[Fusionforge-commits] r7086 - in trunk/gforge: common/include www/project/admin

Roland Mas lolando at libremir.placard.fr.eu.org
Fri Feb 27 13:38:35 CET 2009


Author: lolando
Date: 2009-02-27 13:38:35 +0100 (Fri, 27 Feb 2009)
New Revision: 7086

Modified:
   trunk/gforge/common/include/FusionForge.class.php
   trunk/gforge/common/include/Group.class.php
   trunk/gforge/common/include/GroupJoinRequest.class.php
   trunk/gforge/common/include/Permission.class.php
   trunk/gforge/common/include/PluginManager.class.php
   trunk/gforge/common/include/Role.class.php
   trunk/gforge/common/include/RoleObserver.class.php
   trunk/gforge/common/include/cron_utils.php
   trunk/gforge/common/include/forms.php
   trunk/gforge/common/include/gettext.php
   trunk/gforge/common/include/license.php
   trunk/gforge/www/project/admin/editgroupinfo.php
Log:
Began conversion from db_query() to db_query_params()

Modified: trunk/gforge/common/include/FusionForge.class.php
===================================================================
--- trunk/gforge/common/include/FusionForge.class.php	2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/common/include/FusionForge.class.php	2009-02-27 12:38:35 UTC (rev 7086)
@@ -3,6 +3,7 @@
  * FusionForge top-level information
  *
  * Copyright 2002, GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -41,7 +42,8 @@
 	}
 
 	function getNumberOfPublicHostedProjects() {
-		$res=db_query("SELECT count(*) AS count FROM groups WHERE status='A' AND is_public=1");	
+		$res = db_query_params ('SELECT count(*) AS count FROM groups WHERE status=$1 AND is_public=1',
+				      array ('A'));	
 		if (!$res || db_numrows($res) < 1) {
 			$this->setError('Unable to get hosted project count: '.db_error());
 			return false;
@@ -50,7 +52,8 @@
 	}
 
 	function getNumberOfHostedProjects() {
-		$res=db_query("SELECT count(*) AS count FROM groups WHERE status='A'");	
+		$res = db_query_params ('SELECT count(*) AS count FROM groups WHERE status=$1',
+					array ('A'));	
 		if (!$res || db_numrows($res) < 1) {
 			$this->setError('Unable to get hosted project count: '.db_error());
 			return false;
@@ -59,7 +62,8 @@
 	}
 
 	function getNumberOfActiveUsers() {
-	  $res = db_query("SELECT count(*) AS count FROM users WHERE status='A' and user_id != 100");
+		$res = db_query_params ('SELECT count(*) AS count FROM users WHERE status=$1 and user_id != 100',
+					array ('A'));
 		if (!$res || db_numrows($res) < 1) {
 			$this->setError('Unable to get user count: '.db_error());
 			return false;
@@ -69,25 +73,24 @@
 
 
 	function getPublicProjectNames() {
-		$res = db_query("SELECT unix_group_name FROM groups WHERE status='A' AND is_public=1");
+		$res = db_query_params ('SELECT unix_group_name FROM groups WHERE status=$1 AND is_public=1',
+					array ('A'));
 		if (!$res) {
 			$this->setError('Unable to get list of public projects: '.db_error());
 			return false;
 		}
 		$rows=db_numrows($res);
 		$result = array();
-    for ($i=0; $i<$rows; $i++) {
+		for ($i=0; $i<$rows; $i++) {
 			$result[$i] = db_result($res, $i, 'unix_group_name');
-    }
+		}
 		return $result;
 	}
 	
 	function parseCount($res) {
-    $row_count = db_fetch_array($res);
-    return $row_count['count'];
+		$row_count = db_fetch_array($res);
+		return $row_count['count'];
 	}
-
-
 }
 
 // Local Variables:

Modified: trunk/gforge/common/include/Group.class.php
===================================================================
--- trunk/gforge/common/include/Group.class.php	2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/common/include/Group.class.php	2009-02-27 12:38:35 UTC (rev 7086)
@@ -3,6 +3,7 @@
  * FusionForge groups
  *
  * Copyright 1999-2001, VA Linux Systems, Inc.
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -50,7 +51,7 @@
 function & group_get_licenses() {
 	global $LICENSE_NAMES;
 	if(empty($LICENSE_NAMES)) {
-		$result = db_query('select * from licenses');
+		$result = db_query_params ('select * from licenses', array());
 		while($data = db_fetch_array($result)) {
 			$LICENSE_NAMES[$data['license_id']] = $data['license_name'];
 		}
@@ -88,7 +89,7 @@
 		if ($res) {
 			//the db result handle was passed in
 		} else {
-			$res=db_query("SELECT * FROM groups WHERE group_id='$group_id'");
+			$res = db_query_params ('SELECT * FROM groups WHERE group_id=$1', array ($group_id)) ;
 		}
 		if (!$res || db_numrows($res) < 1) {
 			$GROUP_OBJ["_".$group_id."_"]=false;
@@ -129,7 +130,8 @@
 		}
 	}
 	if (count($fetch) > 0) {
-		$res=db_query("SELECT * FROM groups WHERE group_id IN ('".implode($fetch,'\',\'') ."')");
+		$res=db_query_params ('SELECT * FROM groups WHERE group_id = ANY ($1)',
+				      array (db_int_array_to_any_clause ($fetech))) ;
 		while ($arr =& db_fetch_array($res)) {
 			$GROUP_OBJ["_".$arr['group_id']."_"] = new Group($arr['group_id'],$arr);
 			$return[] =& $GROUP_OBJ["_".$arr['group_id']."_"];
@@ -139,20 +141,21 @@
 }
 
 function &group_get_object_by_name($groupname) {
-	$res=db_query("SELECT * FROM groups WHERE unix_group_name='$groupname'");
+	$res=db_query_params('SELECT * FROM groups WHERE unix_group_name=$1', array ($groupname)) ;
 	return group_get_object(db_result($res,0,'group_id'),$res);
 }
 
 function &group_get_objects_by_name($groupname_arr) {
-	$sql="SELECT group_id FROM groups WHERE unix_group_name IN ('".implode($groupname_arr,'\',\'')."')";
-	$res=db_query($sql);
+	$res=db_query_params ('SELECT group_id FROM groups WHERE unix_group_name = ANY ($1)',
+			      array (db_string_array_to_any_clause ($groupname_arr))
+		);
 	$arr =& util_result_column_to_array($res,0);
 	return group_get_objects($arr);
 }
 
 function &group_get_object_by_publicname($groupname) {
-	$res=db_query("SELECT * FROM groups WHERE group_name ILIKE '" .
-		htmlspecialchars($groupname) . "'");
+	$res=db_query_params ('SELECT * FROM groups WHERE group_name ILIKE $1',
+			      array ($groupname)) ;
 
        return group_get_object(db_result($res,0,'group_id'),$res);
 }
@@ -255,7 +258,8 @@
 	 *	@param	int	The group_id.
 	 */
 	function fetchData($group_id) {
-		$res = db_query("SELECT * FROM groups WHERE group_id='$group_id'");
+		$res = db_query_params ('SELECT * FROM groups WHERE group_id=$1',
+					array ($group_id));
 		if (!$res || db_numrows($res) < 1) {
 			$this->setError(sprintf(_('fetchData():: %s'),db_error()));
 			return false;
@@ -288,7 +292,8 @@
 		} else if (!account_groupnamevalid($unix_name)) {
 			$this->setError(_('Invalid Unix name'));
 			return false;
-		} else if (db_numrows(db_query("SELECT group_id FROM groups WHERE unix_group_name='$unix_name'")) > 0) {
+		} else if (db_numrows(db_query_params('SELECT group_id FROM groups WHERE unix_group_name=$1',
+						      array ($unix_name))) > 0) {
 			$this->setError(_('Unix name already taken'));
 			return false;
 		} else if (strlen($purpose)<10) {
@@ -319,7 +324,7 @@
 	
 			db_begin();
 	
-			$res = db_query("
+			$res = db_query_params ('
 				INSERT INTO groups (
 					group_name,
 					is_public,
@@ -337,25 +342,22 @@
                                         enable_anonscm,
 					rand_hash
 				)
-				VALUES (
-					'".htmlspecialchars($group_name)."',
-					'$is_public',
-					'$unix_name',
-					'".htmlspecialchars($description)."',
-					'$unix_name.".$GLOBALS['sys_default_domain']."',
-					'$unix_name.".$GLOBALS['sys_default_domain']."',
-					'P',
-					'$unix_box',
-					'$scm_box',
-					'$license',
-					'".htmlspecialchars($purpose)."',
-					".time().",
-					'".htmlspecialchars($license_other)."',
-					'$is_public',
-					'".md5($random_num)."'
-				)
-			");
-	
+				VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15)',
+						array ($group_name,
+						       $is_public,
+						       $unix_name,
+						       htmlspecialchars($description),
+						       $unix_name.".".$GLOBALS['sys_default_domain'],
+						       $unix_name.".".$GLOBALS['sys_default_domain'],
+						       'P',
+						       $unix_box,
+						       $scm_box,
+						       $license,
+						       htmlspecialchars($purpose),
+						       time(),
+						       htmlspecialchars($license_other),
+						       $is_public,
+						       md5($random_num)	)) ;
 			if (!$res || db_affected_rows($res) < 1) {
 				$this->setError(sprintf(_('ERROR: Could not create group: %s'),db_error()));
 				db_rollback();
@@ -372,11 +374,16 @@
 			//
 			// Now, make the user an admin
 			//
-			$sql="INSERT INTO user_group ( user_id, group_id, admin_flags,
+			$res=db_query_params ('INSERT INTO user_group ( user_id, group_id, admin_flags,
 				cvs_flags, artifact_flags, forum_flags, role_id)
-				VALUES ( ".$user->getID().", '$id', 'A', 1, 2, 2, 1)";
-	
-			$res=db_query($sql);
+				VALUES ($1, $2, $3, $4, $5, $6, $7)', 
+					      array ($user->getID(),
+						     $id,
+						     'A',
+						     1,
+						     2,
+						     2,
+						     1));
 			if (!$res || db_affected_rows($res) < 1) {
 				$this->setError(sprintf(_('ERROR: Could not add admin to newly created group: %s'),db_error()));
 				db_rollback();
@@ -431,13 +438,17 @@
 
 		db_begin();
 
