function tpl_function_qishi_news_show($params, &$smarty)
{
    global $db, $_CFG;
    $arr = explode(',', $params['set']);
    foreach ($arr as $str) {
        $a = explode(':', $str);
        switch ($a[0]) {
            case "资讯ID":
                $aset['id'] = $a[1];
                break;
            case "列表名":
                $aset['listname'] = $a[1];
                break;
        }
    }
    $aset = array_map("get_smarty_request", $aset);
    $aset['id'] = $aset['id'] ? intval($aset['id']) : 0;
    $aset['listname'] = $aset['listname'] ? $aset['listname'] : "list";
    unset($arr, $str, $a, $params);
    $sql = "select id,subsite_id,content,title,seo_keywords,seo_description,type_id,addtime from " . table('article') . " WHERE  id=" . intval($aset['id']) . " AND  is_display=1 LIMIT 1";
    $val = $db->getone($sql);
    if (empty($val)) {
        header("HTTP/1.1 404 Not Found");
        $smarty->display("404.htm");
        exit;
    }
    check_url($val['subsite_id'], $smarty, $_CFG['news_url']);
    $val['content'] = htmlspecialchars_decode($val['content'], ENT_QUOTES);
    if ($val['seo_keywords'] == "") {
        $val['keywords'] = $val['title'];
    } else {
        $val['keywords'] = $val['seo_keywords'];
    }
    if ($val['seo_description'] == "") {
        $val['description'] = cut_str(strip_tags($val['content']), 60, 0, "");
    } else {
        $val['description'] = $val['seo_description'];
    }
    if (intval($_CFG['subsite_id']) > 0) {
        $other_wheresql = " AND subsite_id=" . intval($_CFG['subsite_id']) . " ";
    }
    $prev = $db->getone("select id,subsite_id,title from " . table('article') . " where id<" . $val['id'] . " and type_id=" . $val['type_id'] . $other_wheresql . " order by id desc limit 1");
    if (!$prev) {
        $val['prev'] = 0;
    } else {
        $val['prev'] = 1;
        $val['prev_title'] = $prev['title'];
        $val['prev_url'] = url_rewrite("QS_newsshow", array('id' => $prev['id']), 1, $prev['subsite_id']);
    }
    $next = $db->getone("select id,subsite_id,title from " . table('article') . " where id>" . $val['id'] . " and type_id=" . $val['type_id'] . $other_wheresql . " limit 1");
    if (!$next) {
        $val['next'] = "没有了";
    } else {
        $val['next'] = 1;
        $val['next_title'] = $next['title'];
        $val['next_url'] = url_rewrite("QS_newsshow", array('id' => $next['id']), 1, $next['subsite_id']);
    }
    $smarty->assign($aset['listname'], $val);
}
Beispiel #2
0
/**
 *  Customize RSS feed icon
 *
 * @param $url
 *   URL for RSS icon to link to
 * @param $title
 *   Title for RSS icon
 * @return a string containing the RSS icon output.
 */
function txtconnect_theme_feed_icon($url, $title)
{
    if ($image = theme('image', '/misc/feed.png', t('RSS Feed'), $title)) {
        $output = '<div id="top-feed-container"><a href="' . check_url($url) . '" class="feed-icon">' . $image . '</a> ';
        $output .= '<a href="' . check_url($url) . '" class="feed-icon">RSS Feed</a></div>';
        return $output;
    }
}
Beispiel #3
0
function build_url($url)
{
    if (check_url($url)) {
        return $url;
    } else {
        return config::standard_protocol . $url;
    }
}
function tpl_function_qishi_curriculum_show($params, &$smarty)
{
    global $db, $timestamp, $_CFG;
    $arr = explode(',', $params['set']);
    foreach ($arr as $str) {
        $a = explode(':', $str);
        switch ($a[0]) {
            case "¿Î³ÌID":
                $aset['id'] = $a[1];
                break;
            case "ÁбíÃû":
                $aset['listname'] = $a[1];
                break;
            case "ÃèÊö³¤¶È":
                $aset['brieflylen'] = $a[1];
                break;
            case "Ìî²¹×Ö·û":
                $aset['dot'] = $a[1];
                break;
        }
    }
    $aset = array_map("get_smarty_request", $aset);
    $aset['id'] = $aset['id'] ? intval($aset['id']) : 0;
    $aset['brieflylen'] = isset($aset['brieflylen']) ? intval($aset['brieflylen']) : 0;
    $aset['listname'] = $aset['listname'] ? $aset['listname'] : "list";
    $wheresql = " WHERE id={$aset['id']} ";
    $sql = "select id,subsite_id,uid,setmeal_deadline,add_mode,train_id,contents,refreshtime,teacher_id,teacher_cn,trainname,course_name,addtime,click,favour_expenses,train_expenses,classhour,category_cn,starttime,classtype_cn,district_cn,train_object,train_certificate from " . table('course') . $wheresql . " LIMIT 1";
    $val = $db->getone($sql);
    if (empty($val)) {
        header("HTTP/1.1 404 Not Found");
