function html_purify($dirty_html, $config = FALSE) { require_once APPPATH . 'third_party/htmlpurifier-4.6.0-standalone/HTMLPurifier.standalone.php'; if (is_array($dirty_html)) { foreach ($dirty_html as $key => $val) { $clean_html[$key] = html_purify($val, $config); } } else { $ci =& get_instance(); switch ($config) { //settings for rhe WYSIWYG case 'comment': $config = HTMLPurifier_Config::createDefault(); $config->set('Core.Encoding', $ci->config->item('charset')); $config->set('HTML.Doctype', 'XHTML 1.0 Strict'); $config->set('HTML.Allowed', 'a[href|title],img[title|src|alt],em,strong,cite,blockquote,code,ul,ol,li,dl,dt,dd,p,br,h1,h2,h3,h4,h5,h6,span,*[style]'); $config->set('AutoFormat.AutoParagraph', TRUE); $config->set('AutoFormat.Linkify', TRUE); $config->set('AutoFormat.RemoveEmpty', TRUE); break; case FALSE: $config = HTMLPurifier_Config::createDefault(); $config->set('Core.Encoding', $ci->config->item('charset')); $config->set('HTML.Doctype', 'XHTML 1.0 Strict'); break; default: show_error('The HTMLPurifier configuration labeled "' . htmlentities($config, ENT_QUOTES, 'UTF-8') . '" could not be found.'); } $purifier = new HTMLPurifier($config); $clean_html = $purifier->purify($dirty_html); } return $clean_html; }
/** * Methode to compile a Smarty template * * @param $_content template source * @return bool true if compiling succeeded, false if it failed */ protected function doCompile($_content) { /* here is where the compiling takes place. Smarty tags in the templates are replaces with PHP code, then written to compiled files. */ // init the lexer/parser to compile the template $this->lex = new $this->lexer_class($_content, $this); $this->parser = new $this->parser_class($this->lex, $this); if (isset($this->smarty->_parserdebug)) $this->parser->PrintTrace(); // get tokens from lexer and parse them while ($this->lex->yylex() && !$this->abort_and_recompile) { if (isset($this->smarty->_parserdebug)) echo "<pre>Line {$this->lex->line} Parsing {$this->parser->yyTokenName[$this->lex->token]} Token " . htmlentities($this->lex->value) . "</pre>"; $this->parser->doParse($this->lex->token, $this->lex->value); } if ($this->abort_and_recompile) { // exit here on abort return false; } // finish parsing process $this->parser->doParse(0, 0); // check for unclosed tags if (count($this->_tag_stack) > 0) { // get stacked info list($_open_tag, $_data) = array_pop($this->_tag_stack); $this->trigger_template_error("unclosed {" . $_open_tag . "} tag"); } // return compiled code // return str_replace(array("? >\n<?php","? ><?php"), array('',''), $this->parser->retvalue); return $this->parser->retvalue; }
public static function toXml($data, $rootNodeName = 'data', $xml = null) { // turn off compatibility mode as simple xml throws a wobbly if you don't. if (ini_get('zend.ze1_compatibility_mode') == 1) { ini_set('zend.ze1_compatibility_mode', 0); } if ($xml == null) { $xml = simplexml_load_string("<?xml version='1.0' encoding='utf-8'?><{$rootNodeName} />"); } // loop through the data passed in. foreach ($data as $key => $value) { // no numeric keys in our xml please! if (is_numeric($key)) { // make string key... $key = "child_" . (string) $key; } // replace anything not alpha numeric $key = preg_replace('/[^a-z]/i', '', $key); // if there is another array found recrusively call this function if (is_array($value)) { $node = $xml->addChild($key); // recrusive call. ArrayToXML::toXml($value, $rootNodeName, $node); } else { // add single node. $value = htmlentities($value); $xml->addChild($key, $value); } } // pass back as string. or simple xml object if you want! return $xml->asXML(); }
public function addeditBanner($Data, $id) { if ($id == 0) { $fields = 'title'; $_POST['md_title'] = htmlentities($_POST['md_title'], ENT_QUOTES); $_POST['md_description'] = htmlentities($_POST['md_description'], ENT_QUOTES); if ($_FILES['db_background']['name'] != '') { $fileName = removeUnsed($_FILES['db_background']['name']); move_uploaded_file($_FILES['db_background']['tmp_name'], UPLOAD_ROOT_PATH . $fileName); $FileNameArray = pathinfo('upload/' . $fileName); mpeg2flv('upload/' . $fileName, $FileNameArray['filename']); $_POST['db_background'] = $fileName; $fields .= ', background'; //$fieldValues .=",'".htmlspecialchars($_POST['db_background'],ENT_QUOTES)."'"; $_POST['db_background'] = htmlentities($_POST['db_background'], ENT_QUOTES); } } else { if (isset($_POST['video_name'])) { $_POST['db_background'] = $_POST['video_name']; } } $query = $this->db->query("select title from tbl_banner where id!=" . $id . " and title='" . $Data['md_title'] . "'"); $RsCount = $query->result_array(); if (count($RsCount) == 0) { if ($id == 0) { $this->insertFormContent(); } else { $this->updateFormContent($id); } return $id; } else { return 0; } }
