Example #1
0
function blog_filter_csv_line($line)
{
    $o = '';
    foreach ($line as $field) {
        if (strlen($field) > 50) {
            $field = substr($field, 47) . '...';
        }
        $o .= '<td>' . Template::sanitize($field) . '</td>';
    }
    return $o;
}
Example #2
0
 /**
  * Override the getter for head to include the description
  * and keywords fields as meta tags.
  */
 public function __get($key)
 {
     if ($key == 'head') {
         $head = '';
         if (isset($this->data['description'])) {
             $head .= '<meta name="description" content="' . Template::sanitize($this->data['description']) . "\" />\n";
         }
         if (isset($this->data['keywords'])) {
             $head .= '<meta name="keywords" content="' . Template::sanitize($this->data['keywords']) . "\" />\n";
         }
         return $head;
     }
     return parent::__get($key);
 }
Example #3
0
    echo $tpl->render('admin/locked', $lock->info());
    return;
} else {
    $lock->add();
}
$f = new Form('post', 'designer/editlayout');
$f->verify_csrf = false;
if ($f->submit()) {
    if (@file_put_contents($_GET['file'], $_POST['body'])) {
        $this->add_notification(__('Layout saved.'));
        try {
            @chmod($_GET['file'], 0666);
        } catch (Exception $e) {
        }
        $lock->remove();
        $this->redirect('/designer');
    }
    $page->title = __('Saving Layout Failed');
    echo '<p>' . __('Check that your permissions are correct and try again.') . '</p>';
} else {
    $page->window_title = __('Edit Layout') . ': ' . Template::sanitize($_GET['file']);
}
$o = new StdClass();
$o->file = $_GET['file'];
$o->body = @file_get_contents($_GET['file']);
$o->failed = $f->failed;
$o = $f->merge_values($o);
$this->run('admin/util/i18n');
$page->add_script('/apps/designer/css/layout.css');
$page->add_script('/apps/designer/js/jquery.bindWithDelay.js');
echo $tpl->render('designer/edit/layout', $o);
Example #4
0
 /**
  * Generate a text input in a template:
  *
  *     <?= Form::textarea ('name', $data, 50, 4) ?>
  *
  * This will generate the following HTML:
  *
  *     <textarea name="name" cols="50" rows="4">Value from $data</textarea>
  */
 public static function textarea($name, $data, $cols = null, $rows = null)
 {
     $out = '<textarea name="' . $name . '"';
     if ($cols !== null) {
         $out .= '" cols="' . $cols . '"';
     }
     if ($rows !== null) {
         $out .= '" rows="' . $rows . '"';
     }
     $out .= '>';
     $out .= Template::sanitize($data->{$name});
     $out .= '</textarea>';
     return $out;
 }
Example #5
0
 function test_sanitize()
 {
     $this->assertEquals(Template::sanitize('<script type="text/javascript">eval ("alert (typeof window)")</script>'), '&lt;script type=&quot;text/javascript&quot;&gt;eval (&quot;alert (typeof window)&quot;)&lt;/script&gt;');
 }
Example #6
0
$page->layout = 'admin';

$this->require_acl ('admin', 'user');

if (! isset ($_GET['id'])) {
	$this->redirect ('/user/admin');
}

$user = new User ($_GET['id']);
if ($user->error) {
	$page->title = __ ('Account not found');
	printf ('<p><a href="/user/admin">&laquo; %s</a></p>', __ ('Back'));
	return;
}

$user = $user->orig ();

$tabs = Appconf::options ('user');
foreach ($tabs as $handler => $name) {
	$user->tabs[$name] = $this->run ($handler, array ('user' => $user->id));
}