        $smarty->display("404.htm");
        exit;
    } else {
        check_url($val['subsite_id'], $smarty, $_CFG['train_url']);
        if ($val['setmeal_deadline'] < time() && $val['setmeal_deadline'] != "0" && $val['add_mode'] == "2") {
            $val['deadline'] = $val['setmeal_deadline'];
        }
        $val['course_url'] = url_rewrite('QS_courseshow', array('id' => $val['id']), 1, $val['subsite_id']);
        $profile = GetTainProfile($val['train_id']);
        $val['train'] = $profile;
        $val['expire'] = sub_day($val['deadline'], time());
        $val['countapply'] = $db->get_total("SELECT COUNT(*) AS num FROM " . table('personal_course_apply') . " WHERE course_id= '{$val['id']}'");
        if ($aset['brieflylen'] > 0) {
            $val['briefly'] = cut_str(strip_tags($val['contents']), $aset['brieflylen'], 0, $aset['dot']);
        } else {
            $val['briefly'] = strip_tags($val['contents']);
        }
        $val['refreshtime_cn'] = daterange(time(), $val['refreshtime'], 'Y-m-d', "#FF3300");
        $val['train_url'] = url_rewrite('QS_train_agencyshow', array('id' => $val['train_id']));
        $val['teacher_url'] = url_rewrite('QS_train_lecturershow', array('id' => $val['teacher_id']));
        if ($val['train']['logo']) {
            $val['train']['logo'] = $_CFG['site_dir'] . "data/train_logo/" . $val['train']['logo'];
        } else {
            $val['train']['logo'] = $_CFG['site_dir'] . "data/train_logo/no_logo.gif";
        }
    }
    $smarty->assign($aset['listname'], $val);
}
Beispiel #5
0
 /**
  * Checks that harmful protocols are stripped.
  */
 function testBadProtocolStripping()
 {
     // Ensure that check_url() strips out harmful protocols, and encodes for
     // HTML.
     // Ensure \Drupal\Component\Utility\UrlHelper::stripDangerousProtocols() can
     // be used to return a plain-text string stripped of harmful protocols.
     $url = 'javascript:http://www.example.com/?x=1&y=2';
     $expected_plain = 'http://www.example.com/?x=1&y=2';
     $expected_html = 'http://www.example.com/?x=1&amp;y=2';
     $this->assertIdentical(check_url($url), $expected_html, 'check_url() filters a URL and encodes it for HTML.');
     $this->assertIdentical(UrlHelper::stripDangerousProtocols($url), $expected_plain, '\\Drupal\\Component\\Utility\\Url::stripDangerousProtocols() filters a URL and returns plain text.');
 }
Beispiel #6
0
 /**
  * Confirms that invalid URLs are filtered in link generating functions.
  */
 function testLinkXSS()
 {
     // Test \Drupal::l().
     $text = $this->randomMachineName();
     $path = "<SCRIPT>alert('XSS')</SCRIPT>";
     $link = \Drupal::l($text, Url::fromUserInput('/' . $path));
     $sanitized_path = check_url(Url::fromUri('base:' . $path)->toString());
     $this->assertTrue(strpos($link, $sanitized_path) !== FALSE, format_string('XSS attack @path was filtered by _l().', array('@path' => $path)));
     // Test \Drupal\Core\Url.
     $link = Url::fromUri('base:' . $path)->toString();
     $sanitized_path = check_url(Url::fromUri('base:' . $path)->toString());
     $this->assertTrue(strpos($link, $sanitized_path) !== FALSE, format_string('XSS attack @path was filtered by #theme', ['@path' => $path]));
 }
 /**
  * Confirms that invalid URLs are filtered in link generating functions.
  */
 function testLinkXSS()
 {
     // Test _l().
     $text = $this->randomMachineName();
     $path = "<SCRIPT>alert('XSS')</SCRIPT>";
     $link = _l($text, $path);
     $sanitized_path = check_url(_url($path));
     $this->assertTrue(strpos($link, $sanitized_path) !== FALSE, format_string('XSS attack @path was filtered by _l().', array('@path' => $path)));
     // Test _url().
     $link = _url($path);
     $sanitized_path = check_url(_url($path));
     $this->assertTrue(strpos($link, $sanitized_path) !== FALSE, format_string('XSS attack @path was filtered by #theme', ['@path' => $path]));
 }
Beispiel #8
0
function sci_aggregator_block_item($item, $feed = 0)
{
    global $user;
    $output = '';
    if ($user->uid && module_exists('post') && user_access('create post entries')) {
        if ($image = theme('image', 'misc/blog.png', t('post it'), t('post it'))) {
            $output .= '<div class="icon">' . l($image, 'node/add/post', array('attributes' => array('title' => t('Comment on this news item in your personal postings.'), 'class' => 'post-it'), 'query' => "iid={$item->iid}", 'html' => TRUE)) . '</div>';
        }
    }
    // Display the external link to the item.