public static function msg($msg, $type) { $core = core::getInstance(); if (ROOT == './') { $class = array('error' => 'error', 'success' => 'success', 'info' => 'info', 'warning' => 'warning'); if (!isset($class[$type])) { $type = 'info'; } $data = ''; eval($core->callHook('startShowMsg')); if ($msg != '') { $data = '<div id="msg" class="' . $class[$type] . '"><p>' . nl2br(htmlentities($msg)) . '</p></div>'; } } else { $class = array('error' => 'alert', 'success' => 'success', 'info' => 'info', 'warning' => 'warning'); if (!isset($class[$type])) { $type = 'info'; } $data = ''; eval($core->callHook('startShowMsg')); if ($msg != '') { $data = '<div data-alert class="alert-box ' . $class[$type] . ' radius"> <p>' . nl2br(htmlentities($msg)) . '</p><a href="#" class="close">×</a> </div>'; } } eval($core->callHook('endShowMsg')); echo $data; }
/** * Prints one ore more errormessages on screen * * @param array Errormessages * @param string A %s in the errormessage will be replaced by this string. * @author Florian Lippert <*****@*****.**> * @author Ron Brand <*****@*****.**> */ function standard_error($errors = '', $replacer = '') { global $userinfo, $s, $header, $footer, $lng, $theme; $_SESSION['requestData'] = $_POST; $replacer = htmlentities($replacer); if (!is_array($errors)) { $errors = array($errors); } $link = ''; if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST']) !== false) { $link = '<a href="' . htmlentities($_SERVER['HTTP_REFERER']) . '">' . $lng['panel']['back'] . '</a>'; } $error = ''; foreach ($errors as $single_error) { if (isset($lng['error'][$single_error])) { $single_error = $lng['error'][$single_error]; $single_error = strtr($single_error, array('%s' => $replacer)); } else { $error = 'Unknown Error (' . $single_error . '): ' . $replacer; break; } if (empty($error)) { $error = $single_error; } else { $error .= ' ' . $single_error; } } eval("echo \"" . getTemplate('misc/error', '1') . "\";"); exit; }
function get_input_box() { global $msg, $charset; //R�cup�ration de la valeur de saisie $valeur_ = "field_" . $this->n_ligne . "_s_" . $this->id; global ${$valeur_}; $valeur = ${$valeur_}; if (!$valeur && $_SESSION["checked_sources"]) { $valeur = $_SESSION["checked_sources"]; } if (!is_array($valeur)) { $valeur = array(); } //Recherche des sources $requete = "SELECT connectors_categ_sources.num_categ, connectors_sources.source_id, connectors_categ.connectors_categ_name as categ_name, connectors_sources.name, connectors_sources.comment, connectors_sources.repository, connectors_sources.opac_allowed, source_sync.cancel FROM connectors_sources LEFT JOIN connectors_categ_sources ON (connectors_categ_sources.num_source = connectors_sources.source_id) LEFT JOIN connectors_categ ON (connectors_categ.connectors_categ_id = connectors_categ_sources.num_categ) LEFT JOIN source_sync ON (connectors_sources.source_id = source_sync.source_id AND connectors_sources.repository=2) WHERE connectors_sources.opac_allowed=1 ORDER BY connectors_categ_sources.num_categ DESC, connectors_sources.name"; $resultat = mysql_query($requete); $r = "<select name='field_" . $this->n_ligne . "_s_" . $this->id . "[]' multiple='yes'>"; $current_categ = 0; $count = 0; while ($source = mysql_fetch_object($resultat)) { if ($current_categ !== $source->num_categ) { $current_categ = $source->num_categ; $source->categ_name = $source->categ_name ? $source->categ_name : $msg["source_no_category"]; $r .= "<optgroup label='" . $source->categ_name . "'>"; $count++; } $r .= "<option id='op_" . $source->source_id . "_" . $count . "' value='" . $source->source_id . "'" . (array_search($source->source_id, $valeur) !== false ? " selected" : "") . ">" . htmlentities($source->name . ($source->comment ? " : " . $source->comment : ""), ENT_QUOTES, $charset) . "</option>\n"; } $r .= "</select>"; return $r; }
