/**
* Searches text for unwanted tags and removes them
*
* @param string $text String to purify
* @return string $text The purified text
* @todo Remove and replace with the proper data filter and HTML Purifier
*/
function StopXSS($text)
{
if (!is_array($text)) {
$text = preg_replace("/\\(\\)/si", "", $text);
$text = strip_tags($text);
$text = str_replace(array("\"", ">", "<", "\\"), "", $text);
} else {
foreach ($text as $k => $t) {
if (is_array($t)) {
StopXSS($t);
} else {
$t = preg_replace("/\\(\\)/si", "", $t);
$t = strip_tags($t);
$t = str_replace(array("\"", ">", "<", "\\"), "", $t);
$text[$k] = $t;
}
}
}
return $text;
}
<?php
/**
* Administration of avatars
*
* @copyright http://www.impresscms.org/ The ImpressCMS Project
* @license LICENSE.txt
* @package Administration
* @subpackage Avatars
* @version SVN: $Id: main.php 11285 2011-06-23 16:37:07Z phoenyx $
*/
if (!is_object(icms::$user) || !is_object($icmsModule) || !icms::$user->isAdmin($icmsModule->getVar('mid'))) {
exit("Access Denied");
} else {
if (!empty($_POST)) foreach ($_POST as $k => $v) ${$k} = StopXSS($v);
if (!empty($_GET)) foreach ($_GET as $k => $v) ${$k} = StopXSS($v);
$op = (isset($_GET['op']))
? trim(filter_input(INPUT_GET, 'op'))
: ((isset($_POST['op']))
? trim(filter_input(INPUT_POST, 'op'))
: 'list'
);
if ($op == 'list') {
icms_loadLanguageFile('system', 'preferences', TRUE);
icms_cp_header();
echo '<div class="CPbigTitle" style="background-image: url('
. ICMS_URL . '/modules/system/admin/avatars/images/avatars_big.png)">'
. _MD_AVATARMAN . '</div><br />';
$avt_handler = icms::handler('icms_data_avatar');
$savatar_count = $avt_handler->getCount(new icms_db_criteria_Item('avatar_type', 'S'));
$cavatar_count = $avt_handler->getCount(new icms_db_criteria_Item('avatar_type', 'C'));
/**
* Delete an image file after confirmation
*/
function imanager_delfileok($image_id, $redir = NULL) {
global $target, $type;
if (!empty($_POST)) foreach ($_POST as $k => $v) ${$k} = StopXSS($v);
if (!icms::$security->check()) {
redirect_header($_SERVER['SCRIPT_NAME'] . '?op=list&target=' . $target . '&type=' . $type, 3, implode('<br />', icms::$security->getErrors()));
}
$image_id = (int) $image_id;
if ($image_id <= 0) {
redirect_header($_SERVER['SCRIPT_NAME'] . '?op=list&target=' . $target . '&type=' . $type, 1);
}
$image_handler = icms::handler('icms_image');
$image =& $image_handler->get($image_id);
if (!is_object($image)) {
redirect_header($_SERVER['SCRIPT_NAME'] . '?op=list&target=' . $target . '&type=' . $type, 1);
}
$imgcat_handler = icms::handler('icms_image_category');
$imagecategory =& $imgcat_handler->get($image->getVar('imgcat_id'));
$categ_path = $imgcat_handler->getCategFolder($imagecategory);
if (!$image_handler->delete($image)) {
icmsPopupHeader();
icms_core_Message::error(sprintf(_MD_FAILDEL, $image->getVar('image_id')));
icmsPopupFooter();
exit();
}
@unlink($categ_path . '/' . $image->getVar('image_name'));
if (isset($redir)) {
$redir = '?op=listimg&imgcat_id=' . $redir . '&target=' . $target . '&type=' . $type;
} else {
$redir = '?op=list&target=' . $target . '&type=' . $type;
}
redirect_header($_SERVER['SCRIPT_NAME'] . $redir, 2, _ICMS_DBUPDATED);
}
*/
if (!is_object(icms::$user) || !is_object($icmsModule) || !icms::$user->isAdmin($icmsModule->getVar('mid'))) {