    $output .= '<a href="' . check_url($item->link) . '">' . check_plain($item->title) . "</a>\n";
    return $output;
}
Beispiel #9
0
 /**
  * Confirms that invalid URLs are filtered in link generating functions.
  */
 function testLinkXSS()
 {
     // Test l().
     $text = $this->randomMachineName();
     $path = "<SCRIPT>alert('XSS')</SCRIPT>";
     $link = l($text, $path);
     $sanitized_path = check_url(url($path));
     $this->assertTrue(strpos($link, $sanitized_path) !== FALSE, format_string('XSS attack @path was filtered by l().', array('@path' => $path)));
     // Test #type 'link'.
     $link_array = array('#type' => 'link', '#title' => $this->randomMachineName(), '#href' => $path);
     $type_link = drupal_render($link_array);
     $sanitized_path = check_url(url($path));
     $this->assertTrue(strpos($type_link, $sanitized_path) !== FALSE, format_string('XSS attack @path was filtered by #theme', array('@path' => $path)));
 }
Beispiel #10
0
function admin_user_edit($id)
{
    global $db;
    if (isset($_POST['submit'])) {
        if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'username = \'' . strsave(htmlspecialchars($_POST['username'])) . '\' AND ID != ' . $id) or $_POST['username'] == '') {
            $_POST['username'] = $db->result(DB_PRE . 'ecp_user', 'username', 'ID = ' . $id);
            table(ERROR, ACCOUNT_ALLREADY_EXIST);
        }
        if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'email = \'' . strsave($_POST['username']) . '\' AND ID != ' . $id) or !check_email($_POST['email'])) {
            $_POST['email'] = $db->result(DB_PRE . 'ecp_user', 'email', 'ID = ' . $id);
            if (!check_email($_POST['email'])) {
                table(ERROR, WRONG_EMAIL);
            } else {
                table(ERROR, EMAIL_ALLREADY_EXIST);
            }
        }
        $geburtstag = explode('.', $_POST['birthday']);
        $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_user SET
						username = \'%s\',email = \'%s\',country = \'%s\',
						sex = \'%s\',signatur = \'%s\',realname = \'%s\',
						geburtstag = \'%s\',homepage = \'%s\',icq = \'%s\',
						msn = \'%s\',yahoo = \'%s\',skype = \'%s\',xfire = \'%s\',
						clanname = \'%s\',clanirc = \'%s\',clanhomepage = \'%s\',
						clanhistory = \'%s\',cpu = \'%s\',mainboard = \'%s\',
						ram = \'%s\',gkarte = \'%s\',skarte = \'%s\',
						monitor = \'%s\',maus = \'%s\',tastatur = \'%s\',
						mauspad = \'%s\',internet = \'%s\',festplatte = \'%s\',
						headset = \'%s\',aboutme = \'%s\', wohnort = \'%s\', aim = \'%s\'  
					WHERE ID = ' . $id, strsave(htmlspecialchars(@$_POST['username'])), strsave(@$_POST['email']), strsave(@$_POST['country']), @$_POST['sex'] == 'male' ? 'male' : 'female', strsave(comment_save(@$_POST['signatur'])), strsave(htmlspecialchars(@$_POST['realname'])), (int) @$geburtstag[2] . '-' . (int) @$geburtstag[1] . '-' . (int) @$geburtstag[0], strsave(htmlspecialchars(check_url(@$_POST['homepage']))), strsave(htmlspecialchars(@$_POST['icq'])), strsave(htmlspecialchars(@$_POST['msn'])), strsave(htmlspecialchars(@$_POST['yahoo'])), strsave(htmlspecialchars(@$_POST['skype'])), strsave(htmlspecialchars(@$_POST['xfire'])), strsave(htmlspecialchars(@$_POST['clanname'])), strsave(htmlspecialchars(@$_POST['clanirc'])), strsave(htmlspecialchars(check_url(@$_POST['clanhomepage']))), strsave(htmlspecialchars(@$_POST['clanhistory'])), strsave(htmlspecialchars(@$_POST['cpu'])), strsave(htmlspecialchars(@$_POST['mainboard'])), strsave(htmlspecialchars(@$_POST['ram'])), strsave(htmlspecialchars(@$_POST['gkarte'])), strsave(htmlspecialchars(@$_POST['skarte'])), strsave(htmlspecialchars(@$_POST['monitor'])), strsave(htmlspecialchars(@$_POST['maus'])), strsave(htmlspecialchars(@$_POST['tastatur'])), strsave(htmlspecialchars(@$_POST['mauspad'])), strsave(htmlspecialchars(@$_POST['internet'])), strsave(htmlspecialchars(@$_POST['festplatte'])), strsave(htmlspecialchars(@$_POST['headset'])), strsave(comment_save(@$_POST['aboutme'])), strsave(htmlspecialchars(@$_POST['wohnort'])), strsave(htmlspecialchars(@$_POST['aim'])));
        if ($db->query($sql) and $db->query('UPDATE ' . DB_PRE . 'ecp_user_stats SET comments = ' . (int) $_POST['comments'] . ', money = ' . (double) $_POST['money'] . ' WHERE userID = ' . $id)) {
            header1('?section=admin&site=user');
        }
    } else {
        $tpl = new smarty();
        $row = $db->fetch_assoc('SELECT `username`, `email`, `country`, `sex`, `signatur`, `realname`, `wohnort`, `geburtstag`, `homepage`, `icq`, `msn`, `yahoo`, `skype`, `xfire`, 