/** * Formats a given decimal value to a local aware currency value * * * @link http://framework.zend.com/manual/de/zend.currency.options.html * @param float $value Value can have a coma as a decimal separator * @param array $config * @param string $position where the currency symbol should be displayed * @return float|string */ function smarty_modifier_currency($value, $config = null, $position = null) { if (!Enlight_Application::Instance()->Bootstrap()->hasResource('Currency')) { return $value; } if (!empty($config) && is_string($config)) { $config = strtoupper($config); if (defined('Zend_Currency::' . $config)) { $config = array('display' => constant('Zend_Currency::' . $config)); } else { $config = array(); } } else { $config = array(); } if (!empty($position) && is_string($position)) { $position = strtoupper($position); if (defined('Zend_Currency::' . $position)) { $config['position'] = constant('Zend_Currency::' . $position); } } $currency = Enlight_Application::Instance()->Currency(); $value = floatval(str_replace(',', '.', $value)); $value = $currency->toCurrency($value, $config); if (function_exists('mb_convert_encoding')) { $value = mb_convert_encoding($value, 'HTML-ENTITIES', 'UTF-8'); } $value = htmlentities($value, ENT_COMPAT, 'UTF-8', false); return $value; }
/** * Detects all images in shortcode format and converts them into images, clickable links or raw URLs * * @param string $text HTML-encoded string * @param boolean $imagesEnabled Whether to convert shortcodes into real images * @param boolean $linksEnabled Whether to convert shortcodes into real hyperlinks * * @return string */ public function filter($text, $imagesEnabled, $linksEnabled = true) { if (preg_match_all(self::SHORTCODE_REGEXP, $text, $matches)) { if (count($matches) < 3) { return $text; } foreach ($matches[0] as $key => $shortCode) { $imageSrc = $matches[2][$key]; $imageThumbnailSrc = $matches[3][$key]; $imageOrgSrc = $matches[4][$key]; $replace = ''; if ($imagesEnabled) { $replace = sprintf(self::IMAGE_TAG_TEMPLATE, $imageSrc, $imageThumbnailSrc); } else { if ($linksEnabled) { if ($imageOrgSrc == '_') { $imageOrgSrc = $imageSrc; } $url = (!preg_match(self::URL_PROTOCOLS_REGEXP, $imageOrgSrc) ? 'http://' : '') . $imageOrgSrc; $linkBody = htmlentities(urldecode($imageOrgSrc), ENT_QUOTES, 'UTF-8', false); $replace = sprintf('<a href="%s" target="_blank" rel="nofollow">%s</a>', $url, $linkBody); } else { $replace = $imageOrgSrc != '_' ? $imageOrgSrc : $imageSrc; } } $text = $this->strReplaceFirst($shortCode, $replace, $text); } } return $text; }
function printCorePropertyRow($title, $field, $value, $formText) { global $previewMode, $f, $fp; if ($value == '') { $text = '<div class="ccm-attribute-field-none">' . t('None') . '</div>'; } else { $text = htmlentities($value, ENT_QUOTES, APP_CHARSET); } if ($fp->canEditFileProperties() && !$previewMode) { $html = ' <tr class="ccm-attribute-editable-field"> <td><strong><a href="javascript:void(0)">' . $title . '</a></strong></td> <td width="100%" class="ccm-attribute-editable-field-central"><div class="ccm-attribute-editable-field-text">' . $text . '</div> <form method="post" action="' . REL_DIR_FILES_TOOLS_REQUIRED . '/files/properties"> <input type="hidden" name="attributeField" value="' . $field . '" /> <input type="hidden" name="fID" value="' . $f->getFileID() . '" /> <input type="hidden" name="task" value="update_core" /> <div class="ccm-attribute-editable-field-form ccm-attribute-editable-field-type-text"> ' . $formText . ' </div> </form> </td> <td class="ccm-attribute-editable-field-save"><a href="javascript:void(0)"><img src="' . ASSETS_URL_IMAGES . '/icons/edit_small.png" width="16" height="16" class="ccm-attribute-editable-field-save-button" /></a> <img src="' . ASSETS_URL_IMAGES . '/throbber_white_16.gif" width="16" height="16" class="ccm-attribute-editable-field-loading" /> </td> </tr>'; } else { $html = ' <tr> <td><strong>' . $title . '</strong></td> <td width="100%" colspan="2">' . $text . '</td> </tr>'; } print $html; }
public function format($in, $options = POST_BBCODE) { $strtr = array(); if (!($options & POST_HTML)) { $in = htmlentities($in, ENT_COMPAT, 'UTF-8'); } if ($options & POST_BBCODE) { $in = $this->pre_parse_links($in); $in = $this->bbcode_parse($in); } // Yes, this looks silly, but trust me. if (!($options & POST_HTML) || $options & POST_HTML && $options & POST_BREAKS) { $strtr["\n"] = "<br />\n"; } // Don't format emoticons! if ($options & POST_EMOTICONS) { if (isset($this->emoticons['click_replacement'])) { $strtr = array_merge($strtr, $this->emoticons['click_replacement']); } if (isset($this->emoticons['replacement'])) { $strtr = array_merge($strtr, $this->emoticons['replacement']); } } $in = strtr($in, $strtr); return $in; }