-		$res = db_query("
+		$res = db_query_params ('
 			UPDATE groups
-			SET is_public='$is_public',
-				license='$license',type_id='$type_id',
-				unix_box='$unix_box',http_domain='$http_domain'
-			WHERE group_id='".$this->getID()."'
-		");
+			SET is_public=$1, license=$2, type_id=$3,
+				unix_box=$4, http_domain=$5
+			WHERE group_id=$6',
+					array ($is_public,
+					       $license,
+					       $type_id,
+					       $unix_box,
+					       $http_domain,
+					       $this->getID())) ;
 
 		if (!$res || db_affected_rows($res) < 1) {
 			$this->setError(_('ERROR: DB: Could not change group properties: %s'),db_error());
@@ -474,20 +485,10 @@
 	 *	update - Update number of common properties.
 	 *
 	 *	Unlike updateAdmin(), this function accessible to project admin.
-	 *
-	 *	@param	object	User requesting operation (for access control).
-	 *	@param	bool	Whether group is publicly accessible (0/1).
-	 *	@param	string	Project's license (string ident).
-	 *	@param	int		Group type (1-project, 2-foundry).
-	 *	@param	string	Machine on which group's home directory located.
-	 *	@param	string	Domain which serves group's WWW.
-	 *	@return int	status.
-	 *	@access public.
 	 */
 	function update(&$user, $group_name,$homepage,$short_description,$use_mail,$use_survey,$use_forum,
-		$use_pm,$use_pm_depend_box,$use_scm,$use_news,$use_docman,
-		$new_doc_address,$send_all_docs,$logo_image_id,
-		$enable_pserver,$enable_anonscm,
+			$use_pm,$use_pm_depend_box,$use_scm,$use_news,$use_docman,
+			$new_doc_address,$send_all_docs,$logo_image_id,
 			$use_ftp,$use_tracker,$use_frs,$use_stats,$is_public) {
 
 		$perm =& $this->getPermission($user);
@@ -569,42 +570,45 @@
 		db_begin();
 
 		//XXX not yet actived logo_image_id='$logo_image_id', 
-		$sql = "
-			UPDATE groups
-			SET 
-				group_name='".htmlspecialchars($group_name)."',
-				homepage='$homepage',
-				short_description='".htmlspecialchars($short_description)."',
-				use_mail='$use_mail',
-				use_survey='$use_survey',
-				use_forum='$use_forum',
-				use_pm='$use_pm',
-				use_pm_depend_box='$use_pm_depend_box',
-				use_scm='$use_scm',
-				use_news='$use_news',
-				use_docman='$use_docman',
-                                is_public='$is_public',
-				new_doc_address='$new_doc_address',
-				send_all_docs='$send_all_docs',
-		";
-		if ($enable_pserver != '') {
-		$sql .= "
-				enable_pserver='$enable_pserver',
-		";
-		}
-		if ($enable_anonscm != '') {
-		$sql .= "
-				enable_anonscm='$enable_anonscm',
-		";
-		}
-		$sql .= "
-				use_ftp='$use_ftp',
-				use_tracker='$use_tracker',
-				use_frs='$use_frs',
-				use_stats='$use_stats'
-			WHERE group_id='".$this->getID()."'
-		";
-		$res = db_query($sql);
+		$res = db_query_params ('UPDATE groups
+			SET 	group_name=$1,
+				homepage=$2,
+				short_description=$3,
+				use_mail=$4,
+				use_survey=$5,
+				use_forum=$6,
+				use_pm=$7,
+				use_pm_depend_box=$8,
+				use_scm=$9,
+				use_news=$10,
+				use_docman=$11,
+                                is_public=$12,
+				new_doc_address=$13,
+				send_all_docs=$14,
+				use_ftp=$15,
+				use_tracker=$16,
+				use_frs=$17,
+				use_stats=$18
+			WHERE group_id=$19',
+					array (htmlspecialchars($group_name),
+					       $homepage,
+					       htmlspecialchars($short_description),
+					       $use_mail,
+					       $use_survey,
+					       $use_forum,
+					       $use_pm,
+					       $use_pm_depend_box,
+					       $use_scm,
+					       $use_news,
+					       $use_docman,
+					       $is_public,
+					       $new_doc_address,
+					       $send_all_docs,
+					       $use_ftp,
+					       $use_tracker,
+					       $use_frs,
+					       $use_stats,
+					       $this->getID() )) ;
 
 		if (!$res) {
 			$this->setError(sprintf(_('Error updating project information: %s'), db_error()));
@@ -700,9 +704,9 @@
 
 		db_begin();
 
-		$res = db_query("UPDATE groups
-			SET status='$status'
-			WHERE group_id='". $this->getID()."'");
+		$res = db_query_params ('UPDATE groups
+			SET status=$1
+			WHERE group_id=$2', array ($status, $this->getID())) ;
 
 		if (!$res || db_affected_rows($res) < 1) {
 			$this->setError(sprintf(_('ERROR: DB: Could not change group status: %s'),db_error()));
@@ -865,8 +869,7 @@
 	function setSCMBox($scm_box) {
 		if ($scm_box) {
 			db_begin();
-			$sql = "UPDATE groups SET scm_box = '$scm_box' WHERE group_id = ".$this->getID();
-			$res = db_query($sql);
+			$res = db_query_params ('UPDATE groups SET scm_box=$1 WHERE group_id=$2', array ($scm_box, $this->getID ()));
 			if ($res) {
 				$this->addHistory('scm_box', $this->data_array['scm_box']);
 				$this->data_array['scm_box']=$scm_box;
@@ -945,8 +948,8 @@
 	 */
 	function &getAdmins() {
 		// this function gets all group admins in order to send Jabber and mail messages
-		$q = "SELECT user_id FROM user_group WHERE admin_flags = 'A' AND group_id = ".$this->getID();
-		$res = db_query($q);
+		$res = db_query_params ('SELECT user_id FROM user_group WHERE admin_flags=$1 AND group_id=$2',
+				       array ('A', $this->getID()));
 		$user_ids=util_result_column_to_array($res);
 		return user_get_objects($user_ids);
 	}
@@ -973,8 +976,8 @@
 	function SetUsesAnonSCM ($booleanparam) {
 		db_begin () ;
 		$booleanparam = $booleanparam ? 1 : 0 ;
-		$sql = "UPDATE groups SET enable_anonscm = $booleanparam WHERE group_id = ".$this->getID() ;
-		$res = db_query($sql);
+		$res = db_query_params ('UPDATE groups SET enable_anonscm=$1 WHERE group_id=$2',
+					array ($booleanparam, $this->getID()));
 		if ($res) {
 			$this->data_array['enable_anonscm']=$booleanparam;
 			db_commit () ;
@@ -1000,8 +1003,8 @@
 	function SetUsesPserver ($booleanparam) {
 		db_begin () ;
 		$booleanparam = $booleanparam ? 1 : 0 ;
-		$sql = "UPDATE groups SET enable_pserver = $booleanparam WHERE group_id = ".$this->getID() ;
-		$res = db_query($sql);
+		$res = db_query_params ('UPDATE groups SET enable_pserver=$1 WHERE group_id=$2',
+					array ($booleanparam, $this->getID()));
 		if ($res) {
 			$this->data_array['enable_pserver']=$booleanparam;
 			db_commit () ;
@@ -1168,11 +1171,10 @@
 	function getPlugins() {
 		if (!isset($this->plugins_data)) {
 			$this->plugins_data = array () ;
-			$sql="SELECT group_plugin.plugin_id, plugins.plugin_name
-							  FROM group_plugin, plugins
-				  WHERE group_plugin.group_id=".$this->getID()."
-								AND group_plugin.plugin_id = plugins.plugin_id" ;
-			$res=db_query($sql);
+			$res = db_query_params ('SELECT group_plugin.plugin_id, plugins.plugin_name
+						 FROM group_plugin, plugins
+                                                 WHERE group_plugin.group_id=$1
+						   AND group_plugin.plugin_id=plugins.plugin_id', array ($this->getID()));
 			$rows = db_numrows($res);
 