											`clanname`, `clanirc`, `clanhomepage`, `clanhistory`, `cpu`, `mainboard`, `ram`, `gkarte`, `skarte`, `monitor`, `maus`, `tastatur`, `mauspad`, 
											`internet`, `festplatte`, `headset`, `aboutme`, `ondelete`, aim, money, comments FROM ' . DB_PRE . 'ecp_user LEFT JOIN ' . DB_PRE . 'ecp_user_stats ON (userID = ID) WHERE ID = ' . $id);
        $row['birthday'] = date('d.m.Y', strtotime($row['geburtstag']));
        foreach ($row as $key => $value) {
            $tpl->assign($key, $value);
        }
        ob_start();
        $tpl->assign('countries', form_country($row['country']));
        $tpl->display(DESIGN . '/tpl/admin/user_edit.html');
        $content = ob_get_contents();
        ob_end_clean();
        main_content(ACCOUNT_EDIT, $content, '', 1);
    }
}
Beispiel #11
0
function main($gj_config)
{
    $data = explode('|', $_POST['content']);
    array_remove_empty($data);
    $url_num = count($data);
    $post_data = '';
    foreach ($data as $info) {
        $tmp = explode('^', $info);
        if (empty($tmp[0])) {
            continue;
        }
        $post_data .= 'urlinfo=' . urlencode(base64_encode('url=' . urlencode($tmp[0]) . '&urlSeq=' . $tmp[1])) . '&';
    }
    echo 'gj_plugin_function.gettype_callback_a(' . check_url($gj_config, $post_data, $url_num) . ')';
}
Beispiel #12
0
 function admin_settings()
 {
     global $db, $countries;
     if (isset($_POST['submit'])) {
         unset($_POST['submit']);
         $_POST['SITE_URL'] = strrpos($_POST['SITE_URL'], '/') !== strlen($_POST['SITE_URL']) - 1 ? check_url($_POST['SITE_URL'] . '/') : check_url($_POST['SITE_URL']);
         $sql = 'UPDATE ' . DB_PRE . 'ecp_settings SET ';
         foreach ($_POST as $key => $value) {
             $sql .= $key . ' = "' . strsave($value) . '", ';
         }
         $sql = substr($sql, 0, strlen($sql) - 2);
         if ($db->query($sql)) {
             header('Location: ?section=admin&site=settings');
         }
     } else {
         $dir = scan_dir('templates', true);
         $designs = '';
         foreach ($dir as $value) {
             if (is_dir('templates/' . $value)) {
                 $designs .= '<option ' . ($value == DESIGN ? 'selected="selected"' : '') . ' value="' . $value . '">' . $value . '</option>';
             }
         }
         $tpl = new smarty();
         $tpl->assign('designs', $designs);
         $tpl->assign('langs', get_languages());
         $dir = scan_dir('module', true);
         $start = '';
         foreach ($dir as $value) {
             if (is_dir('module/' . $value)) {
                 $start .= '<option ' . ('modul|' . $value == STARTSEITE ? 'selected="selected"' : '') . ' value="modul|' . $value . '">' . $value . '</option>';
             }
         }
         $start .= '<option value="">-----' . OWN_SITES . '----</option>';
         $db->query('SELECT headline, cmsID FROM ' . DB_PRE . 'ecp_cms ORDER BY headline ASC');
         while ($row = $db->fetch_assoc()) {
             $title = json_decode($row['headline'], true);
             isset($title[LANGUAGE]) ? $title = $title[LANGUAGE] : ($title = $title[DEFAULT_LANG]);
             $start .= '<option ' . ('cms|' . $row['cmsID'] == STARTSEITE ? 'selected="selected"' : '') . ' value="cms|' . $row['cmsID'] . '">' . $title . '</option>';
         }
         $tpl->assign('startseite', $start);
         ob_start();
         $tpl->display(DESIGN . '/tpl/admin/settings.html');
         $content = ob_get_contents();
         ob_end_clean();
         main_content(SETTINGS, $content, '', 1);
     }
 }
Beispiel #13
0
function get_sonmenu($son_key)
{
    global $menu;
    echo '<div class="left_nav">';
    //计算选中菜单
    /*$is_set=0;
      for($i=0;$i<count($menu['son_key']);$i++){
          $sonmenu=$menu[$i]['sonmenu'];
          for($j=0;$j<count($sonmenu);$j++){
              $show = check_url($sonmenu[$j]['url']);
              if($show){
                  $is_set=1;
                  $menu[$i]['selected'] = $show;
                  $menu[$i]['sonmenu'][$j]['selected']=$show;
              }
          }
      }
      if($is_set==0){
          $menu[1]['selected'] = 1;
          //$menu[0]['sonmenu'][0]['selected']=1;
      }*/
    //显示菜单
    echo '<ul>';
    foreach ($menu[$son_key]['sonmenu'] as $k => $a) {
        $select = check_url($a['url']);
        $selected = $select ? 'selected' : '';
        //验证权限
        //if(!check_admin_level($a['level']) && !check_group_level($a['level'])) continue;
