Ejemplo n.º 1
0
/**
 * Searches text for unwanted tags and removes them
 *
 * @param string $text	String to purify
 * @return string	$text The purified text
 * @todo Remove and replace with the proper data filter and HTML Purifier
 */
function StopXSS($text)
{
    if (!is_array($text)) {
        $text = preg_replace("/\\(\\)/si", "", $text);
        $text = strip_tags($text);
        $text = str_replace(array("\"", ">", "<", "\\"), "", $text);
    } else {
        foreach ($text as $k => $t) {
            if (is_array($t)) {
                StopXSS($t);
            } else {
                $t = preg_replace("/\\(\\)/si", "", $t);
                $t = strip_tags($t);
                $t = str_replace(array("\"", ">", "<", "\\"), "", $t);
                $text[$k] = $t;
            }
        }
    }
    return $text;
}
Ejemplo n.º 2
0
<?php
/**
 * Administration of avatars
 *
 * @copyright	http://www.impresscms.org/ The ImpressCMS Project
 * @license		LICENSE.txt
 * @package		Administration
 * @subpackage	Avatars
 * @version		SVN: $Id: main.php 11285 2011-06-23 16:37:07Z phoenyx $
 */

if (!is_object(icms::$user) || !is_object($icmsModule) || !icms::$user->isAdmin($icmsModule->getVar('mid'))) {
	exit("Access Denied");
} else {
	if (!empty($_POST)) foreach ($_POST as $k => $v) ${$k} = StopXSS($v);
	if (!empty($_GET)) foreach ($_GET as $k => $v) ${$k} = StopXSS($v);
	$op = (isset($_GET['op'])) 
		? trim(filter_input(INPUT_GET, 'op'))
		: ((isset($_POST['op'])) 
			? trim(filter_input(INPUT_POST, 'op'))
			: 'list'
		);
	if ($op == 'list') {
		icms_loadLanguageFile('system', 'preferences', TRUE);
		icms_cp_header();
		echo '<div class="CPbigTitle" style="background-image: url(' 
			. ICMS_URL . '/modules/system/admin/avatars/images/avatars_big.png)">' 
			. _MD_AVATARMAN . '</div><br />';
		$avt_handler = icms::handler('icms_data_avatar');
		$savatar_count = $avt_handler->getCount(new icms_db_criteria_Item('avatar_type', 'S'));
		$cavatar_count = $avt_handler->getCount(new icms_db_criteria_Item('avatar_type', 'C'));
Ejemplo n.º 3
0
/**
 * Delete an image file after confirmation
 */
function imanager_delfileok($image_id, $redir = NULL) {
	global $target, $type;
	if (!empty($_POST)) foreach ($_POST as $k => $v) ${$k} = StopXSS($v);
	if (!icms::$security->check()) {
		redirect_header($_SERVER['SCRIPT_NAME'] . '?op=list&target=' . $target . '&type=' . $type, 3, implode('<br />', icms::$security->getErrors()));
	}
	$image_id = (int) $image_id;
	if ($image_id <= 0) {
		redirect_header($_SERVER['SCRIPT_NAME'] . '?op=list&target=' . $target . '&type=' . $type, 1);
	}
	$image_handler = icms::handler('icms_image');
	$image =& $image_handler->get($image_id);
	if (!is_object($image)) {
		redirect_header($_SERVER['SCRIPT_NAME'] . '?op=list&target=' . $target . '&type=' . $type, 1);
	}
	$imgcat_handler = icms::handler('icms_image_category');
	$imagecategory  =& $imgcat_handler->get($image->getVar('imgcat_id'));
	$categ_path = $imgcat_handler->getCategFolder($imagecategory);
	if (!$image_handler->delete($image)) {
		icmsPopupHeader();
		icms_core_Message::error(sprintf(_MD_FAILDEL, $image->getVar('image_id')));
		icmsPopupFooter();
		exit();
	}
	@unlink($categ_path . '/' . $image->getVar('image_name'));
	if (isset($redir)) {
		$redir = '?op=listimg&imgcat_id=' . $redir . '&target=' . $target . '&type=' . $type;
	} else {
		$redir = '?op=list&target=' . $target . '&type=' . $type;
	}
	redirect_header($_SERVER['SCRIPT_NAME'] . $redir, 2, _ICMS_DBUPDATED);
}
Ejemplo n.º 4
0
 */

if (!is_object(icms::$user) || !is_object($icmsModule) || !icms::$user->isAdmin($icmsModule->getVar('mid'))) {
	exit("Access Denied");
}

