public function create_post($student_id, $group_id, $public, $post, $type = 1, $img_path = NULL) { if ($this->validate_post($post) === FALSE) { return "Empty post. Posting aborted."; } $safe_post = $this->make_post_safe($post); $validation_result = $this->validate_variables($student_id, $group_id, $public); if ($validation_result === FALSE) { return "Group Permission Error. Posting aborted."; } elseif ($validation_result === 0) { $public = $validation_result; } //Check if type is accepted if (is_int($type) && ($type === 1 || $type === 2)) { //Type is either 1 or 2 (Regular post or Image post) } else { $type = 1; //Set type as 1! } $safe_image_path = NULL; if (!empty($img_path)) { if ($type !== 2) { $type = 2; } if (filter_var($img_path, FILTER_VALIDATE_URL)) { $safe_image_path = sanitize_url($img_path); } else { return "There was an error with the uploaded image"; } } return $this->save_post($student_id, $group_id, $public, $safe_post, $type, $safe_image_path); }
function form_html() { $form = '<div class="wpcf7" id="' . $this->unit_tag . '">'; $url = wpcf7_get_request_uri(); if ($frag = strstr($uri, '#')) { $uri = substr($uri, 0, -strlen($frag)); } $url .= '#' . $this->unit_tag; $url = apply_filters('wpcf7_form_action_url', $url); $url = sanitize_url($url); $enctype = apply_filters('wpcf7_form_enctype', ''); $form .= '<form action="' . $url . '" method="post" class="wpcf7-form"' . $enctype . '>' . "\n"; $form .= '<div style="display: none;">' . "\n"; $form .= '<input type="hidden" name="_wpcf7" value="' . esc_attr($this->id) . '" />' . "\n"; $form .= '<input type="hidden" name="_wpcf7_version" value="' . esc_attr(WPCF7_VERSION) . '" />' . "\n"; $form .= '<input type="hidden" name="_wpcf7_unit_tag" value="' . esc_attr($this->unit_tag) . '" />' . "\n"; $form .= '</div>' . "\n"; $form .= $this->form_elements(); if (!$this->responses_count) { $form .= $this->form_response_output(); } $form .= '</form>'; $form .= '</div>'; return $form; }
/** * Save the meta box's post metadata. * * @param integer $post_id * @param array $post * * @return integer */ function mob_boxes_meta_save_url($post_id, $post) { // Verify the nonce before proceeding. if (!isset($_POST['mob_boxes_url_nonce']) || !wp_verify_nonce($_POST['mob_boxes_url_nonce'], basename(__FILE__))) { return $post_id; } // Get the post type object. $post_type = get_post_type_object($post->post_type); // Check if the current user has permission to edit the post. if (!current_user_can($post_type->cap->edit_post, $post_id)) { return $post_id; } // Get the posted data and sanitize it for use as an HTML class. $new_meta_value = isset($_POST['mob_boxes_url']) ? sanitize_url($_POST['mob_boxes_url']) : ''; // Get the meta key. $meta_key = 'mob_boxes_url'; // Get the meta value of the custom field key. $meta_value = get_post_meta($post_id, $meta_key, true); // If a new meta value was added and there was no previous value, add it. if ($new_meta_value && '' == $meta_value) { add_post_meta($post_id, $meta_key, $new_meta_value, true); } elseif ($new_meta_value && $new_meta_value != $meta_value) { update_post_meta($post_id, $meta_key, $new_meta_value); } elseif ('' == $new_meta_value && $meta_value) { delete_post_meta($post_id, $meta_key, $meta_value); } }
public static function get_link(BlockInstance $instance) { $configdata = $instance->get('configdata'); if (!empty($configdata['artefactid'])) { $data = get_config('wwwroot') . 'artefact/artefact.php?artefact=' . $configdata['artefactid'] . '&view=' . $instance->get('view'); return sanitize_url($data); } }
function force_download($a) { if (empty($a)) { die('Error: File not specified.'); return; } $a = sanitize_url($a); if (!file_exists2($a)) { die('Error: File not found. $file=' . $a); return; } if (headers_sent()) { die('Error: Headers already sent.'); return; } if (ini_get('zlib.output_compression')) { ini_set('zlib.output_compression', 'Off'); } header('Pragma: public'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Cache-Control: private', false); $b = strtolower(pathinfo($a, PATHINFO_EXTENSION)); switch ($b) { case 'jpg': case 'jpe': case 'jpeg': $c = 'image/jpeg'; break; case 'gif': $c = 'image/gif'; break; case 'png': $c = 'image/png'; break; case 'bmp': $c = 'image/bmp'; break; case 'tif': case 'tiff': $c = 'image/tiff'; break; case 'webp': $c = 'image/webp'; break; default: die('Error: Unsupported file type. $ext=' . $b); return; } header('Content-Description: File Transfer'); header('Content-Transfer-Encoding: binary'); header('Content-Type: ' . $c); header('Content-Disposition: attachment; filename="' . unsanitized_basename($a) . '"'); header('Content-Length: ' . filesize2($a)); ob_clean(); flush(); readfile($a); }
public static function get_link(BlockInstance $instance) { safe_require('module', 'multirecipientnotification'); if (PluginModuleMultirecipientnotification::is_active()) { $data = get_config('wwwroot') . 'module/multirecipientnotification/inbox.php'; } else { $data = get_config('wwwroot') . 'account/activity/index.php'; } return sanitize_url($data); }
function column_link($atts, $content = null) { $args = shortcode_atts(array('link' => '#'), $atts); $link = sanitize_url($args["link"]); $out = ''; $out .= "<a href=\"{$link}\" class=\"column-link \">"; $out .= do_shortcode($content); $out .= "</a>"; return $out; }
function wpcf7_admin_url($file, $query = array()) { $file = trim($file, ' /'); if ('admin/' != substr($file, 0, 6)) { $file = 'admin/' . $file; } $path = 'admin.php'; $path .= '?page=' . WPCF7_PLUGIN_NAME . '/' . $file; if ($query = build_query($query)) { $path .= '&' . $query; } $url = admin_url($path); return sanitize_url($url); }
function upload($file, $path = 'uploads/', $all = false) { $uniq_id = substr(strrev(uniqid()), 0, 4); $parts = explode('.', $file->getClientOriginalName()); $ext = array_pop($parts); $file_name = $uniq_id . '_' . sanitize_url(implode('.', $parts)) . '.' . $ext; if (file_exists($path . $file_name)) { $parts = explode('.', $file_name); $ext = array_pop($parts); $parts[count($parts) - 1] .= rand(0, 99); $parts[] = $ext; $file_name = implode('.', $parts); } if ($all == false) { return $file->move($path, $file_name)->getFileName(); } else { return $file->move($path, $file_name); } }
public static function get_link(BlockInstance $instance) { $data = get_config('wwwroot') . 'blocktype/wall/wall.php?id=' . $instance->get('id'); return sanitize_url($data); }
