = db_connect())
 {
 	html_error(DB_ERROR_MSG, 1);
 }
 
-if(isset($id)) 
+if(isset($id))
 {
 	$qs =  "SELECT	b.*
 	FROM	bus b,bus_category_bus bcb,bus_category bc
@@ -17,17 +17,17 @@ if(isset($id))
 	AND 	bcb.busid = b.id
 	AND 	bcb.catid = bc.id";
 
-	if(!$res = db_exec($dbd, $qs)) 
+	if(!$res = db_exec($dbd, $qs))
 	{
 		html_error(DB_ERROR_MSG.$qs,1);
 	}
 	$row = db_fetch_array($res,0, PGSQL_ASSOC);
-	if(!$row[id]) 
+	if(!$row[id])
 	{
 		html_error(DB_ERROR_MSG.$qs,1);
 	}
 }
-else 
+else
 {
 	$row = array (
 		"name" => "",
@@ -60,7 +60,7 @@ $qs = "SELECT 	id,category
 FROM 	bus_category
 ORDER BY parent,pos";
 
-if(!$altcats = db_exec($dbd,$qs)) 
+if(!$altcats = db_exec($dbd,$qs))
 {
 	html_error(DB_ERROR_MSG.$qs,0);
 }
@@ -70,7 +70,7 @@ if(!$altcats = db_exec($dbd,$qs))
 	function mySubmit()
 	{
 		var check = 0;
-		for( i = 0; i < <?echo pg_numrows($altcats);?>;i++ )	
+		for( i = 0; i < <?echo pg_numrows($altcats);?>;i++ )
 		{
 				if( document.myform.catid.options[i].selected )
 			{
@@ -89,22 +89,23 @@ if(!$altcats = db_exec($dbd,$qs))
 	if(MULTIPLE_CAT)
 	{
 	?>
-	
+
 <form name="myform" action="update_bus.phtml?SID" method="POST" enctype="multipart/form-data" onSubmit="return(mySubmit(this));">
 	<?
 }
 else
 {
 	?>
-	
+
 <form name="myform" action="update_bus.phtml?SID" method="POST" enctype="multipart/form-data">
 	<?
 }
 	echo "<table cellspacing=0 cellpadding=4 width=400 align=center border=0 bgcolor=\"#c0c0c0\">";
 
 		echo "<tr><th colspan=2>Pages:</th></tr>";
-		if(isset($id) && $id != "") 
+		if(isset($id) && $id != "")
 		{
+            $oldalt = array();
 			$qs = "SELECT 	bc.id as catid, bcb.id as id,bc.category,bcb.pos
 			FROM 	bus_category bc,bus_category_bus bcb,bus b
 			WHERE	bcb.busid = $id
@@ -112,58 +113,58 @@ else
 			AND 		b.id = bcb.busid
 			ORDER BY bc.category";
 
-			if(!$altres = db_exec($dbd,$qs)) 
+			if(!$altres = db_exec($dbd,$qs))
 			{
 				html_error(DB_ERROR_MSG.$qs,0);
 			}
 
-			for($rel=0;$rel<db_numrows($altres);$rel++) 
+			for($rel=0;$rel<db_numrows($altres);$rel++)
 			{
 				$altrow = db_fetch_array($altres,$rel,PGSQL_ASSOC);
-				$oldalt[$rel] = array_merge_recursive($altrow,$oldalt);	
+				$oldalt[$rel] = array_merge_recursive($altrow,$oldalt);
 			}
 		}
 	?>
 	<tr><td class="navtd" align="right">Page:</td>
 		<td>
-			<? echo parent_select($catid,NULL,"catid[]");?>	
-			<?$oldcatid = "";	 
-			for($i=0;$i<db_numrows($altcats);$i++) 
-			{	 
-				 $altrow = db_fetch_array($altcats,$i,PGSQL_ASSOC);	 
-				 for($a=0;$a<count($oldalt);$a++) 
-				 {	 
-						if(is_array($oldalt) && ($oldalt[$a][catid] == $altrow[id])) 
-						{	 
-									 $oldcatid .= ":".$altrow[id];	 
-						}	 
-				 }	 
-			 }	 
+			<? echo parent_select($catid,NULL,"catid[]");?>
+			<?$oldcatid = "";
+			for($i=0;$i<db_numrows($altcats);$i++)
+			{
+				 $altrow = db_fetch_array($altcats,$i,PGSQL_ASSOC);
+				 for($a=0;$a<count($oldalt);$a++)
+				 {
+						if(is_array($oldalt) && ($oldalt[$a][catid] == $altrow[id]))
+						{
+									 $oldcatid .= ":".$altrow[id];
+						}
+				 }
+			 }
 
