function loadTextFromArgs($arg, $postmode = '') { if (!empty($postmode)) { $this->setPostmode($postmode); } if ($this->_postmode == 'html' || $this->_postmode == 'wikitext') { $this->_text = COM_checkHTML(COM_checkWords($arg), 'story.edit'); } else { $this->_text = COM_makeClickableLinks(htmlspecialchars(COM_checkWords($arg))); } return $this->_text; }
/** * Returns text ready for display. * * @param string $text Text to prepare for display * @param string $postmode Indicates if text is html, adveditor, wikitext or plaintext * @param int $version version of GLText engine * @return string Escaped String * @access public * */ public static function getDisplayText($text, $postmode, $version) { if ($version == GLTEXT_FIRST_VERSION) { // first version if ($postmode == 'plaintext') { $text = COM_nl2br($text); } if ($postmode == 'wikitext') { $text = self::_editUnescape($text, $postmode); $text = self::renderWikiText($text); } } else { // latest version if ($postmode == 'html' || $postmode == 'adveditor') { // Get rid of any newline characters $text = str_replace("\n", '', $text); $text = self::_handleSpecialTag_callback($text, array('[code]', '[/code]', '<pre><code>', '</code></pre>'), '_escapeSPChars'); $text = self::_handleSpecialTag_callback($text, array('[raw]', '[/raw]', '<!--raw--><span class="raw">', '</span><!--/raw-->'), '_escapeSPChars'); } if ($postmode == 'plaintext') { $text = htmlspecialchars($text, ENT_QUOTES, COM_getEncodingt()); $text = COM_makeClickableLinks($text); $text = COM_nl2br($text); } if ($postmode == 'wikitext') { $text = self::_editUnescape($text, $postmode); $text = self::renderWikiText($text); // $text = self::_htmLawed($text, 'story.edit'); } $text = COM_checkWords($text); } $text = PLG_replaceTags(self::_displayEscape($text)); return $text; }
/** * used for the lists of submissions and draft stories in admin/moderation.php * * @param string $fieldName * @param string $fieldValue * @param array $A * @param array $icon_arr * @return string */ function ADMIN_getListField_moderation($fieldName, $fieldValue, $A, $icon_arr) { global $_CONF, $_TABLES, $LANG_ADMIN; $type = ''; if (isset($A['_moderation_type'])) { $type = $A['_moderation_type']; } switch ($fieldName) { case 'edit': $retval = COM_createLink($icon_arr['edit'], $A['edit']); break; case 'delete': $retval = "<input type=\"radio\" name=\"action[{$A['row']}]\" value=\"delete\"" . XHTML . ">"; break; case 'approve': $retval = "<input type=\"radio\" name=\"action[{$A['row']}]\" value=\"approve\"" . XHTML . ">" . "<input type=\"hidden\" name=\"id[{$A['row']}]\" value=\"{$A[0]}\"" . XHTML . ">"; break; case 'day': $retval = strftime($_CONF['daytime'], $A['day']); break; case 'tid': $retval = DB_getItem($_TABLES['topics'], 'topic', "tid = '{$A['tid']}'"); break; case 'uid': $name = ''; if ($A['uid'] == 1) { $name = htmlspecialchars(COM_stripslashes(DB_getItem($_TABLES['commentsubmissions'], 'name', "cid = '{$A['id']}'"))); } if (empty($name)) { $name = COM_getDisplayName($A['uid']); } if ($A['uid'] == 1) { $retval = $name; } else { $retval = COM_createLink($name, $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $A['uid']); } break; case 'publishfuture': if (!SEC_inGroup('Comment Submitters', $A['uid']) && $A['uid'] > 1) { $retval = "<input type=\"checkbox\" name=\"publishfuture[]\" value=\"{$A['uid']}\"" . XHTML . ">"; } else { $retval = $LANG_ADMIN['na']; } break; default: if ($fieldName == 4 && ($type === 'story' || $type === 'story_draft')) { $retval = TOPIC_getTopicAdminColumn('article', $A[0]); } elseif ($fieldName == 2 && $type === 'comment') { $commentText = COM_getTextContent($A['comment']); $excerpt = htmlspecialchars(COM_truncate($commentText, 