/** * Returns the HTML for the feed icon (not the little RSS one, but the * actual logo associated with the feed) */ private static function make_feed_image_tag($image) { // Depending on whether they're using RSS or ATOM, the image may // be an array of properties about the feed image, or it may be // just the URL of the image. if (is_array($image)) { if (isset($image['url'])) { $imageurl = $image['url']; } else { $imageurl = ''; } } else { $imageurl = $image; $image = array('url' => $imageurl); } // Make sure it's a valid URL. $imageurl = sanitize_url($imageurl); if (!$imageurl) { return ''; } // If we're in HTTPS, make sure the image URL is not HTTP if (is_https()) { $imageurl = preg_replace('#^http://#', 'https://', $imageurl); } $result = "<img src=\"{$imageurl}\""; // The specification says there should be a title, but it's not always present. if (!empty($image['title'])) { $result .= ' alt="' . htmlentities($image['title']) . '"'; } // There may be height & weight attributes foreach (array('height', 'width') as $attribute) { if (isset($image[$attribute]) && (int) $image[$attribute]) { $result .= " {$attribute}=\"" . (int) $image[$attribute] . '"'; } } $result .= " />"; // A "link" tag indicates that the image should be a clickable link to another URL if (!empty($image['link'])) { $link = sanitize_url($image['link']); if ($link) { $result = "<a href=\"{$link}\" target=\"_blank\">{$result}</a>"; } } return $result; }
if (preg_match('~(\\d+)(.*)~', $height, $match)) { $height = $match[1]; $height_unit = $match[2]; } $skins = $c->getSkins($c->getSkinPath()); $current_skin = $c->getSkin($config); $settings = $c->getAdditionalSettings(); $plugins = $c->getAdditionalPlugins(); $filemanager = $c->getFilemanager(); $toolbars = $c->getToolbars(); $preview = NULL; $plugins_checked = array(); $filemanager_checked = array(); $enable_htmlpurifier = isset($config['enable_htmlpurifier']) ? $config['enable_htmlpurifier'] : false; if (file_exists(CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . WYSIWYG_EDITOR . '/images/' . $current_skin . '.png'))) { $preview = '<img src="' . sanitize_url(CAT_URL . '/modules/' . WYSIWYG_EDITOR . '/images/' . $current_skin . '.png') . '" alt="' . $current_skin . '" title="' . $current_skin . '" />'; } // something to save? $job = $val->sanitizePost('job'); if ($job && $job == "save") { $new_width = $new_height = $new_skin = $new_toolbar = $new_plugins = $new_fm = NULL; // validate width and height foreach (array('width', 'height') as $key) { if ($val->sanitizePost($key)) { if (!is_numeric($val->sanitizePost($key))) { $errors[$key] = $backend->lang()->translate('Not numeric!'); continue; } if ($val->sanitizePost($key . '_unit') && in_array($val->sanitizePost($key . '_unit'), array('em', 'px', '%'))) { if ($val->sanitizePost($key . '_unit') == '%' && $val->sanitizePost($key) > 100) { $errors[$key] = $backend->lang()->translate('Invalid ' . $key . ': {{width}}% > 100%!', array('width' => $val->sanitizePost($key)));
public function meditor_sanitize_related($val) { if (is_numeric($val) && get_permalink(absint($val))) { return absint($val); } if ($url = sanitize_url($val)) { if ($post_id = url_to_postid($url)) { return $post_id; } else { return $url; } } return FALSE; }
/** * Edit user settings based on contents of $_POST * * Used on user-edit.php and profile.php to manage and process user options, passwords etc. * * @since 2.0 * * @param int $user_id Optional. User ID. * @return int user id of the updated user */ function edit_user($user_id = 0) { global $current_user, $wp_roles, $wpdb; if ($user_id != 0) { $update = true; $user->ID = (int) $user_id; $userdata = get_userdata($user_id); $user->user_login = $wpdb->escape($userdata->user_login); } else { $update = false; $user = ''; } if (!$update && isset($_POST['user_login'])) { $user->user_login = sanitize_user($_POST['user_login'], true); } $pass1 = $pass2 = ''; if (isset($_POST['pass1'])) { $pass1 = $_POST['pass1']; } if (isset($_POST['pass2'])) { $pass2 = $_POST['pass2']; } if (isset($_POST['role']) && current_user_can('edit_users')) { $new_role = sanitize_text_field($_POST['role']); // Don't let anyone with 'edit_users' (admins) edit their own role to something without it. if ($user_id != $current_user->id || $wp_roles->role_objects[$new_role]->has_cap('edit_users')) { $user->role = $new_role; } // If the new role isn't editable by the logged-in user die with error $editable_roles = get_editable_roles(); if (!$editable_roles[$new_role]) { wp_die(__('You can’t give users that role.')); } } if (isset($_POST['email'])) { $user->user_email = sanitize_text_field($_POST['email']); } if (isset($_POST['url'])) { if (empty($_POST['url']) || $_POST['url'] == 'http://') { $user->user_url = ''; } else { $user->user_url = sanitize_url($_POST['url']); $user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://' . $user->user_url; } } if (isset($_POST['first_name'])) { $user->first_name = sanitize_text_field($_POST['first_name']); } if (isset($_POST['last_name'])) { $user->last_name = sanitize_text_field($_POST['last_name']); } if (isset($_POST['nickname'])) { $user->nickname = sanitize_text_field($_POST['nickname']); } if (isset($_POST['display_name'])) { $user->display_name = sanitize_text_field($_POST['display_name']); } if (isset($_POST['description'])) { $user->description = trim($_POST['description']); } foreach (_wp_get_user_contactmethods() as $method => $name) { if (isset($_POST[$method])) { $user->{$method} = sanitize_text_field($_POST[$method]); } } if ($update) { $user->rich_editing = isset($_POST['rich_editing']) && 'false' == $_POST['rich_editing'] ? 'false' : 'true'; $user->admin_color = isset($_POST['admin_color']) ? sanitize_text_field($_POST['admin_color']) : 'fresh'; } $user->comment_shortcuts = isset($_POST['comment_shortcuts']) && 'true' == $_POST['comment_shortcuts'] ? 'true' : ''; $user->use_ssl = 0; if (!empty($_POST['use_ssl'])) { $user->use_ssl = 1; } $errors = new WP_Error(); /* checking that username has been typed */ if ($user->user_login == '') { $errors->add('user_login', __('<strong>ERROR</strong>: Please enter a username.')); } /* checking the password has been typed twice */ do_action_ref_array('check_passwords', array($user->user_login, &$pass1, &$pass2)); if ($update) { if (empty($pass1) && !empty($pass2)) { $errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass1')); } elseif (!empty($pass1) && empty($pass2)) { $errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass2')); } } else { if (empty($pass1)) { $errors->add('pass', __('<strong>ERROR</strong>: Please enter your password.'), array('form-field' => 'pass1')); } elseif (empty($pass2)) { $errors->add('pass', __('<strong>ERROR</strong>: Please enter your password twice.'), array('form-field' => 'pass2')); } } /* Check for "\" in password */ if (false !== strpos(stripslashes($pass1), "\\")) { $errors->add('pass', __('<strong>ERROR</strong>: Passwords may not contain the character "\\".'), array('form-field' => 'pass1')); } /* checking the password has been typed twice the same */ if ($pass1 != $pass2) { $errors->add('pass', __('<strong>ERROR</strong>: Please enter the same password in the two password fields.'), array('form-field' => 'pass1')); } if (!empty($pass1)) { $user->user_pass = $pass1; } if (!