Module Protector

[alain91]

Direct usage of mysql statements replace by Doctrine statements.

    --- a/htdocs/modules/protector/class/protector.php
    +++ b/htdocs/modules/protector/class/protector.php
    @@ -171,12 +171,13 @@ class Protector
                 return false;
             }

    -        $result = @mysql_query("SELECT conf_name,conf_value FROM " . XOOPS_DB_PREFIX . "_config WHERE conf_title like '" . "_MI_PROTECTOR%'", $this->_conn);
    -        if (!$result || mysql_num_rows($result) < 5) {
    +        $result = $this->_conn->executeQuery("SELECT conf_name,conf_value FROM " . XOOPS_DB_PREFIX . "_config WHERE conf_title like '" . "_MI_PROTECTOR%'");
    +        if (!$result || $result->columnCount() < 5) {
                 return false;
             }
             $db_conf = array();
    -        while (list($key, $val) = mysql_fetch_row($result)) {
    +       $rows = $result->fetch();
    +        foreach ($rows as $key => $val) {
                 $db_conf[$key] = $val;
             }
            $db_conf_serialized = serialize($db_conf);

```php
    --- a/htdocs/modules/protector/include/postcheck_functions.php
    +++ b/htdocs/modules/protector/include/postcheck_functions.php
    @@ -43,6 +43,7 @@ function protector_postcheck()
         // configs writable check
         if (@$_SERVER['REQUEST_URI'] == '/admin.php' && !is_writable(dirname(dirname(__FILE__)) . '/configs')) {
             trigger_error('You should turn the directory ' . dirname(dirname(__FILE__)) . '/configs writable', E_USER_WARNING);
    +       return false;
         }

     // Protector object

[geekwright]

Protector is scheduled for a serious conversion to Doctrine and other 2.6.0 changes. One example is the SQL injection checks which are only performed through the legacy connector. It will be easier to approach it as a whole, rather than one issue at a time. Will postpone this fix for the time being.