$page->title = Template::sanitize ($user->name);
$page->add_style ('/apps/user/css/details.css');
$page->add_script ('/js/jquery-ui/jquery-ui.min.js');
$page->add_script ('/apps/user/js/jquery.tools.min.js');
$page->add_script ('/apps/user/js/react/react.js');
$page->add_script ('/apps/user/js/build/links.js');
$page->add_script ('/apps/user/js/build/notes.js');
echo $tpl->render ('user/details', $user);
Example #7
0
 /**
  * Show a variable for the debug output.
  */
 public static function show_variable($value, $tabs = 0)
 {
     if (is_numeric($value)) {
         // Render a numeric value
         echo $value;
     } elseif (is_bool($value)) {
         // Render a boolean value
         if ($value) {
             echo 'true';
         } else {
             echo 'false';
         }
     } elseif (is_string($value)) {
         // Render a string value
         echo '"' . Template::sanitize($value) . '"';
     } elseif (is_array($value)) {
         // Render an array
         echo 'array (';
         if (empty($value)) {
             echo ")";
             return;
         }
         if (Debugger::is_assoc($value)) {
             // Associative array
             $first = true;
             foreach ($value as $key => $val) {
                 if (!$first) {
                     echo ",";
                     $first = false;
                 }
                 echo "\n";
                 echo str_pad('', ($tabs + 1) * 4);
                 printf("\"%s\" => ", $key);
                 Debugger::show_variable($val, $tabs + 1);
             }
         } else {
             // Ordinary array
             $first = true;
             foreach ($value as $val) {
                 if (!$first) {
                     echo ",";
                     $first = false;
                 }
                 print "\n";
                 echo str_pad('', ($tabs + 1) * 4);
                 Debugger::show_variable($val, $tabs + 1);
             }
         }
         echo "\n";
         echo str_pad('', $tabs * 4);
         echo ")";
     } elseif (is_object($value)) {
         // Render an object
         $vars = get_object_vars($value);
         if (count($vars) === 0) {
             echo get_class($value) . ' ()';
             return;
         }
         echo get_class($value) . " (\n";
         foreach (get_object_vars($value) as $key => $val) {
             echo str_pad('', ($tabs + 1) * 4);
             printf("\$%s = ", $key);
             Debugger::show_variable($val, $tabs + 1);
             echo ";\n";
         }
         echo ")";
     } else {
         // Render unknown values as-is
         echo $value;
     }
 }
Example #8
0
if (count($res) > 0) {
    $headers = array_keys((array) $res[0]);
} else {
    $headers = array();
}
printf("<p><a href='/dbman/index'>&laquo; %s</a> | <a href='/dbman/add?table=%s'>%s</a></p>\n", i18n_get('Back'), $_GET['table'], i18n_get('Add Item'));
echo '<p style="float: left">' . $count . ' ' . i18n_get('results') . ":</p>\n";
if ($count > $limit) {
    echo '<div style="float: right">' . $this->run('navigation/pager', array('style' => 'numbers', 'url' => '/dbman/browse?table=' . $_GET['table'] . '&num=%d', 'total' => $count, 'count' => count($res), 'limit' => $limit)) . '</div>';
}
echo "<p style='clear: both'><table width='100%'><tr>\n";
foreach ($headers as $header) {
    printf("<th>%s</th>\n", $header);
}
echo "<th>&nbsp;</th></tr>\n";
foreach ($res as $row) {
    echo "<tr>\n";
    foreach ((array) $row as $k => $v) {
        if (strlen($v) > 48) {
            printf("<td title=\"%s\">%s...</td>\n", Template::sanitize($v), Template::sanitize(substr($v, 0, 45)));
        } else {
            printf("<td>%s</td>\n", Template::sanitize($v));
        }
    }
    printf("<td><a href='/dbman/edit?table=%s&key=%s'>%s</a> | <a href='/dbman/delete?table=%s&key=%s' onclick=\"return confirm ('Are you sure you want to delete this item?')\">%s</a></td>\n", $_GET['table'], $row->{$pkey}, i18n_get('Edit'), $_GET['table'], $row->{$pkey}, i18n_get('Delete'));
    echo "</tr>\n";
}
echo "</table></p>\n";
if ($count > $limit) {
    echo $this->run('navigation/pager', array('style' => 'numbers', 'url' => '/dbman/browse?table=' . $_GET['table'] . '&num=%d', 'total' => $count, 'count' => count($res), 'limit' => $limit));
}
        }
    }
    echo '</div>';
}
$translatable = TranslatableEmail::fromToken($token);
$translation = $translatable->translate($lang);
/*
 * Do not call Template::sanitizeOutput on email contents after that because
 * TranslatableEmail::translate calls Translation::replace which itself calls
 * Utilities::sanitizeOutput, use Template::sanitize instead !
 */
$subject = array_filter($translation->subject->out());
?>
    
    <dl>
        <dt data-property="subject">{tr:subject} :</dt>
        <dd data-property="subject"><?php 
echo Template::sanitize(array_pop($subject));
?>
</dd>
        
        <dt data-property="message">{tr:message}</dt>
        <dd data-property="message"><?php 
echo Template::sanitize($translation->html);
?>
</dd>
    </dl>
    
    <script type="text/javascript" src="{path:js/translate_email_page.js}"></script>
</div>
Example #10
0
$f = new Form('post', 'designer/editstylesheet');
$f->verify_csrf = false;
if ($f->submit()) {
    if (@file_put_contents($_GET['file'], $_POST['body'])) {
        $this->add_notification(__('Stylesheet saved.'));
        try {
            @chmod($_GET['file'], 0666);
        } catch (Exception $e) {
        }
        $lock->remove();
        $this->redirect('/designer');
    }
    $page->title = __('Saving Stylesheet Failed');
    echo '<p>' . __('Check that your permissions are correct and try again.') . '</p>';
} else {
    $page->window_title = __('Edit Stylesheet') . ': ' . Template::sanitize($_GET['file']);
}
$o = new StdClass();
$o->file = $_GET['file'];
$o->body = @file_get_contents($_GET['file']);
$o->layouts = array();
$files = glob('layouts/*.html');
if (is_array($files)) {
    foreach ($files as $layout) {
        $o->layouts[] = basename($layout, '.html');
    }
}
$files = glob('layouts/*/*.html');
if (is_array($files)) {
    foreach ($files as $layout) {
        $o->layouts[] = basename($layout, '.html');
Example #11
0
<?php