$update && !validate_username($user->user_login)) { $errors->add('user_login', __('<strong>ERROR</strong>: This username is invalid. Please enter a valid username.')); } if (!$update && username_exists($user->user_login)) { $errors->add('user_login', __('<strong>ERROR</strong>: This username is already registered. Please choose another one.')); } /* checking e-mail address */ if (empty($user->user_email)) { $errors->add('empty_email', __('<strong>ERROR</strong>: Please enter an e-mail address.'), array('form-field' => 'email')); } elseif (!is_email($user->user_email)) { $errors->add('invalid_email', __('<strong>ERROR</strong>: The e-mail address isn’t correct.'), array('form-field' => 'email')); } elseif (($owner_id = email_exists($user->user_email)) && $owner_id != $user->ID) { $errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.'), array('form-field' => 'email')); } // Allow plugins to return their own errors. do_action_ref_array('user_profile_update_errors', array(&$errors, $update, &$user)); if ($errors->get_error_codes()) { return $errors; } if ($update) { $user_id = wp_update_user(get_object_vars($user)); } else { $user_id = wp_insert_user(get_object_vars($user)); wp_new_user_notification($user_id, isset($_POST['send_password']) ? $pass1 : ''); } return $user_id; }
/** * Site-level sidebar menu (list of links) * There is no admin files table yet so just get the urls. * @return $menu a data structure containing the site menu */ function site_menu() { global $USER; $menu = array(); if ($menuitems = get_records_array('site_menu', 'public', (int) (!$USER->is_logged_in()), 'displayorder')) { foreach ($menuitems as $i) { if ($i->url) { $safeurl = sanitize_url($i->url); if ($safeurl != '') { $menu[] = array('name' => $i->title, 'link' => $safeurl); } } else { if ($i->file) { $menu[] = array('name' => $i->title, 'link' => get_config('wwwroot') . 'artefact/file/download.php?file=' . $i->file); } } } } return $menu; }
if ($_FILES['cat_adimg_1']['tmp_name'] != '' && $_FILES['cat_adimg_1']['tmp_name'] != 'none') { $cat['cat_adimg_1'] = $catimg_dir . '/' . basename($image->upload_image($_FILES['cat_adimg_1'], $catimg_dir)); /* 删除旧图片 */ if (!empty($cat_imgs['cat_adimg_1'])) { @unlink(ROOT_PATH . DATA_DIR . '/' . $catimg_dir . '/' . $cat_imgs['cat_adimg_1']); } } if ($_FILES['cat_adimg_2']['tmp_name'] != '' && $_FILES['cat_adimg_2']['tmp_name'] != 'none') { $cat['cat_adimg_2'] = $catimg_dir . '/' . basename($image->upload_image($_FILES['cat_adimg_2'], $catimg_dir)); /* 删除旧图片 */ if (!empty($cat_imgs['cat_adimg_2'])) { @unlink(ROOT_PATH . DATA_DIR . '/' . $catimg_dir . '/' . $cat_imgs['cat_adimg_2']); } } $cat['cat_adurl_1'] = !empty($_POST['cat_adurl_1']) ? sanitize_url(trim($_POST['cat_adurl_1'])) : ''; $cat['cat_adurl_2'] = !empty($_POST['cat_adurl_2']) ? sanitize_url(trim($_POST['cat_adurl_2'])) : ''; $cat['category_index'] = !empty($_POST['category_index']) ? $_POST['category_index'] : '0'; $cat['show_in_index'] = !empty($_POST['show_in_index']) ? $_POST['show_in_index'] : '0'; /* 代码增加_end Byjdy */ /* 判断分类名是否重复 */ if ($cat['cat_name'] != $old_cat_name) { if (cat_exists($cat['cat_name'], $cat['parent_id'], $cat_id)) { $link[] = array('text' => $_LANG['go_back'], 'href' => 'javascript:history.back(-1)'); sys_msg($_LANG['catname_exist'], 0, $link); } } /* 判断上级目录是否合法 */ $children = array_keys(cat_list($cat_id, 0, false)); // 获得当前分类的所有下级分类 if (in_array($cat['parent_id'], $children)) { /* 选定的父类是当前分类或当前分类的下级分类 */
function kpg_permalink_fixer() { $options = kpg_pf_get_options(); extract($options); // fix request_uri on IIS if (!array_key_exists('REQUEST_URI', $_SERVER)) { $_SERVER['REQUEST_URI'] = substr($_SERVER['PHP_SELF'], 1); if (isset($_SERVER['QUERY_STRING'])) { $_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING']; } } $plink = $_SERVER['REQUEST_URI']; $pulink = $plink; // keeping the query - there is a chance that there is a query variable that needs to be preserved. // possibly a search or an update has been bookmarked. if (strpos($plink, '/feed/') !== false) { return; } $query = ''; if (strpos($plink, '?') !== false) { $query = substr($plink, strpos($plink, '?')); $plink = substr($plink, 0, strpos($plink, '?')); } // do not redirect search queries if (strpos('?' . $query, '?s=') !== false) { return; } if (strpos($query, '&s=') !== false) { return; } if (strpos($plink, '#') !== false) { $plink = substr($plink, 0, strpos($plink, '#')); } $plink = trim($plink, '/'); $flink = $plink; // flink has the page that was 404'd - not the basename //$plink=basename($plink); // plink now is the permalink part of the request. // often I found this is wrong, I want to use the wholw taxonomy in the search $plink = kpg_pf_more_clean($plink); $plink = str_replace('index.html', '', $plink); $plink = str_replace('index.shtml', '', $plink); $plink = str_replace('index.htm', '', $plink); $plink = str_replace('index.asp', '', $plink); $plink = str_replace('.html', '', $plink); $plink = str_replace('.shtml', '', $plink); $plink = str_replace('.htm', '', $plink); $plink = str_replace('.asp', '', $plink); $plink = str_replace('.aspx', '', $plink); // set up stats // now get rid of the slashes $reason = $plink; $plink = trim($plink); $plink = trim($plink, '/'); $plink = str_replace('--', '-', $plink); // had a problem with double dashes $plink = str_replace('/', '-', $plink); // this way the taxonomy becomes part of the search $plink = str_replace('%20', '-', $plink); // spaces are wrong $ref = ''; if (array_key_exists('HTTP_REFERER', $_SERVER)) { $ref = $_SERVER['HTTP_REFERER']; } $ref = esc_url_raw($ref); $ref = strip_tags($ref); $ref = remove_accents($ref); $ref = kpg_pf_really_clean($ref); $agent = ''; if (array_key_exists('HTTP_USER_AGENT', $_SERVER)) { $agent = $_SERVER["HTTP_USER_AGENT"]; } $agent = strip_tags($agent); $agent = remove_accents($agent); $agent = kpg_pf_really_clean($agent); $agent = htmlentities($agent); $request = $flink; $request = esc_url_raw($request); $request = strip_tags($request); $request = remove_accents($request); $request = kpg_pf_really_clean($request); $request = str_replace('http://', '', $request); // set up stats $r404 = array(); $r404[0] = date('m/d/Y H:i:s', time() + get_option('gmt_offset') * 3600); $r404[1] = $pulink; $r404[2] = $ref; $r404[3] = $agent; $r404[4] = $_SERVER['REMOTE_ADDR']; $r404[6] = ''; // testing an ignore for the category if (strpos($plink, "/category/") !