 	 ?>
 		<?if(MULTIPLE_CAT){?>
 		<input type="hidden" name="category" value="">
-		<?}?>	
+		<?}?>
 		<input type="hidden" name="oldcatid" value="<?echo $oldcatid?>">
 </td></tr>
 <?
 echo "<tr><td colspan=2><hr noshade></td></tr>";
 
-foreach($fields as $key=>$value) 
+foreach($fields as $key=>$value)
 {
-	if($value[type] == "text") 
+	if($value[type] == "text")
 	{
 	?>
 	<tr><td class="navtd" align="right"><?echo $value[title]?></td>
-		<td><input name="<?echo $value[name]?>" 
+		<td><input name="<?echo $value[name]?>"
 			value="<?echo htmlspecialchars($row[$value[name]])?>" size=40></td>
 	</tr>
 	<?
 	}
 	elseif($value['type'] == "keyword")
 	{
-		echo "<tr><td class=\"navtd\" align=\"right\"><font color=red>Keyword:</font></td>";	
-		text_box("keyword",htmlspecialchars($row[$value[name]]));		
+		echo "<tr><td class=\"navtd\" align=\"right\"><font color=red>Keyword:</font></td>";
+		text_box("keyword",htmlspecialchars($row[$value[name]]));
 		echo "</tr>";
 	}
 	elseif($value['type'] == "seperator")
@@ -171,13 +172,13 @@ foreach($fields as $key=>$value)
 		echo '<tr><td colspan="2"><hr noshade></td></tr>';
 		echo '<tr><td colspan="2" align="center"><b>'.$value["name"].'</b></td></tr>';
 	}
-	elseif($value[type] == "img") 
+	elseif($value[type] == "img")
 	{
 	echo '
 		<tr></tr>
 		';
 		echo "<input type=\"hidden\" name=\"old".$value[name]."\" value=\"".$row[$value[name]]."\">";
-		if($row[$value[name]] != "") 
+		if($row[$value[name]] != "")
 		{
 			echo "<tr><td class=\"navtd2\" align=\"right\">Current Image:</td>";
 				echo "<td><img src=\"".MIDSIZED.$row[$value[name]]."\">
@@ -195,13 +196,13 @@ foreach($fields as $key=>$value)
 		echo "<td><input type=\"file\" name=\"".$value[name]."\"></td>";
 		echo "</tr>";
 	}
-	elseif($value[type] == "file") 
+	elseif($value[type] == "file")
 	{
 		echo '
 			<tr></tr>
 			';
 		echo "<input type=\"hidden\" name=\"old".$value[name]."\" value=\"".$row[$value[name]]."\">";
-		if($row[$value[name]] != "") 
+		if($row[$value[name]] != "")
 		{
 		echo "<tr><td class=\"navtd2\" align=\"right\">Current File:</td>";
 		echo "<td>".$row[$value[name]]."
@@ -219,17 +220,17 @@ foreach($fields as $key=>$value)
 		echo "<td><input type=\"file\" name=\"".$value[name]."\"></td>";
 		echo "</tr>";
 	}
-	if($value[type] == "desc") 
+	if($value[type] == "desc")
 	{
 		echo "<tr><td class=\"navtd\" align=\"right\">$value[title]:</td>";
 		text_area("$value[name]",htmlspecialchars($row[$value[name]]));
 		echo "</tr>";
 	}
-	elseif($value[type] == "hide") 
+	elseif($value[type] == "hide")
 	{
 		echo "<input type=\"hidden\" name=\"".$value[title]."\" value=\"".$row[$value[name]]."\">";
 	}
-	elseif($value[type] == "bool") 
+	elseif($value[type] == "bool")
 	{
 	echo "<tr><td class=\"navtd\" align=\"right\">$value[title]:</td><td>";
 			echo "<input type=\"radio\" name=\"".$value[name]."\" value=\"t\"".($row[$value[name]]=="t"?" checked":"");
@@ -242,7 +243,7 @@ foreach($fields as $key=>$value)
 }
 htmlcode(570,400);
 echo '<input type="hidden" name="base_parent" value="'.$base_parent.'">';
-if(isset($id)) 
+if(isset($id))
 {
 ?>
 <tr><td colspan=2 align=center>
@@ -251,13 +252,13 @@ if(isset($id))
 		<input type="submit" name="Command" value="Delete" onClick="
 		if(confirm('This will delete this Listing!\n Are you sure?'))
 		return(true);
-		else 
+		else
 		return(false);
 		">
 	</td>
 	<?
 }
-else 
+else
 {
 	form_footer("Insert","",2);
 }
diff --git a/admin/Toolbox/list_bus_category.phtml b/admin/Toolbox/list_bus_category.phtml
index 0548e89..0cc7bf9 100755
--- a/admin/Toolbox/list_bus_category.phtml
+++ b/admin/Toolbox/list_bus_category.phtml
@@ -1,19 +1,22 @@
 <?php
 session_start();
-session_register("expanded");
+//session_register("expanded");
 if( is_numeric( $_GET['expand'] ) )
 {
-	// code for adding expanded 
+	// code for adding expanded
 	$expanded[$_GET['expand']] = $_GET['expand'];
 }
+$_SESSION['expanded'] = $expanded;
 if( is_numeric( $fold ) )
 {
-	// code for folding 
+	// code for folding
 	$oldexp = $expanded;
-	session_unregister("expanded");
+	//session_unregister("expanded");
+    unset($_SESSION['expanded']);
 	unset($oldexp[$fold]);
-	$expanded = $oldexp; 
-	session_register("expanded");
+	$expanded = $oldexp;
+	//session_register("expanded");
+    $_SESSION['expanded'] = $expanded;
 }
 //$Id: list_bus_category.phtml,v 1.1.1.1 2006/07/13 13:53:53 matrix Exp $
 include("../../setup.phtml");
@@ -110,13 +113,13 @@ for($i=0;$i<pg_numrows($res);$i++)
 				FROM 	bus_category
 				WHERE	parent = $parent";
 