/** * Set count and period from the string or throw Exception */ function fromString($string) { if ($string instanceof Am_Period) { $this->count = $string->getCount(); $this->unit = $string->getUnit(); } $string = trim(strtolower($string)); if ($string === '') { $this->count = $this->unit = null; } elseif (preg_match('/^(\\d{4}-\\d{2}-\\d{2})(fixed|lifetime)*$/', $string, $regs)) { $this->count = $regs[1]; $this->unit = self::FIXED; } elseif (preg_match($regex = '/^(\\d+)\\s*(|w|' . join('|', array(self::DAY, self::MONTH, self::YEAR)) . ')$/', $string, $regs)) { $this->count = intval($regs[1]); $this->unit = $regs[2] == '' ? self::DAY : $regs[2]; if ($this->unit == 'w') { $this->count *= 7; $this->unit = self::DAY; } } elseif (preg_match('/lifetime$/', $string)) { $this->count = self::MAX_SQL_DATE; $this->unit = self::FIXED; } else { throw new Am_Exception_InternalError("Unknown format of Am_Period string : [" . htmlentities($string) . "]"); } }
/** * get Request Var * * @param $varName * @param $return * @return string */ function tfb_getRequestVar($varName, $return = '') { if (array_key_exists($varName, $_REQUEST)) { // If magic quoting on, strip magic quotes: /** * TODO: * Codebase needs auditing to remove any unneeded stripslashes * calls before uncommenting this. Also using this really means * checking any addslashes() calls to see if they're really needed * when magic quotes is on. if(ini_get('magic_quotes_gpc')){ tfb_strip_quotes($_REQUEST[$varName]); } */ $return = htmlentities(trim($_REQUEST[$varName]), ENT_QUOTES); /* disabled, need to fix deadeye's implementation if ($varName == 'transfer' && isHash($return)) { $name = getTransferFromHash($return); if (!empty($name)) return $name; else return $return; } */ } return $return; }
/** * Implements all 3 steps of the Direct Post Method for demonstration * purposes. */ public static function directPostDemo($url, $api_login_id, $transaction_key, $amount = "0.00", $md5_setting = "") { // Step 1: Show checkout form to customer. if (!count($_POST) && !count($_GET)) { $fp_sequence = time(); // Any sequential number like an invoice number. echo M2_AuthorizeNetDPM::getCreditCardForm($amount, $fp_sequence, $url, $api_login_id, $transaction_key); } elseif (count($_POST)) { $response = new M2_AuthorizeNetSIM($api_login_id, $md5_setting); if ($response->isAuthorizeNet()) { if ($response->approved) { // Do your processing here. $redirect_url = $url . '?response_code=1&transaction_id=' . $response->transaction_id; } else { // Redirect to error page. $redirect_url = $url . '?response_code=' . $response->response_code . '&response_reason_text=' . $response->response_reason_text; } // Send the Javascript back to AuthorizeNet, which will redirect user back to your site. echo M2_AuthorizeNetDPM::getRelayResponseSnippet($redirect_url); } else { echo "Error -- not AuthorizeNet. Check your MD5 Setting."; } } elseif (!count($_POST) && count($_GET)) { if ($_GET['response_code'] == 1) { echo "Thank you for your purchase! Transaction id: " . htmlentities($_GET['transaction_id']); } else { echo "Sorry, an error occurred: " . htmlentities($_GET['response_reason_text']); } } }
function podPress_feedSafeContent($input, $aggressive = FALSE, $removescripts = FALSE) { global $podPress; // All values should be plain text (no markup or HTML). [...] CDATA sections are strongly discouraged. (see http://www.apple.com/itunes/podcasts/specs.html#encoding) if (TRUE === $removescripts) { // this option is only reachable via php source code and via the WP backend $input = preg_replace('/<script[\\w\\W]*<\\/script>/i', '', $input); } $input = strip_tags($input); // replace the relevant characters with their HTML entities if (TRUE === $aggressive) { if (TRUE === version_compare(PHP_VERSION, '5.2.3', '>=')) { $result = htmlentities($input, ENT_NOQUOTES, get_bloginfo('charset'), FALSE); } else { $result = htmlentities($input, ENT_NOQUOTES, get_bloginfo('charset')); } } else { if (TRUE === version_compare(PHP_VERSION, '5.2.3', '>=')) { $result = htmlspecialchars($input, ENT_NOQUOTES, get_bloginfo('charset'), FALSE); } else { $result = htmlspecialchars($input, ENT_NOQUOTES, get_bloginfo('charset')); } } $input = $result; $result = str_replace(' ', ' ', $input); // transform all HTML entities in to their numeric equivalents $result = ent2ncr($result); return $result; }