 			for ($i=0; $i<$rows; $i++) {
@@ -1211,10 +1213,8 @@
 			// State is already good, returning
 			return true ;
 		}
-		$sql="SELECT plugin_id
-			  FROM plugins
-			  WHERE plugin_name = '" . $pluginname . "'" ;
-		$res=db_query($sql);
+		$res = db_query_params ('SELECT plugin_id FROM plugins WHERE plugin_name=$1',
+					array ($pluginname));
 		$rows = db_numrows($res);
 		if ($rows == 0) {
 			// Error: no plugin by that name
@@ -1224,15 +1224,14 @@
 		// Invalidate cache
 		unset ($this->plugins_data) ;
 		if ($val) {
-			$sql="INSERT INTO group_plugin (group_id, plugin_id)
-							  VALUES (". $this->getID() . ", ". $plugin_id .")" ;
-			$res=db_query($sql);
+			$res = db_query_params ('INSERT INTO group_plugin (group_id, plugin_id) VALUES ($1, $2)',
+						array ($this->getID(),
+						       $plugin_id));
 			return $res ;
 		} else {
-			$sql="DELETE FROM group_plugin
-				WHERE group_id = ". $this->getID() . "
-				AND plugin_id = ". $plugin_id ;
-			$res=db_query($sql);
+			$res = db_query_params ('DELETE FROM group_plugin WHERE group_id=$1 AND plugin_id=$2',
+						array ($this->getID(),
+						       $plugin_id));
 			return $res ;
 		}
 	}
@@ -1365,7 +1364,8 @@
 		//	Delete FRS Packages
 		//
 		//$frspf = new FRSPackageFactory($this);
-		$res=db_query("SELECT * FROM frs_package WHERE group_id='".$this->getID()."'");
+		$res = db_query_params ('SELECT * FROM frs_package WHERE group_id=$A',
+					array ($this->getID())) ;
 //echo 'frs_package'.db_error();
 		//$frsp_arr =& $frspf->getPackages();
 		while ($arr = db_fetch_array($res)) {
@@ -1380,36 +1380,43 @@
 		//	Delete news
 		//
 		$news_group=&group_get_object($GLOBALS['sys_news_group']);
-		$res=db_query("SELECT forum_id FROM news_bytes WHERE group_id='".$this->getID()."'");
+		$res = db_query_params ('SELECT forum_id FROM news_bytes WHERE group_id=$1',
+					array ($this->getID())) ;
 		for ($i=0; $i<db_numrows($res); $i++) {
 			$Forum = new Forum($news_group,db_result($res,$i,'forum_id'));
 			if (!$Forum->delete(1,1)) {
 				printf (_("Could Not Delete News Forum: %d"),$Forum->getID());
 			}
 		}
-		$res=db_query("DELETE FROM news_bytes WHERE group_id='".$this->getID()."'");
+		$res = db_query_params ('DELETE FROM news_bytes WHERE group_id=$1',
+					array ($this->getID())) ;
 
 		//
 		//	Delete docs
 		//
-		$res=db_query("DELETE FROM doc_data WHERE group_id='".$this->getID()."'");
+		$res = db_query_params ('DELETE FROM doc_data WHERE group_id=$1',
+					array ($this->getID())) ;
 //echo 'doc_data'.db_error();
-		$res=db_query("DELETE FROM doc_groups WHERE group_id='".$this->getID()."'");
+		$res = db_query_params ('DELETE FROM doc_groups WHERE group_id=$1',
+					array ($this->getID())) ;
 //echo 'doc_groups'.db_error();
 		//
 		//	Delete group history
 		//
-		$res=db_query("DELETE FROM group_history WHERE group_id='".$this->getID()."'");
+		$res = db_query_params ('DELETE FROM group_history WHERE group_id=$1',
+					array ($this->getID())) ;
 //echo 'group_history'.db_error();
 		//
 		//	Delete group plugins
 		//
-		$res=db_query("DELETE FROM group_plugin WHERE group_id='".$this->getID()."'");
+		$res = db_query_params ('DELETE FROM group_plugin WHERE group_id=$1',
+					array ($this->getID())) ;
 //echo 'group_plugin'.db_error();
 		//
 		//	Delete group cvs stats
 		//
-		$res=db_query("DELETE FROM stats_cvs_group WHERE group_id='".$this->getID()."'");
+		$res = db_query_params ('DELETE FROM stats_cvs_group WHERE group_id=$1',
+					array ($this->getID())) ;
 //echo 'stats_cvs_group'.db_error();
 		//
 		//	Delete Surveys
@@ -1455,18 +1462,23 @@
 		//
 		//	Delete trove
 		//
-		$res=db_query("DELETE FROM trove_group_link WHERE group_id='".$this->getID()."'");
-		$res=db_query("DELETE FROM trove_agg WHERE group_id='".$this->getID()."'");
+		$res = db_query_params ('DELETE FROM trove_group_link WHERE group_id=$1',
+					array ($this->getID())) ;
+		$res = db_query_params ('DELETE FROM trove_agg WHERE group_id=$1',
+					array ($this->getID())) ;
 		//
 		//	Delete counters
 		//
-		$res=db_query("DELETE FROM project_sums_agg WHERE group_id='".$this->getID()."'");
+		$res = db_query_params ('DELETE FROM project_sums_agg WHERE group_id=$1',
+					array ($this->getID())) ;
 //echo 'project_sums_agg'.db_error();
-		$res=db_query("INSERT INTO deleted_groups (
-		unix_group_name,delete_date,isdeleted) VALUES 
-		('".$this->getUnixName()."','".time()."','0')");
+		$res = db_query_params ('INSERT INTO deleted_groups (unix_group_name,delete_date,isdeleted) VALUES ($1, $2, $3)',
+					array ($this->getUnixName(),
+					       time(),
+					       0)) ;
 //echo 'InsertIntoDeleteQueue'.db_error();
-		$res=db_query("DELETE FROM groups WHERE group_id='".$this->getID()."'");
+		$res = db_query_params ('DELETE FROM groups WHERE group_id=$1',
+					array ($this->getID())) ;
 //echo 'DeleteGroup'.db_error();
 		db_commit();
 		if (!$res) {
@@ -1487,11 +1499,14 @@
 		//
 		//	Delete reporting
 		//
-		$res=db_query("DELETE FROM rep_group_act_weekly WHERE group_id='".$this->getID()."'");
+		$res = db_query_params ('DELETE FROM rep_group_act_monthly WHERE group_id=$1',
+					array ($this->getID())) ;
+//echo 'rep_group_act_monthly'.db_error();
+		$res = db_query_params ('DELETE FROM rep_group_act_weekly WHERE group_id=$1',
+					array ($this->getID())) ;
 //echo 'rep_group_act_weekly'.db_error();
-		$res=db_query("DELETE FROM rep_group_act_monthly WHERE group_id='".$this->getID()."'");
-//echo 'rep_group_act_monthly'.db_error();
-		$res=db_query("DELETE FROM rep_group_act_daily WHERE group_id='".$this->getID()."'");
+		$res = db_query_params ('DELETE FROM rep_group_act_daily WHERE group_id=$1',
+					array ($this->getID())) ;
 //echo 'rep_group_act_daily'.db_error();
 		unset($this->data_array);
 		return true;
@@ -1531,10 +1546,10 @@
 		/*
 			get user id for this user's unix_name
 		*/
-		if (preg_match('/^\d/',$user_unix_name)) {
-			$res_newuser = db_query("SELECT * FROM users WHERE user_id='". intval($user_unix_name) ."'");
+		if (is_int ($user_unix_name)) {
+			$res_newuser = db_query_params ('SELECT * FROM users WHERE user_id=$1', array ($user_unix_name)) ;
 		} else {
-			$res_newuser = db_query("SELECT * FROM users WHERE user_name='". strtolower($user_unix_name) ."'");
+			$res_newuser = db_query_params ('SELECT * FROM users WHERE user_name=$1', array ($user_unix_name)) ;
 		}
 		if (db_numrows($res_newuser) > 0) {
 			//
@@ -1554,18 +1569,29 @@
 			//
 			//	if not already a member, add them
 			//
-			$res_member = db_query("SELECT user_id 
+			$res_member = db_query_params ('SELECT user_id 
 				FROM user_group 
-				WHERE user_id='$user_id' AND group_id='". $this->getID() ."'");
+				WHERE user_id=$1 AND group_id=$2',
+						       array ($user_id, $this->getID())) ;
 
 			if (db_numrows($res_member) < 1) {
 				//
 				//	Create this user's row in the user_group table
 				//
-				$res=db_query("INSERT INTO user_group 
+				$res = db_query_params ('INSERT INTO user_group 
 					(user_id,group_id,admin_flags,forum_flags,project_flags,
 					doc_flags,cvs_flags,member_role,release_flags,artifact_flags)
-					VALUES ('$user_id','". $this->getID() ."','','0','0','0','1','100','0','0')");
+					VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)',
+							array ($user_id,
+							       $this->getID(),
+							       '',
+							       0,
+							       0,
+							       0,
+							       1,
+							       100,
+							       0,
+							       0)) ;
 
