function cw_clean_url_adjust($string) { if (!is_string($string)) { return NULL; } $string = trim($string); if (zerolen($string)) { return ''; } //$string = str_replace("'",'',$string); $string = preg_replace('/\\&(?!#[0-9]+;)(?!#x[0-9a-f]+;)/', '-and-', preg_replace('/\\&/', '-and-', $string)); return preg_replace('/-$/', '', preg_replace('/[-]+/', '-', preg_replace('/[^a-zA-Z0-9._-]/', '-', $string))); }
} } } db_free_result($result); break; } if (!zerolen($image_path) && !is_url($image_path)) { if (!file_exists($image_path) || !is_readable($image_path)) { $image_path = ""; } elseif ($config['setup_images'][$type]['md5_check'] == 'Y') { $image_md5 = md5_file($image_path); } } if (!zerolen($image_path) && $config['setup_images'][$type]['md5_check'] == 'Y' && $image_md5 !== $md5) { $image_path = ""; } } if (zerolen($image_path)) { # when image is not available, use the "default image" $type = $orig_type; $image_path = cw_get_default_image($type); $tmp = cw_get_image_size($image_path); $image_size = $tmp[0]; $image_type = empty($tmp[3]) ? "image/gif" : $tmp[3]; } header("Content-Type: " . $image_type); if ($image_size > 0) { header("Content-Length: " . $image_size); } cw_readfile($image_path, true); exit;
if (!zerolen($fileurl)) { if (strpos($fileurl, "/") === 0) { $fileurl = $http_location . $fileurl; } elseif (!is_url($fileurl)) { $fileurl = "http://" . $fileurl; } $tmp['file_path'] = $fileurl; $tmp['is_copied'] = false; $tmp['source'] = 'U'; $data[] = $tmp; } } } if (is_array($data)) { foreach ($data as $k => $val) { if (isset($val['file_path']) && !cw_is_allowed_file($val['file_path']) || !isset($val['file_path']) || zerolen($val['file_path'])) { if ($val['is_copied']) { @unlink($val['file_path']); } unset($data[$k]); continue; } list($val['file_size'], $val['image_x'], $val['image_y'], $val['image_type']) = cw_get_image_size($val['file_path']); if ($val['file_size'] == 0) { if ($data['is_copied']) { unlink($val['file_path']); } unset($data[$k]); continue; } if (!isset($val['filename'])) {
function smarty_modifier_escape($string, $esc_type = 'html', $char_set = 'ISO-8859-1') { if (zerolen($string)) { return $string; } switch ($esc_type) { case 'html': if (phpversion() >= '4.1.0') { return htmlspecialchars($string, ENT_QUOTES, $char_set); } else { return htmlspecialchars($string, ENT_QUOTES); } case 'htmlall': if (phpversion() >= '4.1.0') { return htmlentities($string, ENT_QUOTES, $char_set); } else { return htmlentities($string, ENT_QUOTES); } case 'url': return rawurlencode($string); case 'urlpathinfo': return str_replace('%2F', '/', rawurlencode($string)); case 'quotes': return preg_replace("/(?<!\\\\)'/Ss", "\\'", $string); case 'hex': $s = '%'; case 'hexentity': if (!$s) { $s = '&#x'; } case 'decentity': if (!$s) { $s = '&#'; } $f = $esc_type == 'decentity' ? "ord" : "bin2hex"; $l = strlen($string); $return = ''; for ($x = 0; $x < $l; $x++) { $return .= $s . $f(substr($string, $x, 1)) . ';'; } return $return; case 'javascript': return strtr($string, array('\\' => '\\\\', "'" => "\\'", '"' => '\\"', "\r" => '\\r', "\n" => '\\n', '</' => '<\\/')); case 'json': // kornev, we don't need "'"=>"\\'", for json - it will work fine when we are quote it this way "test ' test" return strtr($string, array('\\' => '\\\\', '"' => '\\"', "\r" => '', "\n" => '', '</' => '<\\/', "\t" => ' ')); case 'clear': return strtr($string, array("'" => "", '"' => '', "\r" => '', "\n" => '')); case 'mail': return strtr($string, array('@', '.'), array(' [AT] ', ' [DOT] ')); case 'nonstd': $return = ''; $l = strlen($string); for ($i = 0; $i < $l; $i++) { $symbol = substr($string, $i, 1); $ord = ord($symbol); $return .= $ord >= 126 ? '&#' . $ord . ';' : $symbol; } return $return; case 'tooltip': return strip_tags($string); } return $string; }