/** * updates the profile database * (TODO) This needs cleaning code, badly. Avatar could be _anything_, for christ's sake. * * gender, 0 = undecided, 1 = female, 2 = male. * * @return string html */ public function update_profile() { if ($_POST['submit'] != "Submit") { //stops you wiping your profile with GET $update_profile = $this->edit_profile_page(""); return $update_profile; } $this->core("email"); if (!$this->email->validate($_POST['email'])) { $update_profile = $this->edit_profile_page($this->skin->error_box($this->lang->email_wrong_format)); return $update_profile; } foreach (json_decode($this->settings->get['custom_fields'], true) as $field => $default) { $this->player->{$field} = htmlentities($_POST[$field], ENT_QUOTES, 'utf-8'); } $this->player->email = $_POST['email']; $this->player->description = htmlentities($_POST['description'], ENT_QUOTES, 'utf-8'); $this->player->gender = intval($_POST['gender']); $this->player->msn = htmlentities($_POST['msn'], ENT_QUOTES, 'utf-8'); $this->player->aim = htmlentities($_POST['aim'], ENT_QUOTES, 'utf-8'); $this->player->skype = htmlentities($_POST['skype'], ENT_QUOTES, 'utf-8'); $this->player->skin = htmlentities($_POST['skin'], ENT_QUOTES, 'utf-8'); if ($_POST['show_email'] == 'on') { $this->player->show_email = 1; } else { $this->player->show_email = 0; } $this->player->update_player(); $update_profile = $this->edit_profile_page($this->skin->success_box($this->lang->profile_updated)); return $update_profile; }
function display_search_form($objectType, $searchString = "") { $me = htmlentities($_SERVER["PHP_SELF"]); $searchString = htmlentities($searchString); $objectType = !empty($objectType) ? htmlentities($objectType) : ""; $check_user = $objectType == "" || $objectType == "user" ? "checked " : ""; $check_printer = $objectType == "printer" ? "checked " : ""; echo "<!-- Begin search form -->\n"; echo "<div id=\"search_form\">\n"; echo " <form name=\"search_form\" action=\"{$me}?section=find\" method=\"post\">\n"; echo " <label>Text to search: \n"; echo " <input type=\"text\" name=\"iSearchString\" value=\"{$searchString}\" />\n"; echo " </label>\n"; echo " <fieldset>\n"; echo " <legend>Object type</legend>\n"; echo " <label>\n"; echo " <input type=\"radio\" name=\"iSearchType\" value=\"user\" {$check_user}/>\n"; echo " Users</label>\n"; echo " <label>\n"; echo " <input type=\"radio\" name=\"iSearchType\" value=\"printer\" {$check_printer}/>\n"; echo " Printer</label>\n"; echo " </fieldset>\n"; echo " <input type=\"submit\" value=\"submit\" \\>\n"; echo " <input type=\"reset\" value=\"clear\" />\n"; echo " </form>\n"; echo "</div> \n"; echo "<!-- End search form -->\n"; }
function check_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlentities($data, ENT_QUOTES, 'UTF-8'); return $data; }
function sanitizeString($_db, $str) { $str = strip_tags($str); $str = htmlentities($str); $str = stripslashes($str); return mysqli_real_escape_string($_db, $str); }
function sanitizeString($var) { $var = stripslashes($var); $var = strip_tags($var); $var = htmlentities($var); return $var; }
/** * showOptionsPage * Displays the print option page. * * @return Void Does not return anything. */ function showOptionsPage() { $statstype = $this->_getGETRequest('statstype', null); if ($statstype == null) { return false; exit; } $path = $this->_getGETRequest('path', ''); SendStudio_Functions::LoadLanguageFile('stats'); $stats_api = $this->GetApi('Splittest_Stats'); $bg_color = 'white'; $print_options = '<input type="hidden" name="statstype" value="' . htmlentities($statstype, ENT_QUOTES, SENDSTUDIO_CHARSET) . '" />'; switch ($statstype) { case 'splittest': $splitStatIds = $this->_getGETRequest('statids', null); $jobIds = $this->_getGETRequest('jobids', null); $splitStatIds = SplitTest_API::FilterIntSet($splitStatIds); $jobIds = SplitTest_API::FilterIntSet($jobIds); $print_options .= '<input type="hidden" name="split_statids" value="' . implode(',', $splitStatIds) . '" />'; $print_options .