 				//verify the insert worked
 				if (!$res || db_affected_rows($res) < 1) {
@@ -1692,9 +1718,9 @@
 		}
 	
 		db_begin();
-		$res=db_query("DELETE FROM user_group 
-			WHERE group_id='".$this->getID()."' 
-			AND user_id='$user_id'");
+		$res = db_query_params ('DELETE FROM user_group WHERE group_id=$1 AND user_id=$2', 
+					array ($this->getID(),
+					       $user_id)) ;
 		if (!$res || db_affected_rows($res) < 1) {
 			$this->setError(sprintf(_('ERROR: User not removed: %s'),db_error()));
 			db_rollback();
@@ -1703,12 +1729,13 @@
 			//
 			//	reassign open artifacts to id=100
 			//
-			$res=db_query("UPDATE artifact SET assigned_to='100' 
+			$res = db_query_params ('UPDATE artifact SET assigned_to=100
 				WHERE group_artifact_id 
 				IN (SELECT group_artifact_id 
 				FROM artifact_group_list 
-				WHERE group_id='".$this->getID()."') 
-				AND status_id='1' AND assigned_to='$user_id'");
+				WHERE group_id=$1 AND status_id=1 AND assigned_to=$2)',
+						array ($this->getID(),
+						       $user_id)) ;
 			if (!$res) {
 				$this->setError(sprintf(_('ERROR: DB: artifact: %s'),db_error()));
 				db_rollback();
@@ -1733,26 +1760,30 @@
 					$res = db_next_result();
 				}
 			} else {
-				$res=db_query("DELETE FROM project_assigned_to
+				$res = db_query_params ('DELETE FROM project_assigned_to
 					WHERE project_task_id IN (SELECT pt.project_task_id 
 					FROM project_task pt, project_group_list pgl, project_assigned_to pat 
 					WHERE pt.group_project_id = pgl.group_project_id 
 					AND pat.project_task_id=pt.project_task_id
-					AND pt.status_id='1' AND pgl.group_id='".$this->getID()."'
-					AND pat.assigned_to_id='$user_id') 
-					AND assigned_to_id='100'");
+					AND pt.status_id=1 AND pgl.group_id=$1,
+					AND pat.assigned_to_id=$2)
+					AND assigned_to_id=100',
+							array ($this->getID(),
+							       $user_id)) ;
 			}
 			if (!$res) {
 				$this->setError(sprintf(_('ERROR: DB: project_assigned_to %d: %s'),1,db_error()));
 				db_rollback();
 				return false;
 			}
-			$res=db_query("UPDATE project_assigned_to SET assigned_to_id='100' 
+			$res = db_query_params ('UPDATE project_assigned_to SET assigned_to_id=100
 				WHERE project_task_id IN (SELECT pt.project_task_id 
 				FROM project_task pt, project_group_list pgl 
 				WHERE pt.group_project_id = pgl.group_project_id 
-				AND pt.status_id='1' AND pgl.group_id='".$this->getID()."') 
-				AND assigned_to_id='$user_id'");
+				AND pt.status_id=1 AND pgl.group_id=$1) 
+				AND assigned_to_id=$2',
+						array ($this->getID(),
+						       $user_id)) ;
 			if (!$res) {
 				$this->setError(sprintf(_('ERROR: DB: project_assigned_to %d: %s'),2,db_error()));
 				db_rollback();
@@ -1824,11 +1855,13 @@
 	 *	@access public.
 	 */
 	function addHistory($field_name, $old_value) {
-		$sql="
-			INSERT INTO group_history(group_id,field_name,old_value,mod_by,adddate) 
-			VALUES ('". $this->getID() ."','$field_name','$old_value','". user_getid() ."','".time()."')
-		";
-		return db_query($sql);
+		return db_query_params ('INSERT INTO group_history(group_id,field_name,old_value,mod_by,adddate) 
+			VALUES ($1,$2,$3,$4,$5)',
+					array ($this->getID(),
+					       $field_name,
+					       $old_value,
+					       user_getid(),
+					       time()));
 	}		  
 
 	/**
@@ -1840,17 +1873,16 @@
 	 *	@access private.
 	 */
 	function activateUsers() {
-
+		
 		/*
-			Activate member(s) of the project
+		 Activate member(s) of the project
 		*/
-
-		$member_res = db_query("SELECT user_id, role_id
-			FROM user_group
-			WHERE group_id='".$this->getID()."'");
-
+		
+		$member_res = db_query_params ('SELECT user_id, role_id FROM user_group	WHERE group_id=$1',
+					       array ($this->getID())) ;
+		
 		$rows = db_numrows($member_res);
-
+		
 		if ($rows > 0) {
 
 			for ($i=0; $i<$rows; $i++) {
@@ -1883,9 +1915,8 @@
 	 */
 	function &getMembers() {
 		if (!isset($this->membersArr)) {
-			$res=db_query("SELECT users.* FROM users
-				INNER JOIN user_group ON users.user_id=user_group.user_id
-				WHERE user_group.group_id='".$this->getID()."'");
+			$res = db_query_params ('SELECT users.* FROM users INNER JOIN user_group ON users.user_id=user_group.user_id WHERE user_group.group_id=$1',
+						array ($this->getID())) ;
 			while ($arr =& db_fetch_array($res)) {
 				$this->membersArr[] =& new GFUser($arr['user_id'],$arr);
 			}
@@ -2032,8 +2063,9 @@
 			}
 		}
 
-		$admin_group = db_query("SELECT user_id FROM user_group 
-		WHERE group_id=".$this->getID()." AND admin_flags='A'");
+		$admin_group = db_query_params ('SELECT user_id FROM user_group WHERE group_id=$1 AND admin_flags=$2',
+						array ($this->getID(),
+						       'A')) ;
 		if (db_numrows($admin_group) > 0) {
 			$idadmin_group = db_result($admin_group,0,'user_id');
 		} else {
@@ -2082,13 +2114,14 @@
 	 *	@access public.
 	 */
 	function sendApprovalEmail() {
-		$res_admins = db_query("
+		$res_admins = db_query_params ('
 			SELECT users.user_name,users.email,users.language,users.user_id
 			FROM users,user_group
 			WHERE users.user_id=user_group.user_id
-			AND user_group.group_id='".$this->getID()."'
-			AND user_group.admin_flags='A'
-		");
+			AND user_group.group_id=$1
+			AND user_group.admin_flags=$2',
+					       array ($this->getID(),
+						      'A')) ;
 
 		if (db_numrows($res_admins) < 1) {
 			$this->setError(_("Group does not have any administrators."));
@@ -2157,13 +2190,12 @@
 	 *	@access public.
 	 */
 	function sendRejectionEmail($response_id, $message="zxcv") {
-		$res_admins = db_query("
+		$res_admins = db_query_params ('
 			SELECT u.email, u.language, u.user_id
 			FROM users u, user_group ug
-			WHERE ug.group_id='".$this->getID()."'
-			AND u.user_id=ug.user_id;
-		");
-
+			WHERE ug.group_id=$1
+			AND u.user_id=ug.user_id',
+					       array ($this->getID())) ;
 		if (db_numrows($res_admins) < 1) {
 			$this->setError(_("Group does not have any administrators."));
 			return false;
@@ -2186,11 +2218,10 @@
 			if ($response_id == 0) {
 				$response .= stripcslashes($message);
 			} else {
-				$response .= db_result(db_query("
-				SELECT response_text
-				FROM canned_responses
-				WHERE response_id='$response_id'
-			"), 0, "response_text");
+				$response .= db_result (
+					db_query_params('SELECT response_text FROM canned_responses WHERE response_id=$1', array ($response_id)),
+					0,
+					"response_text");
 			}
 
 			util_send_message($row_admins['email'], sprintf(_('%1$s Project Denied'), $GLOBALS['sys_name']), $response);
@@ -2212,9 +2243,8 @@
 	 */
 	function sendNewProjectNotificationEmail() {
 		// Get the user who wants to register the project
-		$res = db_query("SELECT u.user_id
-				 FROM users u, user_group ug
-				 WHERE ug.group_id='".$this->getID()."' AND u.user_id=ug.user_id;");
+		$res = db_query_params ('SELECT user_id FROM user_group WHERE group_id=$1',
+					array ($this->getID())) ;
 
 		if (db_numrows($res) < 1) {
 			$this->setError(_("Could not find user who has submitted the project."));
@@ -2224,11 +2254,12 @@
 		$submitter =& user_get_object(db_result($res,0,'user_id'));
 
 
-		$res = db_query("SELECT users.email, users.language, users.user_id
-	 			FROM users,user_group
+		$res = db_query_params ('SELECT users.email, users.language, users.user_id
+	 			FROM users, user_group
 				WHERE group_id=1 
-				AND user_group.admin_flags='A'
-				AND users.user_id=user_group.user_id;");
+				AND user_group.admin_flags=$1
+				AND users.user_id=user_group.user_id',
+					array ('A'));
 		
 		if (db_numrows($res) < 1) {
 			$this->setError(_("There is no administrator to send the mail."));
@@ -2378,11 +2409,9 @@
 function setUnixStatus($status) {
 	global $SYS;
 	db_begin();
-	$res=db_query("
-		UPDATE groups 
-		SET unix_status='$status' 
-		WHERE group_id='". $this->getID()."'
-	");
+	$res = db_query_params ('UPDATE groups SET unix_status=$1 WHERE group_id=$2',
+				array ($status,
+				       $this->getID())) ;
 
 	if (!$res) {
 		$this->setError(sprintf(_('ERROR - Could Not Update Group Unix Status: %s'),db_error()));