function cw_image_delete_all($type = '', $where = '') { global $available_images, $tables, $app_dir; if (!isset($available_images[$type])) { return false; } if (!empty($where)) { $where = " where " . $where; } $_table = $tables[$type]; if (cw_query_first_cell("select count(*) from " . $_table . $where) == 0) { return false; } $res = db_query("SELECT image_id, image_path, filename FROM " . $_table . $where); if ($res) { cw_load('image'); $img_dir = cw_image_dir($type) . "/"; while ($v = db_fetch_array($res)) { if (!zerolen($v['image_path']) && is_url($v['image_path'])) { continue; } $image_path = $v['image_path']; if (zerolen($image_path)) { $image_path = cw_relative_path($img_dir . $v['filename']); } $is_found = false; # check other types foreach ($available_images as $k => $i) { $is_found = cw_query_first_cell("select count(*) from " . $tables[$k] . " where image_path='" . addslashes($image_path) . "'" . ($k == $type ? " AND image_id != '{$v['image_id']}'" : "")) > 0; if ($is_found) { break; } } if (!$is_found && file_exists($image_path)) { @unlink($image_path); if ($type == 'products_images_thumb') { cw_rm_dir($img_dir . '/' . $v['image_id']); } } } db_free_result($res); } db_query("delete from " . $_table . $where); return true; }
} if ($for_replace) { $xcart_web_dir = preg_replace("/" . preg_quote($for_replace, "/") . "\$/", "", $xcart_web_dir); } } $_tmp = @parse_url($https_location); $xcart_https_host = $_tmp["host"]; unset($_tmp); $_tmp = @parse_url($http_location); $xcart_http_host = $_tmp["host"]; unset($_tmp); # # Create URL # $request_uri_info = @parse_url($REQUEST_URI); $php_url = array("url" => "http" . ($HTTPS ? "s://" . $xcart_https_host : "://" . $xcart_http_host) . (!zerolen($request_uri_info['path']) ? $request_uri_info['path'] : $PHP_SELF), "query_string" => $QUERY_STRING); # # Check internal temporary directories # $var_dirs_rules = array("cache" => array(".htaccess" => "<Files \"*.js\">\nAllow from all\n</Files>\n")); foreach ($var_dirs as $k => $v) { if (!file_exists($v) || !is_dir($v)) { @unlink($v); func_mkdir($v); } if (!is_writable($v) || !is_dir($v)) { $dir_info = $display_critical_errors ? $v : ""; func_show_error_page("Cannot write data to the temporary directory {$dir_info}", "Please check if it exists, and has writable permissions."); } if (!empty($var_dirs_rules[$k]) && is_array($var_dirs_rules[$k])) { foreach ($var_dirs_rules[$k] as $f => $c) {
function cw_shipper_USPS($weight, $customer_id, $address, $debug, $cart) { global $config, $tables, $current_language; $USPS_username = $config['Shipping']['USPS_username']; $USPS_password = $config['Shipping']['USPS_password']; $USPS_servername = $config['Shipping']['USPS_servername']; $use_usps_https = false; if (empty($USPS_username) || empty($USPS_servername)) { return; } $USPS_FOUND = false; if (is_array($allowed_shipping_methods)) { foreach ($allowed_shipping_methods as $key => $value) { if ($value['code'] == "USPS") { $USPS_FOUND = true; break; } } } if (!