== false) { $cnt404++; $options['cnt404'] = $cnt404; $r404[6] = '/category/ is not redirected.'; kpg_find_permalink_error_log($options, $e404, $r404, $stats); return; } // do not mess with robots trying to find wp-login.php and wp-signup.php if (strpos($plink . "\t", "/wp-login.php\t") !== false || strpos($plink . "\t", "/wp-signup.php\t") !== false || strpos($plink . "\t", "/feed\t") !== false) { $cnt404++; $options['cnt404'] = $cnt404; $r404[6] = '$plink is probably a robot looking for exploits.'; kpg_find_permalink_error_log($options, $e404, $r404, $stats); return; } // check for bypassed or generated files if ($chkrobots == 'Y' && strpos(strtolower($plink) . "\t", "robots.txt\t") !== false) { // looking for a robots.txt // header out the .txt file $cnt404++; $options['cnt404'] = $cnt404; $r404[6] = 'display tobots.txt'; kpg_find_permalink_error_log($options, $e404, $r404, $stats); header('HTTP/1.1 200 OK'); header('Content-Type: text/plain'); echo $robots; exit; } if ($chkcrossdomain == 'Y' && strpos(strtolower($plink) . "\t", "crossdomain.xml\t") !== false) { // looking for a robots.txt // header out the .txt file $cnt404++; $options['cnt404'] = $cnt404; $r404[6] = 'display crossdomain.xml'; kpg_find_permalink_error_log($options, $e404, $r404, $stats); header('HTTP/1.1 200 OK'); header('Content-Type: application/xml'); echo '<' . '?xml version="1.0"?' . ">\r\n"; // because of ? and stuff need to echo this separate ?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="<?php echo $_SERVER["HTTP_HOST"]; ?> " /> </cross-domain-policy> <?php exit; } if ($chkicon == 'Y' && strpos(strtolower($plink) . "\t", "favicon.ico\t") !== false) { // this only works if the favicon.ico is being redirected to wordpress on a 404 $f = dirname(__FILE__) . "/includes/favicon.ico"; if (!file_exists($f)) { // can't find the icon file - what's up with this??? $r404[6] = 'did not find favicon.ico'; kpg_find_permalink_error_log($options, $e404, $r404, $stats); exit; } if (file_exists($f)) { //if (function_exists('header_remove')) header_remove(); ini_set('zlib.output_compression', 'Off'); header('HTTP/1.1 200 OK'); $r404[6] = 'display favicon.ico'; $cnt404++; $options['cnt404'] = $cnt404; kpg_find_permalink_error_log($options, $e404, $r404, $stats); header('Content-Type: image/vnd.microsoft.icon'); header('Content-Disposition: attachment; filename="favicon.ico"'); header('Content-Length: ' . filesize($f)); readfile($f); exit; } } /* apple-touch-icon-57x57-precomposed.png apple-touch-icon-57x57.png apple-touch-icon-precomposed.png apple-touch-icon.png */ if ($chkicon == 'Y' && (strpos(strtolower($plink) . "\t", "apple-touch-icon.png\t") !== false || strpos(strtolower($plink) . "\t", "apple-touch-icon-57x57.png\t") !== false || strpos(strtolower($plink) . "\t", "apple-touch-icon-precomposed.png\t") !== false || strpos(strtolower($plink) . "\t", "apple-touch-icon.png\t") !== false)) { // this only works if the favicon.ico is being redirected to wordpress on a 404 $f = dirname(__FILE__) . "/includes/apple-touch-icon.png"; if (file_exists($f)) { if (function_exists('header_remove')) { header_remove(); } ini_set('zlib.output_compression', 'Off'); $r404[6] = 'display apple-touch-icon.png'; $cnt404++; $options['cnt404'] = $cnt404; kpg_find_permalink_error_log($options, $e404, $r404, $stats); header('HTTP/1.1 200 OK'); header('Content-Type: image/png'); readfile($f); exit; } } // if anyone is asking for a feed that does not exist, send them the sitemap if (strpos(strtolower($plink) . "\t", "feed\t") !== false) { // if there is no sitemap, return the last 20 entries made $r404[6] = 'feed send sitemap.xml'; $cnt404++; $options['cnt404'] = $cnt404; kpg_find_permalink_error_log($options, $e404, $r404, $stats); header('HTTP/1.1 200 OK'); header('Content-Type: application/xml'); $sitemap = kpg_pf_sitemap(); exit; } if ($chksitemap == 'Y' && strpos(strtolower($plink) . "\t", "sitemap.xml\t") !== false) { // if there is no sitemap, return the last 20 entries made $r404[6] = 'display sitemap.xml'; $cnt404++; $options['cnt404'] = $cnt404; kpg_find_permalink_error_log($options, $e404, $r404, $stats); header('HTTP/1.1 200 OK'); header('Content-Type: application/xml'); $sitemap = kpg_pf_sitemap(); exit; } if ($chkdublin == 'Y' && strpos(strtolower($plink) . "\t", "dublin.rdf\t") !== false) { // dublin.rdf is a little used method for robots to get more info about your site $r404[6] = 'display dublin.rdf'; $cnt404++; $options['cnt404'] = $cnt404; kpg_find_permalink_error_log($options, $e404, $r404, $stats); header('HTTP/1.1 200 OK'); header('Content-Type: application/xml'); echo '<' . '?xml version="1.0"?' . '>'; // because of ? and stuff need to echo this separate ?> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc= "http://purl.org/dc/elements/1.1/"> <rdf:Description rdf:about="<?php echo get_home_url(); ?> "> <dc:contributor><?php echo get_bloginfo('name'); ?> </dc:contributor> <dc:date><?php echo date('Y-m-d', time() + get_option('gmt_offset') * 3600); ?> </dc:date> <dc:description><?php echo get_bloginfo('description'); ?> </dc:description> <dc:language><?php echo get_bloginfo('language'); ?> </dc:language> <dc:publisher></dc:publisher> <dc:source><?php echo get_home_url(); ?> </dc:source> </rdf:Description> </rdf:RDF> <?php exit; } if ($chkopensearch == 'Y' && (strpos(strtolower($plink) . "\t", "opensearch.xml\t") !== false || strpos(strtolower($plink) . "\t", "search.xml\t") !== false)) { // search.xml may hel people search your site. $r404[6] = 'display opensearch.xml'; $cnt404++; $options['cnt404'] = $cnt404; kpg_find_permalink_error_log($options, $e404, $r404, $stats); header('HTTP/1.1 200 OK'); header('Content-Type: application/xml'); echo '<' . '?xml version="1.0"?' . ">\r\n"; // because of ? and stuff need to echo this separate ?> <OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/"> <ShortName><?php echo get_bloginfo('name'); ?> </ShortName> <Description>Search this site</Description> <Image>favicon.ico</Image> <Url type="text/html" template="<?php echo get_home_url(); ?> /seach"/> </OpenSearchDescription> <?php exit; } // some file types should not be included. these files are true 404s and Wordpress can't fix that. $ignoreTypes = array('jpg', 'gif', 'png', 'pdf', 'txt', 'asp', 'php', 'cfm', 'js', 'xml', 'php', 'mp3', 'wmv', 'css'); foreach ($ignoreTypes as $it) { if (strpos(strtolower($plink) . "\t", '.' . $it . "\t") !== false) { $r404[6] = "request for non WP file:.