Modified: trunk/gforge/common/include/GroupJoinRequest.class.php
===================================================================
--- trunk/gforge/common/include/GroupJoinRequest.class.php	2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/common/include/GroupJoinRequest.class.php	2009-02-27 12:38:35 UTC (rev 7086)
@@ -3,6 +3,7 @@
  * FusionForge
  *
  * Copyright 2005, GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -25,36 +26,12 @@
 require_once $gfcommon.'include/Error.class.php';
 require_once $gfcommon.'include/Validator.class.php';
 
-/*
-function &groupjoinrequest_get_object($group_id,$user_id,$data=false) {
-	global $GROUPJOINREQUEST_OBJ;
-	if (!isset($GROUPJOINREQUEST_OBJ["_".$group_id."_".$user_id."_"])) {
-		if ($data) {
-			//the db result handle was passed in
-		} else {
-			$res=db_query("SELECT * FROM group_join_request
-				WHERE group_id='$group_id' AND user_id='$user_id'");
-
-			if (db_numrows($res) <1 ) {
-				$GROUPJOINREQUEST_OBJ["_".$group_id."_".$user_id."_"]=false;
-				return false;
-			}
-			$data =& db_fetch_array($res);
-
-		}
-		$grp =& group_get_object($group_id);
-		$GROUPJOINREQUEST_OBJ["_".$group_id."_".$user_id."_"]= new GroupJoinRequest($grp,$user_id,$data);
-
-	}
-
-	return $GROUPJOINREQUEST_OBJ["_".$group_id."_".$user_id."_"];
-}
-*/
 function &get_group_join_requests($Group) {
 	if (!$Group || !is_object($Group) || $Group->isError()) {
 		return false;
 	} else {
-		$res=db_query("SELECT * FROM group_join_request WHERE group_id='".$Group->getID()."'");
+		$res = db_query_params ('SELECT * FROM group_join_request WHERE group_id=$1',
+					array ($Group->getID())) ;
 		while ($arr = db_fetch_array($res)) {
 			$reqs[] = new GroupJoinRequest($Group,$arr['user_id'],$arr);
 		}
@@ -136,8 +113,9 @@
 		}
 
 		// Check if user has already submitted a request
-		$sql = "SELECT * FROM group_join_request WHERE group_id='".$this->Group->getID()."' AND user_id='".$user_id."'";
-		$result = db_query($sql);
+		$result = db_query_params ('SELECT * FROM group_join_request WHERE group_id=$1 AND user_id=$2',
+					   array ($this->Group->getID(),
+						  $user_id)) ;
 		if (db_numrows($result)) {
 			$this->setError(_('You have already sent a request to the project administrators. Please wait for their reply.'));
 			return false;
@@ -145,10 +123,12 @@
 
 		db_begin();
 
-		$sql="INSERT INTO group_join_request (group_id,user_id,comments,request_date)
-			VALUES ('".$this->Group->getID()."','".$user_id."',
-			'".addslashes(htmlspecialchars($comments))."','".time()."')";
-		$result=db_query($sql);
+		$result = db_query_params ('INSERT INTO group_join_request (group_id,user_id,comments,request_date)
+			VALUES ($1, $2, $3, $4)',
+					   array ($this->Group->getID(),
+						  $user_id,
+						  htmlspecialchars ($comments),
+						  time())) ;
 		if (!$result || db_affected_rows($result) < 1) {
 			$this->setError('GroupJoinRequest::create() Posting Failed '.db_error());
 			db_rollback();
@@ -173,10 +153,9 @@
 	 *  @return     boolean success.
 	 */
 	function fetchData($group_id,$user_id) {
-	        $res=db_query("SELECT * FROM group_join_request
-	                WHERE
-					user_id='$user_id'
-	        		AND group_id='". $this->Group->getID() ."'");
+	        $res = db_query_params ('SELECT * FROM group_join_request WHERE user_id=$1 AND group_id=$2',
+					array ($user_id,
+					       $this->Group->getID())) ;
 	        if (!$res || db_numrows($res) < 1) {
 	                $this->setError('GroupJoinRequest::fetchData() Invalid ID '.db_error());
 	                return false;
@@ -313,9 +292,9 @@
 			$this->setPermissionDeniedError();
 			return false;
 		} else {
-			$res=db_query("DELETE FROM group_join_request WHERE 
-				group_id='".$this->Group->getID()."' 
-				AND user_id='".$this->getUserId()."'");
+			$res = db_query_params ('DELETE FROM group_join_request WHERE group_id=$1 AND user_id=$2',
+						array ($this->Group->getID(),
+						       $this->getUserId()));
 			if (!$res || db_affected_rows($res) < 1) {
 				$this->setError('Could Not Delete: '.db_error());
 			} else {

Modified: trunk/gforge/common/include/Permission.class.php
===================================================================
--- trunk/gforge/common/include/Permission.class.php	2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/common/include/Permission.class.php	2009-02-27 12:38:35 UTC (rev 7086)
@@ -4,6 +4,7 @@
  *
  * Copyright 1999-2001, VA Linux Systems, Inc.
  * Copyright 2002-2004, GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -141,9 +142,9 @@
 	 *	@access private.
 	 */
 	function fetchData() {
-		$res=db_query("SELECT * FROM user_group 
-			WHERE user_id='". $this->User->getID() ."' 
-			AND group_id='". $this->Group->getID() ."'");
+		$res = db_query_params ('SELECT * FROM user_group WHERE user_id=$1 AND group_id=$2',
+					array ($this->User->getID(),
+					       $this->Group->getID())) ;
 		if (!$res || db_numrows($res) < 1) {
 			$this->setError('Permission: User Not Found');
 
@@ -210,10 +211,9 @@
 			return $this->is_site_admin;
 		}
 
-		$res = db_query("SELECT count(*) AS count FROM user_group
-			WHERE user_id='". $this->User->getID() ."'
-			AND group_id='1'
-			AND admin_flags='A'");
+		$res = db_query_params ('SELECT count(*) AS count FROM user_group WHERE user_id=$1 AND group_id=1 AND admin_flags=$2',
+					array ($this->User->getID(),
+					       'A')) ;
 		$row_count = db_fetch_array($res);
 		$this->is_site_admin = $res && $row_count['count'] > 0;
 		db_free_result($res);

Modified: trunk/gforge/common/include/PluginManager.class.php
===================================================================
--- trunk/gforge/common/include/PluginManager.class.php	2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/common/include/PluginManager.class.php	2009-02-27 12:38:35 UTC (rev 7086)
@@ -2,7 +2,7 @@
 /**
  * FusionForge plugin system
  *
- * Copyright 2002, Roland Mas
+ * Copyright 2002-2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -47,8 +47,8 @@
 	function GetPlugins () {
 		if (!isset($this->plugins_data)) {
 			$this->plugins_data = array () ;
-			$sql = "SELECT plugin_id, plugin_name FROM plugins" ;
-			$res = db_query($sql);
+			$res = db_query_params ('SELECT plugin_id, plugin_name FROM plugins',
+						array ());
 			$rows = db_numrows($res);
 			for ($i=0; $i<$rows; $i++) {
 				$plugin_id = db_result($res,$i,'plugin_id');

Modified: trunk/gforge/common/include/Role.class.php
===================================================================
--- trunk/gforge/common/include/Role.class.php	2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/common/include/Role.class.php	2009-02-27 12:38:35 UTC (rev 7086)
@@ -3,6 +3,7 @@
  * FusionForge roles
  *
  * Copyright 2004, GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -111,10 +112,9 @@
 		}
 
 		db_begin();
-		$sql="INSERT INTO role (group_id,role_name) 
-			VALUES ('".$this->Group->getID()."','".htmlspecialchars($role_name)."')";
-//echo "\n<br>$sql";
-		$res=db_query($sql);
+		$res = db_query_params ('INSERT INTO role (group_id, role_name) VALUES ($1, $2)',
+					array ($this->Group->getID(),
+					       htmlspecialchars($role_name))) ;
 		if (!$res) {
 			$this->setError('create::'.db_error());
 			db_rollback();
@@ -143,8 +143,11 @@
 				}
 				$sql="INSERT INTO role_setting (role_id,section_name,ref_id,value) 
 					values ('$role_id','$usection_name', '$uref_id','$uvalue')";
-//echo "\n<br>$sql";
-				$res=db_query($sql);
+				$res = db_query_params ('INSERT INTO role_setting (role_id,section_name,ref_id,value) VALUES ($1,$2,$3,$4)',
+							array ($role_id,
+							       $usection_name,
+							       $uref_id,
+							       $uvalue)) ;
 				if (!$res) {
 					$this->setError('create::insertsetting::'.db_error());
 					db_rollback();
@@ -171,9 +174,8 @@
 		for ($i=0; $i<count($keys); $i++) {
 
