function smarty_function_mtcommenteruserpic($args, &$ctx) { $comment = $ctx->stash('comment'); if (!$comment) { return $ctx->error("No comment available"); } $cmntr = $ctx->stash('commenter'); if (!$cmntr) { return ''; } $asset_id = isset($cmntr['author_userpic_asset_id']) ? $cmntr['author_userpic_asset_id'] : 0; $asset = $ctx->mt->db->fetch_assets(array('id' => $asset_id)); if (!$asset) { return ''; } $blog =& $ctx->stash('blog'); require_once "MTUtil.php"; $userpic_url = userpic_url($asset[0], $blog, $cmntr); if (empty($userpic_url)) { return ''; } $asset_path = asset_path($asset[0]['asset_file_path'], $blog); list($src_w, $src_h, $src_type, $src_attr) = getimagesize($asset_path); $dimensions = sprintf('width="%s" height="%s"', $src_w, $src_h); $link = sprintf('<img src="%s" %s alt="%s" />', encode_html($userpic_url), $dimensions, encode_html($asset['label'])); return $link; }
function smarty_function_mtcommenteruserpic($args, &$ctx) { $comment = $ctx->stash('comment'); if (!$comment) { return $ctx->error("No comments available"); } $cmntr = $ctx->stash('commenter'); if (!$cmntr) { return ''; } $asset_id = isset($cmntr->author_userpic_asset_id) ? $cmntr->author_userpic_asset_id : 0; $asset = $ctx->mt->db()->fetch_assets(array('id' => $asset_id)); if (!$asset) { return ''; } $blog =& $ctx->stash('blog'); require_once "MTUtil.php"; $userpic_url = userpic_url($asset[0], $blog, $cmntr); if (empty($userpic_url)) { return ''; } $mt = MT::get_instance(); $dimensions = sprintf('width="%s" height="%s"', $mt->config('UserpicThumbnailSize'), $mt->config('UserpicThumbnailSize')); $link = sprintf('<img src="%s?%d" %s alt="%s" />', encode_html($userpic_url), $asset_id, $dimensions, encode_html($asset->label)); return $link; }
function smarty_function_mtcanonicallink($args, &$ctx) { $url = $ctx->tag('canonicalurl', $args); if (empty($url)) { return ''; } return '<link rel="canonical" href="' . encode_html($url) . '" />'; }
function smarty_function_mtcommentauthorlink($args, &$ctx) { $mt = MT::get_instance(); $comment = $ctx->stash('comment'); $name = $comment->comment_author; if (!$name && isset($args['default_name'])) { $name = $args['default_name']; } $name or $name = $mt->translate("Anonymous"); require_once "MTUtil.php"; $name = encode_html($name); $email = $comment->comment_email; $url = $comment->comment_url; if (isset($args['show_email'])) { $show_email = $args['show_email']; } else { $show_email = 0; } if (isset($args['show_url'])) { $show_url = $args['show_url']; } else { $show_url = 1; } $target = isset($args['new_window']) && $args['new_window'] ? ' target="_blank"' : ''; _comment_follow($args, $ctx); $cmntr = $ctx->stash('commenter'); if (!isset($cmntr) && isset($comment->comment_commenter_id)) { $cmntr = $comment->commenter(); } if ($cmntr) { $name = isset($cmntr->author_nickname) ? encode_html($cmntr->author_nickname) : $name; if ($cmntr->author_url) { return sprintf('<a title="%s" href="%s"%s>%s</a>', encode_html($cmntr->author_url), encode_html($cmntr->author_url), $target, $name); } return $name; } elseif ($show_url && $url) { require_once "function.mtcgipath.php"; $cgi_path = smarty_function_mtcgipath($args, $ctx); $comment_script = $ctx->mt->config('CommentScript'); $name = strip_tags($name); $url = encode_html(strip_tags($url)); if ($comment->comment_id && (!isset($args['no_redirect']) || isset($args['no_redirect']) && !$args['no_redirect']) && (!isset($args['nofollowfy']) || isset($args['nofollowfy']) && !$args['nofollowfy'])) { return sprintf('<a title="%s" href="%s%s?__mode=red;id=%d"%s>%s</a>', $url, $cgi_path, $comment_script, $comment->comment_id, $target, $name); } else { return sprintf('<a title="%s" href="%s"%s>%s</a>', $url, $url, $target, $name); } } elseif ($show_email && $email && is_valid_email($email)) { $email = encode_html(strip_tags($email)); $str = 'mailto:' . $email; if ($args['spam_protect']) { $str = spam_protect($str); } return sprintf('<a href="%s">%s</a>', $str, $name); } return $name; }