exit("Access Denied");
}
$allowedHTML = array('html');
if (!empty($_POST)) {
foreach ($_POST as $k => $v) {
if (!in_array($k,$allowedHTML)) {${$k} = StopXSS($v);} else {${$k} = $v;}
}
}
if (!empty($_GET)) {
foreach ($_GET as $k => $v) {
if (!in_array($k,$allowedHTML)) {${$k} = StopXSS($v);} else {${$k} = $v;}
}
}
$op = (isset($_GET['op']))
? trim(filter_input(INPUT_GET, 'op'))
: ((isset($_POST['op']))
? trim(filter_input(INPUT_POST, 'op'))
: 'list');
if ($op == 'edittpl_go') {
if (isset($previewtpl)) {
$op = 'previewtpl';
}
}
$icmsAdminTpl = new icms_view_Tpl();
switch ($op) {
$userrankObj->setVar("rank_id", 0);
$sform = $userrankObj->getForm(_CO_ICMS_USERRANKS_CREATE, "adduserrank");
$sform->assign($icmsAdminTpl);
$icmsAdminTpl->assign("icms_userrank_title", _CO_ICMS_USERRANKS_CREATE_INFO);
$icmsAdminTpl->display("db:admin/userrank/system_adm_userrank.html");
}
}
$icms_userrank_handler = icms_getModuleHandler("userrank", "system");
if (!empty($_POST)) {
foreach ($_POST as $k => $v) {
${$k} = StopXSS($v);
}
}
if (!empty($_GET)) {
foreach ($_GET as $k => $v) {
${$k} = StopXSS($v);
}
}
$op = isset($_POST['op']) ? trim(filter_input(INPUT_POST, 'op')) : (isset($_GET['op']) ? trim(filter_input(INPUT_GET, 'op')) : '');
switch ($op) {
case "mod":
$rank_id = isset($_GET["rank_id"]) ? (int) $_GET["rank_id"] : 0;
edituserrank(TRUE, $rank_id);
break;
case "clone":
$rank_id = isset($_GET["rank_id"]) ? (int) $_GET["rank_id"] : 0;
edituserrank(TRUE, $rank_id, TRUE);
break;
case "adduserrank":
$controller = new icms_ipf_Controller($icms_userrank_handler);
$controller->storeFromDefaultForm(_CO_ICMS_USERRANKS_CREATED, _CO_ICMS_USERRANKS_MODIFIED);
/**
* Set a config value
*
* @param mixed &$value Value
* @param bool $force_slash
*/
public function setConfValueForInput($value, $force_slash = false)
{
if ($this->getVar('conf_formtype') == 'textarea' && $this->getVar('conf_valuetype') !== 'array') {
$value = icms_core_DataFilter::checkVar($value, 'html', 'input');
} elseif ($this->getVar('conf_formtype') == 'textsarea' && $this->getVar('conf_valuetype') !== 'array') {
$value = icms_core_DataFilter::checkVar($value, 'text', 'input');
} elseif ($this->getVar('conf_formtype') == 'password') {
$value = filter_var($value, FILTER_SANITIZE_URL);
} else {
$value = StopXSS($value);
}
switch ($this->getVar('conf_valuetype')) {
case 'array':
if (!is_array($value)) {
$value = explode('|', trim($value));
}
$this->setVar('conf_value', serialize($value), $force_slash);
break;
case 'text':
$this->setVar('conf_value', trim($value), $force_slash);
break;
default:
$this->setVar('conf_value', $value, $force_slash);
break;
}
}
$icmsAdminTpl->display('db:admin/adsense/system_adm_adsense.html');
}
}
icms_loadLanguageFile('system', 'common');
$icms_adsense_handler = icms_getModuleHandler("adsense", "system");
if (!empty($_POST)) {
foreach ($_POST as $k => $v) {
${$k} = StopXSS($v);
}
}
if (!empty($_GET)) {
foreach ($_GET as $k => $v) {
${$k} = StopXSS($v);
}
}
$op = isset($_POST['op']) ? trim(StopXSS($_POST['op'])) : (isset($_GET['op']) ? trim(StopXSS($_GET['op'])) : '');
switch ($op) {
case "mod":
$adsenseid = isset($_GET['adsenseid']) ? (int) $_GET['adsenseid'] : 0;