 			if ($keys[$i] == 'forum') {
-				$res=db_query("SELECT group_forum_id 
-					FROM forum_group_list 
-					WHERE group_id='".$this->Group->getID()."'");
+				$res = db_query_params ('SELECT group_forum_id FROM forum_group_list WHERE group_id=$1',
+							array ($this->Group->getID())) ;
 				if (!$res) {
 					$this->setError('Error: Forum'.db_error());
 					return false;
@@ -182,9 +184,8 @@
 					$data[$keys[$i]][db_result($res,$j,'group_forum_id')]= $arr[$keys[$i]];
 				}
 			} elseif ($keys[$i] == 'pm') {
-				$res=db_query("SELECT group_project_id 
-					FROM project_group_list 
-					WHERE group_id='".$this->Group->getID()."'");
+				$res = db_query_params ('SELECT group_project_id FROM project_group_list WHERE group_id=$1',
+							array ($this->Group->getID())) ;
 				if (!$res) {
 					$this->setError('Error: TaskMgr'.db_error());
 					return false;
@@ -193,9 +194,8 @@
 					$data[$keys[$i]][db_result($res,$j,'group_project_id')]= $arr[$keys[$i]];
 				}
 			} elseif ($keys[$i] == 'tracker') {
-				$res=db_query("SELECT group_artifact_id 
-					FROM artifact_group_list 
-					WHERE group_id='".$this->Group->getID()."'");
+				$res = db_query_params ('SELECT group_artifact_id FROM artifact_group_list WHERE group_id=$1',
+							array ($this->Group->getID())) ;
 				if (!$res) {
 					$this->setError('Error: Tracker'.db_error());
 					return false;
@@ -223,13 +223,15 @@
 	function fetchData($role_id) {
 		unset($this->data_array);
 		unset($this->setting_array);
-		$res=db_query("SELECT * FROM role WHERE role_id='$role_id'");
+		$res = db_query_params ('SELECT * FROM role WHERE role_id=$1',
+					array ($role_id)) ;
 		if (!$res || db_numrows($res) < 1) {
 			$this->setError('Role::fetchData()::'.db_error());
 			return false;
 		}
 		$this->data_array =& db_fetch_array($res);
-		$res=db_query("SELECT * FROM role_setting WHERE role_id='$role_id'");
+		$res = db_query_params ('SELECT * FROM role_setting WHERE role_id=$1',
+					array ($role_id)) ;
 		if (!$res) {
 			$this->setError('Role::fetchData()::'.db_error());
 			return false;
@@ -304,12 +306,10 @@
 		db_begin();
 
 		if ($this->getName() != stripslashes($role_name)) {
-			$sql="UPDATE role
-				SET role_name='".htmlspecialchars($role_name)."'
-				WHERE group_id='".$this->Group->getID()."'
-				AND role_id='".$this->getID()."'";
-//echo "\n<br>$sql";
-			$res=db_query($sql);
+			$res = db_query_params ('UPDATE role SET role_name=$1 WHERE group_id=$2 AND role_id=$3',
+						array (htmlspecialchars($role_name),
+						       $this->Group->getID(),
+						       $this->getID())) ;
 			if (!$res || db_affected_rows($res) < 1) {
 				$this->setError('update::name::'.db_error());
 				db_rollback();
@@ -335,18 +335,17 @@
 				//	See if this setting changed. If so, then update it
 				//
 //				if ($this->getVal($usection_name,$uref_id) != $uvalue) {
-					$sql="UPDATE role_setting 
-						SET value='$uvalue' 
-						WHERE role_id='".$this->getID()."' 
-						AND section_name='$usection_name'
-						AND ref_id='$uref_id'";
-//echo "\n<br>$sql";
-					$res=db_query($sql);
-					if (!$res  || db_affected_rows($res) < 1) {
-						$sql="INSERT INTO role_setting (role_id,section_name,ref_id,value) 
-						values ('".$this->getID()."','$usection_name', '$uref_id','$uvalue')";
-//echo "\n<br>$sql";
-						$res=db_query($sql);
+					$res = db_query_params ('UPDATE role_setting SET value=$1 WHERE role_id=$2 AND section_name=$3 AND ref_id=$4',
+								array ($uvalue,
+								       $this->getID(),
+								       $usection_name,
+								       $uref_id)) ;
+					if (!$res || db_affected_rows($res) < 1) {
+						$res = db_query_params ('INSERT INTO role_setting (role_id, section_name, ref_id, value) VALUES ($1, $2, $3, $4)',
+									array ($this->getID(),
+									       $usecrion_name,
+									       $uref_id,
+									       $uvalue)) ;
 						if (!$res) {
 							$this->setError('update::rolesettinginsert::'.db_error());
 							db_rollback();
@@ -359,9 +358,8 @@
 						//$update_usergroup=true;
 
 						//iterate all users with this role
-						$res=db_query("SELECT user_id
-							FROM user_group 
-							WHERE role_id='".$this->getID()."'");
+						$res = db_query_params ('SELECT user_id	FROM user_group WHERE role_id=$1',
+									array ($this->getID())) ;
 						for ($z=0; $z<db_numrows($res); $z++) {
 
 							//TODO - Shell should be separate flag
@@ -370,11 +368,9 @@
 							//  else - restricted.
 							//
 							$cvs_flags=$data['scm'][0];
-							$sql="UPDATE user_group
-								SET cvs_flags=".$cvs_flags." 
-								WHERE user_id=".db_result($res,$z,'user_id')." AND role_id=".$this->getID();
-							//echo '<h1>'.$data['scm'][0].'::'.$sql.'</h1>';
-							$res2=db_query($sql);
+							$res2 = db_query_params ('UPDATE user_group SET cvs_flags=$1 WHERE user_id=$2',
+										 array ($cvs_flags,
+											db_result($res,$z,'user_id')));
 							if (!$res2) {
 								$this->setError('update::scm::'.db_error());
 								db_rollback();
@@ -431,18 +427,23 @@
 			}
 		}
 //		if ($update_usergroup) {
-			$sql="UPDATE user_group 
-				SET
-				admin_flags='".$data['projectadmin'][0]."',
-				forum_flags='".$data['forumadmin'][0]."',
-				project_flags='".$data['pmadmin'][0]."',
-				doc_flags='".$data['docman'][0]."',
-				cvs_flags='".$data['scm'][0]."',
-				release_flags='".$data['frs'][0]."',
-				artifact_flags='".$data['trackeradmin'][0]."'
-				WHERE role_id='".$this->getID()."'";
-//echo "\n<br>$sql";
-			$res=db_query($sql);
+			$res = db_query_params ('UPDATE user_group
+                               SET admin_flags=$1,
+   				   forum_flags=$2,
+   				   project_flags=$3,
+   				   doc_flags=$4,
+   				   cvs_flags=$5,
+   				   release_flags=$-,
+   				   artifact_flags=$7,
+   				WHERE role_id=$8',
+   						array ($data['projectadmin'][0],
+						       $data['forumadmin'][0],
+						       $data['pmadmin'][0],
+						       $data['docman'][0],
+						       $data['scm'][0],
+						       $data['frs'][0],
+						       $data['trackeradmin'][0];
+						       $this->getID())) ;
 			if (!$res) {
 				$this->setError('update::usergroup::'.db_error());
 				db_rollback();
@@ -476,9 +477,9 @@
 		//
 		//	See if role is actually changing
 		//
-		$res=db_query("SELECT role_id FROM user_group 
-			WHERE user_id='$user_id' 
-			AND group_id='".$this->Group->getID()."'");
+		$res = db_query_params ('SELECT role_id FROM user_group WHERE user_id=$1 AND group_id=$2',
+					array ($user_id,
+					       $this->Group->getID())) ;
 		$old_roleid=db_result($res,0,0);
 		if ($this->getID() == $old_roleid) {
 			db_commit();
@@ -525,12 +526,10 @@
 						//  else - restricted.
 						//
 						$cvs_flags=$this->getVal('scm',0);
-						$sql="UPDATE user_group
-							SET cvs_flags=".$cvs_flags." 
-							WHERE user_id=".$user_id."
-							AND group_id='".$this->Group->getID()."'";
-						//echo '<h1>'.$cvs_flags.'::'.$sql.'</h1>';
-						$res2=db_query($sql);
+						$res2 = db_query_params ('UPDATE user_group SET cvs_flags=$1 WHERE user_id=$2 AND group_id=$3',
+									 array ($cvs_flags,
+										$user_id,
+										$this->Group->getID())) ;
 						if (!$res2) {
 							$this->setError('update::scm::'.db_error());
 							db_rollback();
@@ -589,21 +588,26 @@
 			}
 		}
 	//	if ($update_usergroup) {
-			$sql="UPDATE user_group 
-				SET
-				admin_flags='".$this->getVal('projectadmin',0)."',
-				forum_flags='".$this->getVal('forumadmin',0)."',
-				project_flags='".$this->getVal('pmadmin',0)."',
-				doc_flags='".$this->getVal('docman',0)."',
-				cvs_flags='".$this->getVal('scm',0)."',
-				release_flags='".$this->getVal('frs',0)."',
-				artifact_flags='".$this->getVal('trackeradmin',0)."',
-				role_id='".$this->getID()."'
-				WHERE 
-				user_id='".$user_id."'
-				AND group_id='".$this->Group->getID()."'";
-//echo "\n<br>$sql";
-			$res=db_query($sql);
+			$res = db_query_params ('UPDATE user_group
+                               SET admin_flags=$1,
+   				   forum_flags=$2,
+   				   project_flags=$3,
+   				   doc_flags=$4,
+   				   cvs_flags=$5,
+   				   release_flags=$-,
+   				   artifact_flags=$7,
+   				   role_id=$8
+                               WHERE user_id=$9 AND group_id=10',
+   						array ($this->getVal('projectadmin',0),
+						       $this->getVal('forumadmin',0),
+						       $this->getVal('pmadmin',0),
+						       $this->getVal('docman',0),
+						       $this->getVal('scm',0),
+						       $this->getVal('frs',0),
+						       $this->getVal('trackeradmin',0),
+						       $this->getID(),
+						       $user_id,
+						       $this->Group->getID()));
 			if (!$res) {
 				$this->setError('update::usergroup::'.db_error());
 				db_rollback();

