/**
* Get the tempcode for a bank of tick boxes.
*
* @param array A list of tuples: (prettyname, name, value, description, [disabled])
* @param mixed A description for this input field
* @param ?integer The tab index of the field (NULL: not specified)
* @param mixed A human intelligible name for this input field (blank: use default)
* @param boolean Whether to place each tick on a new line
* @return tempcode The input field
*/
function form_input_various_ticks($options, $description, $_tabindex = NULL, $_pretty_name = '', $simple_style = false)
{
if (count($options) == 0) {
return new ocp_tempcode();
}
$options = array_values($options);
if (is_null($_tabindex)) {
$tabindex = get_form_field_tabindex(NULL);
} else {
$_tabindex++;
$tabindex = $_tabindex;
}
if (is_string($_pretty_name) && $_pretty_name == '') {
$_pretty_name = do_lang_tempcode('OPTIONS');
}
$input = new ocp_tempcode();
if (count($options[0]) != 3) {
$options = array(array($options, NULL, new ocp_tempcode()));
}
foreach ($options as $_option) {
$out = array();
foreach ($_option[0] as $option) {
// $disabled has been added to the API, so we must emulate the
// previous behaviour if it isn't supplied (ie. $disabled='0')
if (count($option) == 4) {
list($pretty_name, $name, $value, $_description) = $option;
$disabled = '0';
} elseif (count($option) == 5) {
list($pretty_name, $name, $value, $_description, $_disabled) = $option;
$disabled = $_disabled ? '1' : '0';
}
$value = filter_form_field_default($name, $value ? '1' : '0') == '1';
$out[] = array('CHECKED' => $value, 'TABINDEX' => strval($tabindex), 'NAME' => $name, 'PRETTY_NAME' => $pretty_name, 'DESCRIPTION' => $_description, 'DISABLED' => $disabled);
}
$input->attach(do_template('FORM_SCREEN_INPUT_VARIOUS_TICKS', array('_GUID' => 'a6212f61304a101fb2754e334a8b4212', 'SECTION_TITLE' => $_option[2], 'EXPANDED' => $_option[1], 'SIMPLE_STYLE' => $simple_style, 'BRETHREN_COUNT' => strval(count($out)), 'OUT' => $out)));
}
return _form_input('', $_pretty_name, $description, $input, false, false, $tabindex);
}
/**
* Check a posted field isn't 'evil'.
*
* @param string The name of the parameter
* @param string The value retrieved
* @return string The filtered value
*/
function check_posted_field($name, &$val)
{
if (strtolower(ocp_srv('REQUEST_METHOD')) == 'post') {
$true_referer = substr(ocp_srv('HTTP_REFERER'), 0, 7) == 'http://' || substr(ocp_srv('HTTP_REFERER'), 0, 8) == 'https://';
$canonical_referer = preg_replace('#^(\\w+://[^/]+/).*$#', '${1}', str_replace(':80', '', str_replace('https://', 'http://', str_replace('www.', '', ocp_srv('HTTP_REFERER')))));
$canonical_baseurl = preg_replace('#^(\\w+://[^/]+/).*$#', '${1}', str_replace(':80', '', str_replace('https://', 'http://', str_replace('www.', '', get_base_url()))));
if ($true_referer && substr(strtolower($canonical_referer), 0, strlen($canonical_baseurl)) != strtolower($canonical_baseurl) && !is_guest()) {
if (!in_array($name, array('login_username', 'password', 'remember', 'login_invisible'))) {
$allowed_partners = explode(chr(10), get_option('allowed_post_submitters'));
$allowed_partners[] = 'paypal.com';
$allowed_partners[] = 'www.paypal.com';
$found = false;
foreach ($allowed_partners as $partner) {
if (trim($partner) == '') {
continue;
}
if (strpos(ocp_srv('HTTP_REFERER'), trim($partner)) !== false) {
$found = true;
break;
}
}
if (!$found) {
$_POST = array();
// To stop loops
log_hack_attack_and_exit('EVIL_POSTED_FORM_HACK', ocp_srv('HTTP_REFERER'));
}
}
}
}
// Custom fields.xml filter system
$val = filter_form_field_default($name, $val);
}
/**
* Get form inputter.