140, '...')); // try to provide a link to the parent item (e.g. article, poll) $info = PLG_getItemInfo($A['type'], $A['sid'], 'title,url'); if (empty($info) || empty($info[0]) || empty($info[1])) { // if not available, display excerpt from the comment $retval = htmlspecialchars(COM_truncate($commentText, 40, '...')); if (strlen($commentText) > 40) { $retval = '<span title="' . $excerpt . '">' . $retval . '</span>'; } } else { $retval = COM_createLink($info[0], $info[1], array('title' => $excerpt)); } } else { $retval = COM_makeClickableLinks(stripslashes($fieldValue)); } break; } return $retval; }
/** * Extract only the links from the post * * SLV has a problem with non-ASCII character sets, so we feed it the URLs * only. We also remove all URLs containing our site's URL. * * Since we don't know if the post is in HTML or plain ASCII, we run it * through getLinks() twice. * * @param string $comment The post to check * @return string All the URLs in the post, sep. by linefeeds * */ function prepareLinks($comment) { $links = array(); $linklist = ''; // some spam posts have extra backslashes $comment = stripslashes($comment); // some spammers have yet to realize that we're not supporting BBcode // but since we want the URLs, convert it here ... $comment = preg_replace('/\\[url=([^\\]]*)\\]/i', '<a href="\\1">', $comment); $comment = str_replace(array('[/url]', '[/URL]'), array('</a>', '</a>'), $comment); // get all links from <a href="..."> tags $links = $this->getLinks($comment); // strip all HTML, then get all the plain text links $comment = COM_makeClickableLinks(strip_tags($comment)); $links += $this->getLinks($comment); if (count($links) > 0) { $this->checkWhitelist($links); $linklist = implode("\n", $links); } return trim($linklist); }
/** * This is the second most importantest bit. This function must load the * title, intro and body of the article from the post array, removing all * HTML mode content into the nice safe form that geeklog can then (simply) * spit back out into the page on render. After doing a magic tags * replacement. And nl2br. * * This DOES NOT ADDSLASHES! We do that on DB store, because we want to * keep our internal variables in "display mode", not in db mode or anything. * * @param $title string posttitle, only had stripslashes if necessary * @param $intro string introtext, only had stripslashes if necessary * @param $body string bodytext, only had stripslashes if necessary * @return nothing * @access private */ function _plainTextLoadStory($title, $intro, $body) { $this->_title = htmlspecialchars(strip_tags(COM_checkWords($title))); $this->_introtext = COM_makeClickableLinks(htmlspecialchars(COM_checkWords($intro))); $this->_bodytext = COM_makeClickableLinks(htmlspecialchars(COM_checkWords($body))); }
/** * Filters comment text and appends necessary tags (sig and/or edit) * * @copyright Jared Wenerd 2008 * @author Jared Wenerd, wenerd87 AT gmail DOT com * @param string $comment comment text * @param string $postmode ('html', 'plaintext', ...) * @param string $type Type of item (article, poll, etc.) * @param bool $edit if true append edit tag * @param int $cid commentid if editing comment (for proper sig) * @return string of comment text */ function CMT_prepareText($comment, $postmode, $type, $edit = false, $cid = null) { global $_USER, $_TABLES, $LANG03, $_CONF; if ($postmode == 'html') { $html_perm = $type == 'article' ? 'story.edit' : "{$type}.edit"; $comment = COM_checkWords(COM_checkHTML(COM_stripslashes($comment), $html_perm)); } else { // plaintext $comment = htmlspecialchars(COM_checkWords(COM_stripslashes($comment))); $newcomment = COM_makeClickableLinks($comment); if (strcmp($comment, $newcomment) != 0) { $comment = nl2br($newcomment); } } if ($edit) { $comment .