Modified: trunk/gforge/common/include/RoleObserver.class.php
===================================================================
--- trunk/gforge/common/include/RoleObserver.class.php	2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/common/include/RoleObserver.class.php	2009-02-27 12:38:35 UTC (rev 7086)
@@ -3,6 +3,7 @@
  * FusionForge observer role
  *
  * Copyright 2004, GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -86,9 +87,8 @@
 		//
 		//	Forum is_public/allow_anon
 		//
-		$res=db_query("SELECT group_forum_id,is_public,allow_anonymous 
-			FROM forum_group_list 
-			WHERE group_id='".$this->Group->getID()."'");
+		$res = db_query_params ('SELECT group_forum_id,is_public,allow_anonymous FROM forum_group_list WHERE group_id=$1',
+					array ($this->Group->getID())) ;
 		while ($arr =& db_fetch_array($res)) {
 			$this->setting_array['forumpublic'][$arr['group_forum_id']] = $arr['is_public'];
 			$this->setting_array['forumanon'][$arr['group_forum_id']] = $arr['allow_anonymous'];
@@ -97,9 +97,8 @@
 		//
 		//	Task Manager is_public/allow_anon
 		//
-		$res=db_query("SELECT group_project_id,is_public
-			FROM project_group_list 
-			WHERE group_id='".$this->Group->getID()."'");
+		$res = db_query_params ('SELECT group_project_id,is_public FROM project_group_list WHERE group_id=$1',
+					array ($this->Group->getID())) ;
 		while ($arr =& db_fetch_array($res)) {
 			$this->setting_array['pmpublic'][$arr['group_project_id']] = $arr['is_public'];
 		}
@@ -107,9 +106,8 @@
 		//
 		//	Tracker is_public/allow_anon
 		//
-		$res=db_query("SELECT group_artifact_id,is_public,allow_anon
-			FROM artifact_group_list 
-			WHERE group_id='".$this->Group->getID()."'");
+		$res = db_query_params ('SELECT group_artifact_id,is_public,allow_anon FROM artifact_group_list WHERE group_id=$1',
+					array ($this->Group->getID())) ;
 		while ($arr =& db_fetch_array($res)) {
 			$this->setting_array['trackerpublic'][$arr['group_artifact_id']] = $arr['is_public'];
 			$this->setting_array['trackeranon'][$arr['group_artifact_id']] = $arr['allow_anon'];
@@ -118,9 +116,8 @@
 		//
 		//	FRS packages can be public/private now
 		//
-		$res=db_query("SELECT package_id,is_public
-			FROM frs_package
-			WHERE group_id='".$this->Group->getID()."'");
+		$res = db_query_params ('SELECT package_id,is_public FROM frs_package WHERE group_id=$1',
+					array ($this->Group->getID())) ;
 		while ($arr =& db_fetch_array($res)) {
 			$this->setting_array['frspackage'][$arr['package_id']] = $arr['is_public'];
 		}
@@ -222,12 +219,10 @@
 							// private if we change a group to private.
 							$data['scmpublic'][0]=0;
 						}
-						$sql="UPDATE groups
-							SET
-							enable_anonscm='".$data['scmpublic'][0]."',
-							is_public='".$data['projectpublic'][0]."'
-							WHERE group_id='".$this->Group->getID()."'";
-							$res=db_query($sql);
+						$res = db_query_params ('UPDATE groups SET enable_anonscm=$1, is_public=$2 WHERE group_id=$3',
+									array ($data['scmpublic'][0],
+									       $data['projectpublic'][0],
+									       $this->Group->getID())) ;
 							if (!$res) {
 								$this->setError('update::group::'.db_error());
 								db_rollback();
@@ -252,7 +247,11 @@
 							group_forum_id='$uref_id'
 							AND group_id='".$this->Group->getID()."'";
 //echo "\n<br>$sql";
-						$res=db_query($sql);
+						$res = db_query_params ('UPDATE forum_group_list SET is_public=$1, allow_anonymous=$2 WHERE group_forum_id=$3 AND group_id=$4',
+									array ($data['forumpublic'][$uref_id],
+									       $data['forumanon'][$uref_id],
+									       $uref_id,
+									       $this->Group->getID())) ;
 						$updated['forum'][$uref_id]=1;
 						if (!$res) {
 							$this->setError('update::forum::'.db_error());
@@ -260,15 +259,10 @@
 							return false;
 						}
 					} elseif ($usection_name == 'pmpublic') {
-
-						$sql="UPDATE project_group_list
-							SET 
-							is_public='$uvalue'
-							WHERE
-							group_project_id='$uref_id'
-							AND group_id='".$this->Group->getID()."'";
-//echo "\n<br>$sql";
-						$res=db_query($sql);
+						$res = db_query_params ('UPDATE project_group_list SET is_public=$1 WHERE group_project_id=$2 AND group_id=$3',
+									array ($uvalue,
+									       $uref_id,
+									       $this->Group->getID())) ;
 						if (!$res) {
 							$this->setError('update::pm::'.db_error());
 							db_rollback();
@@ -276,15 +270,10 @@
 						}
 
 					} elseif ($usection_name == 'frspackage') {
-
-						$sql="UPDATE frs_package
-							SET 
-							is_public='$uvalue'
-							WHERE
-							package_id='$uref_id'
-							AND group_id='".$this->Group->getID()."'";
-//echo "\n<br>$sql";
-						$res=db_query($sql);
+						$res = db_query_params ('UPDATE frs_package SET is_public=$1 WHERE package_id=$2 AND group_id=$3',
+									array ($uvalue,
+									       $uref_id,
+									       $this->Group->getID())) ;
 						if (!$res) {
 							$this->setError('update::frspackage::'.db_error());
 							db_rollback();
@@ -298,15 +287,11 @@
 						if ($updated['tracker'][$uref_id]) {
 							continue;
 						}
-						$sql="UPDATE artifact_group_list
-							SET
-							is_public='".$data['trackerpublic'][$uref_id]."',
-							allow_anon='".$data['trackeranon'][$uref_id]."'
-							WHERE
-							group_artifact_id='$uref_id'
-							AND group_id='".$this->Group->getID()."'";
-//echo "\n<br>$sql";
-						$res=db_query($sql);
+						$res = db_query_params ('UPDATE artifact_group_list SET is_public=$1, allow_anon=$2 WHERE group_artifact_id=$3 AND group_id=$4',
+									array ($uvalue,
+									       $data['trackerpublic'][$uref_id],
+									       $data['trackeranon'][$uref_id],
+									       $this->Group->getID())) ;
 						$updated['tracker'][$uref_id]=1;
 						if (!$res) {
 							$this->setError('update::tracker::'.db_error());

Modified: trunk/gforge/common/include/cron_utils.php
===================================================================
--- trunk/gforge/common/include/cron_utils.php	2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/common/include/cron_utils.php	2009-02-27 12:38:35 UTC (rev 7086)
@@ -3,6 +3,7 @@
  * FusionForge cron job utilities
  *
  * Copyright 2003, GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -55,9 +56,10 @@
 $cron_arr[26]='update_users.php';
 
 function cron_entry($job,$output) {
-	$sql="INSERT INTO cron_history (rundate,job,output) 
-		values ('".time()."','$job','".addslashes($output)."')";
-	return db_query($sql);
+	$sql='INSERT INTO cron_history (rundate,job,output) 
+		values ($1, $2, $3)' ;
+	return db_query_params ($sql,
+				array (time(), $job, $output));
 }
 
