if (isset($files['update']['name']) and preg_match("=^(.*?)\\.sql\$=si", $files['update']['name'])) { if ($files['update']['name'] == 'install.sql') { $install_sql++; } else { $sql_content = file_get_contents($files['update']['tmp_name']); cs_ajaxfiles_clear(); } } elseif (!empty($_POST['text'])) { $sql_content = $_POST['text']; } if (!empty($sql_content)) { $sql_update = str_replace('{time}', cs_time(), $sql_content); $sql_update = cs_sql_replace($sql_update); $sql_update = str_replace('\\;', '{serial}', $sql_update); $sql_array = explode(';', $sql_update); cs_abcode_load(); foreach ($sql_array as $sql_query) { $sql_query = trim(str_replace('{serial}', ';', $sql_query)); if (!empty($sql_query)) { $sql_lower = strtolower($sql_query); $look_up = 0; if (strpos($sql_lower, 'explain') === 0 or strpos($sql_lower, 'select') === 0 or strpos($sql_lower, 'show') === 0) { $look_up = 1; } if ($check = cs_sql_query(__FILE__, $sql_query, $look_up)) { $para[1] = 'green'; $info = $check['affected_rows']; if (!empty($look_up) and isset($check['more'][0])) { $hide = array('users_pwd', 'users_cookiehash'); $explains = array(); foreach ($check['more'][0] as $key => $value) {
function cs_secure($replace, $features = 0, $smileys = 0, $clip = 1, $html = 0, $phpeval = 0) { global $cs_main; $newlines = 1; $op_abcode = cs_sql_option(__FILE__, 'abcode'); cs_abcode_load(); $replace = str_replace(array('{', '}'), array('{', '}'), $replace); if (!empty($features)) { cs_abcode_mode(1); $replace = preg_replace_callback("=\\[php\\](.*?)\\[/php\\]=si", "cs_abcode_php", $replace); } if (!empty($smileys)) { static $loop, $loop_abc; if (empty($loop_abc)) { $select = 'abcode_func, abcode_pattern, abcode_result, abcode_file'; $loop_abc = cs_sql_select(__FILE__, 'abcode', $select, 0, 0, 0, 0, 'abcode_content'); $loop = count($loop_abc); } for ($run = 0; $run < $loop; $run++) { if ($loop_abc[$run]['abcode_func'] == 'img') { $img_file = 'uploads/abcode/' . $loop_abc[$run]['abcode_file']; $img_src = cs_html_img($img_file); $replace = str_replace($loop_abc[$run]['abcode_pattern'], '{' . $img_src . '}', $replace); } elseif ($loop_abc[$run]['abcode_func'] == 'str') { $pattern = $loop_abc[$run]['abcode_pattern']; $replace = str_replace($pattern, '{' . $loop_abc[$run]['abcode_result'] . '}', $replace); } } } $replace = htmlentities($replace, ENT_QUOTES, $cs_main['charset']); $replace = preg_replace('=&#(\\d+);=si', '&#\\1;', $replace); $replace = preg_replace_callback('={(.*?)}=si', 'cs_abcode_decode', $replace); if (!empty($features)) { if (!empty($html)) { $newlines = cs_abcode_inhtml($replace) ? 0 : 1; $replace = preg_replace_callback("=\\[html\\](.*?)\\[/html\\]=si", "cs_abcode_html", $replace); } if (!empty($phpeval)) { $replace = preg_replace_callback("=\\[phpcode\\](.*?)\\[/phpcode\\]=si", 'cs_abcode_eval', $replace); } if (!empty($newlines)) { $replace = nl2br($replace); } $replace = preg_replace_callback("=\\[u\\](.*?)\\[/u\\]=si", "cs_abcode_u", $replace); $replace = preg_replace_callback("=\\[b\\](.*?)\\[/b\\]=si", "cs_abcode_b", $replace); $replace = preg_replace_callback("=\\[i\\](.*?)\\[/i\\]=si", "cs_abcode_i", $replace); $replace = preg_replace_callback("=\\[s\\](.