$USPS_FOUND) { return; } cw_load('http', 'xml'); $pounds = 0; $ounces = ceil(round(cw_weight_in_grams($weight) / 28.35, 3)); if ($ounces < 1) { $ounces = 1; } $mailtype = $params['param00']; $package_size = $params['param01']; $machinable = $params['param02']; $container_express = $params['param03']; $container_priority = $params['param04']; if (!empty($container_express) && $container_express != 'None') { $container_express = "<Container>" . $container_express . "</Container>"; } else { $container_express = ""; } if (!empty($container_priority) && $container_priority != 'None') { $container_priority = "<Container>" . $container_priority . "</Container>"; } else { $container_priority = ""; } if ($address['country'] == 'PR' || $address['country'] == 'GU' || $address['country'] == 'VI') { $address['country'] = 'US'; } $dst_country = USPS_get_country($address['country']); if (empty($dst_country)) { $dst_country = cw_query_first_cell("SELECT value FROM {$tables['languages']} WHERE name = 'country_" . $address['country'] . "' AND code = '{$current_language}'"); } $USPS_file = $USPS_servername == "testing.shippingapis.com" ? "/ShippingAPITest.dll" : "/ShippingAPI.dll"; $hash = array(); if ($address['country'] != $config['Company']['country']) { # International shipping $query = <<<EOT <IntlRateRequest USERID="{$USPS_username}" PASSWORD="******"> <Package ID="0"> <Pounds>{$pounds}</Pounds> <Ounces>{$ounces}</Ounces> <MailType>{$mailtype}</MailType> <Country>{$dst_country}</Country> </Package> </IntlRateRequest> EOT; $md5_request = md5($query); if (cw_is_shipping_result_in_cache($md5_request) && $debug != "Y") { $rates = cw_get_shipping_result_from_cache($md5_request); return; } if ($use_usps_https) { $post = array("API=IntlRate", "XML=" . urlencode($query)); list($header, $result) = cw_https_request("GET", "https://" . $USPS_servername . ":443" . $USPS_file . "?API=IntlRate&XML=" . urlencode($query)); } else { list($header, $result) = cw_http_get_request($USPS_servername, $USPS_file, "API=IntlRate&XML=" . urlencode($query)); } $xml = cw_xml_parse($result, $err); # Get <Error> elemenet $err = cw_array_path($xml, "IntlRateResponse/Package/Error"); if (empty($err)) { # Get <Service> elements $packages = cw_array_path($xml, "IntlRateResponse/Package/Service"); if (!empty($packages) && is_array($packages)) { foreach ($packages as $p) { # Get shipping method name $sname = cw_array_path($p, "SvcDescription/0/#"); # Get rate $rate = cw_array_path($p, "Postage/0/#"); # Get comment #$comment = cw_array_path($p, "SvcCommitments/0/#"); if (empty($sname) || zerolen($rate)) { continue; } # Define shipping method $is_found = false; foreach ($allowed_shipping_methods as $sm) { if ($sm['code'] == "USPS" && $sm['destination'] == "I" && preg_match("/^" . preg_quote($sm['shipping'], "/") . "/S", "USPS " . $sname)) { if (!in_array($sm['subcode'], $hash)) { $rates[] = array("methodid" => $sm['subcode'], "rate" => $rate, "warning" => ""); $hash[] = $sm['subcode']; } $is_found = true; break; } } if (!