{$it}"; $cnt404++; $options['cnt404'] = $cnt404; kpg_find_permalink_error_log($options, $e404, $r404, $stats); return; } } // santize to get rid of all odd characters, including cross browser scripts. $plink = strtolower($plink); // make it case insensitive // do some more cleanup $plink = urldecode($plink); $plink = strip_tags($plink); $plink = remove_accents($plink); $plink = kpg_pf_really_clean($plink); $plink = str_replace('_', '-', $plink); $plink = str_replace(' ', '-', $plink); $plink = str_replace('%20', '-', $plink); $plink = str_replace('%22', '-', $plink); $plink = str_replace('/archive/', '-', $plink); $plink = sanitize_title_with_dashes($plink); // gets rid of some words that wordpress things are unimportant // check if the incoming line needs a blogger fix // for looking for recursive redirects $old_link = $_SERVER['REQUEST_URI']; if (empty($plink)) { // redirect back to siteurl $flink = home_url(); // recursion check if ($flink == $old_link || $flink == $old_link . $query) { $r404[5] = $flink; $cntredir++; $options['cntredir'] = $cntredir; $totredir++; $options['totredir'] = $totredir; $r404[6] = "Recursive redirect on home url, returning to wordpress "; kpg_find_permalink_fixed_log($options, $f404, $r404, $stats); return; } $r404[5] = $flink; $cntredir++; $options['cntredir'] = $cntredir; $totredir++; $options['totredir'] = $totredir; $r404[6] = "empty search, send to home"; kpg_find_permalink_fixed_log($options, $f404, $r404, $stats); wp_redirect($flink . $query, (int) $kpg_pf_301); // let wp do it - more compatable. exit; } if ($labels == 'Y') { if (strpos($flink, '/labels/') > 0) { if ($flink == $old_link || $flink == $old_link . $query) { $r404[5] = $flink; $cntredir++; $options['cntredir'] = $cntredir; $totredir++; $options['totredir'] = $totredir; $r404[6] = "Recursive redirect on label url, returning to wordpress "; kpg_find_permalink_fixed_log($options, $f404, $r404, $stats); return; } $flink = str_replace('/labels/', '/category/', $flink); $flink = str_replace('.html', '', $flink); // get dir of html and shtml at the end - don't need to search for these $flink = str_replace('.shtml', '', $flink); $flink = str_replace('.htm', '', $flink); $flink = str_replace('_', '-', $flink); // underscores should be dashes $flink = str_replace('.', '-', $flink); // periods should be dashes $flink = str_replace(' ', '-', $flink); // spaces are wrong $flink = str_replace('%20', '-', $flink); // spaces are wrong $flink = str_replace('%22', '-', $flink); // spaces are wrong $flink = str_replace('"', '-', $flink); // spaces are wrong $r404[5] = $flink; $r404[6] = "Redirect /label/ to /category/"; $cntredir++; $options['cntredir'] = $cntredir; $totredir++; $options['totredir'] = $totredir; kpg_find_permalink_fixed_log($options, $f404, $r404, $stats); wp_redirect($flink . $query, (int) $kpg_pf_301); // let wp do it - more compatable. exit; } } // check to see if the user is coming in on a base default // now figure if we need to fix a permalink //echo "\r\n\r\n<!-- step 2 $find -->\r\n\r\n"; if ($find > 0) { $plink = str_replace('.html', '', $plink); // get dir of html and shtml at the end - don't need to search for these $plink = str_replace('.shtml', '', $plink); $plink = str_replace('.htm', '', $plink); $plink = str_replace('.asp', '', $plink); // first check for the original slug - use the wordpress slug fixer on it. if (strpos(strtolower($flink) . "\t", "/index.html\t") !== false) { $flink = substr($flink . "\t", 0, strpos(strtolower($flink) . "\t", "/index.html\t")); } if (strpos(strtolower($flink) . "\t", "/index.htm\t") !== false) { $flink = substr($flink . "\t", 0, strpos(strtolower($flink) . "\t", "/index.htm\t")); } if (strpos(strtolower($flink) . "\t", "/index.shtml\t") !== false) { $flink = substr($flink . "\t", 0, strpos(strtolower($flink) . "\t", "/index.shtml\t")); } if (strpos(strtolower($flink) . "\t", "/default.asp\t") !== false) { $flink = substr($flink . "\t", 0, strpos(strtolower($flink) . "\t", "/default.asp\t")); } $flink = basename($flink); $flink = str_replace('.html', '', $flink); // get dir of html and shtml at the end - don't need to search for these $flink = str_replace('.shtml', '', $flink); $flink = str_replace('.htm', '', $flink); $flink = str_replace('_', '-', $flink); // underscores should be dashes $flink = str_replace('.', '-', $flink); // periods should be dashes $flink = str_replace(' ', '-', $flink); // spaces are wrong $flink = str_replace('%20', '-', $flink); // spaces are wrong $flink = str_replace('http://', '', $flink); $flink = str_replace('https://', '', $flink); $flink = sanitize_url($flink); $flink = str_replace('http://', '', $flink); $flink = str_replace('https://', '', $flink); $flink = str_replace('%22', '-', $flink); // spaces are wrong $flink = str_replace('"', '-', $flink); // spaces are wrong // check for matches to slugs // start with a check to category $ID = false; $cnt = 0; $reason = "working..."; $cat = ''; if ($chkcat == 'Y') { $cat = get_category_by_slug($flink); // if exact match on the category slug we can do a redirect right now. if (!empty($cat)) { // need to redirect to the category //echo "\r\n\r\n\r\n"; //print_r($cat); $ID = $cat->cat_ID; //echo "\r\n\r\n\r\n"; //exit(); } else { $ID = false; } } if (empty($ID)) { $ID = false; } if ($ID === false) { $ID = kpg_find_permalink_post_direct($flink); } if (empty($ID)) { $ID = false; } if ($ID !== false) { // redirect directly to the link now $cnt = 1; $reason = "(1) exact match to slug {$plink} {$flink}"; if (!empty($cat)) { $reason = "exact match to Category slug {$flink}"; } } // check - exact matches on flink if ($ID === false) { $ansa = kpg_find_permalink_post_exact($flink, $find, $kpg_pf_numbs, $kpg_pf_common, $kpg_pf_short); $ID = $ansa[0]; $cnt = $ansa[1]; $reason = "Found {$cnt} exact word matches to slug {$plink} {$flink}"; if (empty($ID)) { $ID = false; } } if ($ID === false && $chkloose == 'Y') { $ansa = kpg_find_permalink_post_loose($flink, $find, $kpg_pf_numbs, $kpg_pf_common, $kpg_pf_short); $ID = $ansa[0]; $cnt = $ansa[1]; $reason = "Found {$cnt} loose word matches to {$flink}"; if (empty($ID)) { $ID = false; } } if ($ID === false && $chkfullurl == 'Y') { $ansa = kpg_find_permalink_post_exact($plink, $find, $kpg_pf_numbs, $kpg_pf_common, $kpg_pf_short); $ID = $ansa[0]; $cnt = $ansa[1]; $reason = "Found {$cnt} exact word matches to {$plink}"; if (empty($ID)) { $ID = false; } } if ($ID === false && $chkloose == 'Y' && $chkfullurl == 'Y') { $ansa = kpg_find_permalink_post_loose($plink, $find, $kpg_pf_numbs, $kpg_pf_common, $kpg_pf_short); $ID = $ansa[0]; $cnt = $ansa[1]; $reason = "Found {$cnt} loose word matches to {$plink}"; if (empty($ID)) { $ID = false; } } if ($ID === false && $chkmetaphone == 'Y') { // missed on regular words - try a metaphone search?? Only do it on original slug $ansa = kpg_find_permalink_post_metaphone($flink, $find, $kpg_pf_numbs, $kpg_pf_common, $kpg_pf_short); $ID = $ansa[0]; $cnt = $ansa[1]; if ($ID !