-			if(!$maxresult = db_exec($conn,$qs)) 
+			if(!$maxresult = db_exec($conn,$qs))
 			{
 				html_error(DB_ERROR_MSG.$qs,0);
 			}
 			$max_data = db_fetch_array($maxresult,0,PGSQL_ASSOC);
 			$maxpos = $max_data['maxpos'];
-			$pos = "<font size=-4><select name=pos 
+			$pos = "<font size=-4><select name=pos
 				onChange=location.href=this[this.selectedIndex].value;
 			size=1>";
 			for($newpos=1;$newpos<=$maxpos;$newpos++)
@@ -163,7 +166,7 @@ for($i=0;$i<pg_numrows($res);$i++)
 		"endItem" => "</li>");
 if(db_numrows($res) != 0)
 	{
-		$myThread = new Thread($links); 
+		$myThread = new Thread($links);
 		$converted = $myThread->sortChilds($threads); //sort threads by parent
 		print $myThread->convertToThread($converted, $converted[0]); //print the threads
 	}
diff --git a/admin/Toolbox/update_bus.phtml b/admin/Toolbox/update_bus.phtml
index 66a938d..a87eac8 100755
--- a/admin/Toolbox/update_bus.phtml
+++ b/admin/Toolbox/update_bus.phtml
@@ -15,7 +15,7 @@ $location = "../list_bus.phtml?catid=$catid";
 
 http_strip($url);
 