*?)\\[/s\\]=si", "cs_abcode_s", $replace); $replace = preg_replace_callback("'\\[(?P<name>email|mail)\\](.*?)\\[/(?P=name)\\]'i", "cs_abcode_mail", $replace); $replace = preg_replace_callback('=([^\\s]{2,})@([^\\s]{2,})\\.([^\\s]{2,7})(?![^<]+>|[^&]*;)=i', 'cs_abcode_mail', $replace); $replace = preg_replace_callback("=\\[color\\=(#*[\\w]*?)\\](.*?)\\[/color\\]=si", "cs_abcode_color", $replace); $replace = preg_replace_callback("=\\[size\\=([\\d]*?)\\](.*?)\\[/size\\]=si", "cs_abcode_size", $replace); $replace = preg_replace_callback("'\\[(?P<align>left|center|right|justify)\\](.*?)\\[/(?P=align)\\]'si", "cs_abcode_align", $replace); $replace = preg_replace_callback("=\\[list\\=([\\w]*?)\\](.*?)\\[/list\\]=si", "cs_abcode_list", $replace); $replace = preg_replace_callback("=\\[list\\](.*?)\\[/list\\]=si", "cs_abcode_list", $replace); $replace = preg_replace_callback("=\\[url\\=(.*?)\\]\\[img width\\=(.*?) height\\=(.*?)\\](.*?)\\[/img\\]\\[/url\\]=si", "cs_abcode_urlimg", $replace); $replace = preg_replace_callback("=\\[url\\=(.*?)\\](.*?)\\[/url\\]=si", "cs_abcode_url", $replace); $replace = preg_replace_callback("=\\[url\\](.*?)\\[/url\\]=i", "cs_abcode_url", $replace); $replace = preg_replace_callback("=\\[img width\\=([\\d]*?) height\\=([\\d]*?)\\](.*?)\\[/img\\]=si", "cs_abcode_img", $replace); $replace = preg_replace_callback("=\\[img\\](.*?)\\[/img\\]=i", "cs_abcode_img", $replace); $replace = preg_replace_callback('=\\[flag\\=([\\w]*?)\\]=i', 'cs_abcode_flag', $replace); $replace = preg_replace_callback("=\\[indent\\=([\\d]*?)\\](.*?)\\[/indent\\]=si", "cs_abcode_indent", $replace); $replace = preg_replace_callback("=\\[threadid\\=([\\w]*?)\\](.*?)\\[/threadid\\]=si", "cs_abcode_threadid", $replace); $replace = preg_replace_callback("=\\[h\\=([\\d]*?)\\](.*?)\\[/h\\]=si", "cs_abcode_h", $replace); $replace = preg_replace_callback("=\\[hr\\]=i", "cs_abcode_hr", $replace); preg_match_all('=\\[quote\\=?(.*?)\\]=si', $replace, $quote_sub); $quote_start_count = count($quote_sub[0]); $quote_end_count = substr_count($replace, '[/quote]'); if ($quote_start_count !== 0 && $quote_start_count == $quote_end_count) { $replace = preg_replace_callback('=\\[quote\\=?(.*?)\\]=si', "cs_abcode_quote", $replace); $replace = preg_replace_callback('=\\[/quote\\]=si', "cs_abcode_quote", $replace); } if (!empty($clip)) { $replace = preg_replace_callback("=\\[clip\\=(.*?)\\](.*?)\\[/clip\\]=si", "cs_abcode_clip", $replace); } } if (!empty($html)) { global $htmlcode; if (!empty($htmlcode)) { $count = count($htmlcode); for ($i = 0; $i < $count; $i++) { $replace = str_replace('{html' . $i . '}', $htmlcode[$i], $replace); } } } if (!empty($features)) { cs_abcode_mode(1); if (empty($html)) { $replace = preg_replace_callback('=(www\\.|http://|ftp://|https://)([^\\s]+)\\.([^\\s]+)(?![^<]+>|[^&]*;)=si', 'cs_abcode_urlauto', $replace); if (!empty($op_abcode['word_cut'])) { $replace = preg_replace("=(?![>])([^\\s*?]{" . $op_abcode['word_cut'] . "})(?![^<]+>|[^&]*;)=", "\\0 ", $replace); } } $replace = preg_replace_callback("=\\[php\\](.*?)\\[/php\\]=si", "cs_abcode_php", $replace); } return $replace; }