        echo '<li>';
        if ($k == 0) {
            echo '<a href="" class="menu_1selected" style="background: url(' . $menu[$son_key]['bgimg'] . ') no-repeat">' . $menu[$son_key]['title'] . '</a>';
        }
        echo '<a href="' . $a['url'] . '" class="menu_2' . $selected . '">' . $a['title'] . '</a>';
        //获取子导航的第一个地址。给父导航显示连接地址
        /*foreach($a['sonmenu'] as $son){
              //验证权限
              //if(!check_admin_level($son['level']) && !check_group_level($son['level'])) continue;
              if(check_admin_level($son['level']) || check_group_level($son['level'])) {
                  echo('<a href="'.SITE_PATH.ADMIN_PATH.'/'.$son['url'].'" class="menu_1'.$selected.'" style="background:url('.SITE_PATH.ADMIN_PATH.'/'.$template."/".$a['bgimg'].') 12px 4px no-repeat;">'.$a['title'].'</a>');
                  break;
              }
          }*/
        echo '</li>';
    }
    echo '</ul>';
    echo '</div>';
}
Beispiel #14
0
function check_copyright($html)
{
    $html_lower = strtolower($html);
    $html_work = $html;
    $i = 0;
    while ($i < 1) {
        $anchor_url = "";
        $html_work = extract_first_anchor_url($html, $anchor_url, True);
        if ($html_work === False) {
            continue;
        }
        if (check_url($html, $anchor_url) == False) {
            return $anchor_url;
        }
        $i++;
    }
    return False;
}
Beispiel #15
0
function theme221_l($text, $path, $options = array())
{
    // Merge in defaults.
    $options += array('attributes' => array(), 'html' => TRUE);
    // Append active class.
    if ($path == $_GET['q'] || $path == '<front>' && drupal_is_front_page()) {
        if (isset($options['attributes']['class'])) {
            $options['attributes']['class'] .= ' active';
        } else {
            $options['attributes']['class'] = 'active';
        }
    }
    // Remove all HTML and PHP tags from a tooltip. For best performance, we act only
    // if a quick strpos() pre-check gave a suspicion (because strip_tags() is expensive).
    if (isset($options['attributes']['title']) && strpos($options['attributes']['title'], '<') !== FALSE) {
        $options['attributes']['title'] = strip_tags($options['attributes']['title']);
    }
    return '<a href="' . check_url(url($path, $options)) . '"' . drupal_attributes($options['attributes']) . '>' . ($options['html'] ? $text : check_plain($text)) . '</a>';
}
 /**
  * {@inheritdoc}
  */
 public function viewElements(FieldItemListInterface $items)
 {
     $elements = parent::viewElements($items);
     $path_to_icon = drupal_get_path('module', 'social_profile_field') . '/icons/';
     $show_icons = $this->getSetting('icons_show');
     foreach ($elements as $delta => $element) {
         if ($show_icons) {
             $icon_path = $path_to_icon . 'default.png';
             $domain_icon = $path_to_icon . parse_url(check_url(trim($items[$delta]->value)), PHP_URL_HOST) . '.png';
             if (file_exists($domain_icon)) {
                 $icon_path = $domain_icon;
             }
             $elements[$delta]['#title'] = ['#theme' => 'image', '#uri' => $icon_path, '#attributes' => ['class' => ['social-profile-icon']]];
             $elements[$delta]['#attached'] = ['library' => ['social_profile_field/social_profile_field.css']];
         }
         $elements[$delta]['#attributes'] = ['class' => ['social-link']];
     }
     return $elements;
 }
Beispiel #17
0
function admin_links_edit($id)
{
    ob_end_clean();
    global $db;
    if (!isset($_SESSION['rights']['admin']['links']['edit']) and !isset($_SESSION['rights']['superadmin'])) {
        echo NO_ADMIN_RIGHTS;
    } else {
        if ($_POST['name'] == '' or $_POST['url'] == '') {
            echo NOT_NEED_ALL_INPUTS;
        } else {
            $db->setMode(0);
            ajax_convert_array($_POST);
            $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_links SET `name` = \'%s\', `url` = \'%s\', `bannerurl` = \'%s\', `beschreibung` = \'%s\', `hits` = %d WHERE linkID = %d', strsave($_POST['name']), strsave(check_url($_POST['url'])), strsave(check_url($_POST['bannerurl'])), strsave($_POST['beschreibung']), (int) $_POST['hits'], $id);
            if ($db->query($sql)) {
                echo 'ok';
            }
        }
    }
    die;
}
Beispiel #18
0
/**
 * @file
 * template.php for the vote_up_down.module
 */

function _phptemplate_variables($hook, $vars) {
  switch ($hook) {
    case 'node':
      $vars['storylink_url'] = check_url($vars['node']->vote_storylink_url);