= '<input type="hidden" name="jobids" value="' . implode(',', $jobIds) . '" />'; $options = array('snapshot' => GetLang('Addon_splittest_Menu_ViewStats'), 'open' => GetLang('Addon_splittest_open_summary'), 'click' => GetLang('Addon_splittest_linkclick_summary'), 'bounce' => GetLang('Addon_splittest_bounce_summary'), 'unsubscribe' => GetLang('Addon_splittest_unsubscribe_summary')); foreach ($options as $key => $val) { $bg_color = $bg_color == 'white' ? '#EDECEC' : 'white'; $print_options .= '<div style="background-color: ' . $bg_color . '; padding: 5px; margin-bottom: 5px;">'; $print_options .= '<input id="print_' . $key . '" type="checkbox" name="options[]" value="' . $key . '" checked="checked" style="margin:0;"/> <label for="print_' . $key . '">' . $val . '</label>' . "\n"; $print_options .= '</div>' . "\n"; } break; } $this->template_system->assign('path', $path); $this->template_system->Assign('title', GetLang('Addon_splittest_PrintSplitTestStatistics')); $this->template_system->Assign('print_options', $print_options); $this->template_system->ParseTemplate('print_stats_options'); }
function cht_message_parse($msg, $escaped = false, $author_auth = 0) { global $supernova, $config; // $user_auth_level = isset($user['authlevel']) ? $user['authlevel'] : AUTH_LEVEL_ANONYMOUS; $msg = htmlentities($msg, ENT_COMPAT, 'UTF-8'); $msg = str_replace('sn://', SN_ROOT_VIRTUAL, $msg); !empty($config->url_faq) ? $msg = str_replace('faq://', $config->url_faq, $msg) : false; foreach ($supernova->design['bbcodes'] as $auth_level => $replaces) { if ($auth_level > $author_auth) { continue; } foreach ($replaces as $key => $html) { $msg = preg_replace('' . $key . '', $html, $msg); } } foreach ($supernova->design['smiles'] as $auth_level => $replaces) { if ($auth_level > $author_auth) { continue; } foreach ($replaces as $key => $imgName) { $msg = preg_replace("#" . addcslashes($key, '()[]{}') . "#isU", "<img src=\"design/images/smileys/" . $imgName . ".gif\" align=\"absmiddle\" title=\"" . $key . "\" alt=\"" . $key . "\">", $msg); } } return str_replace($escaped ? '\\r\\n' : "\r\n", '<br />', $msg); }
public function table($c, $sql, $exe_array) { $out = ''; $conn = $this->conn($c); $query = $conn->prepare($sql); try { $query->execute($exe_array); $token = md5(sha1(time())); $_SESSION['token'] = $token; while ($rows = $query->fetch()) { $out .= '<div class="row">'; $visibilityx = $rows['smi_visibility'] == 1 ? "red" : "green"; $link_visibility = "?action=newsModule&type=" . $_GET['type'] . "&id=" . $_GET['id'] . "&newsidx=" . $rows['smi_idx'] . "&super=" . $_GET['super'] . "&visibilitychnage=true&token=" . $_SESSION['token']; $out .= '<span class="cell primary"><a href="' . htmlentities($link_visibility) . '" style="color:' . $visibilityx . '" title="Change visibility"><i class="fa fa-dot-circle-o"></i></a></span>'; $out .= '<span class="cell">' . $rows['smi_idx'] . '</span>'; $out .= '<span class="cell" style="width:100px">' . date("d-m-Y", $rows['smi_date']) . '</span>'; $out .= '<span class="cell"><a href="?action=editNewsItem&id=' . $_GET['id'] . '&type=' . $_GET['type'] . '&newsidx=' . $rows['smi_idx'] . '&super=' . $_GET['super'] . '&token=' . $_SESSION['token'] . '">' . $rows['smi_title'] . '</a> <br /> <a href="' . WEBSITE . LANG . "/" . htmlentities($rows['smi_slug']) . '" class="slugs" target="_blank">' . WEBSITE . LANG . "/" . $rows['smi_slug'] . '</a></span>'; $out .= '<span class="cell">' . $rows['smi_tags'] . '</span>'; $insert_image_link = '<a href="?action=editNewsItem&type=' . $_GET['type'] . '&id=' . $_GET['id'] . '&newsidx=' . $rows['smi_idx'] . '&super=' . $_GET['super'] . '&token=' . $_SESSION['token'] . '#tabs-3" title="Attach pictures"> <i class="fa fa-picture-o"></i></a>'; $insert_image_link .= '<a href="?action=editNewsItem&type=' . $_GET['type'] . '&id=' . $_GET['id'] . '&newsidx=' . $rows['smi_idx'] . '&super=' . $_GET['super'] . '&token=' . $_SESSION['token'] . '#tabs-4" title="Attach files"> <i class="fa fa-file"></i></a>'; $out .= '<span class="cell"> <a href="' . WEBSITE . LANG . "/" . htmlentities($rows['smi_slug']) . '" target="_blank" title="Check news"><i class="fa fa-eye"></i></a> <a href="?action=editNewsItem&type=' . $_GET['type'] . '&id=' . $_GET['id'] . '&newsidx=' . $rows['smi_idx'] . '&type=' . $_GET['type'] . '&super=' . $_GET['super'] . '&token=' . $_SESSION['token'] . '" title="Edit news"><i class="fa fa-pencil-square-o"></i></a> ' . $insert_image_link . ' <a href="javascript:;" onclick="deleteComfirm(\'?action=newsModule&type=' . $_GET['type'] . '&id=' . $_GET['id'] . '&nidx=' . $rows['smi_idx'] . '&super=' . $_GET['super'] . '&remove=true&token=' . $_SESSION['token'] . '\')" title="Remove news"><i class="fa fa-times"></i></a> </span>'; $out .= '</div>'; } } catch (Exception $e) { } return $out; }