= '<div class="comment-edit">' . $LANG03[30] . ' ' . strftime($_CONF['date'], time()) . ' ' . $LANG03[31] . ' ' . $_USER['username'] . '</div><!-- /COMMENTEDIT -->'; $text = $comment; } if (empty($_USER['uid'])) { $uid = 1; } elseif ($edit && is_numeric($cid)) { //if comment moderator $uid = DB_getItem($_TABLES['comments'], 'uid', "cid = '{$cid}'"); } else { $uid = $_USER['uid']; } $sig = ''; if ($uid > 1) { $sig = DB_getItem($_TABLES['users'], 'sig', "uid = '{$uid}'"); if (!empty($sig)) { $comment .= '<!-- COMMENTSIG --><div class="comment-sig">'; if ($postmode == 'html') { $comment .= '---<br' . XHTML . '>' . nl2br($sig); } else { $comment .= '---' . LB . $sig; } $comment .= '</div><!-- /COMMENTSIG -->'; } } return $comment; }
function MG_saveComment($title, $comment, $sid, $pid, $type, $postmode, $uid, $cmtdate, $ipaddress = '') { global $_CONF, $_TABLES, $_USER, $_SERVER, $LANG03; USES_lib_comment(); $ret = 0; // Sanity check if (empty($sid) || empty($title) || empty($comment) || empty($type)) { COM_errorLog("CMT_saveComment: {$uid} from {$_SERVER['REMOTE_ADDR']} tried " . 'to submit a comment with one or more missing values.'); return $ret = 1; } // Check that anonymous comments are allowed if ($uid == 1 && ($_CONF['loginrequired'] == 1 || $_CONF['commentsloginrequired'] == 1)) { COM_errorLog("CMT_saveComment: IP address {$_SERVER['REMOTE_ADDR']} " . 'attempted to save a comment with anonymous comments disabled for site.'); return $ret = 2; } // Let plugins have a chance to decide what to do before saving the comment, return errors. if ($someError = PLG_commentPreSave($uid, $title, $comment, $sid, $pid, $type, $postmode)) { return $someError; } if ($ipaddress == '') { $ipaddress = $_SERVER['REMOTE_ADDR']; } // Clean 'em up a bit! if ($postmode == 'html') { $comment = COM_checkWords(COM_checkHTML(DB_escapeString($comment))); } else { $comment = htmlspecialchars(COM_checkWords($comment)); $newcomment = COM_makeClickableLinks($comment); if (strcmp($comment, $newcomment) != 0) { $comment = nl2br($newcomment); $postmode = 'html'; } } $title = COM_checkWords(strip_tags($title)); // Get signature $sig = ''; if ($uid > 1) { $sig = DB_getItem($_TABLES['users'], 'sig', "uid = '{$uid}'"); } if (!empty($sig)) { if ($postmode == 'html') { $comment .= '<p>---<br>' . nl2br($sig); } else { $comment .= LB . LB . '---' . LB . $sig; } } // check for non-int pid's // this should just create a top level comment that is a reply to the original item if (!is_numeric($pid) || $pid < 0) { $pid = 0; } if (!empty($title) && !empty($comment)) { $title = DB_escapeString($title); $comment = DB_escapeString($comment); // Insert the comment into the comment table DB_query("LOCK TABLES {$_TABLES['comments']} WRITE"); if ($pid > 0) { $result = DB_query("SELECT rht, indent FROM {$_TABLES['comments']} WHERE cid = {$pid} " . "AND sid = '{$sid}'"); list($rht, $indent) = DB_fetchArray($result); if (!DB_error()) { DB_query("UPDATE {$_TABLES['comments']} SET lft = lft + 2 " . "WHERE sid = '{$sid}' AND type = '{$type}' AND lft >= {$rht}"); DB_query("UPDATE {$_TABLES['comments']} SET rht = rht + 2 " . "WHERE sid = '{$sid}' AND type = '{$type}' AND rht >= {$rht}"); DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress', "'{$sid}',{$uid},'{$comment}','{$cmtdate}','{$title}',{$pid},{$rht},{$rht}+1,{$indent}+1,'{$type}','{$ipaddress}'"); } else { //replying to non-existent comment or comment in wrong article COM_errorLog("CMT_saveComment: {$uid} from {$ipaddress} tried " . 