      if (arg(1) != 'add' && arg(2) != 'edit') {
        $style = variable_get('vote_up_down_widget_style_node', 0) == 1 ? '_alt' : '';
        $vars['vote_up_down_widget'] = theme("vote_up_down_widget$style", $vars['node']->nid, 'node');
        $vars['vote_up_down_points'] = theme("vote_up_down_points$style", $vars['node']->nid, 'node');
      }
      $vars['vote_storylink_via'] = theme('vote_storylink_via', $vars['node']->vote_storylink_url);
      if (arg(1) == 'top') {
        static $count;
        $count = is_array($count) ? $count : array();
        $count[$hook] = is_int($count[$hook]) ? $count[$hook] : 1;
        $vars['seqid'] = $count[$hook]++;
      }
      break;
  }
  return $vars;
}
function tpl_function_qishi_notice_show($params, &$smarty)
{
    global $db, $_CFG;
    $arr = explode(',', $params['set']);
    foreach ($arr as $str) {
        $a = explode(':', $str);
        switch ($a[0]) {
            case "公告ID":
                $aset['id'] = $a[1];
                break;
            case "列表名":
                $aset['listname'] = $a[1];
                break;
        }
    }
    $aset = array_map("get_smarty_request", $aset);
    $aset['id'] = $aset['id'] ? intval($aset['id']) : 0;
    $aset['listname'] = $aset['listname'] ? $aset['listname'] : "list";
    unset($arr, $str, $a, $params);
    $sql = "select id,subsite_id,title,content,seo_keywords,seo_description,type_id,addtime from " . table('notice') . " WHERE  id=" . intval($aset['id']) . " AND  is_display=1 LIMIT 1";
    $val = $db->getone($sql);
    if (empty($val)) {
        header("HTTP/1.1 404 Not Found");
        $smarty->display("404.htm");
        exit;
    }
    check_url($val['subsite_id'], $smarty, $_CFG['notice_url']);
    if ($val['seo_keywords'] == "") {
        $val['keywords'] = $val['title'];
    } else {
        $val['keywords'] = $val['seo_keywords'];
    }
    if ($val['seo_description'] == "") {
        $val['description'] = cut_str(strip_tags($val['content']), 60, 0, "");
    } else {
        $val['description'] = $val['seo_description'];
    }
    $val['content'] = htmlspecialchars_decode($val['content'], ENT_QUOTES);
    $smarty->assign($aset['listname'], $val);
}
Beispiel #20
0
function iwebkit_textfield($element)
{
    $size = empty($element['#size']) ? '' : ' size="' . $element['#size'] . '"';
    $maxlength = empty($element['#maxlength']) ? '' : ' maxlength="' . $element['#maxlength'] . '"';
    $class = array('form-text');
    $extra = '';
    $output = '';
    if ($element['#autocomplete_path'] && menu_valid_path(array('link_path' => $element['#autocomplete_path']))) {
        drupal_add_js('misc/autocomplete.js');
        $class[] = 'form-autocomplete';
        $extra = '<input class="autocomplete" type="hidden" id="' . $element['#id'] . '-autocomplete" value="' . check_url(url($element['#autocomplete_path'], array('absolute' => TRUE))) . '" disabled="disabled" />';
    }
    _form_set_class($element, $class);
    if (isset($element['#field_prefix'])) {
        $output .= '<span class="field-prefix">' . $element['#field_prefix'] . '</span> ';
    }
    $output .= '<ul class="pageitem"><li class="form"><input placeholder="' . $element['#title'] . '" type="text"' . $maxlength . ' name="' . $element['#name'] . '" id="' . $element['#id'] . '"' . $size . ' value="' . check_plain($element['#value']) . '"' . drupal_attributes($element['#attributes']) . ' /></li></ul>';
    if (isset($element['#field_suffix'])) {
        $output .= ' <span class="field-suffix">' . $element['#field_suffix'] . '</span>';
    }
    return theme('form_element', $element, $output) . $extra;
}
Beispiel #21
0
function alternator_feed_icon($url)
{
    if ($image = theme('image', drupal_get_path('theme', 'dynamo') . '/images/feed.png', t('RSS feed'), t('RSS feed'))) {
        // Transform view expose query string in to drupal style arguments -- ?library=1 <-> /1
        if ($pos = strpos($url, '?')) {
            $base = substr($url, 0, $pos);
            $parm = '';
            foreach ($_GET as $key => $value) {
                if ($key != 'q') {
                    $parm .= '/' . strtolower($value);
                }
            }
            // Extra fix for event arrangementer?library=x, as it wants taks. id/lib. id
            if (isset($_GET['library'])) {
                if (arg(1) == '') {
                    $parm = '/all' . $parm;
                }
            }
            $url = $base . $parm;
        }