function insert($reload = true) { if (!isset($this->is_approved)) { $this->is_approved = !$this->getDi()->config->get('manually_approve'); } if (empty($this->remote_addr)) { $this->remote_addr = htmlentities(@$_SERVER['REMOTE_ADDR']); } if (empty($this->user_agent)) { $this->user_agent = @$_SERVER['HTTP_USER_AGENT']; } if (empty($this->added)) { $this->added = $this->getDi()->sqlDateTime; } $this->getDi()->hook->call(new Am_Event_UserBeforeInsert($this)); $ret = parent::insert($reload); if ($this->_passwordChanged) { $event = new Am_Event_SetPassword($this, $this->getPlaintextPass()); $this->getDi()->savedPassTable->setPass($event); $this->getDi()->hook->call($event); } if ($this->_passwordGenerated) { $crypt = new Crypt_Blowfish($this->getDi()->app->getSiteKey()); $pg = $crypt->encrypt($this->getPlaintextPass()); $this->getDi()->store->set('pass-generated-' . $this->pk(), base64_encode($pg), '+6 hours'); } $this->getDi()->hook->call(new Am_Event_UserAfterInsert($this)); $this->_passwordChanged = false; return $ret; }
private function putEventListElement($event) { print '<div style="font-size:10px;color:grey;">' . date('Y-m-d H:m', strtotime($event['created'])); $this->putLink('?action=printEventDetails&showThisEvent=' . htmlentities($event['id']) . '&calendarId=' . htmlentities($_GET['showThisCalendar']), $event['summary']); print '</div>'; print '<br>'; }
public function initContent() { if ($this->action == 'select_delete') { $this->context->smarty->assign(array('delete_form' => true, 'url_delete' => htmlentities($_SERVER['REQUEST_URI']), 'boxes' => $this->boxes)); } parent::initContent(); }
public function table($c, $sql, $exe_array) { $out = ''; $conn = $this->conn($c); $query = $conn->prepare($sql); try { $query->execute($exe_array); $token = md5(sha1(time())); $_SESSION['token'] = $token; $cname = $this->componentname($c); while ($rows = $query->fetch()) { $out .= '<div class="row">'; $out .= '<span class="cell">' . $rows['idx'] . '</span>'; $out .= '<span class="cell">'; if ($rows['position'] >= 2) { $out .= '<a href="?action=componentModule&id=' . $_GET['id'] . '&up=true&cidx=' . $rows['idx'] . '&token=' . $_SESSION['token'] . '" class="changeposition" title="Move up"><i class="fa fa-arrow-circle-up"></i></a>'; } if ($this->maxpos($c) > $rows['position']) { $out .= '<a href="?action=componentModule&id=' . $_GET['id'] . '&down=true&cidx=' . $rows['idx'] . '&token=' . $_SESSION['token'] . '" class="changeposition" title="Move down"><i class="fa fa-arrow-circle-down"></i></a>'; } $out .= '</span>'; $out .= '<span class="cell"><a href="?action=editComponentsModule&id=' . $rows['idx'] . '&token=' . $_SESSION['token'] . '">' . $rows['title'] . '</a></span>'; $out .= '<span class="cell">' . $cname . '</span>'; $out .= '<span class="cell"><a href="' . htmlentities($rows['url']) . '" target="_blank">' . htmlentities($rows['url']) . '</a></span>'; $out .= '<span class="cell" style="width:120px;"> <a href="?action=editComponentsModule&id=' . $rows['idx'] . '&token=' . $_SESSION['token'] . '" title="Edit components"><i class="fa fa-pencil-square-o"></i></a> <a href="javascript:;" onclick="deleteComfirm(\'?action=componentModule&id=' . $_GET['id'] . '&commodelid=' . $rows['idx'] . '&remove=true&token=' . $_SESSION['token'] . '\')" title="Remove components"><i class="fa fa-times"></i></a> </span>'; $out .= '</div>'; } } catch (Exception $e) { } return $out; }
public function displayForm($isMainTab = true) { global $currentIndex; parent::displayForm(); if (!($obj = $this->loadObject(true))) { return; } echo ' <form action="' . $currentIndex . '&submitAdd' . $this->table . '=1&token=' . $this->token . '" method="post"> ' . ($obj->id ? '<input type="hidden" name="id_' . $this->table . '" value="' . $obj->id . '" />' : '') . ' <fieldset><legend><img src="../img/admin/profiles.png" />' . $this->l('Profiles') . '</legend> <label>' . $this->l('Name:') . ' </label> <div class="margin-form">'; foreach ($this->_languages as $language) { echo ' <div id="name_' . $language['id_lang'] . '" style="display: ' . ($language['id_lang'] == $this->_defaultFormLanguage ? 'block' : 'none') . '; float: left;"> <input size="33" type="text" name="name_' . $language['id_lang'] . '" value="' . htmlentities($this->getFieldValue($obj, 'name', (int) $language['id_lang']), ENT_COMPAT, 'UTF-8') . '" /><sup> *</sup> </div>'; } $this->displayFlags($this->_languages, $this->_defaultFormLanguage, 'name', 'name'); echo ' <div class="clear"></div> </div> <div class="margin-form"> <input type="submit" value="' . $this->l(' Save ') . '" name="submitAdd' . $this->table . '" class="button" /> </div> <div class="small"><sup>*</sup> ' . $this->l('Required field') . '</div> </fieldset> </form>'; }