$allowedHTML = array('html');

if (!empty($_POST)) { 
	foreach ($_POST as $k => $v) { 
		if (!in_array($k,$allowedHTML)) {${$k} = StopXSS($v);} else {${$k} = $v;}
	}
}
if (!empty($_GET)) { 
	foreach ($_GET as $k => $v) { 
		if (!in_array($k,$allowedHTML)) {${$k} = StopXSS($v);} else {${$k} = $v;}
	}
}
$op = (isset($_GET['op']))
	? trim(filter_input(INPUT_GET, 'op'))
	: ((isset($_POST['op']))
		? trim(filter_input(INPUT_POST, 'op'))
		: 'list');

if ($op == 'edittpl_go') {
	if (isset($previewtpl)) {
		$op = 'previewtpl';
	}
}
$icmsAdminTpl = new icms_view_Tpl();
switch ($op) {
Ejemplo n.º 5
0
        $userrankObj->setVar("rank_id", 0);
        $sform = $userrankObj->getForm(_CO_ICMS_USERRANKS_CREATE, "adduserrank");
        $sform->assign($icmsAdminTpl);
        $icmsAdminTpl->assign("icms_userrank_title", _CO_ICMS_USERRANKS_CREATE_INFO);
        $icmsAdminTpl->display("db:admin/userrank/system_adm_userrank.html");
    }
}
$icms_userrank_handler = icms_getModuleHandler("userrank", "system");
if (!empty($_POST)) {
    foreach ($_POST as $k => $v) {
        ${$k} = StopXSS($v);
    }
}
if (!empty($_GET)) {
    foreach ($_GET as $k => $v) {
        ${$k} = StopXSS($v);
    }
}
$op = isset($_POST['op']) ? trim(filter_input(INPUT_POST, 'op')) : (isset($_GET['op']) ? trim(filter_input(INPUT_GET, 'op')) : '');
switch ($op) {
    case "mod":
        $rank_id = isset($_GET["rank_id"]) ? (int) $_GET["rank_id"] : 0;
        edituserrank(TRUE, $rank_id);
        break;
    case "clone":
        $rank_id = isset($_GET["rank_id"]) ? (int) $_GET["rank_id"] : 0;
        edituserrank(TRUE, $rank_id, TRUE);
        break;
    case "adduserrank":
        $controller = new icms_ipf_Controller($icms_userrank_handler);
        $controller->storeFromDefaultForm(_CO_ICMS_USERRANKS_CREATED, _CO_ICMS_USERRANKS_MODIFIED);
Ejemplo n.º 6
0
 /**
  * Set a config value
  *
  * @param	mixed   &$value Value
  * @param	bool    $force_slash
  */
 public function setConfValueForInput($value, $force_slash = false)
 {
     if ($this->getVar('conf_formtype') == 'textarea' && $this->getVar('conf_valuetype') !== 'array') {
         $value = icms_core_DataFilter::checkVar($value, 'html', 'input');
     } elseif ($this->getVar('conf_formtype') == 'textsarea' && $this->getVar('conf_valuetype') !== 'array') {
         $value = icms_core_DataFilter::checkVar($value, 'text', 'input');
     } elseif ($this->getVar('conf_formtype') == 'password') {
         $value = filter_var($value, FILTER_SANITIZE_URL);
     } else {
         $value = StopXSS($value);
     }
     switch ($this->getVar('conf_valuetype')) {
         case 'array':
             if (!is_array($value)) {
                 $value = explode('|', trim($value));
             }
             $this->setVar('conf_value', serialize($value), $force_slash);
             break;
         case 'text':
             $this->setVar('conf_value', trim($value), $force_slash);
             break;
         default:
             $this->setVar('conf_value', $value, $force_slash);
             break;
     }
 }
Ejemplo n.º 7
0
        $icmsAdminTpl->display('db:admin/adsense/system_adm_adsense.html');
    }
}
icms_loadLanguageFile('system', 'common');
$icms_adsense_handler = icms_getModuleHandler("adsense", "system");
if (!empty($_POST)) {
    foreach ($_POST as $k => $v) {
        ${$k} = StopXSS($v);
    }
}
if (!empty($_GET)) {
    foreach ($_GET as $k => $v) {
        ${$k} = StopXSS($v);
    }
}
$op = isset($_POST['op']) ? trim(StopXSS($_POST['op'])) : (isset($_GET['op']) ? trim(StopXSS($_GET['op'])) : '');
switch ($op) {
    case "mod":
        $adsenseid = isset($_GET['adsenseid']) ? (int) $_GET['adsenseid'] : 0;
        editadsense(TRUE, $adsenseid);
        break;
    case "clone":
        $adsenseid = isset($_GET['adsenseid']) ? (int) $_GET['adsenseid'] : 0;
        editadsense(TRUE, $adsenseid, TRUE);
        break;
    case "addadsense":
        $controller = new icms_ipf_Controller($icms_adsense_handler);
        $controller->storeFromDefaultForm(_CO_ICMS_ADSENSES_CREATED, _CO_ICMS_ADSENSES_MODIFIED);
        break;
    case "del":
        $controller = new icms_ipf_Controller($icms_adsense_handler);
Ejemplo n.º 8
0
		$sform->assign($icmsAdminTpl);
		$icmsAdminTpl->assign('icms_adsense_title', _CO_ICMS_ADSENSES_CREATE_INFO);
		$icmsAdminTpl->display('db:admin/adsense/system_adm_adsense.html');
	}
}