editadsense(TRUE, $adsenseid);
break;
case "clone":
$adsenseid = isset($_GET['adsenseid']) ? (int) $_GET['adsenseid'] : 0;
editadsense(TRUE, $adsenseid, TRUE);
break;
case "addadsense":
$controller = new icms_ipf_Controller($icms_adsense_handler);
$controller->storeFromDefaultForm(_CO_ICMS_ADSENSES_CREATED, _CO_ICMS_ADSENSES_MODIFIED);
break;
case "del":
$controller = new icms_ipf_Controller($icms_adsense_handler);
$sform->assign($icmsAdminTpl);
$icmsAdminTpl->assign('icms_adsense_title', _CO_ICMS_ADSENSES_CREATE_INFO);
$icmsAdminTpl->display('db:admin/adsense/system_adm_adsense.html');
}
}
icms_loadLanguageFile('system', 'common');
$icms_adsense_handler = icms_getModuleHandler("adsense", "system");
if (!empty($_POST)) foreach ($_POST as $k => $v) ${$k} = StopXSS($v);
if (!empty($_GET)) foreach ($_GET as $k => $v) ${$k} = StopXSS($v);
$op = (isset($_POST['op']))
? trim(StopXSS($_POST['op']))
: ((isset($_GET['op']))
? trim(StopXSS($_GET['op']))
: '');
switch ($op) {
case "mod":
$adsenseid = isset($_GET['adsenseid']) ? (int) $_GET['adsenseid'] : 0 ;
editadsense(TRUE, $adsenseid);
break;
case "clone":
$adsenseid = isset($_GET['adsenseid']) ? (int) $_GET['adsenseid'] : 0 ;
editadsense(TRUE, $adsenseid, TRUE);
break;
case "addadsense":
$controller = new icms_ipf_Controller($icms_adsense_handler);
* @copyright http://www.impresscms.org/ The ImpressCMS Project
* @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU General Public License (GPL)
* @package Member
* @subpackage Users
* @since ImpressCMS 1.1
* @author Vaughan Montgomery <*****@*****.**>
* @author The ImpressCMS Project
* @version SVN: $Id: resetpass.php 21047 2011-03-14 15:52:14Z m0nty_ $
*/
$xoopsOption['pagetype'] = 'user';
include 'mainfile.php';
$email = isset($_GET['email']) ? trim(filter_input(INPUT_GET, 'email')) : (isset($_POST['email']) ? trim(filter_input(INPUT_POST, 'email')) : $email);
$username = isset($_GET['username']) ? trim(filter_input(INPUT_GET, 'username')) : (isset($_POST['username']) ? trim(filter_input(INPUT_POST, 'username')) : $username);
$c_password = isset($_GET['c_password']) ? trim(StopXSS($_GET['c_password'])) : (isset($_POST['c_password']) ? trim(StopXSS($_POST['c_password'])) : $c_password);
$password = isset($_GET['password']) ? trim(StopXSS($_GET['password'])) : (isset($_POST['password']) ? trim(StopXSS($_POST['password'])) : $password);
$password2 = isset($_GET['password2']) ? trim(StopXSS($_GET['password2'])) : (isset($_POST['password2']) ? trim(StopXSS($_POST['password2'])) : $password2);
global $icmsConfigUser;
if ($email == '' || $username == '') {
redirect_header('user.php', 2, _US_SORRYNOTFOUND);
} elseif ($password == '' || $password2 == '') {
redirect_header('user.php', 2, _US_SORRYMUSTENTERPASS);
}
if (isset($password) && $password !== $password2) {
redirect_header('user.php', 2, _US_PASSNOTSAME);
} elseif ($password !== '' && strlen($password) < $icmsConfigUser['minpass']) {
redirect_header('user.php', 2, sprintf(_US_PWDTOOSHORT, $icmsConfigUser['minpass']));
}
$member_handler = icms::handler('icms_member');
$getuser =& $member_handler->getUsers(new icms_db_criteria_Item('email', icms_core_DataFilter::addSlashes($email)));
if (empty($getuser)) {
redirect_header('user.php', 2, _US_SORRYNOTFOUND);