/** * * @return string */ public function getCode() { if (isset($_POST['save'])) { foreach ($_POST as $property => $value) { if ($property != "save" && $property != "roles") { $settings = Settings::getRootInstance()->specify($this->areaType, $this->area); if ($this->dir != "" && $this->dir != "/") { $settings = $settings->dir($this->dir); } $settings->set($property, $value, $this->role); } } Settings::forceReload(); Cache::clear(); Language::GetGlobal()->ClearCache(); if (@header("Location:" . str_replace("&save_settings=1", "", $_SERVER['REQUEST_URI']))) { exit; } else { die("<script>window.location.href = '" . str_replace("&save_settings=1", "", $_SERVER['REQUEST_URI']) . "';</script>"); } $changed = true; } $template = new Template(); $template->load($this->template); if ($this->area != "global" || $this->areaType != "global") { $roleselector = "<select name=\"roles\" onchange=\"document.location.href='" . $this->url . $this->getQuerySeperator() . "areatype=" . urlencode($this->areaType) . "&area=" . urlencode($this->area) . "&role=' + this.options[this.selectedIndex].value + '&save_settings=1';\">"; } else { $roleselector = "<select name=\"roles\" onchange=\"document.location.href='" . $this->url . $this->getQuerySeperator() . "role=' + this.options[this.selectedIndex].value + '&save_settings=1';\">"; } $roles = DataBase::Current()->ReadRows("SELECT * FROM {'dbprefix'}roles ORDER BY name"); if ($roles) { foreach ($roles as $role) { if ($this->role == $role->id) { $roleselector .= "<option value=\"" . $role->id . "\" selected=\"selected\">" . htmlentities($role->name) . "</option>"; } else { $roleselector .= "<option value=\"" . $role->id . "\">" . $role->name . "</option>"; } } } $roleselector .= "</select>"; $template->assign_var("ROLES", $roleselector); if ($this->area != "global" || $this->areaType != "global") { $template->assign_var("URL", $this->url . $this->getQuerySeperator() . "areatype=" . urlencode($this->areaType) . "&area=" . urlencode($this->area) . "&role=" . $this->role . "&save_settings=1"); } else { $template->assign_var("URL", $this->url . $this->getQuerySeperator() . "role=" . $this->role . "&save_settings=1"); } $rows = Settings::getRootInstance()->specify($this->areaType, $this->area)->dir($this->dir)->getRows($this->role); if ($rows) { foreach ($rows as $row) { $index = $template->add_loop_item("SETTINGS"); $template->assign_loop_var("SETTINGS", $index, "PROPERTY", $row['name']); $template->assign_loop_var("SETTINGS", $index, "DESCRIPTION", htmlentities($row['description'])); $control = new $row['type'](); $control->name = $row['name']; $control->value = $row['value']; $template->assign_loop_var("SETTINGS", $index, "CONTROL", $control->getCode()); } } return $template->getCode(); }
function wpdm_dir_tree() { $root = ''; if (!isset($_GET['task']) || $_GET['task'] != 'wpdm_dir_tree') { return; } $_POST['dir'] = urldecode($_POST['dir']); if (file_exists($_POST['dir'])) { $files = scandir($_POST['dir']); natcasesort($files); if (count($files) > 2) { /* The 2 accounts for . and .. */ echo "<ul class=\"jqueryFileTree\" style=\"display: none;\">"; // All dirs foreach ($files as $file) { if ($file != '.' && $file != '..' && file_exists($root . $_POST['dir'] . $file) && is_dir($root . $_POST['dir'] . $file)) { echo "<li class=\"directory collapsed\"><a id=\"" . uniqid() . "\" href=\"#\" rel=\"" . htmlentities($_POST['dir'] . $file) . "/\">" . htmlentities($file) . "</a></li>"; } } // All files foreach ($files as $file) { if ($file != '.' && $file != '..' && file_exists($root . $_POST['dir'] . $file) && !is_dir($root . $_POST['dir'] . $file)) { $ext = preg_replace('/^.*\\./', '', $file); echo "<li class=\"file ext_{$ext}\"><a id=\"" . uniqid() . "\" href=\"#\" rel=\"" . htmlentities($_POST['dir'] . $file) . "\">" . htmlentities($file) . "</a></li>"; } } echo "</ul>"; } } }