function downfiles($field, $value, $fieldinfo)
{
extract(string2array($fieldinfo['setting']));
$list_str = '';
if ($value) {
$value = string2array(new_html_entity_decode($value));
if (is_array($value)) {
foreach ($value as $_k => $_v) {
$list_str .= "<div id='multifile{$_k}'><input type='text' name='{$field}_fileurl[]' value='{$_v[fileurl]}' style='width:310px;' class='input-text'> <input type='text' name='{$field}_filename[]' value='{$_v[filename]}' style='width:160px;' class='input-text'> <a href=\"javascript:remove_div('multifile{$_k}')\">" . L('remove_out') . "</a></div>";
}
}
}
$string = '<input name="info[' . $field . ']" type="hidden" value="1">
<fieldset class="blue pad-10">
<legend>' . L('file_list') . '</legend>';
$string .= $list_str;
$string .= '<ul id="' . $field . '" class="picList"></ul>
</fieldset>
<div class="bk10"></div>
';
if (!defined('IMAGES_INIT')) {
$str = '<script type="text/javascript" src="' . JS_PATH . 'swfupload/swf2ckeditor.js"></script>';
define('IMAGES_INIT', 1);
}
$authkey = upload_key("{$upload_number},{$upload_allowext},{$isselectimage}");
$string .= $str . "<input type=\"button\" class=\"button\" value=\"" . L('multiple_file_list') . "\" onclick=\"javascript:flashupload('{$field}_multifile', '" . L('attachment_upload') . "','{$field}',change_multifile,'{$upload_number},{$upload_allowext},{$isselectimage}','content','{$this->catid}','{$authkey}')\"/> <input type=\"button\" class=\"button\" value=\"" . L('add_remote_url') . "\" onclick=\"add_multifile('{$field}')\">";
return $string;
}
function images($field, $value, $fieldinfo)
{
extract($fieldinfo);
$list_str = '';
if ($value) {
$value = string2array(new_html_entity_decode($value));
if (is_array($value)) {
foreach ($value as $_k => $_v) {
$list_str .= "<li id='image{$_k}' style='padding:1px'><input type='text' name='{$field}_url[]' value='{$_v[url]}' style='width:310px;' ondblclick='image_priview(this.value);' class='input-text'> <input type='text' name='{$field}_alt[]' value='{$_v[alt]}' style='width:160px;' class='input-text'> <a href=\"javascript:remove_div('image{$_k}')\">" . L('remove') . "</a></li>";
}
}
} else {
//$list_str .= "<input type='hidden' name='{$field}_url[]' value='0'>";
$list_str .= "<center><div class='onShow' id='nameTip'>" . L('max_upload_num') . " <font color='red'>{$upload_number}</font> " . L('zhang') . "</div></center>";
}
$string = '<input name="info[' . $field . ']" type="hidden" value="1">
<fieldset class="blue pad-10">
<legend>' . L('picutre_list') . '</legend>';
$string .= $list_str;
$string .= '<ul id="' . $field . '" class="picList"></ul>
</fieldset>
<div class="bk10"></div>
';
if (!defined('IMAGES_INIT')) {
$str = '<script type="text/javascript" src="statics/js/swfupload/swf2ckeditor.js"></script>';
define('IMAGES_INIT', 1);
} else {
$str = '';
}
$authkey = upload_key("{$upload_number},{$upload_allowext},{$isselectimage}");
$string .= $str . "<div class='picBut cu'><a herf='javascript:void(0);' onclick=\"javascript:flashupload('{$field}_images', '" . L('attachment_upload') . "','{$field}',change_images,'{$upload_number},{$upload_allowext},{$isselectimage}','member','','{$authkey}')\"/> " . L('select_picture') . " </a></div>";
return $string;
}
function html_clean($str, $charset = 'UTF-8')
{
$str = preg_replace('/\\0+/', '', $str);
$str = preg_replace('/(\\\\0)+/', '', $str);
$str = preg_replace('#(&\\#*\\w+)[\\x00-\\x20]+;#u', "\\1;", $str);
$str = preg_replace('#(&\\#x*)([0-9A-F]+);*#iu', "\\1\\2;", $str);
$str = preg_replace("/%u0([a-z0-9]{3})/i", "&#x\\1;", $str);
$str = preg_replace("/%([a-z0-9]{2})/i", "&#x\\1;", $str);
if (preg_match_all("/<(.+?)>/si", $str, $matches)) {
for ($i = 0; $i < count($matches['0']); $i++) {
$str = str_replace($matches['1'][$i], new_html_entity_decode($matches['1'][$i], $charset), $str);
}
}
$str = preg_replace("#\t+#", " ", $str);
$str = str_replace(array('<?php', '<?PHP', '<?', '?>'), array('<?php', '<?PHP', '<?', '?>'), $str);
$words = array('javascript', 'vbscript', 'script', 'applet', 'alert', 'document', 'write', 'cookie', 'window');
foreach ($words as $word) {
$temp = '';
for ($i = 0; $i < strlen($word); $i++) {
$temp .= substr($word, $i, 1) . "\\s*";
}
$temp = substr($temp, 0, -3);
$str = preg_replace('#' . $temp . '#s', $word, $str);
$str = preg_replace('#' . ucfirst($temp) . '#s', ucfirst($word), $str);
}
$str = preg_replace("#<a.+?href=.*?(alert\\(|alert&\\#40;|javascript\\:|window\\.|document\\.|\\.cookie|<script|<xss).*?\\>.*?</a>#si", "", $str);
$str = preg_replace("#<img.+?src=.*?(alert\\(|alert&\\#40;|javascript\\:|window\\.|document\\.|\\.cookie|<script|<xss).*?\\>#si", "", $str);
$str = preg_replace("#<(script|xss).*?\\>#si", "", $str);
$str = preg_replace('/<(.*?)>/ie', "'<' . preg_replace(array('/javascript:[^\"\\']*/i', '/(onblur|onchange|onclick|onfocus|onload|onmouseover|onmouseup|onmousedown|onselect|onsubmit|onunload|onkeypress|onkeydown|onkeyup|onresize)[ \\t\\n]*=[ \\t\\n]*[\"\\'][^\"\\']*[\"\\']/i', '/\\s+/'), array('', '', ' '), stripslashes('\\1')) . '>'", $str);
//$str = preg_replace('#(<[^>]+.*?)(onblur|onchange|onclick|onfocus|onload|onmouseover|onmouseup|onmousedown|onselect|onsubmit|onunload|onkeypress|onkeydown|onkeyup|onresize)[^>]*>#iU',"\\1>",$str);
$str = preg_replace('#<(/*\\s*)(alert|applet|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|layer|link|meta|object|plaintext|style|script|textarea|title|xml|xss)([^>]*)>#is', "<\\1\\2\\3>", $str);
$str = preg_replace('#(alert|cmd|passthru|eval|exec|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\\s*)\\((.*?)\\)#si', "\\1\\2(\\3)", $str);
$bad = array('document.cookie' => '', 'document.write' => '', 'window.location' => '', "javascript\\s*:" => '', "Redirect\\s+302" => '', '<!--' => '<!--', '-->' => '-->');
foreach ($bad as $key => $val) {
$str = preg_replace("#" . $key . "#i", $val, $str);
}
return $str;
}