$is_found) { # Add new shipping method cw_add_new_smethod("USPS " . $sname, "USPS", array("destination" => "I")); } } if ($debug != "Y") { cw_save_shipping_result_to_cache($md5_request, $rates); } } } } else { # Domestic shipping $ZO = $config['Company']['zipcode']; $ZD = $address['zipcode']; $query = <<<EOT <RateV2Request USERID="{$USPS_username}"> \t<Package ID="0"> \t\t<Service>EXPRESS</Service> \t\t<ZipOrigination>{$ZO}</ZipOrigination> \t\t<ZipDestination>{$ZD}</ZipDestination> \t\t<Pounds>{$pounds}</Pounds> \t\t<Ounces>{$ounces}</Ounces> \t\t{$container_express} \t\t<Size>{$package_size}</Size> \t</Package> \t<Package ID="1"> \t\t<Service>FIRST CLASS</Service> \t\t<ZipOrigination>{$ZO}</ZipOrigination> \t\t<ZipDestination>{$ZD}</ZipDestination> \t\t<Pounds>{$pounds}</Pounds> \t\t<Ounces>{$ounces}</Ounces> \t\t<Container>None</Container> \t\t<Size>{$package_size}</Size> \t</Package> \t<Package ID="2"> \t\t<Service>PRIORITY</Service> \t\t<ZipOrigination>{$ZO}</ZipOrigination> \t\t<ZipDestination>{$ZD}</ZipDestination> \t\t<Pounds>{$pounds}</Pounds> \t\t<Ounces>{$ounces}</Ounces> \t\t{$container_priority} \t\t<Size>{$package_size}</Size> \t</Package> \t<Package ID="3"> \t\t<Service>PARCEL</Service> \t\t<ZipOrigination>{$ZO}</ZipOrigination> \t\t<ZipDestination>{$ZD}</ZipDestination> \t\t<Pounds>{$pounds}</Pounds> \t\t<Ounces>{$ounces}</Ounces> \t\t<Container>None</Container> \t\t<Size>{$package_size}</Size> \t\t<Machinable>{$machinable}</Machinable> \t</Package> \t<Package ID="4"> \t\t<Service>BPM</Service> \t\t<ZipOrigination>{$ZO}</ZipOrigination> \t\t<ZipDestination>{$ZD}</ZipDestination> \t\t<Pounds>{$pounds}</Pounds> \t\t<Ounces>{$ounces}</Ounces> \t\t<Container>None</Container> \t\t<Size>{$package_size}</Size> \t</Package> \t<Package ID="5"> \t\t<Service>LIBRARY</Service> \t\t<ZipOrigination>{$ZO}</ZipOrigination> \t\t<ZipDestination>{$ZD}</ZipDestination> \t\t<Pounds>{$pounds}</Pounds> \t\t<Ounces>{$ounces}</Ounces> \t\t<Container>None</Container> \t\t<Size>{$package_size}</Size> \t</Package> \t<Package ID="6"> \t\t<Service>MEDIA</Service> \t\t<ZipOrigination>{$ZO}</ZipOrigination> \t\t<ZipDestination>{$ZD}</ZipDestination> \t\t<Pounds>{$pounds}</Pounds> \t\t<Ounces>{$ounces}</Ounces> \t\t<Container>None</Container> \t\t<Size>{$package_size}</Size> \t</Package> </RateV2Request> EOT; $md5_request = md5($query); if (cw_is_shipping_result_in_cache($md5_request) && $debug != "Y") { $rates = cw_get_shipping_result_from_cache($md5_request); return; } if ($use_usps_https) { $post = array("API=RateV2", "XML=" . urlencode($query)); list($header, $result) = cw_https_request("GET", "https://" . $USPS_servername . ":443" . $USPS_file . "?API=RateV2&XML=" . urlencode($query)); } else { list($header, $result) = cw_http_get_request($USPS_servername, $USPS_file, "API=RateV2&XML=" . urlencode($query)); } $xml = cw_xml_parse($result, $err); # Get <Package> elements $packages = cw_array_path($xml, "RateV2Response/Package"); if (is_array($packages)) { foreach ($packages as $p) { # Get <Error> element $err = cw_array_path($p, "Error"); if (!empty($err)) { continue; } # Get shipping method name $sname = cw_array_path($p, "Postage/MailService/0/#"); # Get rate $rate = cw_array_path($p, "Postage/Rate/0/#"); if (empty($sname) || zerolen($rate)) { continue; } # Define shipping method $is_found = false; foreach ($allowed_shipping_methods as $sm) { if ($sm['code'] == "USPS" && $sm['destination'] == "L" && preg_match("/^" . preg_quote($sm['shipping'], "/") . "/S", "USPS " . $sname)) { if (!in_array($sm['subcode'], $hash)) { $rates[] = array("methodid" => $sm['subcode'], "rate" => $rate, "warning" => ""); $hash[] = $sm['subcode']; } $is_found = true; break; } } if (!$is_found) { # Add new shipping method cw_add_new_smethod("USPS " . $sname, "USPS", array("destination" => "L")); } } if ($debug != "Y") { cw_save_shipping_result_to_cache($md5_request, $rates); } } // if (is_array($packages)) } }