icms_loadLanguageFile('system', 'common');

$icms_adsense_handler = icms_getModuleHandler("adsense", "system");

if (!empty($_POST)) foreach ($_POST as $k => $v) ${$k} = StopXSS($v);
if (!empty($_GET)) foreach ($_GET as $k => $v) ${$k} = StopXSS($v);
$op = (isset($_POST['op'])) 
	? trim(StopXSS($_POST['op'])) 
	: ((isset($_GET['op'])) 
		? trim(StopXSS($_GET['op'])) 
		: '');

switch ($op) {
	case "mod":
		$adsenseid = isset($_GET['adsenseid']) ? (int) $_GET['adsenseid'] : 0 ;
		editadsense(TRUE, $adsenseid);
		break;

	case "clone":
		$adsenseid = isset($_GET['adsenseid']) ? (int) $_GET['adsenseid'] : 0 ;
		editadsense(TRUE, $adsenseid, TRUE);
		break;

	case "addadsense":
		$controller = new icms_ipf_Controller($icms_adsense_handler);
Ejemplo n.º 9
0
 * @copyright	http://www.impresscms.org/ The ImpressCMS Project
 * @license		http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU General Public License (GPL)
 * @package		Member
 * @subpackage	Users
 * @since		ImpressCMS 1.1
 * @author		Vaughan Montgomery <*****@*****.**>
 * @author		The ImpressCMS Project
 * @version		SVN: $Id: resetpass.php 21047 2011-03-14 15:52:14Z m0nty_ $
 */
$xoopsOption['pagetype'] = 'user';
include 'mainfile.php';
$email = isset($_GET['email']) ? trim(filter_input(INPUT_GET, 'email')) : (isset($_POST['email']) ? trim(filter_input(INPUT_POST, 'email')) : $email);
$username = isset($_GET['username']) ? trim(filter_input(INPUT_GET, 'username')) : (isset($_POST['username']) ? trim(filter_input(INPUT_POST, 'username')) : $username);
$c_password = isset($_GET['c_password']) ? trim(StopXSS($_GET['c_password'])) : (isset($_POST['c_password']) ? trim(StopXSS($_POST['c_password'])) : $c_password);
$password = isset($_GET['password']) ? trim(StopXSS($_GET['password'])) : (isset($_POST['password']) ? trim(StopXSS($_POST['password'])) : $password);
$password2 = isset($_GET['password2']) ? trim(StopXSS($_GET['password2'])) : (isset($_POST['password2']) ? trim(StopXSS($_POST['password2'])) : $password2);
global $icmsConfigUser;
if ($email == '' || $username == '') {
    redirect_header('user.php', 2, _US_SORRYNOTFOUND);
} elseif ($password == '' || $password2 == '') {
    redirect_header('user.php', 2, _US_SORRYMUSTENTERPASS);
}
if (isset($password) && $password !== $password2) {
    redirect_header('user.php', 2, _US_PASSNOTSAME);
} elseif ($password !== '' && strlen($password) < $icmsConfigUser['minpass']) {
    redirect_header('user.php', 2, sprintf(_US_PWDTOOSHORT, $icmsConfigUser['minpass']));
}
$member_handler = icms::handler('icms_member');
$getuser =& $member_handler->getUsers(new icms_db_criteria_Item('email', icms_core_DataFilter::addSlashes($email)));
if (empty($getuser)) {
    redirect_header('user.php', 2, _US_SORRYNOTFOUND);
Ejemplo n.º 10
0
define("CONTENT_IMAGES_URL", CONTENT_URL . 'images/');
define("CONTENT_ADMIN_URL", CONTENT_URL . 'admin/');
$mhandler = icms::handler('icms_module');
$xoopsModule = $mhandler->getByDirname(CONTENT_DIRNAME);
include_once ICMS_ROOT_PATH . '/modules/content/include/common.php';
$icmsModule = $xoopsModule;
icms_loadLanguageFile('content', 'common');
icms_loadLanguageFile('content', 'main');
$icmsModuleConfig = $contentConfig;
$content_content_handler = icms_getModuleHandler('content', 'content');
/** Again, use a naming convention that indicates the source of the content of the variable */