function smarty_function_mtentryauthorlink($args, &$ctx) { $entry = $ctx->stash('entry'); if (!$entry) { return ''; } $type = $args['type']; $displayname = encode_html($entry->author()->nickname); if (isset($args['show_email'])) { $show_email = $args['show_email']; } else { $show_email = 0; } if (isset($args['show_url'])) { $show_url = $args['show_url']; } else { $show_url = 1; } require_once "MTUtil.php"; # Open the link in a new window if requested (with new_window="1"). $target = $args['new_window'] ? ' target="_blank"' : ''; if (!$type) { if ($show_url && $entry->author()->url && $displayname != '') { $type = 'url'; } elseif ($show_email && $entry->author()->email && $displayname != '') { $type = 'email'; } } if ($type == 'url') { if ($entry->author()->url && $displayname != '') { return sprintf('<a href="%s"%s>%s</a>', encode_html($entry->author()->url), $target, $displayname); } } elseif ($type == 'email') { if ($entry->author()->email && $displayname != '') { $str = "mailto:" . encode_html($entry->author()->email); if ($args['spam_protect']) { $str = spam_protect($str); } return sprintf('<a href="%s">%s</a>', $str, $displayname); } } elseif ($type == 'archive') { require_once "function.mtarchivelink.php"; $link = smarty_function_mtarchivelink(array('type' => 'Author'), $ctx); if ($link) { return sprintf('<a href="%s"%s>%s</a>', $link, $target, $displayname); } } return $displayname; }
function smarty_function_mtcommentreplytolink($args, &$ctx) { $comment = $ctx->stash('comment'); if (!$comment) { return ''; } global $mt; $label = $args['label']; $label or $label = $args['text']; $label or $label = $mt->translate("Reply"); $onclick = $args['onclick']; $onclick or $onclick = "mtReplyCommentOnClick(%d, '%s')"; $comment_author = $comment['comment_author']; require_once "MTUtil.php"; $comment_author = encode_html(encode_js($comment_author)); $onclick = sprintf($onclick, $comment['comment_id'], $comment_author); return sprintf("<a title=\"%s\" href=\"javascript:void(0);\" onclick=\"{$onclick}\">%s</a>", $label, $label); }
function smarty_function_mtarchivetitle($args, &$ctx) { $at = $ctx->stash('current_archive_type'); if (isset($args['type'])) { $at = $args['type']; } elseif (isset($args['archive_type'])) { $at = $args['archive_type']; } if ($at == 'Category') { $title = $ctx->tag('CategoryLabel', $args); if (!empty($title)) { $title = encode_html(strip_tags($title)); } else { $title = ''; } return $title; } else { $ar = ArchiverFactory::get_archiver($at); return $ar->get_title($args, $ctx); } }
function smarty_function_mtgetvardump($args, &$ctx) { if (isset($args['name'])) { $name = $args['name']; } ob_start(); if ($name) { echo "{$name} => \n"; $var = $ctx->__stash['vars'][$name]; if (!$var) { $var = $ctx->__stash['vars'][strtolower($name)]; } var_dump($var); } else { var_dump($ctx->__stash['vars']); } $dump = ob_get_contents(); ob_end_clean(); require_once 'MTUtil.php'; $dump = encode_html($dump); $dump = '<pre><code style="overflow:auto">' . $dump . '</code></pre>'; return $dump; }
function smarty_function_mtcommentreplytolink($args, &$ctx) { $comment = $ctx->stash('comment'); if (!$comment) { return ''; } $mt = MT::get_instance(); $label = $args['label']; $label or $label = $args['text']; $label or $label = $mt->translate("Reply"); $onclick = $args['onclick']; $onclick or $onclick = "mtReplyCommentOnClick(%d, '%s')"; $comment_author = $comment->comment_author; if ($comment->comment_commenter_id) { $cmtr = $comment->commenter(); if (!empty($cmtr)) { $comment_author = $cmtr->nickname; } } require_once "MTUtil.php"; $comment_author = encode_html(encode_js($comment_author)); $onclick = sprintf($onclick, $comment->comment_id, $comment_author); return sprintf("<a title=\"%s\" href=\"javascript:void(0);\" onclick=\"{$onclick}\">%s</a>", $label, $label); }
$errorstate = 'token_expired'; } else { $show_form = 'enter_new_password'; } } else { $got_user_id = ''; $errorstate = 'token_invalid'; $show_form = 'none'; } } /** The form was submitted */ if ($_POST) { /** * Clean the posted form values. */ $form_type = encode_html($_POST['form_type']); switch ($form_type) { /** * The form submited contains a new token request */ case 'new_request': $sql_user = $dbh->prepare("SELECT id, user, email FROM " . TABLE_USERS . " WHERE email = :email"); $sql_user->bindParam(':email', $_POST['reset_password_email']); $sql_user->execute(); $count_user = $sql_user->rowCount(); if ($count_user > 0) { /** Email exists on the database */ $sql_user->setFetchMode(PDO::FETCH_ASSOC); $row = $sql_user->fetch(); $id = $row['id']; $username = $row['user'];
