if (strlen(trim($str)) == 0) { echo '<p>' . _e('Let JavaScript do what it is supposed to do!', 'simple-support-ticket-system') . '</p>'; echo '<p><form onsubmit="back();return false;"><input class="button" value="'; _e('Back', 'simple-support-ticket-system'); echo '" type="submit"></input></form></p>'; // abort script exit; } else { return true; } } // Check for invalid Text checkText($_POST["name"]); checkText($_POST["mail"]); checkText($_POST["title"]); checkText($_POST["problem"]); $absendername = stripslashes(sanitize_text_field($_POST["name"])); $absendermail = stripslashes(sanitize_email($_POST["mail"])); $title = stripslashes(sanitize_text_field($_POST["title"])); $problem = stripslashes(implode("\n", array_map('sanitize_text_field', explode("\n", $_POST['problem'])))); if (isset($_POST["rechner"])) { $rechner = stripslashes(sanitize_text_field($_POST["rechner"])); } else { $rechner = NULL; } if (isset($_POST["raum"])) { $raum = stripslashes(sanitize_text_field($_POST["raum"])); } else { $raum = NULL; } if (isset($_POST["telefon"])) {
***************************************************************/ /************************************************************** Call: check_text.php?... op=Check ... do the check Check (parse & split) a Text (into sentences/words) ***************************************************************/ include "connect.inc.php"; include "settings.inc.php"; include "utilities.inc.php"; pagestart('Check a Text', true); if (isset($_REQUEST['op'])) { echo '<p><input type="button" value="<< Back" onclick="history.back();" /></p>'; if (strlen(prepare_textdata($_REQUEST['TxText'])) > 65000) { echo "<p>Error: Text too long, must be below 65000 Bytes.</p>"; } else { echo checkText($_REQUEST['TxText'], $_REQUEST['TxLgID']); } echo '<p><input type="button" value="<< Back" onclick="history.back();" /></p>'; } else { ?> <form class="validate" action="<?php echo $_SERVER['PHP_SELF']; ?> " method="post"> <table class="tab3" cellspacing="0" cellpadding="5"> <tr> <td class="td1 right">Language:</td> <td class="td1"> <select name="TxLgID" class="notempty setfocus"> <?php echo get_languages_selectoptions(getSetting('currentlanguage'), '[Choose...]');
/** * Creates a form in order to change the password - if the authcode is valid * * @return string */ protected function actionPwdReset() { $strReturn = ""; if (!validateSystemid($this->getParam("systemid"))) { return $this->getLang("login_change_error", "user"); } $objUser = new class_module_user_user($this->getParam("systemid")); if ($objUser->getStrAuthcode() != "" && $this->getParam("authcode") == $objUser->getStrAuthcode() && $objUser->getStrUsername() != "") { if ($this->getParam("reset") == "") { //Loading a small form to change the password $strTemplateID = $this->objTemplate->readTemplate("/elements.tpl", "login_form"); $arrTemplate = array(); $strForm = ""; $strForm .= $this->objToolkit->getTextRow($this->getLang("login_password_form_intro", "user")); $strForm .= $this->objToolkit->formHeader(class_link::getLinkAdminHref($this->getArrModule("modul"), "pwdReset")); $strForm .= $this->objToolkit->formInputText("username", $this->getLang("login_loginUser", "user"), "", "inputTextShort"); $strForm .= $this->objToolkit->formInputPassword("password1", $this->getLang("login_loginPass", "user"), "", "inputTextShort"); $strForm .= $this->objToolkit->formInputPassword("password2", $this->getLang("login_loginPass2", "user"), "", "inputTextShort"); $strForm .= $this->objToolkit->formInputSubmit($this->getLang("login_changeButton", "user"), "", "", "inputSubmitShort"); $strForm .= $this->objToolkit->formInputHidden("reset", "reset"); $strForm .= $this->objToolkit->formInputHidden("authcode", $this->getParam("authcode")); $strForm .= $this->objToolkit->formInputHidden("systemid", $this->getParam("systemid")); $strForm .