define("CONTENT_IMAGES_URL", CONTENT_URL . 'images/');
define("CONTENT_ADMIN_URL", CONTENT_URL . 'admin/');
$mhandler = icms::handler('icms_module');
$xoopsModule = $mhandler->getByDirname(CONTENT_DIRNAME);
include_once ICMS_ROOT_PATH . '/modules/content/include/common.php';
$icmsModule = $xoopsModule;
icms_loadLanguageFile('content', 'common');
icms_loadLanguageFile('content', 'main');
$icmsModuleConfig = $contentConfig;
$content_content_handler = icms_getModuleHandler('content', 'content');
/** Again, use a naming convention that indicates the source of the content of the variable */
$clean_content_id = isset($_GET['content_id']) ? (int) $_GET['content_id'] : 0;
$page = isset($_GET['page']) ? trim(StopXSS($_GET['page'])) : (isset($_POST['page']) ? trim(StopXSS($_POST['page'])) : $clean_content_id);
if (!$page) {
$path = isset($_SERVER['PATH_INFO']) && substr($_SERVER['PATH_INFO'], 0, 1) == '/' ? substr($_SERVER['PATH_INFO'], 1, strlen($_SERVER['PATH_INFO'])) : (isset($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : '');
$path = trim(StopXSS($path));
$params = explode('/', $path);
if (count($params) > 0) {
if ($params[0] == 'page') {
$page = isset($params[1]) ? $params[1] : 0;
} else {
$page = $params[0];
}
}
}
if (!empty($page)) {
$page = is_int($page) ? (int) $page : urlencode($page);
$page = str_replace('-', ' ', $page);
$criteria = $content_content_handler->getContentsCriteria(0, 1, false, false, $page, false, 'content_id', 'DESC');
$content = $content_content_handler->getObjects($criteria);
$contentObj = false;
foreach ($avatarslist as $file => $name) {
echo '<td><img src="uploads/' . $file . '" alt="' . $name . '" style="padding:10px; vertical-align:top;" />
<br />' . $name . '<br />
<input name="myimage" type="button" value="' . _SELECT . '" onclick="myimage_onclick(' . $counter . ')" />
</td>';
$counter++;
$cntavs++;
if ($cntavs > 8) {
echo '</tr><tr>';
$cntavs = 0;
}
}
echo '</tr></table></form></div>';
break;
case 'friend':
if (!icms::$security->check() || !isset($_POST['op']) || StopXSS($_POST['op']) == 'sendform') {
if (icms::$user) {
$yname = icms::$user->getVar('uname', 'e');
$ymail = icms::$user->getVar('email', 'e');
$fname = '';
$fmail = '';
} else {
$yname = '';
$ymail = '';
$fname = '';
$fmail = '';
}
printCheckForm();
echo '</head><body>';
echo "<div class='errorMsg'>" . implode('<br />', icms::$security->getErrors()) . "</div>";
echo '<form action="' . ICMS_URL . '/misc.php" method="post" onsubmit="return checkForm();"><table width="100%" class="outer" cellspacing="1"><tr><th colspan="2">' . _MSC_RECOMMENDSITE . '</th></tr>';
${$k} = StopXSS($v);
} else {
${$k} = $v;
}
}
}
if (!empty($_GET)) {
foreach ($_GET as $k => $v) {
if (!in_array($k, $allowedHTML)) {
${$k} = StopXSS($v);
} else {
${$k} = $v;
}
}
}
$op = isset($_GET['op']) ? trim(StopXSS($_GET['op'])) : (isset($_POST['op']) ? trim(StopXSS($_POST['op'])) : 'mod_users');
if (isset($_GET['op'])) {
if (isset($_GET['uid'])) {
$uid = (int) $_GET['uid'];
}
}
switch ($op) {
case 'modifyUser':
modifyUser($uid);
break;
case 'updateUser':
if (!icms::$security->check()) {
redirect_header('admin.php?fct=users', 3, implode('<br />', icms::$security->getErrors()));
}
// RMV-NOTIFY
$user_avatar = $theme = null;