//Imports
require_once 'session.php';
require_once 'db/db_conn.php';
require_once 'db/SELECT.php';
require_once 'db/UPDATE.php';
require_once 'classes/Template.php';
$con = connect_db();
$ADK_MSG_TMPL = new Template();
$ADK_MSG_TMPL->populateFromUpdate();
if (!$ADK_MSG_TMPL->isValid()) {
    $con->close();
    http_response_code(400);
    echo $ADK_MSG_TMPL->err;
    exit;
}
$ADK_MSG_TMPL->sanitize();
$ADK_MSG_TMPL->update($con);
$ADK_MSG_TMPLS = new Templates();
$ADK_MSG_TMPLS->get($con, $_SESSION['ADK_USER_ID']);
$con->close();
echo json_encode($ADK_MSG_TMPLS);
http_response_code(200);
Example #12
0
        $obj = new $class($_GET['id']);
        if ($obj->error) {
            // deleted item
            $obj->{$obj->key} = $_GET['id'];
            $deleted = true;
        }
    } else {
        $obj = $class;
    }
    $history = Versions::history($obj, $limit, $offset);
    $count = Versions::history($obj, true);
} else {
    $history = array();
    $count = 0;
}
function admin_filter_user_name($id)
{
    $u = new User($id);
    if ($u->error) {
        return __('Nobody');
    }
    return $u->name;
}
$name = Versions::display_name($_GET['type']);
$plural = Versions::plural_name($_GET['type']);
if (!empty($_GET['id'])) {
    $page->title .= __('Versions of') . ' ' . Template::sanitize(__($name)) . ' / ' . Template::sanitize($_GET['id']);
} else {
    $page->title = __('Versions') . ' - ' . Template::sanitize(__($plural));
}
echo $tpl->render('admin/versions', array('id' => !empty($_GET['id']) ? $_GET['id'] : false, 'type' => $_GET['type'], 'name' => $name, 'plural' => $plural, 'classes' => $classes, 'history' => $history, 'limit' => $limit, 'total' => $count, 'count' => count($history), 'url' => sprintf('/admin/versions?type=%s&id=%s&offset=%%d', $_GET['type'], $_GET['id']), 'deleted' => $deleted));
Example #13
0
<?php

$this->require_acl('admin', 'translator');
$page->layout = false;
$index = unserialize(file_get_contents('lang/_index.php'));
if (!isset($index[$_GET['string']])) {
    printf('<p>%s</p>', __('String not found.'));
    return;
}
$string = $index[$_GET['string']];
$string['src'] = is_array($string['src']) ? $string['src'] : array($string['src']);
$contexts = array();
foreach ($string['src'] as $source) {
    $lines = file($source);
    foreach ($lines as $line => $text) {
        if (strpos($text, $_GET['string']) !== false) {
            $start = $line >= 2 ? $line - 2 : 0;
            $slice = array_slice($lines, $start, 5);
            $code = '';
            foreach ($slice as $n => $single) {
                $code .= '<span class="line-number">' . ($start + $n + 1) . '.</span> ' . Template::sanitize($single);
            }
            $code = str_replace($_GET['string'], '<span class="trans-text">' . $_GET['string'] . '</span>', $code);
            $contexts[] = (object) array('file' => $source, 'code' => $code);
        }
    }
}
echo View::render('translator/sources', array('contexts' => $contexts));
Example #14
0
if (!isset($_GET['current'])) {
    $this->redirect('/admin');
}
if (!in_array($_GET['current'], array('yes', 'no'))) {
    $this->redirect('/admin');
}
$is_current = $_GET['current'] === 'yes' ? true : false;
$is_deleted = false;
$ver = new Versions($_GET['id']);
$old = $ver->restore();
$class = $ver->class;
$cur = new $class($ver->pkey);
if ($cur->error) {
    // deleted item
    $is_deleted = true;
    foreach (json_decode($ver->serialized) as $key => $value) {
        $cur->{$key} = $value;
    }
}
$diff = Versions::diff($old, $cur);
$data = array();
$cur_orig = (array) $cur->orig();
$old_orig = (array) $old->orig();
foreach ($cur_orig as $key => $value) {
    $data[$key] = array('cur' => $value, 'old' => $old_orig[$key], 'diff' => in_array($key, $diff) ? true : false);
}
if (is_subclass_of($cur, 'ExtendedModel')) {
    unset($data[$cur->_extended_field]);
}
$page->title = __('Comparing') . ' ' . Template::sanitize(__(Versions::display_name($ver->class))) . ' / ' . $ver->pkey;
echo $tpl->render('admin/compare', array('fields' => $data, 'class' => $ver->class, 'pkey' => $ver->pkey, 'ts' => $ver->ts, 'is_current' => $is_current, 'is_deleted' => $is_deleted));