== false) { $reason = "Found {$cnt} metaphone 'sounds-like' word matches to {$flink}"; } else { $reason = "failed all searches"; } if (empty($ID)) { $ID = false; } } if ($ID === false && $chkmetaphone == 'Y' && $chkfullurl == 'Y') { // missed on regular words - try a metaphone search?? Only do it on original slug $ansa = kpg_find_permalink_post_metaphone($plink, $find, $kpg_pf_numbs, $kpg_pf_common, $kpg_pf_short); $ID = $ansa[0]; $cnt = $ansa[1]; if ($ID !== false) { $reason = "Found {$cnt} metaphone 'sounds-like' word matches to {$plink}"; } else { $reason = "failed all searches"; } if (empty($ID)) { $ID = false; } } if ($ID !== false) { // got the page if (!empty($cat)) { $link = get_category_link($ID); } else { $link = get_permalink($ID); } if ($do200 == 'Y') { // here we display the page $r404[5] = $link; $r404[6] = $reason . " -page loaded direct '{$ID}'"; $cntredir++; $options['cntredir'] = $cntredir; $totredir++; $options['totredir'] = $totredir; kpg_find_permalink_fixed_log($options, $f404, $r404, $stats); header("HTTP/1.1 200 Ok"); if (kpg_pf_load_page($ID)) { exit; } $r404[5] = $link; $r404[6] = $reason . " page not found '{$ID}'"; $cntredir++; $options['cntredir'] = $cntredir; $totredir++; $options['totredir'] = $totredir; kpg_find_permalink_fixed_log($options, $f404, $r404, $stats); } if (!empty($link)) { if ($link == $old_link || $link == $old_link . $query) { $r404[5] = $flink; $cntredir++; $options['cntredir'] = $cntredir; $totredir++; $options['totredir'] = $totredir; $r404[6] = "Recursive redirect on url, returning to wordpress "; kpg_find_permalink_fixed_log($options, $f404, $r404, $stats); return; } $r404[5] = $_SERVER['REQUEST_URI'] . '/' . $link; $r404[6] = $reason; $cntredir++; $options['cntredir'] = $cntredir; $totredir++; $options['totredir'] = $totredir; kpg_find_permalink_fixed_log($options, $f404, $r404, $stats); wp_redirect($link . $query, (int) $kpg_pf_301); // let wp do it - more compatable. exit; } } } // still here, it must be a real 404, we should log it $reason = "Not found - slug:{$flink}, loose url:{$plink}"; //echo "\r\n\r\n<!-- step 5 -->\r\n\r\n"; $cnt404++; $options['cnt404'] = $cnt404; $r404[6] = $reason; kpg_find_permalink_error_log($options, $e404, $r404, $stats); return; // end of permalink fixer }
private function discover_mobile($url) { $parsed = parse_url($url); if (!isset($parsed['host'])) { return false; } $response = wp_remote_head($url, array('timeout' => self::REMOTE_GET_TIMEOUT, 'httpversion' => '1.0')); if (is_wp_error($response)) { return false; } if (isset($response['headers']['content-type']) && preg_match(self::IGNORE_CONTENT_REGEX, implode(' ', (array) $response['headers']['content-type']))) { return false; } $response = wp_remote_get($url, array('timeout' => self::REMOTE_GET_TIMEOUT, 'httpversion' => '1.0')); if (is_wp_error($response)) { return false; } $contents = $response['body']; if (!preg_match_all('#<link([^>]*?)media=([\'"])handheld\\2([^>]*)/?>#is', $contents, $links, PREG_SET_ORDER)) { return false; } $mobile_url = false; foreach ($links as $l) { $attr = $l[1] . $l[3]; if (!preg_match('/rel=([\'"])alternate\\1/i', $attr) || !preg_match('/href=([\'"])(.*?)\\1/is', $attr, $href)) { continue; } if (!preg_match('!^(https?:/)?/!', $href[2])) { // relarive URL $href[2] = $url . $href[2]; } $mobile_url = sanitize_url($href[2]); // available after WP 2.3 if ($mobile_url) { break; } } return $mobile_url; }
function register_form_check($user_id) { $_POST['reg_home_page'] = sanitize_url(trim($_POST['reg_home_page'])); $_POST['reg_user_image'] = !empty($_POST['reg_user_image']) ? sanitize_url(trim($_POST['reg_user_image'])) : ''; if (!empty($_POST['reg_icq']) && !(int) $_POST['reg_icq']) { /* ICQ # can only be an integer */ $_POST['reg_icq'] = ''; } /* Image count check */ if ($GLOBALS['FORUM_IMG_CNT_SIG'] && $GLOBALS['FORUM_IMG_CNT_SIG'] < substr_count(strtolower($_POST['reg_sig']), '[img]')) { set_err('reg_sig', 'You are trying to use more then the allowed ' . $GLOBALS['FORUM_IMG_CNT_SIG'] . ' images in your signature.'); } /* Url Avatar check */ if (!empty($_POST['reg_avatar_loc']) && !($GLOBALS['reg_avatar_loc_file'] = fetch_img($_POST['reg_avatar_loc'], $user_id))) { set_err('avatar', 'The specified url does not contain a valid image'); } /* Alias Check */ if ($GLOBALS['FUD_OPT_2'] & 128 && isset($_POST['reg_alias'])) { if ($_POST['reg_alias'] = trim(sanitize_login($_POST['reg_alias']))) { if (strlen($_POST['reg_alias']) > $GLOBALS['MAX_LOGIN_SHOW']) { $_POST['reg_alias'] = substr($_POST['reg_alias'], 0, $GLOBALS['MAX_LOGIN_SHOW']); } if (q_singleval("SELECT id FROM phpgw_fud_users WHERE alias='" . addslashes(htmlspecialchars($_POST['reg_alias'])) . "' AND id!=" . $user_id)) { set_err('reg_alias', 'The alias you are trying to use is already in use by another forum member, please choose another.'); } } } if ($GLOBALS['FORUM_SIG_ML'] && strlen($_POST['reg_sig']) > $GLOBALS['FORUM_SIG_ML']) { set_err('reg_sig', 'Your signature exceeds the maximum allowed length of ' . $GLOBALS['FORUM_SIG_ML'] . ' characters characters.'); } return $GLOBALS['error']; }
$smarty->display('category_flashimg_info.htm'); } /*------------------------------------------------------ */ //-- 商品分类轮播图片添加时的处理 /*------------------------------------------------------ */ if ($_REQUEST['act'] == 'insert') { /* 权限检查 */ admin_priv('cat_manage'); /* 初始化变量 */ $flashimg['cat_id'] = !empty($_POST['cat_id']) ? intval($_POST['cat_id']) : 0; $flashimg['sort_order'] = !empty($_POST['sort_order']) ? intval($_POST['sort_order']) : 0; $flashimg['href_url'] = !empty($_POST['href_url']) ? trim($_POST['href_url']) : ''; /*处理图片*/ $flashimg['img_url'] = basename($image->upload_image($_FILES['img_url'], 'catflashimg')); /*处理URL*/ $flashimg['href_url'] = sanitize_url($flashimg['href_url']); $flashimg['img_title'] = !empty($_POST['img_title']) ? trim($_POST['img_title']) : ''; $flashimg['img_desc'] = !empty($_POST['img_desc']) ? trim($_POST['img_desc']) : ''; /* 入库的操作 */ if ($db->autoExecute($ecs->table('cat_flashimg'), $flashimg) !== false) { clear_cache_files(); // 清除缓存 /*添加链接*/ $link[0]['text'] = "继续添加"; $link[0]['href'] = 'category_flashimg.php?act=add&cat_id=' . $cat_id; $link[1]['text'] = "返回轮播图片列表"; $link[1]['href'] = 'category_flashimg.php?act=list&cat_id=' . $cat_id; sys_msg("添加成功", 0, $link); } } /*------------------------------------------------------ */