 function cron_debug($string) {

Modified: trunk/gforge/common/include/forms.php
===================================================================
--- trunk/gforge/common/include/forms.php	2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/common/include/forms.php	2009-02-27 12:38:35 UTC (rev 7086)
@@ -3,6 +3,7 @@
  * FusionForge form management
  *
  * Copyright 2005, GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -38,10 +39,11 @@
 		$key = md5(microtime() + rand() + $_SERVER["REMOTE_ADDR"]);
 	    if ( $sys_database_type == "mysql" ) {
 			$sql = "SELECT * FROM form_keys WHERE `key`='".$key."'";
+			$res=db_query($sql);
 		} else {
-			$sql = "SELECT * FROM form_keys WHERE key='".$key."'";
+			$sql = 'SELECT * FROM form_keys WHERE key=$1';
+			$res=db_query_params ($sql, array ($key));
 		}
-		$res=db_query($sql);
 		if (!db_numrows($res)) {
 			$is_new=true;	
 		}
@@ -49,7 +51,7 @@
 	if ( $sys_database_type == "mysql" ) {
 		$res = db_query("INSERT INTO form_keys (`key`,is_used,creation_date) VALUES ('".$key."',0,".time().")");
 	} else {
-		$res = db_query("INSERT INTO form_keys (key,is_used,creation_date) VALUES ('".$key."',0,".time().")");
+		$res = db_query_params('INSERT INTO form_keys (key,is_used,creation_date) VALUES ($1, 0, $2)', array ($key,time()));
 	}
 	if (!$res) {
 		db_rollback();
@@ -73,20 +75,22 @@
 	db_begin();
 	if ( $sys_database_type == "mysql" ) {
 		$sql = "SELECT * FROM form_keys WHERE `key`='$key' and is_used=0 FOR UPDATE";
+		$res=db_query($sql);
 	} else {
-		$sql = "SELECT * FROM form_keys WHERE key='$key' and is_used=0 FOR UPDATE";
+		$sql = 'SELECT * FROM form_keys WHERE key=$1 and is_used=0 FOR UPDATE';
+		$res=db_query_params($sql, array ($key));
 	}
-	$res=db_query($sql);
 	if (!$res || !db_numrows($res)) {
 		db_rollback();
 		return false;
 	}
 	if ( $sys_database_type == "mysql" ) {
 		$sql = "UPDATE form_keys SET is_used=1 WHERE `key`='$key'";
+		$res=db_query($sql);
 	} else {
-		$sql = "UPDATE form_keys SET is_used=1 WHERE key='$key'";
+		$sql = 'UPDATE form_keys SET is_used=1 WHERE key=$1';
+		$res=db_query_params ($sql, array ($key));
 	}
-	$res=db_query($sql);
 	if (!$res) {
 		db_rollback();
 		return false;
@@ -108,18 +112,21 @@
 	db_begin();
 	if ( $sys_database_type == "mysql" ) {
 		$sql = "SELECT * FROM form_keys WHERE `key`='$key' FOR UPDATE";
+		$res=db_query($sql);
 	} else {
-		$sql = "SELECT * FROM form_keys WHERE key='$key' FOR UPDATE";
+		$sql = 'SELECT * FROM form_keys WHERE key=$1 FOR UPDATE';
+		$res=db_query_params($sql, array ($key));
 	}
-	$res=db_query($sql);
 	if (!$res || !db_numrows($res)) {
 		db_rollback();
 		return false;
 	}
 	if ( $sys_database_type == "mysql" ) {
 		$sql = "UPDATE form_keys SET is_used=0 WHERE `key`='$key'";
+		$res=db_query($sql);
 	} else {
-		$sql = "UPDATE form_keys SET is_used=0 WHERE key='$key'";
+		$sql = 'UPDATE form_keys SET is_used=0 WHERE key=$1';
+		$res=db_query_params ($sql, array ($key));
 	}
 	$res=db_query($sql);
 	if (!$res) {

Modified: trunk/gforge/common/include/gettext.php
===================================================================
--- trunk/gforge/common/include/gettext.php	2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/common/include/gettext.php	2009-02-27 12:38:35 UTC (rev 7086)
@@ -4,7 +4,7 @@
  *
  * Copyright 1999-2001, VA Linux Systems, Inc.
  * Copyright 2003-2004, Guillaume Smet
- * Copyright 2007, Roland Mas
+ * Copyright 2007-2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -77,7 +77,7 @@
 		
 		for( $i=0, $max = sizeof($languages); $i < $max; $i++){
 			$languageCode = $languages[$i];
-			$res = db_query("select classname from supported_languages where language_code = '".addslashes($languageCode)."'");
+			$res = db_query_params ('select classname from supported_languages where language_code=$1', array ($languageCode)) ;
 			if (db_numrows($res) > 0) {
 				return db_result($res,0,'classname');
 			}
@@ -85,7 +85,7 @@
 			// If so, try to strip it and look for for main language only
 			if (strstr($languageCode, '-')) {
 				$languageCode = substr($languageCode, 0, 2);
-				$res = db_query("select classname from supported_languages where language_code = '".addslashes($languageCode)."'");
+				$res = db_query_params ('select classname from supported_languages where language_code=$1', array ($languageCode)) ;
 				if (db_numrows($res) > 0) {
 					return db_result($res,0,'classname');
 				}
@@ -163,12 +163,12 @@
 }
 
 function lang_id_to_language_name ($lang_id) {
-	$res = db_query('SELECT classname FROM supported_languages WHERE language_id=\''.$lang_id.'\'');
+	$res = db_query_params ('SELECT classname FROM supported_languages WHERE language_id=$1', array ($lang_id));
 	return db_result($res, 0, 'classname');
 }
 
 function language_name_to_lang_id ($language) {
-	$res = db_query('SELECT language_id FROM supported_languages WHERE classname=\''.$language.'\'');
+	$res = db_query_params ('SELECT language_id FROM supported_languages WHERE classname=$1', array ($language)) ;
 	return db_result($res, 0, 'language_id');
 }
 

Modified: trunk/gforge/common/include/license.php
===================================================================
--- trunk/gforge/common/include/license.php	2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/common/include/license.php	2009-02-27 12:38:35 UTC (rev 7086)
@@ -3,6 +3,7 @@
  * FusionForge license functions
  *
  * Copyright 2004, GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -25,7 +26,8 @@
 function license_getname($id) {
 	global $license_arr;
 	if (!isset($license_arr[$id])) {
-		$res=db_query("SELECT * FROM licenses WHERE license_id='$id'");
+		$res = db_query_params ('SELECT * FROM licenses WHERE license_id=$1',
+					array ($id));
 		$license_arr[$id]=db_result($res,0,'license_name');
 	}
 	return $license_arr[$id];
@@ -33,8 +35,8 @@
 
 function license_add($name) {
 	global $feedback;
-	$res=db_query("INSERT INTO licenses(license_name) 
-		values ('".htmlspecialchars($name)."')");
+	$res = db_query_params ('INSERT INTO licenses (license_name) VALUES ($1)',
+				array (htmlspecialchars ($name))) ;
 	if (!$res) {
 		$feedback .= ' Error adding License: '.db_error();
 		return false;
@@ -45,11 +47,11 @@
 
 function license_update($id,$name) {
 	global $feedback;
-	$res=db_query("UPDATE licenses 
-		SET license_name='".htmlspecialchars($name)."'
-		WHERE license_id='$id'");
+	$res = db_query_params ('UPDATE licenses SET license_name=$1 WHERE license_id=$2',
+				array (htmlspecialchars($name),
+				       $id)) ;
 	if (!$res) {
-		$feedback .= ' Error adding License: '.db_error();
+		$feedback .= ' Error updating License: '.db_error();
 		return false;
 	} else {
 		return true;
@@ -58,14 +60,14 @@
 
 function license_delete($id) {
 	global $feedback;
-	$res=db_query("UPDATE groups
-		SET license_id='100'
-		WHERE license_id='$id'");
+	$res = db_query_params ('UPDATE groups SET license_id=100 WHERE license_id=$1',
+				array ($id)) ;
 	if (!$res) {
 		$feedback .= ' Error deleting License: '.db_error();
 		return false;
 	} else {
-		$res=db_query("DELETE FROM licenses WHERE license_id='$id'");
+		$res = db_query_params ('DELETE FROM licenses WHERE license_id=$1',
+					array ($id)) ;
 		if (!$res) {
 			$feedback .= ' Error deleting License: '.db_error();
 			return false;
@@ -76,7 +78,8 @@
 }
 
 function license_selectbox($title='license_id',$selected='xzxz') {
-    $res=db_query("SELECT license_id, license_name FROM licenses ORDER BY license_name");
+	$res = db_query_params ('SELECT license_id, license_name FROM licenses ORDER BY license_name',
+				array()) ;
     return html_build_select_box($res,$title,$selected,false);
 }
 

Modified: trunk/gforge/www/project/admin/editgroupinfo.php
===================================================================
--- trunk/gforge/www/project/admin/editgroupinfo.php	2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/www/project/admin/editgroupinfo.php	2009-02-27 12:38:35 UTC (rev 7086)
@@ -1,30 +1,29 @@
 <?php
 /**
- * Project Admin page to edit project information (like description,
- * active facilities, etc.)
+ * FusionForge project admin page
  *
- * Portions Copyright 1999-2001 (c) VA Linux Systems
- * The rest Copyright 2002-2004 (c) GForge Team
- * http://gforge.org/
+ * Copyright 1999-2001, VA Linux Systems, Inc.
+ * Copyright 2002-2004, GForge, LLC
+ * Copyright 2009, Roland Mas
  *
- * This file is part of GForge.
+ * This file is part of FusionForge.
  *
- * GForge is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
+ * FusionForge is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License,
+ * or (at your option) any later version.
+ * 
+ * FusionForge is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
  *
- * GForge is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
  * You should have received a copy of the GNU General Public License
- * along with GForge; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * along with FusionForge; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ * USA
  */
 
-
 require_once('../../env.inc.php');
 require_once $gfwww.'include/pre.php';
 require_once $gfwww.'project/admin/project_admin_utils.php';
@@ -78,8 +77,6 @@
 		$new_doc_address,
 		$send_all_docs,
 		100,
-		'',
-		'',
 		$use_ftp,
 		$use_tracker,
 		$use_frs,




More information about the Fusionforge-commits mailing list