        return '<a href="' . check_url($url) . '" class="feed-icon">' . $image . '<span>' . t('RSS') . '</span></a>';
    }
}
Beispiel #22
0
 public function views($_id)
 {
     $res = $this->Content->get($_id);
     if ($res["state"] == 1 && $res["hidden"] == 0) {
         $this->Content->pageview($_id);
         $res["com"] = $this->Startup_member->get_by_user($res["user_id"]);
         $this->assigns["res"] = $res;
         $cat_list = $this->Content_category->list_('', '', 'hidden = 0');
         for ($i = 0; $i < sizeof($cat_list); $i++) {
             $cat_list[$i]["cnt"] = $this->Content->cnt("c.state = 1 and c.hidden = 0 and category_id = " . $cat_list[$i]["id"]);
         }
         $this->assigns["cat_list"] = $cat_list;
         $this->assigns["curr_cont"] = $this->Content->list_(1, 5, 'c.state = 1 and c.hidden = 0');
         $this->assigns["hot_cont"] = $this->Content->list_(1, 5, 'c.en = 0 and c.state = 1 and c.hidden = 0', 'v_cnt DESC');
         $og["type"] = 'article';
         $og["url"] = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
         $og["title"] = $res["subject"] . " on D.CAMP";
         $og["description"] = strip_tags($res["contents"]);
         if (strlen(strip_tags($res["contents"])) > 150) {
             $og["description"] = mb_substr(strip_tags($res["contents"]), 0, 150, 'UTF-8') . '...';
         }
         if ($res["cpic"]) {
             $og["image"] = 'http://' . $_SERVER['SERVER_NAME'] . $res["cpic"];
         }
         if (!$res["cpic"]) {
             $og["image"] = check_url($res["img"], '');
         }
         $this->assigns_layout["og"] = $og;
         $this->assigns["acnt"] = $this->Content->cnt("c.state = 1 and c.hidden = 0");
         if (!strpos($_SERVER["HTTP_REFERER"], "dcamp.kr")) {
             $this->assigns_layout["cards"] = bottom_main();
         }
     } else {
         header("Location: /error_404");
     }
 }
<div class="main-heading">
	<!--<?php 
if (!$user->uid) {
    ?>
<strong class="note">Unlock up-to-the-minute financial news. <a href="/user/register">Sign up today.</a></strong><?php 
}
?>
-->
	<h2><?php 
if (arg(0) == "sector") {
    echo ucwords(str_replace("-", " ", check_url(arg(1))));
    if (arg(2) && arg(2) != "index") {
        echo ": <br/>" . ucwords(str_replace("-", " ", check_plain(arg(2))));
    }
} else {
    echo "Financial Market News";
}
?>
</h2>
</div>
<?php 
print $block->content;
  height: 400px;
}
</style>
  </head>
  <body <?php 
print drupal_attributes($attr);
?>
>

  <?php 
print $skipnav;
?>
  <div id='logo' class='clear-block'>
    <div class='logo'>
    	<a href="<?php 
echo check_url($front_page);
?>
"><img title="Open Government Platform (OGPL)" src="<?php 
print $logo;
?>
" alt="logo" /></a>
    </div>
    <div class="header-anounced-text">The National Data Portal Beta</div>
    <div class="searchPan"></div>
  </div>
  <div id="menu">
  <?php 
print $header_top;
?>
  </div>
  <div class="clear-block"></div>
Beispiel #25
0
/**
 * Search result preprocessing
 */
function fusion_core_preprocess_search_result(&$vars)
{
    static $search_zebra = 'even';
    $search_zebra = $search_zebra == 'even' ? 'odd' : 'even';
    $vars['search_zebra'] = $search_zebra;
    $result = $vars['result'];
    $vars['url'] = check_url($result['link']);
    $vars['title'] = check_plain($result['title']);
    // Check for snippet existence. User search does not include snippets.
    $vars['snippet'] = '';
    if (isset($result['snippet']) && theme_get_setting('search_snippet')) {
        $vars['snippet'] = $result['snippet'];
    }
    $info = array();
    if (!empty($result['type']) && theme_get_setting('search_info_type')) {
        $info['type'] = check_plain($result['type']);
    }
    if (!empty($result['user']) && theme_get_setting('search_info_user')) {
        $info['user'] = $result['user'];
    }
    if (!empty($result['date']) && theme_get_setting('search_info_date')) {
        $info['date'] = format_date($result['date'], 'small');
    }
    if (isset($result['extra']) && is_array($result['extra'])) {
        // $info = array_merge($info, $result['extra']);  Drupal bug?  [extra] array not keyed with 'comment' & 'upload'
        if (!empty($result['extra'][0]) && theme_get_setting('search_info_comment')) {
            $info['comment'] = $result['extra'][0];
        }
        if (!empty($result['extra'][1]) && theme_get_setting('search_info_upload')) {
            $info['upload'] = $result['extra'][1];
        }
    }
    // Provide separated and grouped meta information.