$clean_content_id = isset($_GET['content_id']) ? (int) $_GET['content_id'] : 0;
$page = isset($_GET['page']) ? trim(StopXSS($_GET['page'])) : (isset($_POST['page']) ? trim(StopXSS($_POST['page'])) : $clean_content_id);
if (!$page) {
    $path = isset($_SERVER['PATH_INFO']) && substr($_SERVER['PATH_INFO'], 0, 1) == '/' ? substr($_SERVER['PATH_INFO'], 1, strlen($_SERVER['PATH_INFO'])) : (isset($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : '');
    $path = trim(StopXSS($path));
    $params = explode('/', $path);
    if (count($params) > 0) {
        if ($params[0] == 'page') {
            $page = isset($params[1]) ? $params[1] : 0;
        } else {
            $page = $params[0];
        }
    }
}
if (!empty($page)) {
    $page = is_int($page) ? (int) $page : urlencode($page);
    $page = str_replace('-', ' ', $page);
    $criteria = $content_content_handler->getContentsCriteria(0, 1, false, false, $page, false, 'content_id', 'DESC');
    $content = $content_content_handler->getObjects($criteria);
    $contentObj = false;
Ejemplo n.º 11
0
            foreach ($avatarslist as $file => $name) {
                echo '<td><img src="uploads/' . $file . '" alt="' . $name . '" style="padding:10px; vertical-align:top;" />
						<br />' . $name . '<br />
						<input name="myimage" type="button" value="' . _SELECT . '" onclick="myimage_onclick(' . $counter . ')" />
						</td>';
                $counter++;
                $cntavs++;
                if ($cntavs > 8) {
                    echo '</tr><tr>';
                    $cntavs = 0;
                }
            }
            echo '</tr></table></form></div>';
            break;
        case 'friend':
            if (!icms::$security->check() || !isset($_POST['op']) || StopXSS($_POST['op']) == 'sendform') {
                if (icms::$user) {
                    $yname = icms::$user->getVar('uname', 'e');
                    $ymail = icms::$user->getVar('email', 'e');
                    $fname = '';
                    $fmail = '';
                } else {
                    $yname = '';
                    $ymail = '';
                    $fname = '';
                    $fmail = '';
                }
                printCheckForm();
                echo '</head><body>';
                echo "<div class='errorMsg'>" . implode('<br />', icms::$security->getErrors()) . "</div>";
                echo '<form action="' . ICMS_URL . '/misc.php" method="post" onsubmit="return checkForm();"><table  width="100%" class="outer" cellspacing="1"><tr><th colspan="2">' . _MSC_RECOMMENDSITE . '</th></tr>';
Ejemplo n.º 12
0
            ${$k} = StopXSS($v);
        } else {
            ${$k} = $v;
        }
    }
}
if (!empty($_GET)) {
    foreach ($_GET as $k => $v) {
        if (!in_array($k, $allowedHTML)) {
            ${$k} = StopXSS($v);
        } else {
            ${$k} = $v;
        }
    }
}
$op = isset($_GET['op']) ? trim(StopXSS($_GET['op'])) : (isset($_POST['op']) ? trim(StopXSS($_POST['op'])) : 'mod_users');
if (isset($_GET['op'])) {
    if (isset($_GET['uid'])) {
        $uid = (int) $_GET['uid'];
    }
}
switch ($op) {
    case 'modifyUser':
        modifyUser($uid);
        break;
    case 'updateUser':
        if (!icms::$security->check()) {
            redirect_header('admin.php?fct=users', 3, implode('<br />', icms::$security->getErrors()));
        }
        // RMV-NOTIFY
        $user_avatar = $theme = null;