= $this->objToolkit->formClose(); $arrTemplate["form"] = $strForm; $arrTemplate["loginTitle"] = $this->getLang("login_loginTitle", "user"); $arrTemplate["loginJsInfo"] = $this->getLang("login_loginJsInfo", "user"); $arrTemplate["loginCookiesInfo"] = $this->getLang("login_loginCookiesInfo", "user"); //An error occurred? if ($this->getParam("loginerror") == 1) { $arrTemplate["error"] = $this->getLang("login_loginError", "user"); } $strReturn = $this->objTemplate->fillTemplate($arrTemplate, $strTemplateID); } else { //check the submitted passwords. $strPass1 = trim($this->getParam("password1")); $strPass2 = trim($this->getParam("password2")); if ($strPass1 == $strPass2 && checkText($strPass1, 3, 200) && $objUser->getStrUsername() == $this->getParam("username")) { if ($objUser->getObjSourceUser()->isPasswordResettable() && method_exists($objUser->getObjSourceUser(), "setStrPass")) { $objUser->getObjSourceUser()->setStrPass($strPass1); $objUser->getObjSourceUser()->updateObjectToDb(); } $objUser->setStrAuthcode(""); $objUser->updateObjectToDb(); class_logger::getInstance()->addLogRow("changed password of user " . $objUser->getStrUsername(), class_logger::$levelInfo); $strReturn .= $this->getLang("login_change_success", "user"); } else { $strReturn .= $this->getLang("login_change_error", "user"); } } } else { $strReturn .= $this->getLang("login_change_error", "user"); } return $strReturn; }
/** * Validates e-mail input. Method is modified based on com_contact's _validateInputs. * * @param String|Array $email Email address * @param String $subject Email subject * @param String $body Email body * @return Boolean * @access public * @since 2.1 */ function validateInputs($email, $subject, $body) { global $mtconf; $document =& JFactory::getDocument(); // Prevent form submission if one of the banned text is discovered in the email field if (false === checkText($email, $mtconf->get('banned_email'))) { $document->setError(JText::sprintf('Mesghasbannedtext', 'Email')); return false; } // Prevent form submission if one of the banned text is discovered in the subject field if (false === checkText($subject, $mtconf->get('banned_subject'))) { $document->setError(JText::sprintf('Mesghasbannedtext', 'Subject')); return false; } // Prevent form submission if one of the banned text is discovered in the text field if (false === checkText($body, $mtconf->get('banned_text'))) { $document->setError(JText::sprintf('Mesghasbannedtext', 'Message')); return false; } // test to ensure that only one email address is entered if (is_string($email)) { $check = explode('@', $email); if (strpos($email, ';') || strpos($email, ',') || strpos($email, ' ') || count($check) > 2) { $document->setError(JText::_('You cannot enter more than one email address', true)); return false; } } return true; }
<?php // Zugriff einschränken defined('ABSPATH') or die('No script kiddies please!'); // Um $wpdb nutzen zu können global $wpdb; $prob = sanitize_text_field($_POST["problem"]); checkText($prob); $opt1 = sanitize_text_field($_POST["opt1"]); $opt2 = sanitize_text_field($_POST["opt2"]); $opt3 = sanitize_text_field($_POST["opt3"]); $datepicker = sanitize_text_field($_POST["datepicker"]); $take = implode("\n", array_map('sanitize_text_field', explode("\n", $_POST['take']))); $done = implode("\n", array_map('sanitize_text_field', explode("\n", $_POST['done']))); $answer = implode("\n", array_map('sanitize_text_field', explode("\n", $_POST['answer']))); $wpdb->query($wpdb->prepare("UPDATE {$wpdb->prefix}sts_options SET ts_value = CASE \n WHEN ts_option = 'problem' THEN %s\n\tWHEN ts_option = 'opt_field_1' THEN %s\n WHEN ts_option = 'opt_field_2' THEN %s\n WHEN ts_option = 'opt_field_3' THEN %s\n WHEN ts_option = 'datepicker' THEN %s\n WHEN ts_option = 'mail_take' THEN %s\n WHEN ts_option = 'mail_done' THEN %s\n WHEN ts_option = 'mail_answer' THEN %s\n\tELSE ts_value\nEND", $prob, $opt1, $opt2, $opt3, $datepicker, $take, $done, $answer)); // Check if JavaScript is manipulated function checkText($str) { if (strlen(trim($str)) == 0) { echo '<p>' . _e('Let JavaScript do what it is supposed to do!', 'simple-support-ticket-system') . '</p>'; echo '<p><form onsubmit="back();return false;"><input class="button" value="'; _e('Back', 'simple-support-ticket-system'); echo '" type="submit"></input></form></p>'; // abort script exit; } else { return true; } } ?>