'to reply to a non-existent comment or the pid/sid did not match'); $ret = 4; // Cannot return here, tables locked! } } else { $rht = DB_getItem($_TABLES['comments'], 'MAX(rht)', "sid = '{$sid}'"); if (DB_error()) { $rht = 0; } DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress', "'{$sid}',{$uid},'{$comment}','{$cmtdate}','{$title}',{$pid},{$rht}+1,{$rht}+2,0,'{$type}','{$ipaddress}'"); } $cid = DB_insertId(); DB_query('UNLOCK TABLES'); // Send notification of comment if no errors and notications enabled for comments if ($ret == 0 && isset($_CONF['notification']) && in_array('comment', $_CONF['notification'])) { CMT_sendNotification($title, $comment, $uid, $ipaddress, $type, $cid); } } else { COM_errorLog("CMT_saveComment: {$uid} from {$ipaddress} tried " . 'to submit a comment with invalid $title and/or $comment.'); return $ret = 5; } return $ret; }
/** * Apply filters to the text element * * @param string $text * @param string $postMode * @return string */ private function _applyTextFilter($text, $postMode) { $text = GLText::remove4byteUtf8Chars($text); if ($this->_text_version == GLTEXT_FIRST_VERSION) { // first version // Remove any autotags the user doesn't have permission to use $text = PLG_replaceTags($text, '', true); $text = COM_checkWords($text, 'story'); if (in_array($postMode, array('html', 'adveditor', 'wikitext'))) { // html or wikitext $text = GLText::checkHTML($text, 'story.edit'); } else { // plaintext $text = COM_makeClickableLinks(htmlspecialchars($text)); } } else { // latest version // Now not do anything here to hold the raw text. // And do all of the text processing just before display. } return $text; }
function dlformat(&$T, &$A, $isListing = false, $cid = ROOTID) { global $_CONF, $_TABLES, $LANG01, $_DLM_CONF, $LANG_DLM, $mytree; $A['rating'] = number_format($A['rating'], 2); $A['title'] = DLM_htmlspecialchars($A['title']); $A['project'] = DLM_htmlspecialchars($A['project']); $A['url'] = DLM_htmlspecialchars($A['url']); $A['homepage'] = DLM_htmlspecialchars($A['homepage']); $A['version'] = DLM_htmlspecialchars($A['version']); $A['size'] = DLM_htmlspecialchars($A['size']); $A['md5'] = DLM_htmlspecialchars($A['md5']); $A['logourl'] = DLM_htmlspecialchars($A['logourl']); $A['postmode'] = DLM_htmlspecialchars($A['postmode']); $A['tags'] = DLM_htmlspecialchars($A['tags']); $A['datetime'] = strftime($_DLM_CONF['date_format'], $A['date']); if (version_compare(VERSION, '2.1.0') >= 0) { require_once $_CONF['path_system'] . 'classes/gltext.class.php'; $A['description'] = GLText::getDisplayText($A['description'], $A['postmode'], 2); $A['detail'] = GLText::getDisplayText($A['detail'], $A['postmode'], 2); } else { require_once $_CONF['path'] . 'plugins/downloads/include/gltext.class.php'; $gltext = new GLPText(); $A['description'] = $gltext->getDisplayText($A['description'], $A['postmode']); $A['detail'] = $gltext->getDisplayText($A['detail'], $A['postmode']); } $filedetail_url = COM_buildURL($_CONF['site_url'] . '/downloads/index.php?id=' . $A['lid']); $visitfile_url = COM_buildURL($_CONF['site_url'] . '/downloads/visit.php?id=' . $A['lid']); if ($isListing && !empty($A['detail'])) { $A['description'] .= '<p class="download-break">' . COM_createLink($LANG_DLM['more'], $filedetail_url) . '</p>'; } $result = DB_query("SELECT username, fullname, photo " . "FROM {$_TABLES['users']} " . "WHERE uid = {$A['owner_id']}"); $B = DB_fetchArray($result); $submitter_name = COM_getDisplayName($A['owner_id'], $B['username'], $B['fullname']); if (empty($submitter_name)) { $submitter_name = $LANG_DLM['unknown_uid']; } else { $submitter_name = COM_createLink($submitter_name, $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $A['owner_id']); } $path = $mytree->getNicePathFromId($A['cid'], 'title', $_CONF['site_url'] . '/downloads/index.php'); $temp = $mytree->getSepalator(); $path = substr($path, 0, strlen($path) - strlen($temp)); $path = str_replace($temp, ' <img src="' . $_CONF['site_url'] . '/downloads/images/arrow.gif" alt="arrow"' . XHTML . '> ', $path); $tags = '-'; if (!empty($A['tags'])) { $tags = getTagList($A['tags']); if (empty($tags)) { $tags = '-'; } } $notags = $tags == '-' ? 