/** * Download an image from a URL, attach Getty MetaData which will also act * as a flag that the image came from GettyImages * * @action wp_ajax_getty_images_download */ function ajax_download() { $this->ajax_check(); if (!current_user_can($this::capability)) { $this->ajax_error(__("User can not download images", 'getty-images')); } // Sanity check inputs if (!isset($_POST['url'])) { $this->ajax_error(__("Missing image URL", 'getty-images')); } $url = sanitize_url($_POST['url']); if (empty($url)) { $this->ajax_error(__("Invalid image URL", 'getty-images')); } if (!isset($_POST['meta'])) { $this->ajax_error(__("Missing image meta", 'getty-images')); } $meta = $_POST['meta']; if (!is_array($_POST['meta']) || !isset($_POST['meta']['ImageId'])) { $this->ajax_error(__("Invalid image meta", 'getty-images')); } // Download the image, but don't necessarily attach it to this post. $tmp = download_url($url); // Wah wah if (is_wp_error($tmp)) { $this->ajax_error(__("Failed to download image", 'getty-images')); } // Getty Images delivery URLs have the pattern: // // http://delivery.gettyimages.com/../<filename>.<ext>?TONSOFAUTHORIZATIONDATA // // Check that the URL component is correct: if (strpos($url, 'http://delivery.gettyimages.com/') !== 0) { $this->ajax_error("Invalid URL"); } // Figure out filename to use. by using the basename of the first image extension // matched component preg_match('/[^?]+\\.(jpe?g|jpe|gif|png)\\b/i', $url, $matches); if (empty($matches)) { $this->ajax_error(__("Invalid filename", 'getty-images')); } $file_array['name'] = basename($matches[0]); $file_array['tmp_name'] = $tmp; $attachment_id = media_handle_sideload($file_array, 0); if (is_wp_error($attachment_id)) { $this->ajax_error(__("Failed to sideload image", 'getty-images')); } // Set the post_content to post_excerpt for this new attachment, since // the field put in post_content is meant to be used as a caption for Getty // Images. // // We would normally use a filter like wp_insert_post_data to do this, // preventing an extra query, but unfortunately media_handle_sideload() // uses wp_insert_attachment() to insert the attachment data, and there is // no way to filter the data going in via that function. $attachment = get_post($attachment_id); if (!$attachment) { $this->ajax_error(__("Attachment not found", 'getty-images')); } $post_parent = isset($_POST['post_id']) ? (int) $_POST['post_id'] : 0; wp_update_post(array('ID' => $attachment->ID, 'post_content' => '', 'post_excerpt' => $attachment->post_content, 'post_parent' => $post_parent)); // Trash any existing attachment for this Getty Images image. Don't force // delete since posts may be using the image. Let the user force file delete explicitly. $getty_id = sanitize_text_field($_POST['meta']['ImageId']); $existing_image_ids = get_posts(array('post_type' => 'attachment', 'post_status' => 'any', 'meta_key' => $this::getty_details_meta_key, 'meta_value' => $getty_id, 'fields' => 'ids')); foreach ($existing_image_ids as $existing_image_id) { wp_delete_post($existing_image_id); } // Save the getty image details in post meta, but only sanitized top-level // string values update_post_meta($attachment->ID, $this::getty_details_meta_key, array_map('sanitize_text_field', array_filter($_POST['meta'], 'is_string'))); // Save the image ID in a separate meta key for serchability update_post_meta($attachment->ID, $this::getty_imageid_meta_key, sanitize_text_field($_POST['meta']['ImageId'])); // Success! Forward new attachment_id back $this->ajax_success(__("Image downloaded", 'getty-images'), wp_prepare_attachment_for_js($attachment_id)); }
function register_form_check($user_id) { $_POST['reg_home_page'] = sanitize_url(trim($_POST['reg_home_page'])); $_POST['reg_user_image'] = !empty($_POST['reg_user_image']) ? sanitize_url(trim($_POST['reg_user_image'])) : ''; if (!empty($_POST['reg_icq']) && !(int) $_POST['reg_icq']) { /* ICQ # can only be an integer */ $_POST['reg_icq'] = ''; } /* Image count check */ if ($GLOBALS['FORUM_IMG_CNT_SIG'] && $GLOBALS['FORUM_IMG_CNT_SIG'] < substr_count(strtolower($_POST['reg_sig']), '[img]')) { set_err('reg_sig', 'Stai cercando di utilizzare nella tua signature più immagini delle ' . $GLOBALS['FORUM_IMG_CNT_SIG'] . ' consentite.'); } /* Url Avatar check */ if (!empty($_POST['reg_avatar_loc']) && !($GLOBALS['reg_avatar_loc_file'] = fetch_img($_POST['reg_avatar_loc'], $user_id))) { set_err('avatar', 'L'URL che hai inserito non contiene un'immagine valida'); } /* Alias Check */ if ($GLOBALS['FUD_OPT_2'] & 128 && isset($_POST['reg_alias'])) { if ($_POST['reg_alias'] = trim(sanitize_login($_POST['reg_alias']))) { if (strlen($_POST['reg_alias']) > $GLOBALS['MAX_LOGIN_SHOW']) { $_POST['reg_alias'] = substr($_POST['reg_alias'], 0, $GLOBALS['MAX_LOGIN_SHOW']); } if (q_singleval("SELECT id FROM phpgw_fud_users WHERE alias='" . addslashes(htmlspecialchars($_POST['reg_alias'])) . "' AND id!=" . $user_id)) { set_err('reg_alias', 'Username già utilizzato'); } } } if ($GLOBALS['FORUM_SIG_ML'] && strlen($_POST['reg_sig']) > $GLOBALS['FORUM_SIG_ML']) { set_err('reg_sig', 'Your signature exceeds the maximum allowed length of ' . $GLOBALS['FORUM_SIG_ML'] . ' characters characters.'); } return $GLOBALS['error']; }
/** * Process RSS feed widget data and optionally retrieve feed items. * * The feed widget can not have more than 20 items or it will reset back to the * default, which is 10. * * The resulting array has the feed title, feed url, feed link (from channel), * feed items, error (if any), and whether to show summary, author, and date. * All respectively in the order of the array elements. * * @since 2.5.0 * * @param array $widget_rss RSS widget feed data. Expects unescaped data. * @param bool $check_feed Optional, default is true. Whether to check feed for errors. * @return array */ function wp_widget_rss_process($widget_rss, $check_feed = true) { $items = (int) $widget_rss['items']; if ($items < 1 || 20 < $items) { $items = 10; } $url = sanitize_url(strip_tags($widget_rss['url'])); $title = trim(strip_tags($widget_rss['title'])); $show_summary = (int) $widget_rss['show_summary']; $show_author = (int) $widget_rss['show_author']; $show_date = (int) $widget_rss['show_date']; if ($check_feed) { require_once ABSPATH . WPINC . '/rss.php'; $rss = fetch_rss($url); $error = false; $link = ''; if (!is_object($rss)) { $url = wp_specialchars(__('Error: could not find an RSS or ATOM feed at that URL.'), 1); $error = sprintf(__('Error in RSS %1$d'), $widget_number); } else { $link = clean_url(strip_tags($rss->channel['link'])); while (strstr($link, 'http') != $link) { $link = substr($link, 1); } } } return compact('title', 'url', 'link', 'items', 'error', 'show_summary', 'show_author', 'show_date'); }