-if(	$REQUEST_METHOD == "POST" || $Command == "Move"	) {
+if(	$_POST || $Command == "Move"	) {
 
 	switch($Command) {
 
@@ -87,12 +87,12 @@ if(	$REQUEST_METHOD == "POST" || $Command == "Move"	) {
 
 		case "Update":
 			$oldcatid = preg_replace("%^:%","",$oldcatid);
-			$oldcatid = split(":",$oldcatid);
+			$oldcatid = preg_split("%:%",$oldcatid);
 
 			if($category)
 			{
 				$category = preg_replace("%^:%","",$category);
-				$catid = split(":",$category);
+				$catid = preg_split("%:%",$category);
 			}
 /*
 		echo "<pre>";
@@ -288,7 +288,7 @@ if(	$REQUEST_METHOD == "POST" || $Command == "Move"	) {
 			if($category)
 			{
 				$category = preg_replace("%^:%","",$category);
-				$catid = split(":",$category);
+				$catid = preg_split("%:%",$category);
 			}
 			if(!$dbd = db_connect()) html_error(DB_ERROR_MSG,0);
 			$tmp = "";
@@ -485,7 +485,7 @@ if(	$REQUEST_METHOD == "POST" || $Command == "Move"	) {
 
 		case "Delete":
 			$oldcatid = preg_replace("%^:%","",$oldcatid);
-			$oldcatid = split(":",$oldcatid);
+			$oldcatid = preg_split("%:%",$oldcatid);
 
 			$qs = "DELETE FROM bus
 				   WHERE id = $id";
@@ -556,9 +556,9 @@ if(	$REQUEST_METHOD == "POST" || $Command == "Move"	) {
 
 		case "Cancel":
 			$oldcatid = preg_replace("%^:%","",$oldcatid);
-			$oldcatid = split(":",$oldcatid);
+			$oldcatid = preg_split("%:%",$oldcatid);
 			$catid = preg_replace("%^:%","",$oldcatid);
-			$catid = split(":",$oldcatid);
+			$catid = preg_split("%:%",$oldcatid);
 			$location = "list_bus.phtml?catid=".$oldcatid[0]."&".SID;
 			break;
 
diff --git a/admin/Toolbox/update_bus_category.phtml b/admin/Toolbox/update_bus_category.phtml
index dd9dc4b..d047b17 100755
--- a/admin/Toolbox/update_bus_category.phtml
+++ b/admin/Toolbox/update_bus_category.phtml
@@ -2,12 +2,16 @@
 //$Id: update_bus_category.phtml,v 1.1.1.1 2006/07/13 13:53:53 matrix Exp $
 include("../../setup.phtml");
 $description = ( trim( strip_tags( $description ) ) != "" ) ? $description :'';
-if($REQUEST_METHOD == "POST" || $Command == "Move") {
+$category    = addslashes(stripslashes($category));
+$description = addslashes(stripslashes($description));
+$intro       = addslashes(stripslashes($intro));
+$imagename   = addslashes(stripslashes($imagename));
+if($_POST || $Command == "Move") {
 	switch($Command) {
 
 		case "Move":
 		if(!$dbd = db_connect()) html_error(DB_ERROR_MSG,0);
-		
+
 		$qs = "SELECT 	pos,id
 			   FROM 	bus_category
 			   WHERE 	id = $id";
@@ -16,7 +20,7 @@ if($REQUEST_METHOD == "POST" || $Command == "Move") {
 
 		$data = db_fetch_array($result,0,PGSQL_ASSOC);
 		$pos = $data['pos'];
-		
+
 		if($newpos < $pos) {
 			$qs = "SELECT 	id,pos
 				   FROM 	bus_category
@@ -26,7 +30,7 @@ if($REQUEST_METHOD == "POST" || $Command == "Move") {
 				   ORDER BY pos";
 
 			if(!$res = db_exec($dbd,$qs)) html_error(DB_ERROR_MSG.$qs,0);
-			
+
 			$counter = ($newpos + 1);
 			for($i=0;$i<db_numrows($res);$i++) {
 				$res_data = db_fetch_array($res,$i,PGSQL_ASSOC);
@@ -35,7 +39,7 @@ if($REQUEST_METHOD == "POST" || $Command == "Move") {
 				$qs = "UPDATE 	bus_category
 					   SET 		pos = $counter
 					   WHERE 	id = $res_id";
-				
+
 				if(!db_exec($dbd,$qs)) html_error(DB_ERROR_MSG.$qs,0);
 				$counter++;
 			}
@@ -49,7 +53,7 @@ if($REQUEST_METHOD == "POST" || $Command == "Move") {
 				   ORDER BY pos";
 