'dlm_notags' : ''; $T->set_var('lang_category', $LANG_DLM['category']); $T->set_var('category_path', $path); $T->set_var('lang_tags', $LANG_DLM['tags']); $T->set_var('tags', $tags); $T->set_var('notags', $notags); $T->set_var('lang_submitter', $LANG_DLM['submitter']); $T->set_var('submitter_name', $submitter_name); $T->set_var('lid', $A['lid']); $T->set_var('cid', $A['cid']); $T->set_var('lang_dlnow', $LANG_DLM['dlnow']); $T->set_var('dtitle', $A['title']); $T->set_var('filedetail_url', $filedetail_url); $T->set_var('visitfile_url', $visitfile_url); $T->set_var('listing_cid', $cid); $T->set_var('lang_download_button', $LANG_DLM['download_button']); $startdate = time() - 60 * 60 * 24 * 7; if ($startdate < $A['date']) { $image_new = COM_createImage($_CONF['site_url'] . '/downloads/images/newred.gif', $LANG_DLM['newthisweek']); $newdownload = '<span class="badgenew">NEW</span>'; } $T->set_var('image_newdownload', $image_new); // Image (New) $T->set_var('newdownload', $newdownload); // Badge (New) if ($A['hits'] >= $_DLM_CONF['download_popular']) { $image_pop = COM_createImage($_CONF['site_url'] . '/downloads/images/pop.gif', $LANG_DLM['popular']); $popdownload = '<span class="badgepop">POP</span>'; } $T->set_var('image_popular', $image_pop); // Image (Pop) $T->set_var('popdownload', $popdownload); // Badge (Pop) // category image $cat_title = DLM_htmlspecialchars($A['cat_title']); if ($_DLM_CONF['download_useshots'] && !empty($A['imgurl'])) { $imgurl = $_DLM_CONF['snapcat_url'] . '/' . DLM_htmlspecialchars($A['imgurl']); } else { $imgurl = $_CONF['site_url'] . '/downloads/images/download.png'; } $category_image = COM_createImage($imgurl, $cat_title, array('width' => $_DLM_CONF['download_shotwidth'])); $T->set_var('category_image', $category_image); $T->set_var('download_title', $LANG_DLM['click2dl'] . ': ' . $A['url']); $T->set_var('url', $A['url']); $T->set_var('file_description', $A['description']); $T->set_var('file_detail', $A['detail']); $T->set_var('rating', $A['rating']); if ($A['rating'] != "0" || $A['rating'] != "0.00") { $votestring = sprintf($LANG_DLM['numvotes'], $A['votes']); } $T->set_var('votestring', $votestring); if (!empty($A['mg_autotag'])) { // use the mediagallery autotag as a snapshot. $mg_autotag = str_replace(array('[', ']'), '', $A['mg_autotag']); $mg_autotag = '[' . $mg_autotag . ' width:' . $_DLM_CONF['max_tnimage_width'] . ' height:' . $_DLM_CONF['max_tnimage_height'] . ' align:left]'; $T->set_var('mg_autotag', PLG_replaceTags($mg_autotag, 'mediagallery')); $T->set_var('snapshot', ''); $T->set_var('snaplinkicon', ''); } elseif (!empty($A['logourl'])) { $safename = DLM_createSafeFileName($A['logourl']); $imgpath = $_DLM_CONF['path_tnstore'] . $safename; $imgpath = DLM_modTNPath($imgpath); $tnimgurl = $_DLM_CONF['tnstore_url'] . '/' . $safename; $tnimgurl = substr($tnimgurl, 0, -3) . substr($imgpath, -3); // align the extension $sizeattributes = DLM_getImgSizeAttr($imgpath); $T->set_var('snapshot_url', $_DLM_CONF['snapstore_url'] . '/' . $safename); $T->set_var('thumbnail_url', $tnimgurl); $T->set_var('snapshot_sizeattr', $sizeattributes); $T->set_var('lang_click2see', $LANG_DLM['click2see']); $T->set_var('show_snapshoticon', ''); $T->set_var('show_snapshoticon_na', 'none'); $T->set_var('mg_autotag', ''); if ($_DLM_CONF['show_tn_image']) { $T->parse('snapshot', 'tsnapshot'); } else { $T->parse('snaplinkicon', 