<td data-title="<?php echo lang_key('title'); ?> " class="numeric"><a href="<?php echo site_url('admin/blog/manage/' . $row->id); ?> "><?php echo get_blog_data_by_lang($row, 'title'); ?> </a></td> <td data-title="<?php echo lang_key('description'); ?> " class="numeric"><?php echo truncate(encode_html(get_blog_data_by_lang($row, 'description')), 30, '...', false); ?> </td> <td data-title="<?php echo lang_key('status'); ?> " class="numeric"> <?php if ($row->status == 1) { $status = '<span class="label label-success">' . lang_key('published') . '</span>'; } else { if ($row->status == 2) { $status = '<span class="label label-warning">' . lang_key('drafted') . '</span>'; }
* */ $multiselect = 1; $allowed_levels = array(9, 8); require_once 'sys.includes.php'; $active_nav = 'groups'; $page_title = __('Add clients group', 'cftp_admin'); include 'header.php'; if ($_POST) { $new_group = new GroupActions(); /** * Clean the posted form values to be used on the groups actions, * and again on the form if validation failed. */ $add_group_data_name = encode_html($_POST['add_group_form_name']); $add_group_data_description = encode_html($_POST['add_group_form_description']); $add_group_data_members = $_POST['add_group_form_members']; /** Arguments used on validation and group creation. */ $new_arguments = array('id' => '', 'name' => $add_group_data_name, 'description' => $add_group_data_description, 'members' => $add_group_data_members); /** Validate the information from the posted form. */ $new_validate = $new_group->validate_group($new_arguments); /** Create the group if validation is correct. */ if ($new_validate == 1) { $new_response = $new_group->create_group($new_arguments); } } ?> <div id="main"> <h2><?php echo $page_title;
function get_title($args, $ctx) { $cat_name = parent::get_category_name($ctx); $stamp = $ctx->stash('current_timestamp'); #$entry['entry_authored_on']; list($start, $end) = start_end_week($stamp, $ctx->stash('blog')); $format = $args['format']; $format or $format = "%x"; return encode_html(strip_tags($cat_name)) . $ctx->_hdlr_date(array('ts' => $start, 'format' => $format), $ctx) . " - " . $ctx->_hdlr_date(array('ts' => $end, 'format' => $format), $ctx); }
<td data-title="<?php echo lang_key('title'); ?> " class="numeric"><a href="<?php echo site_url('admin/page/manage/' . $row->id); ?> "><?php echo $row->title; ?> </a></td> <td data-title="<?php echo lang_key('description'); ?> " class="numeric"><?php echo truncate(encode_html($row->description), 30, '...', false); ?> </td> <td data-title="<?php echo lang_key('status'); ?> " class="numeric"> <?php if ($row->status == 1) { $status = '<span class="label label-success">Published</span>'; } else { if ($row->status == 2) { $status = '<span class="label label-warning">Drafted</span>'; }
$page_title = __('Register new account', 'cftp_admin'); include 'header-unlogged.php'; /** The form was submitted */ if ($_POST) { $new_client = new ClientActions(); /** * Clean the posted form values to be used on the clients actions, * and again on the form if validation failed. */ $add_client_data_name = encode_html($_POST['add_client_form_name']); $add_client_data_user = encode_html($_POST['add_client_form_user']); $add_client_data_email = encode_html($_POST['add_client_form_email']); /** Optional fields: Address, Phone, Internal Contact, Notify */ $add_client_data_addr = isset($_POST["add_client_form_address"]) ? encode_html($_POST["add_client_form_address"]) : ''; $add_client_data_phone = isset($_POST["add_client_form_phone"]) ? encode_html($_POST["add_client_form_phone"]) : ''; $add_client_data_intcont = isset($_POST["add_client_form_intcont"]) ? encode_html($_POST["add_client_form_intcont"]) : ''; $add_client_data_notity = isset($_POST["add_client_form_notify"]) ? 