 			if(!$res = db_exec($dbd,$qs)) html_error(DB_ERROR_MSG.$qs,0);
-			
+
 			$counter = ($pos);
 			for($i=0;$i<db_numrows($res);$i++) {
 				$res_data = db_fetch_array($res,$i,PGSQL_ASSOC);
@@ -58,22 +62,22 @@ if($REQUEST_METHOD == "POST" || $Command == "Move") {
 				$qs = "UPDATE 	bus_category
 					   SET 		pos = $counter
 					   WHERE 	id = $res_id";
-				
+
 				if(!db_exec($dbd,$qs)) html_error(DB_ERROR_MSG.$qs,0);
 				$counter++;
 			}
 		}
-		$qs = "UPDATE	bus_category 
+		$qs = "UPDATE	bus_category
 			   SET 		pos = $newpos
 			   WHERE 	id = $id";
 
 		if(!db_exec($dbd,$qs)) html_error(DB_ERROR_MSG.$qs,0);
-	
+
 		$location = "list_bus_category.phtml?catid=$catid";
 	break;
-	
+
 	case "Update":
-		
+
 		if($image != "none" && $image != "") {
 			@unlink(ORIGINAL_PATH."/".$oldimage);
 			@unlink(RESIZED_PATH.$oldimage);
@@ -84,10 +88,10 @@ if($REQUEST_METHOD == "POST" || $Command == "Move") {
 		else {
 			$image_name = $oldimage;
 		}
-		
+
 		if($delete == "1") {
 			$image_name = "";
-			
+
 			@unlink(ORIGINAL_PATH."/".$oldimage);
 			@unlink(RESIZED_PATH.$oldimage);
 			@unlink(THUMB_PATH.$oldimage);
@@ -95,7 +99,7 @@ if($REQUEST_METHOD == "POST" || $Command == "Move") {
 		}
 
 		if(!$dbd = db_connect()) html_error(DB_ERROR_MSG,0);
-		
+
 		if($parent != $oldparent) {
 
 			$qs = "SELECT 	MAX(pos) as maxpos
@@ -106,13 +110,13 @@ if($REQUEST_METHOD == "POST" || $Command == "Move") {
 			$row = db_fetch_array($res,0,PGSQL_ASSOC);
 			$pos = $row[maxpos];
 			$pos++;
-			
-			$qs = "SELECT 	pos,id 
+
+			$qs = "SELECT 	pos,id
 				   FROM 	bus_category
 				   WHERE 	parent = $oldparent
 				   AND 		pos > $oldpos
 				   ORDER BY pos";
-				   
+
 			$res2 = db_exec($dbd,$qs);
 			$oldparent_counter = $oldpos;
 			for($i=0;$i<db_numrows($res2);$i++) {
@@ -124,15 +128,15 @@ if($REQUEST_METHOD == "POST" || $Command == "Move") {
 				db_exec($dbd,$qs);
 				$oldparent_counter++;
 			}
-			
+
 		}
 		else {
 			$pos = $oldpos;
 		}
 		$template = ( $template ) ? $template : 1;
-		
-		$qs = "update bus_category 
-			set category = '$category', 
+
+		$qs = "update bus_category
+			set category = '$category',
 			parent = $parent,
 			pos = $pos,
 			intro = '$intro',
@@ -142,19 +146,19 @@ if($REQUEST_METHOD == "POST" || $Command == "Move") {
 			keyword = '$keyword',
 			template = $template
 			where id = $id";
-		
+
 		if(!db_auto_exec($qs)) html_error("failed ->".$qs,1);
-		
-		$location = "list_bus_category.phtml?".SID; 
-	
+
+		$location = "list_bus_category.phtml?".SID;
+
 	break;
-	
+
 	case "Insert":
-		
+
 		if($image != "none" && $image != "") {
 			$image_name = process_image($image,$image_name);
 		}
-		else { 
+		else {
 			$image_name = $oldimage;
 		}
 