    $vars['info_split'] = $info;
    $vars['info'] = implode(' - ', $info);
    // Provide alternate search result template.
    $vars['template_files'][] = 'search-result-' . $vars['type'];
}
Beispiel #26
0
    ?>
            <?php 
    if ($is_front) {
        ?>
              <h1 class="site-name"><a href="<?php 
        print check_url($front_page);
        ?>
"><?php 
        print $site_name;
        ?>
</a></h1>
            <?php 
    } else {
        ?>
              <h2 class="site-name"><a href="<?php 
        print check_url($front_page);
        ?>
"><?php 
        print $site_name;
        ?>
</a></h2>
            <?php 
    }
    ?>
        <?php 
}
?>
        
        <?php 
if ($site_slogan) {
    ?>
Beispiel #27
0
/**
 * Return code that emits an feed icon.
 *
 * @param $url
 *   The url of the feed.
 */
function art_feed_icon($url)
{
    return '<a href="' . check_url($url) . '" class="art-rss-tag-icon" title="' . t('Syndicate content') . '"></a>';
}
Beispiel #28
0
/**
 * Renders a video or audio element.
 */
function vozmob_white_label_media_element($file, $href)
{
    // @fixme: due to firefox bugginess, sometimes WAV files are not decoded and page render stalls?
    // $elements = drupal_map_assoc(array('audio', 'video'));
    $elements = drupal_map_assoc(array('video'));
    list($element) = explode('/', $file->filemime);
    if (isset($elements[$element])) {
        return '<' . $element . ' controls="controls" src="' . check_url($href) . '" />';
    }
}
Beispiel #29
0
 if ($system['code'] == 1) {
     check_code($_POST['code'], $_SESSION['code']);
 }
 if (!!($rows = fetch_array("SELECT bbs_uniqid FROM bbs_users WHERE bbs_username='******'username']}' LIMIt 1"))) {
     //为了防止cookie伪造,要比对一下唯一标识符uniqid
     uniqid_check($rows['bbs_uniqid'], $_COOKIE['uniqid']);
     //引入验证文件
     include ROOT_PATH . 'includes/check.func.php';
     //创建空数组,用来存放提交的合法数据
     $clean = array();
     $clean['password'] = check_modify_password($_POST['password'], 6);
     $clean['sex'] = check_sex($_POST['sex']);
     $clean['photo'] = check_photo($_POST['photo']);
     $clean['email'] = check_email($_POST['email'], 6, 40);
     $clean['qq'] = check_qq($_POST['qq']);
     $clean['url'] = check_url($_POST['url'], 40);
     $clean['switch'] = $_POST['switch'];
     $clean['signature'] = check_signature($_POST['signature'], 200);
     //修改资料
     if (empty($clean['password'])) {
         query("UPDATE bbs_users SET \n                        bbs_sex='{$clean['sex']}',\n                        bbs_photo='{$clean['photo']}',\n                        bbs_email='{$clean['email']}',\n                        bbs_qq='{$clean['qq']}',\n                        bbs_url='{$clean['url']}',\n                        bbs_switch='{$clean['switch']}',\n                        bbs_signature='{$clean['signature']}'\n                    WHERE\n                        bbs_username='******'username']}'\n                ");
     } else {
         query("UPDATE bbs_users SET \n                        bbs_password='******'password']}',\n                        bbs_sex='{$clean['sex']}',\n                        bbs_photo='{$clean['photo']}',\n                        bbs_email='{$clean['email']}',\n                        bbs_qq='{$clean['qq']}',\n                        bbs_url='{$clean['url']}',\n                        bbs_switch='{$clean['switch']}',\n                        bbs_signature='{$clean['signature']}'\n                    WHERE\n                        bbs_username='******'username']}'\n                ");
     }
     //可以生成新的唯一标识符,这样更安全
 }
 //判断是否修改成功
 //当什么都是不修改时,影响条数为0
 if (affected_rows() >= 0) {
     //关闭数据库
     close();
Beispiel #30
0
    $_SESSION['sysmsg'] = array();
}
if (!x($_SESSION, 'sysmsg_info')) {
    $_SESSION['sysmsg_info'] = array();
}
/*
 * check_config() is responsible for running update scripts. These automatically 
 * update the DB schema whenever we push a new one out. It also checks to see if
 * any plugins have been added or removed and reacts accordingly. 
 */
if ($install) {
    $a->module = 'install';
} elseif ($maintenance) {
    $a->module = 'maintenance';
} else {
    check_url($a);
    check_db();
    check_plugins($a);
}
nav_set_selected('nothing');
$arr = array('app_menu' => $a->apps);
call_hooks('app_menu', $arr);
$a->apps = $arr['app_menu'];
/**
 *
 * We have already parsed the server path into $a->argc and $a->argv
 *
 * $a->argv[0] is our module name. We will load the file mod/{$a->argv[0]}.php
 * and use it for handling our URL request.
 * The module file contains a few functions that we call in various circumstances
 * and in the following order: