$errmsg = '';
if (isset($_POST['qtext'])) {
require "../includes/filehandler.php";
$now = time();
$_POST['qtext'] = stripsmartquotes(stripslashes($_POST['qtext']));
$_POST['control'] = addslashes(stripsmartquotes(stripslashes($_POST['control'])));
$_POST['qcontrol'] = addslashes(stripsmartquotes(stripslashes($_POST['qcontrol'])));
$_POST['solution'] = stripsmartquotes(stripslashes($_POST['solution']));
$_POST['qtext'] = preg_replace('/<span\\s+class="AM"[^>]*>(.*?)<\\/span>/sm', '$1', $_POST['qtext']);
$_POST['solution'] = preg_replace('/<span\\s+class="AM"[^>]*>(.*?)<\\/span>/sm', '$1', $_POST['solution']);
if (trim($_POST['solution']) == '<p></p>') {
$_POST['solution'] = '';
}
if (strpos($_POST['qtext'], 'data:image') !== false) {
require "../includes/htmLawed.php";
$_POST['qtext'] = convertdatauris($_POST['qtext']);
}
$_POST['qtext'] = addslashes($_POST['qtext']);
$_POST['solution'] = addslashes($_POST['solution']);
//handle help references
if (isset($_GET['id']) || isset($_GET['templateid'])) {
if (isset($_GET['id'])) {
$query = "SELECT extref FROM imas_questionset WHERE id='{$_GET['id']}'";
} else {
$query = "SELECT extref FROM imas_questionset WHERE id='{$_GET['templateid']}'";
}
$result = mysql_query($query) or die("Query failed :{$query} " . mysql_error());
$extref = mysql_result($result, 0, 0);
if ($extref == '') {
$extref = array();
} else {
function htmLawed($t, $C = 1, $S = array())
{
$t = convertdatauris($t);
$C = is_array($C) ? $C : array();
if (!empty($C['valid_xhtml'])) {
$C['elements'] = empty($C['elements']) ? '*-acronym-big-center-dir-font-isindex-s-strike-tt' : $C['elements'];
$C['make_tag_strict'] = isset($C['make_tag_strict']) ? $C['make_tag_strict'] : 2;
$C['xml:lang'] = isset($C['xml:lang']) ? $C['xml:lang'] : 2;
}
// config eles
$e = array('a' => 1, 'abbr' => 1, 'acronym' => 1, 'address' => 1, 'applet' => 1, 'area' => 1, 'article' => 1, 'aside' => 1, 'audio' => 1, 'b' => 1, 'bdi' => 1, 'bdo' => 1, 'big' => 1, 'blockquote' => 1, 'br' => 1, 'button' => 1, 'canvas' => 1, 'caption' => 1, 'center' => 1, 'cite' => 1, 'code' => 1, 'col' => 1, 'colgroup' => 1, 'command' => 1, 'data' => 1, 'datalist' => 1, 'dd' => 1, 'del' => 1, 'details' => 1, 'dfn' => 1, 'dir' => 1, 'div' => 1, 'dl' => 1, 'dt' => 1, 'em' => 1, 'embed' => 1, 'fieldset' => 1, 'figcaption' => 1, 'figure' => 1, 'font' => 1, 'footer' => 1, 'form' => 1, 'h1' => 1, 'h2' => 1, 'h3' => 1, 'h4' => 1, 'h5' => 1, 'h6' => 1, 'header' => 1, 'hgroup' => 1, 'hr' => 1, 'i' => 1, 'iframe' => 1, 'img' => 1, 'input' => 1, 'ins' => 1, 'isindex' => 1, 'kbd' => 1, 'keygen' => 1, 'label' => 1, 'legend' => 1, 'li' => 1, 'link' => 1, 'main' => 1, 'map' => 1, 'mark' => 1, 'menu' => 1, 'meta' => 1, 'meter' => 1, 'nav' => 1, 'noscript' => 1, 'object' => 1, 'ol' => 1, 'optgroup' => 1, 'option' => 1, 'output' => 1, 'p' => 1, 'param' => 1, 'pre' => 1, 'progress' => 1, 'q' => 1, 'rb' => 1, 'rbc' => 1, 'rp' => 1, 'rt' => 1, 'rtc' => 1, 'ruby' => 1, 's' => 1, 'samp' => 1, 'script' => 1, 'section' => 1, 'select' => 1, 'small' => 1, 'source' => 1, 'span' => 1, 'strike' => 1, 'strong' => 1, 'style' => 1, 'sub' => 1, 'summary' => 1, 'sup' => 1, 'table' => 1, 'tbody' => 1, 'td' => 1, 'textarea' => 1, 'tfoot' => 1, 'th' => 1, 'thead' => 1, 'time' => 1, 'tr' => 1, 'track' => 1, 'tt' => 1, 'u' => 1, 'ul' => 1, 'var' => 1, 'video' => 1, 'wbr' => 1);
// 118 incl. deprecated & some Ruby
if (!empty($C['safe'])) {
unset($e['applet'], $e['audio'], $e['canvas'], $e['embed'], $e['iframe'], $e['object'], $e['script'], $e['video']);
}
$x = !empty($C['elements']) ? str_replace(array("\n", "\r", "\t", ' '), '', $C['elements']) : '*';
if ($x == '-*') {
$e = array();
} elseif (strpos($x, '*') === false) {
$e = array_flip(explode(',', $x));
} else {
if (isset($x[1])) {
preg_match_all('`(?:^|-|\\+)[^\\-+]+?(?=-|\\+|$)`', $x, $m, PREG_SET_ORDER);
for ($i = count($m); --$i >= 0;) {
$m[$i] = $m[$i][0];
}
foreach ($m as $v) {
if ($v[0] == '+') {
$e[substr($v, 1)] = 1;
}
if ($v[0] == '-' && isset($e[$v = substr($v, 1)]) && !in_array('+' . $v, $m)) {
unset($e[$v]);
}
}
}
}
$C['elements'] =& $e;
// config attrs
$x = !empty($C['deny_attribute']) ? str_replace(array("\n", "\r", "\t", ' '), '', $C['deny_attribute']) : '';
$x = array_flip(isset($x[0]) && $x[0] == '*' ? explode('-', $x) : explode(',', $x . (!empty($C['safe']) ? ',on*' : '')));
if (isset($x['on*'])) {
unset($x['on*']);
$x += array('onabort' => 1, 'onblur' => 1, 'oncanplay' => 1, 'oncanplaythrough' => 1, 'onchange' => 1, 'onclick' => 1, 'oncontextmenu' => 1, 'oncuechange' => 1, 'ondblclick' => 1, 'ondrag' => 1, 'ondragend' => 1, 'ondragenter' => 1, 'ondragleave' => 1, 'ondragover' => 1, 'ondragstart' => 1, 'ondrop' => 1, 'ondurationchange' => 1, 'onemptied' => 1, 'onended' => 1, 'onerror' => 1, 'onfocus' => 1, 'oninput' => 1, 'oninvalid' => 1, 'onkeydown' => 1, 'onkeypress' => 1, 'onkeyup' => 1, 'onload' => 1, 'onloadeddata' => 1, 'onloadedmetadata' => 1, 'onloadstart' => 1, 'onmousedown' => 1, 'onmousemove' => 1, 'onmouseout' => 1, 'onmouseover' => 1, 'onmouseup' => 1, 'onmousewheel' => 1, 'onpause' => 1, 'onplay' => 1, 'onplaying' => 1, 'onprogress' => 1, 'onratechange' => 1, 'onreadystatechange' => 1, 'onreset' => 1, 'onscroll' => 1, 'onseeked' => 1, 'onseeking' => 1, 'onselect' => 1, 'onshow' => 1, 'onstalled' => 1, 'onsubmit' => 1, 'onsuspend' => 1, 'ontimeupdate' => 1, 'onvolumechange' => 1, 'onwaiting' => 1);
}
$C['deny_attribute'] = $x;
// config URL
$x = isset($C['schemes'][2]) && strpos($C['schemes'], ':') ? strtolower($C['schemes']) : 'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; *:file, http, https';
$C['schemes'] = array();
foreach (explode(';', str_replace(array(' ', "\t", "\r", "\n"), '', $x)) as $v) {
$x = $x2 = null;
list($x, $x2) = explode(':', $v, 2);
if ($x2) {
$C['schemes'][$x] = array_flip(explode(',', $x2));
}
}
if (!isset($C['schemes']['*'])) {
$C['schemes']['*'] = array('file' => 1, 'http' => 1, 'https' => 1);
}
if (!empty($C['safe']) && empty($C['schemes']['style'])) {
$C['schemes']['style'] = array('!' => 1);
}
$C['abs_url'] = isset($C['abs_url']) ? $C['abs_url'] : 0;
if (!isset($C['base_url']) or !preg_match('`^[a-zA-Z\\d.+\\-]+://[^/]+/(.+?/)?$`', $C['base_url'])) {
$C['base_url'] = $C['abs_url'] = 0;
}
// config rest
$C['and_mark'] = empty($C['and_mark']) ? 0 : 1;
$C['anti_link_spam'] = isset($C['anti_link_spam']) && is_array($C['anti_link_spam']) && count($C['anti_link_spam']) == 2 && (empty($C['anti_link_spam'][0]) or hl_regex($C['anti_link_spam'][0])) && (empty($C['anti_link_spam'][1]) or hl_regex($C['anti_link_spam'][1])) ? $C['anti_link_spam'] : 0;
$C['anti_mail_spam'] = isset($C['anti_mail_spam']) ? $C['anti_mail_spam'] : 0;
$C['balance'] = isset($C['balance']) ? (bool) $C['balance'] : 1;
$C['cdata'] = isset($C['cdata']) ? $C['cdata'] : (empty($C['safe']) ? 3 : 0);
$C['clean_ms_char'] = empty($C['clean_ms_char']) ? 0 : $C['clean_ms_char'];
$C['comment'] = isset($C['comment']) ? $C['comment'] : (empty($C['safe']) ? 3 : 0);
$C['css_expression'] = empty($C['css_expression']) ? 0 : 1;
$C['direct_list_nest'] = empty($C['direct_list_nest']) ? 0 : 1;
$C['hexdec_entity'] = isset($C['hexdec_entity']) ? $C['hexdec_entity'] : 1;
$C['hook'] = !empty($C['hook']) && function_exists($C['hook']) ? $C['hook'] : 0;
$C['hook_tag'] = !empty($C['hook_tag']) && function_exists($C['hook_tag']) ? $C['hook_tag'] : 0;
$C['keep_bad'] = isset($C['keep_bad']) ? $C['keep_bad'] : 6;
$C['lc_std_val'] = isset($C['lc_std_val']) ? (bool) $C['lc_std_val'] : 1;
$C['make_tag_strict'] = isset($C['make_tag_strict']) ? $C['make_tag_strict'] : 1;
$C['named_entity'] = isset($C['named_entity']) ? (bool) $C['named_entity'] : 1;
$C['no_deprecated_attr'] = isset($C['no_deprecated_attr']) ? $C['no_deprecated_attr'] : 1;
$C['parent'] = isset($C['parent'][0]) ? strtolower($C['parent']) : 'body';
$C['show_setting'] = !empty($C['show_setting']) ? $C['show_setting'] : 0;
$C['style_pass'] = empty($C['style_pass']) ? 0 : 1;
$C['tidy'] = empty($C['tidy']) ? 0 : $C['tidy'];
$C['unique_ids'] = isset($C['unique_ids']) && !preg_match('`\\W`', $C['unique_ids']) ? $C['unique_ids'] : 1;
$C['xml:lang'] = isset($C['xml:lang']) ? $C['xml:lang'] : 0;
if (isset($GLOBALS['C'])) {
$reC = $GLOBALS['C'];
}
$GLOBALS['C'] = $C;
$S = is_array($S) ? $S : hl_spec($S);
if (isset($GLOBALS['S'])) {
$reS = $GLOBALS['S'];
}
$GLOBALS['S'] = $S;
$t = preg_replace('`[\\x00-\\x08\\x0b-\\x0c\\x0e-\\x1f]`', '', $t);
if ($C['clean_ms_char']) {
$x = array("" => '', "�" => '€', "�" => '', "�" => 'ƒ', "�" => '…', "�" => '†', "�" => '‡', "�" => 'ˆ', "�" => '‰', "�" => 'Š', "�" => '‹', "�" => 'Œ', "�" => '', "�" => 'Ž', "�" => '', "�" => '', "�" => '•', "�" => '–', "�" => '—', "�" => '˜', "�" => '™', "�" => 'š', "�" => '›', "�" => 'œ', "�" => '', "�" => 'ž', "�" => 'Ÿ');
$x = $x + ($C['clean_ms_char'] == 1 ? array("�" => '‚', "�" => '„', "�" => '‘', "�" => '’', "�" => '“', "�" => '”') : array("�" => '\'', "�" => '"', "�" => '\'', "�" => '\'', "�" => '"', "�" => '"'));
$t = strtr($t, $x);
}
if ($C['cdata'] or $C['comment']) {
$t = preg_replace_callback('`<!(?:(?:--.*?--)|(?:\\[CDATA\\[.*?\\]\\]))>`sm', 'hl_cmtcd', $t);
}
$t = preg_replace_callback('`&([a-zA-Z][a-zA-Z0-9]{1,30}|#(?:[0-9]{1,8}|[Xx][0-9A-Fa-f]{1,7}));`', 'hl_ent', str_replace('&', '&', $t));
if ($C['unique_ids'] && !isset($GLOBALS['hl_Ids'])) {
$GLOBALS['hl_Ids'] = array();
}
if ($C['hook']) {
$t = $C['hook']($t, $C, $S);
}
if ($C['show_setting'] && preg_match('`^[a-z][a-z0-9_]*$`i', $C['show_setting'])) {
$GLOBALS[$C['show_setting']] = array('config' => $C, 'spec' => $S, 'time' => microtime());
}
// main
$t = preg_replace_callback('`<(?:(?:\\s|$)|(?:[^>]*(?:>|$)))|>`m', 'hl_tag', $t);
$t = $C['balance'] ? hl_bal($t, $C['keep_bad'], $C['parent']) : $t;
$t = ($C['cdata'] or $C['comment']) && strpos($t, "") !== false ? str_replace(array("", "", "", "", ""), array('', '', '&', '<', '>'), $t) : $t;
$t = $C['tidy'] ? hl_tidy($t, $C['tidy'], $C['parent']) : $t;
unset($C, $e);
if (isset($reC)) {
$GLOBALS['C'] = $reC;
}
if (isset($reS)) {
$GLOBALS['S'] = $reS;
}
return $t;
// eof
}