'tsnaplinkicon'); } } else { $tnimgurl = $_CONF['site_url'] . '/downloads/images/blank.png'; $T->set_var('thumbnail_url', $tnimgurl); $T->set_var('snapshot_url', $_CONF['site_url'] . '/downloads/index.php'); $T->set_var('snapshot_sizeattr', 'width="200" height="200" '); $T->set_var('show_snapshoticon', 'none'); $T->set_var('show_snapshoticon_na', ''); $T->parse('snapshot', 'tsnapshot'); $T->set_var('snaplinkicon', ''); $T->set_var('mg_autotag', ''); } $T->set_var('lang_version', $LANG_DLM['ver']); $T->set_var('lang_rating', $LANG_DLM['ratingc']); $T->set_var('lang_submitdate', $LANG_DLM['submitdate']); $T->set_var('lang_size', $LANG_DLM['size']); $T->set_var('datetime', $A['datetime']); $T->set_var('version', $A['version']); // Check if restricted access has been enabled for download report to admin's only if ($A['hits'] > 0 && DLM_hasAccess_history()) { $T->set_var('begin_dlreport_link', '<a href="' . COM_buildURL($_CONF['site_url'] . '/downloads/history.php?lid=' . $A['lid']) . '">'); $T->set_var('end_dlreport_link', '</a>'); } else { $T->set_var('begin_dlreport_link', ''); $T->set_var('end_dlreport_link', ''); } $T->set_var('download_times', sprintf($LANG_DLM['dltimes'], $A['hits'])); $T->set_var('download_count', $A['hits']); $T->set_var('lang_popularity', $LANG_DLM['popularity']); $T->set_var('lang_filesize', $LANG_DLM['filesize']); $T->set_var('file_size', DLM_PrettySize($A['size'])); $T->set_var('homepage_url', $A['homepage']); $T->set_var('homepage_link', '-'); if (!empty($A['homepage'])) { $T->set_var('homepage_link', COM_makeClickableLinks($A['homepage'])); } $T->set_var('lang_homepage', $LANG_DLM['homepage']); $T->set_var('lang_download', $LANG_DLM['download']); $T->set_var('lang_filelink', $LANG_DLM['filelink']); $T->set_var('lang_permalink', $LANG_DLM['permalink']); $T->set_var('lang_ratethisfile', $LANG_DLM['ratethisfile']); $T->set_var('lang_edit', $LANG_DLM['edit']); $T->set_var('show_editlink', $_DLM_CONF['has_edit_rights'] ? '' : 'none'); $T->set_var('lang_md5_checksum', $LANG_DLM['md5_checksum']); $T->set_var('md5_checksum', $A['md5']); if ($A['commentcode'] == 0) { $commentCount = DB_count($_TABLES['comments'], 'sid', addslashes($A['lid'])); $recentPostMessage = $LANG_DLM['commentswanted']; if ($commentCount > 0) { $result4 = DB_query("SELECT cid, UNIX_TIMESTAMP(date) AS day, username " . "FROM {$_TABLES['comments']}, {$_TABLES['users']} " . "WHERE {$_TABLES['users']}.uid = {$_TABLES['comments']}.uid " . "AND sid = '" . addslashes($A['lid']) . "' " . "ORDER BY date DESC LIMIT 1"); $C = DB_fetchArray($result4); $recentPostMessage = $LANG01[27] . ': ' . strftime($_CONF['daytime'], $C['day']) . ' ' . $LANG01[104] . ' ' . $C['username']; $comment_link = COM_createLink($commentCount . ' ' . $LANG01[3], $filedetail_url, array('title' => $recentPostMessage)); } else { $A['title'] = str_replace(''', "'", $A['title']); $A['title'] = str_replace('&', '&', $A['title']); $url = $_CONF['site_url'] . '/comment.php?type=downloads&sid=' . $A['lid'] . '&title=' . rawurlencode($A['title']); $comment_link = COM_createLink($LANG_DLM['entercomment'], $url, array('title' => $recentPostMessage)); } $T->set_var('comment_link', $comment_link); $T->set_var('show_comments', ''); } else { $T->set_var('show_comments', 'none'); } }