@@ -168,57 +172,57 @@ if($REQUEST_METHOD == "POST" || $Command == "Move") {
 		$row = db_fetch_array($res,0,PGSQL_ASSOC);
 		$nextpos = $row[maxpos];
 		$nextpos++;
-		
+
 		db_close($dbd);
-		
+
 		$template = ( $template ) ? $template : 1;
 		$parent = ( $parent ) ? $parent : 0;
-		$qs = "insert into bus_category 
+		$qs = "insert into bus_category
 			(template,keyword,category,parent,intro,description,image,imagename,pos)
-		 	values 
+		 	values
 			($template,'$keyword','$category',$parent,'$intro','$description','$image_name','$imagename',$nextpos)";
-					
+
 		if(!db_auto_exec($qs)) html_error("failed ->".$qs,1);
-		
-		$location = "list_bus_category.phtml?".SID; 
-	
+
+		$location = "list_bus_category.phtml?".SID;
+
 	break;
-	
+
 	case "Delete":
-		
+
 		$dbd = db_connect();
-		
+
 		if(!$dbd) html_erro(DB_ERROR_MSG,1);
-		
-		$qs = "SELECT 	count(*) as count 
+
+		$qs = "SELECT 	count(*) as count
 			   FROM  	bus_category_bus
 			   WHERE 	catid = $id";
-		
+
 		$res = db_exec($dbd,$qs);
 		$row = db_fetch_array($res,0,PGSQL_ASSOC);
 
 		if($row['count'] >0) {
-			html_error("Sorry but you have items in there\n 
-						Delete these records first\n",1); 
+			html_error("Sorry but you have items in there\n
+						Delete these records first\n",1);
 		}
-		
-		$qs = "SELECT 	parent 
-			   FROM  	bus_category 
+
+		$qs = "SELECT 	parent
+			   FROM  	bus_category
 			   WHERE 	parent = $id";
-		
+
 		$res = db_exec($dbd,$qs);
 
 		if(db_numrows($res) >0) {
-			html_error("Sorry but you have Categories in there\n 
-						Delete these Categories first\n",1); 
+			html_error("Sorry but you have Categories in there\n
+						Delete these Categories first\n",1);
 		}
-		
-		$qs = "SELECT 	pos,id 
+
+		$qs = "SELECT 	pos,id
 			   FROM 	bus_category
 			   WHERE 	parent = $oldparent
 			   AND 		pos > $oldpos
 			   ORDER BY pos";
-				   
+
 		$res2 = db_exec($dbd,$qs);
 		$oldparent_counter = $oldpos;
 		for($i=0;$i<db_numrows($res2);$i++) {
@@ -230,31 +234,31 @@ if($REQUEST_METHOD == "POST" || $Command == "Move") {
 			db_exec($dbd,$qs);
 			$oldparent_counter++;
 		}
-		
-		$qs2 = "DELETE 
-				FROM 		bus_category 
+
+		$qs2 = "DELETE
+				FROM 		bus_category
 			    WHERE  		id = $id";
-		
+
 		if(!db_auto_exec($qs2)) html_error(DB_ERROR_MSG.$qs2,1);
-		
+
 		@unlink(ORIGINAL_PATH."/".$oldimage);
 		@unlink(RESIZED_PATH.$oldimage);
 		@unlink(THUMB_PATH.$oldimage);
 		@unlink(MIDSIZED_PATH.$oldimage);
-		
-		$location = "list_bus_category.phtml?".SID; 
-	
+
+		$location = "list_bus_category.phtml?".SID;
+
 	break;
-	
+
 	case "Cancel":
-		$location = "list_bus_category.phtml?".SID; 
+		$location = "list_bus_category.phtml?".SID;
 	break;
-	
+
 	default:
 		html_error("incorrect value for Command",1);
 	break;
 	}
-	
+
 header("Location: $location");
 }
 ?>
-- 
2.17.1