1 : 0; /** Arguments used on validation and client creation. */ $new_arguments = array('id' => '', 'username' => $add_client_data_user, 'password' => $_POST['add_client_form_pass'], 'name' => $add_client_data_name, 'email' => $add_client_data_email, 'address' => $add_client_data_addr, 'phone' => $add_client_data_phone, 'contact' => $add_client_data_intcont, 'notify' => $add_client_data_notity, 'type' => 'new_client'); if (CLIENTS_AUTO_APPROVE == 0) { $new_arguments['active'] = 0; } else { $new_arguments['active'] = 1; } /** Validate the information from the posted form. */ $new_validate = $new_client->validate_client($new_arguments); /** Create the client if validation is correct. */ if ($new_validate == 1) { $new_response = $new_client->create_client($new_arguments); /** * Check if the option to auto-add to a group
/** * Used to add new assignments and notifications */ function upload_add_assignment($arguments) { $this->name = encode_html($arguments['name']); $this->uploader_id = $arguments['uploader_id']; $this->groups = $arguments['all_groups']; $this->users = $arguments['all_users']; if (!empty($arguments['assign_to'])) { $this->assign_to = $arguments['assign_to']; foreach ($this->assign_to as $this->assignment) { $this->id_only = substr($this->assignment, 1); switch ($this->assignment[0]) { case 'c': $this->add_to = 'client_id'; $this->account_name = $this->users[$this->id_only]; $this->action_number = 25; break; case 'g': $this->add_to = 'group_id'; $this->account_name = $this->groups[$this->id_only]; $this->action_number = 26; break; } $this->assignment = substr($this->assignment, 1); $this->statement = $this->dbh->prepare("INSERT INTO " . TABLE_FILES_RELATIONS . " (file_id, {$this->add_to}, hidden)" . "VALUES (:file_id, :assignment, :hidden)"); $this->statement->bindParam(':file_id', $this->file_id, PDO::PARAM_INT); $this->statement->bindParam(':assignment', $this->assignment); $this->statement->bindParam(':hidden', $this->hidden, PDO::PARAM_INT); $this->statement->execute(); if ($this->uploader_type == 'user') { /** Record the action log */ $new_log_action = new LogActions(); $log_action_args = array('action' => $this->action_number, 'owner_id' => $this->uploader_id, 'affected_file' => $this->file_id, 'affected_file_name' => $this->name, 'affected_account' => $this->assignment, 'affected_account_name' => $this->account_name); $new_record_action = $new_log_action->log_action_save($log_action_args); } } } }
include 'header.php'; /** * Set checkboxes as 1 to defaul them to checked when first entering * the form */ $add_user_data_active = 1; if ($_POST) { $new_user = new UserActions(); /** * Clean the posted form values to be used on the user actions, * and again on the form if validation failed. */ $add_user_data_name = encode_html($_POST['add_user_form_name']); $add_user_data_email = encode_html($_POST['add_user_form_email']); $add_user_data_level = encode_html($_POST['add_user_form_level']); $add_user_data_user = encode_html($_POST['add_user_form_user']); $add_user_data_active = isset($_POST["add_user_form_active"]) ? 1 : 0; /** Arguments used on validation and user creation. */ $new_arguments = array('id' => '', 'username' => $add_user_data_user, 'password' => $_POST['add_user_form_pass'], 'name' => $add_user_data_name, 'email' => $add_user_data_email, 'role' => $add_user_data_level, 'active' => $add_user_data_active, 'type' => 'new_user'); /** Validate the information from the posted form. */ $new_validate = $new_user->validate_user($new_arguments); /** Create the user if validation is correct. */ if ($new_validate == 1) { $new_response = $new_user->create_user($new_arguments); } } ?> <div id="main"> <h2><?php echo $page_title;