*
* @param string The field name
* @param string The field description
* @param array The field details
* @param ?string The actual current value of the field (NULL: none)
* @param boolean Whether this is for a new entry
* @param boolean Whether this is the last field in the catalogue
* @return ?tempcode The Tempcode for the input field (NULL: skip the field - it's not input)
*/
function get_field_inputter($_cf_name, $_cf_description, $field, $actual_value, $new, $last = true)
{
if (is_null($actual_value)) {
$actual_value = '';
}
// Plug anomaly due to unusual corruption
require_lang('javascript');
require_javascript('javascript_posting');
require_javascript('javascript_editing');
require_javascript('javascript_ajax');
require_javascript('javascript_swfupload');
require_css('swfupload');
require_lang('comcode');
$tabindex = get_form_field_tabindex();
$actual_value = filter_form_field_default($_cf_name, $actual_value);
list($attachments, $attach_size_field) = get_attachments('field_' . strval($field['id']));
$hidden_fields = new ocp_tempcode();
$hidden_fields->attach($attach_size_field);
$comcode_help = build_url(array('page' => 'userguide_comcode'), get_comcode_zone('userguide_comcode', false));
$emoticon_chooser = $GLOBALS['FORUM_DRIVER']->get_emoticon_chooser('field_' . strval($field['id']));
$comcode_editor = get_comcode_editor('field_' . strval($field['id']));
$comcode_editor_small = get_comcode_editor('field_' . strval($field['id']), true);
$w = has_js() && (browser_matches('wysiwyg') && strpos($actual_value, '{$,page hint: no_wysiwyg}') === false);
$class = '';
global $JAVASCRIPT, $WYSIWYG_ATTACHED;
if (!$WYSIWYG_ATTACHED) {
$JAVASCRIPT->attach(do_template('HTML_EDIT'));
}
$WYSIWYG_ATTACHED = true;
@header('Content-type: text/html; charset=' . get_charset());
if ($w) {
$class .= ' wysiwyg';
}
global $LAX_COMCODE;
$temp = $LAX_COMCODE;
$LAX_COMCODE = true;
$GLOBALS['COMCODE_PARSE_URLS_CHECKED'] = 100;
// Little hack to stop it checking any URLs
/*if (is_null($default_parsed)) */
$default_parsed = comcode_to_tempcode($actual_value, NULL, false, 60, NULL, NULL, true);
$LAX_COMCODE = $temp;
$attachments_done = true;
$ret = do_template('POSTING_FIELD', array('REQUIRED' => $field['cf_required'] == 1, 'DESCRIPTION' => $_cf_description, 'HIDDEN_FIELDS' => $hidden_fields, 'PRETTY_NAME' => $_cf_name, 'NAME' => 'field_' . strval($field['id']), 'TABINDEX_PF' => strval($tabindex), 'COMCODE_EDITOR' => $comcode_editor, 'COMCODE_EDITOR_SMALL' => $comcode_editor_small, 'CLASS' => $class, 'COMCODE_URL' => build_url(array('page' => 'userguide_comcode'), get_comcode_zone('userguide_comcode', false)), 'EMOTICON_CHOOSER' => $emoticon_chooser, 'COMCODE_HELP' => $comcode_help, 'POST' => $actual_value, 'DEFAULT_PARSED' => $default_parsed, 'ATTACHMENTS' => $attachments));
if (!$last) {
$ret->attach(do_template('FORM_SCREEN_FIELD_SPACER', array('TITLE' => do_lang_tempcode('ADDITIONAL_INFO'))));
}
return $ret;
}
/**
* Get the tempcode for a list entry. (You would gather together the outputs of several of these functions, then put them in as the $content in a form_input_list function call).
*
* @param string The value for this entry
* @param boolean Whether this entry is selected by default or not
* @param mixed The text associated with this choice (blank: just use name for text)
* @param boolean Whether this entry will be put as red (marking it as important somehow)
* @param boolean Whether this list entry is disabled (like a header in a list)
* @return tempcode The input field
*/
function form_input_list_entry($value, $selected = false, $text = '', $red = false, $disabled = false)
{
if (!is_object($text) && $text == '') {
$text = $value;
}
if (function_exists('filter_form_field_default')) {
// Don't include just for this (may not be used on a full input form), preserve memory
$selected = filter_form_field_default($value, $selected ? '1' : '') == '1';
}
return do_template('FORM_SCREEN_INPUT_LIST_ENTRY', array('_GUID' => 'dd76a2685d0fba5f819ef160b0816d03', 'SELECTED' => $selected, 'DISABLED' => $disabled, 'CLASS' => $red ? 'criticalfield' : '', 'NAME' => is_integer($value) ? strval($value) : $value, 'TEXT' => $text));
}
/**
* Get the tempcode for a radio input. (You would gather together the outputs of several of these functions, then put them in as the $content in a form_input_radio function call).
*
* @param string The name of the radio button group this will be put in (i.e. the name the value presented here will be possibly matched against)
* @param string The value for this entry
* @param boolean Whether this entry is selected by default or not
* @param mixed The text associated with this choice (blank: just use value for text)
* @param ?integer The tab index of the field (NULL: not specified)
* @param string An additional long description (blank: no description)
* @return tempcode The input field
*/
function form_input_radio_entry($name, $value, $selected = false, $text = '', $tabindex = NULL, $description = '')
{
$tabindex = get_form_field_tabindex($tabindex);
if (is_string($text) && $text == '') {
$text = $value;
}
$selected = filter_form_field_default($name, $selected ? '1' : '') == '1';
return do_template('FORM_SCREEN_INPUT_RADIO_LIST_ENTRY', array('_GUID' => 'e2fe4ba6e8b3f705651dba13ea27f61d', 'DESCRIPTION' => $description, 'CHECKED' => $selected, 'TABINDEX' => strval($tabindex), 'NAME' => $name, 'VALUE' => $value, 'TEXT' => $text));
}
