Ejemplo n.º 1
0
function formatValue($value)
{
    // HTML injection for superuser only
    if (swIsAdmin()) {
        return addslashes(str_replace("\n", "<br/>", $value));
    }
    return addslashes(str_replace("\n", "<br/>", htmlentities($value)));
}
Ejemplo n.º 2
0
<?php

// admin header
session_start();
require_once 'lib/php/DOLib.php';
if (!swValidate('s_username')) {
    header("location: index.php");
}
connect();
// save user type
$isAdmin = swIsAdmin();
// process upload
$message = "";
if (count($_FILES) > 0) {
    $target_encoding = "ISO-8859-1";
    $dest = $GLOBALS['DOCUMENT_ROOT'] . "/swcms/assets/";
    foreach ($_FILES as $arrfile) {
        if ($arrfile['name']) {
            // get the filename
            $filename = iconv("UTF-8", $target_encoding, basename($arrfile['name']));
            $filename = str_replace('\\', '', $filename);
            $filename = str_replace('/', '', $filename);
            // delete file if it exists
            while (file_exists($dest . $filename)) {
                unlink($dest . $filename);
                // to avoid server cache problem we postfix the filename
                $filename = "new_" . $filename;
            }
            // store in array for display in the page
            $ext[] = substr(strrchr($filename, '.'), 1);
            $storedfile[] = $filename;