/** * Process RSS feed widget data and optionally retrieve feed items. * * The feed widget can not have more than 20 items or it will reset back to the * default, which is 10. * * The resulting array has the feed title, feed url, feed link (from channel), * feed items, error (if any), and whether to show summary, author, and date. * All respectively in the order of the array elements. * * @since 2.5.0 * * @param array $widget_rss RSS widget feed data. Expects unescaped data. * @param bool $check_feed Optional, default is true. Whether to check feed for errors. * @return array */ function wp_widget_rss_process($widget_rss, $check_feed = true) { $items = (int) $widget_rss['items']; if ($items < 1 || 20 < $items) { $items = 10; } $url = sanitize_url(strip_tags($widget_rss['url'])); $title = trim(strip_tags($widget_rss['title'])); $show_summary = (int) $widget_rss['show_summary']; $show_author = (int) $widget_rss['show_author']; $show_date = (int) $widget_rss['show_date']; if ($check_feed) { $rss = fetch_feed($url); $error = false; $link = ''; if (is_wp_error($rss)) { $error = $rss->get_error_message(); } else { $link = clean_url(strip_tags($rss->get_permalink())); while (stristr($link, 'http') != $link) { $link = substr($link, 1); } } } return compact('title', 'url', 'link', 'items', 'error', 'show_summary', 'show_author', 'show_date'); }
/** * Sanitizes a comment. */ private function sanitize() { global $is_index, $index, $content; // Sanitize user input $this->message = sanitize_html($_POST['comment-message']); $this->name = sanitize_string($_POST['comment-name']); $this->email = $_POST['comment-email']; $this->website = sanitize_url($_POST['comment-website']); // Get date, time $this->date = current_date(); $this->time = current_time(); }
// external list or admin file $name = param_variable('name'); $linkedto = param_variable('linkedto'); $itemid = param_variable('itemid'); $public = (int) param_boolean('public'); $data = new StdClass(); if ($type == 'sitefile') { // Get file id. $data->file = $linkedto; $data->url = null; } else { if ($type == 'externallink') { $data->url = $linkedto; $data->file = null; } else { if (sanitize_url($linkedto) == '') { json_reply('local', get_string('badurl', 'admin')); } else { // Bad menu item type json_reply('local', get_string('badmenuitemtype', 'admin')); } } } $data->title = $name; if ($itemid == 'new') { $data->public = $public; // set displayorder to be after all the existing menu items try { $displayorders = get_records_array('site_menu', 'public', $data->public, '', 'displayorder'); $max = 0; if ($displayorders) {
generate_feed(error_feed(), error_post(get_string('artefactnotinview', 'error', $artefactid, $viewid))); } elseif (!$artefact->in_view_list()) { generate_feed(error_feed(), error_post(get_string('artefactonlyviewableinview', 'error'))); } elseif ($artefact->get('artefacttype') != 'blog') { generate_feed(error_feed(), error_post(get_string('feedsnotavailable', 'artefact.blog'))); } else { $owner = get_records_sql_array("\n SELECT a.mtime, u.id, u.firstname, u.lastname, u.profileicon\n FROM {usr} u, {artefact} a\n WHERE a.id = ?\n AND a.owner = u.id\n LIMIT 1;", array($artefactid)); if ($owner[0]->profileicon) { $image = get_config('wwwroot') . 'thumb.php?type=profileiconbyid&maxsize=100&id=' . $owner[0]->profileicon; } else { // use the Mahara logo $image = $THEME->get_image_url('site-logo'); } // if the owner has a personal website set, use it as the author URI $personal_site = get_field('artefact', 'title', 'artefacttype', 'personalwebsite', 'owner', $owner[0]->id); $author = array('name' => implode(' ', array($owner[0]->firstname, $owner[0]->lastname)), 'uri' => sanitize_url($personal_site)); $link = get_config('wwwroot') . 'artefact/artefact.php?artefact=' . $artefactid . '&view=' . $viewid; $selflink = get_config('wwwroot') . 'artefact/blog/atom.php?artefact=' . $artefactid . '&view=' . $viewid; $postids = get_records_sql_array("\n SELECT a.id, a.title, a.description, a.mtime\n FROM {artefact} a, {artefact_blog_blogpost} bp\n WHERE a.id = bp.blogpost\n AND a.parent = ?\n AND bp.published = 1\n ORDER BY a.ctime DESC\n LIMIT ?;", array($artefactid, POSTCOUNT)); if ($postids) { $updated = $postids[0]->mtime; } else { $updated = $owner[0]->mtime; } $generator = array('uri' => 'https://mahara.org', 'version' => get_config('series'), 'text' => 'Mahara'); $rights = get_string('feedrights', 'artefact.blog', substr($updated, 0, 4) . ' ' . $author['name']); // is there a Creative Commons block in this view? // if so, set the feed rights accordingly $ccblock = get_records_sql_array("\n SELECT b.id\n FROM {block_instance} b\n WHERE b.view = ?\n AND b.blocktype = 'creativecommons'\n LIMIT 1;", array($viewid)); if ($ccblock) { require_once get_config('docroot') . 'blocktype/lib.php';
/** * Sanitizes a comment. */ private function sanitize() { // Sanitize user input $this->message = sanitize_html($_POST['cf-message']); $this->name = sanitize_string($_POST['cf-name']); $this->email = $_POST['cf-email']; $this->website = sanitize_url($_POST['cf-website']); }
} elseif ($_REQUEST['act'] == 'updata') { admin_priv('brand_manage'); if ($_POST['brand_name'] != $_POST['old_brandname']) { /*检查品牌名是否相同*/ $is_only = $exc->is_only('brand_name', $_POST['brand_name'], $_POST['id']); if (!$is_only) { sys_msg(sprintf($_LANG['brandname_exist'], stripslashes($_POST['brand_name'])), 1); } } /*对描述处理*/ if (!empty($_POST['brand_desc'])) { $_POST['brand_desc'] = $_POST['brand_desc']; } $is_show = isset($_REQUEST['is_show']) ? intval($_REQUEST['is_show']) : 0; /*处理URL*/ $site_url = sanitize_url($_POST['site_url']); /* 处理图片 */ $img_name = basename($image->upload_image($_FILES['brand_logo'], 'brandlogo')); $param = "brand_name = '{$_POST['brand_name']}', site_url='{$site_url}', brand_desc='{$_POST['brand_desc']}', is_show='{$is_show}', sort_order='{$_POST['sort_order']}' "; if (!empty($img_name)) { //有图片上传 $param .= " ,brand_logo = '{$img_name}' "; } if ($exc->edit($param, $_POST['id'])) { /* 清除缓存 */ clear_cache_files(); admin_log($_POST['brand_name'], 'edit', 'brand'); $link[0]['text'] = $_LANG['back_list']; $link[0]['href'] = 'brand.php?act=list&' . list_link_postfix(); $note = vsprintf($_LANG['brandedit_succed'], $_POST['brand_name']); sys_msg($note, 0, $link);
//$menuitems = get_records_array('site_menu','public',$public,'displayorder'); $menuitems = get_records_sql_array(' SELECT s.*, a.title AS filename FROM {site_menu} s LEFT OUTER JOIN {artefact} a ON s.file = a.id WHERE s.public = ? ORDER BY s.displayorder', array($public)); $rows = array(); if ($menuitems) { foreach ($menuitems as $i) { $r = array(); $r['id'] = $i->id; $r['name'] = $i->title; $safeurl = sanitize_url($i->url); if (empty($i->url) && !empty($i->file)) { $r['type'] = 'sitefile'; $r['linkedto'] = get_config('wwwroot') . 'artefact/file/download.php?file=' . $i->file; $r['linktext'] = $i->filename; $r['file'] = $i->file; } else { if ($safeurl == '') { $r['type'] = 'externallink'; $r['linkedto'] = ''; $r['linktext'] = strtoupper(get_string('badurl', 'admin')) . ': ' . $i->url; } else { if (!empty($i->url) && empty($i->file)) { $r['type'] = 'externallink'; $r['linkedto'] = $safeurl; $r['linktext'] = $safeurl;