$errorstate = 'token_invalid'; $show_form = 'none'; } } /** The form was submitted */ if ($_POST) { /** * Clean the posted form values. */ $form_type = encode_html($_POST['form_type']); switch ($form_type) { /** * The form submited contains a new token request */ case 'new_request': $reset_password_email = encode_html($_POST['reset_password_email']); $sql_user = $database->query("SELECT id, user, email FROM tbl_users WHERE email='{$reset_password_email}'"); $count_user = mysql_num_rows($sql_user); if ($count_user > 0) { /** Email exists on the database */ $row = mysql_fetch_array($sql_user); $id = $row['id']; $username = $row['user']; $email = $row['email']; $token = generateRandomString(32); /** * Count how many request were made by this user today. * No more than 3 unused should exist at a time. */ $sql_amount = $database->query("SELECT * FROM tbl_password_reset WHERE user_id = '{$id}' AND used = '0' AND timestamp > NOW() - INTERVAL 1 DAY"); $count_requests = mysql_num_rows($sql_amount);
function customfield_html_asset(&$ctx, $param) { extract($param); require_once "MTUtil.php"; $field_name = encode_html($field_name); $field_value = encode_html($field_value); return <<<EOT <div class="field-content "> <input type="file" name="file_{$field_name}" id="entry-file" class="fi" /> <input type="hidden" name="type_{$field_name}" value="{$asset_type}" /> </div> EOT; }
<td data-title="<?php echo lang_key('title'); ?> " class="numeric"><a href="<?php echo site_url('admin/page/manage/' . $row->id); ?> "><?php echo $row->title; ?> </a></td> <td data-title="<?php echo lang_key('description'); ?> " class="numeric"><?php echo truncate(encode_html($row->content), 30, '...', false); ?> </td> <td data-title="<?php echo lang_key('status'); ?> " class="numeric"> <?php if ($row->status == 1) { $status = '<span class="label label-success">Published</span>'; } else { if ($row->status == 2) { $status = '<span class="label label-warning">Drafted</span>'; }
/** * Used to add new assignments and notifications */ function upload_add_assignment($arguments) { global $database; $this->name = encode_html($arguments['name']); $this->uploader_id = $arguments['uploader_id']; $this->groups = $arguments['all_groups']; $this->users = $arguments['all_users']; if (!empty($arguments['assign_to'])) { $this->assign_to = $arguments['assign_to']; foreach ($this->assign_to as $this->assignment) { $this->id_only = substr($this->assignment, 1); switch ($this->assignment[0]) { case 'c': $this->add_to = 'client_id'; $this->account_name = $this->users[$this->id_only]; $this->action_number = 25; break; case 'g': $this->add_to = 'group_id'; $this->account_name = $this->groups[$this->id_only]; $this->action_number = 26; break; } $this->assignment = substr($this->assignment, 1); $assign_file = $database->query("INSERT INTO tbl_files_relations (file_id, {$this->add_to}, hidden)" . "VALUES ('{$this->file_id}', '{$this->assignment}', '{$this->hidden}')"); if ($this->uploader_type == 'user') { /** Record the action log */ $new_log_action = new LogActions(); $log_action_args = array('action' => $this->action_number, 'owner_id' => $this->uploader_id, 'affected_file' => $this->file_id, 'affected_file_name' => $this->name, 'affected_account' => $this->assignment, 'affected_account_name' => $this->account_name); $new_record_action = $new_log_action->log_action_save($log_action_args); } } } }
function show_navigation_path($path) { global $p, $use_auth, $auth_users; ?> <div class="path"> <div class='float-right'> <?php if (!READONLY) { ?> <a title="<?php _e('Upload files'); ?> " href="?p=<?php echo urlencode($p); ?> &upload"><i class="icon-upload"></i></a> <a title="<?php _e('New folder'); ?> " href="#" onclick="newfolder('<?php echo encode_html($p); ?> ');return false;"><i class="icon-folder_add"></i></a> <?php } if ($use_auth && !empty($auth_users)) { ?> <a title="<?php _e('Logout'); ?> " href="?logout=1"><i class="icon-logout"></i></a><?php } ?> </div> <?php $path = clean_path($path); $root_url = "<a href='?p='><i class='icon-home' title='" . ROOT_PATH . "'></i></a>"; $sep = '<i class="icon-separator"></i>'; if ($path != '') { $exploded = explode('/', $path); $count = count($exploded); $array = array(); $parent = ''; for ($i = 0; $i < $count; $i++) { $parent = trim($parent . '/' . $exploded[$i], '/'); $parent_enc = urlencode($parent); $array[] = "<a href='?p={$parent_enc}'>{$exploded[$i]}</a>"; } $root_url .= $sep . implode($sep, $array); } echo $root_url; ?> </div> <?php }