/** * Returns formatted field values for the moderation lists * */ function MODERATE_getListField($fieldname, $fieldvalue, $A, $icon_arr, $token) { global $_CONF, $_USER, $_TABLES, $LANG_ADMIN, $LANG28, $LANG29, $_IMAGE_TYPE; $retval = ''; $type = ''; if (isset($A['_type_']) && !empty($A['_type_'])) { $type = $A['_type_']; } else { return $retval; // we can't work without an item type } $dt = new Date('now', $_USER['tzid']); $field = $fieldname; $field = $type == 'user' && $fieldname == 1 ? 'user' : $field; $field = $type == 'story' && $fieldname == 2 ? 'day' : $field; $field = $type == 'story' && $fieldname == 3 ? 'tid' : $field; $field = $type == 'user' && $fieldname == 3 ? 'email' : $field; $field = $type != 'user' && $fieldname == 4 ? 'uid' : $field; $field = $type == 'user' && $fieldname == 4 ? 'day' : $field; switch ($field) { case 'edit': $retval = COM_createLink($icon_arr['edit'], $A['edit']); break; case 'user': $retval = '<img src="' . $_CONF['layout_url'] . '/images/admin/user.' . $_IMAGE_TYPE . '" style="vertical-align:bottom;"/> ' . $fieldvalue; break; case 'day': $dt->setTimeStamp($A['day']); $retval = $dt->format($_CONF['daytime'], true); break; case 'tid': $retval = DB_getItem($_TABLES['topics'], 'topic', "tid = '" . DB_escapeString($A['tid']) . "'"); break; case 'uid': if (!isset($A['uid'])) { $A['uid'] = 1; } // lookup the username from the uid $username = DB_getItem($_TABLES['users'], 'username', "uid = " . (int) $A['uid']); if ($A['uid'] == 1) { // anonymous user $retval = $icon_arr['greyuser'] . ' ' . '<span style="vertical-align:top">' . $username . '</span>'; } else { $attr['title'] = $LANG28[108]; $url = $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $A['uid']; $retval = COM_createLink($icon_arr['user'], $url, $attr); $retval .= ' '; $attr['style'] = 'vertical-align:top;'; $retval .= COM_createLink($username, $url, $attr); } break; case 'email': $url = 'mailto:' . $fieldvalue; $attr['title'] = $LANG28[111]; $retval = COM_createLink($icon_arr['mail'], $url, $attr); $retval .= ' '; $attr['title'] = $LANG28[99]; $url = $_CONF['site_admin_url'] . '/mail.php?uid=' . $A['uid']; $attr['style'] = 'vertical-align:top;'; $retval .= COM_createLink($fieldvalue, $url, $attr); break; case 'approve': $retval = ''; $attr['title'] = $LANG29[1]; $attr['onclick'] = 'return confirm(\'' . $LANG29[48] . '\');'; $retval .= COM_createLink($icon_arr['accept'], $_CONF['site_admin_url'] . '/moderation.php' . '?approve=x' . '&type=' . $A['_type_'] . '&id=' . $A[0] . '&' . CSRF_TOKEN . '=' . $token, $attr); break; case 'delete': $retval = ''; $attr['title'] = $LANG_ADMIN['delete']; $attr['onclick'] = 'return confirm(\'' . $LANG29[49] . '\');'; $retval .= COM_createLink($icon_arr['delete'], $_CONF['site_admin_url'] . '/moderation.php' . '?delete=x' . '&type=' . $A['_type_'] . '&id=' . $A[0] . '&' . CSRF_TOKEN . '=' . $token, $attr); break; default: $retval = COM_makeClickableLinks($fieldvalue); break; } return $retval; }
/** * This is the second most importantest bit. This function must load the * title, intro and body of the article from the post array, removing all * HTML mode content into the nice safe form that geeklog can then (simply) * spit back out into the page on render. After doing a magic tags * replacement. And nl2br. * * This DOES NOT ADDSLASHES! We do that on DB store, because we want to * keep our internal variables in "display mode", not in db mode or anything. * * @param $title string posttitle, only had stripslashes if necessary * @param $intro string introtext, only had stripslashes if necessary * @param $body string bodytext, only had stripslashes if necessary * @return nothing * @access private */ function _plainTextLoadStory($title, $intro, $body) { $this->_title = htmlspecialchars(strip_tags(COM_checkWords($title))); // Remove any autotags the user doesn't have permission to use $intro = PLG_replaceTags($intro, '', true); $body = PLG_replaceTags($body, '', true); $this->_introtext = COM_makeClickableLinks(htmlspecialchars(COM_checkWords($intro))); $this->_bodytext = COM_makeClickableLinks(htmlspecialchars(COM_checkWords($body))); }