public static function arraySimpleXml($name, $data, $type = 'simple') { $xml = '<' . $name . ' '; foreach ($data as $key => $value) { if (!empty($value)) { $value = fn_html_escape($value); $xml .= $key . '="' . $value . '" '; } } if ($type == 'open') { $xml .= '>'; } else { $xml .= '/>'; } return $xml; }
function fn_google_sitemap_print_item_info($links, $lmod, $frequency, $priority) { $item = ''; foreach ($links as $link) { $link = fn_html_escape($link); $item .= <<<ITEM <url> <loc>{$link}</loc> <lastmod>{$lmod}</lastmod> <changefreq>{$frequency}</changefreq> <priority>{$priority}</priority> </url> ITEM; } return $item; }
if (!empty($product['product_type']) && $product['product_type'] == 18) { $settings_shipping_spsr['insurance_type'] = 'INS'; } } } } if ($settings_shipping_spsr['insurance_type'] == 'INS') { $total_invoices_cost_ins += $invoice['cost']; } if ($settings_shipping_spsr['insurance_type'] == 'VAL') { $total_invoices_cost_val += $invoice['cost']; } if (!empty($spsr_invoice['delivery_date'])) { $spsr_invoice['delivery_date'] = date('Y-m-d', fn_parse_date($spsr_invoice['delivery_date'])) . 'T00:00:00.000'; } $invoice_for_xml = array('Action' => "N", 'ShipRefNum' => $invoice['ship_ref_num'], 'PickUpType' => $spsr_invoice['pick_up_type'], 'ProductCode' => $spsr_invoice['invoice_product_code'], 'FullDescription' => fn_html_escape($invoice_full_desc), 'PiecesCount' => count($packages), 'DeliveryDate' => $spsr_invoice['delivery_date'], 'DeliveryTime' => $spsr_invoice['delivery_time'], 'InsuranceType' => $additional_params['insurance_type'], 'InsuranceSum' => $invoice['cost']); if ($settings_shipping_spsr['cod'] == 1) { $invoice_for_xml['CODGoodsSum'] = $invoice['cost'] + $invoice['invoice_shipping_cost']; $invoice_for_xml['CODDeliverySum'] = $invoice['invoice_shipping_cost']; $total_invoices_cost_cod += $invoice_for_xml['CODGoodsSum']; } $invoice_xml = RusSpsr::invoiceXml($invoice_for_xml, $pieces_xml, $shipper_xml, $receiver_xml, $additional_services_xml, $sms_xml); $save_data['invoices'][$shipment_id] = $invoice; $save_data['invoices'][$shipment_id]['shipper'] = $shipper_for_xml; $save_data['invoices'][$shipment_id]['receiver_xml'] = $receiver_for_xml; $save_data['invoices'][$shipment_id]['invoice_for_xml'] = $invoice_for_xml; $invoices_xml = array_merge($invoices_xml, $invoice_xml); } else { unset($invoices[$invoice_key]); } }
public function destruct($content = '') { static $called = false; if ($called == false && $this->_internal_request) { $called = true; $text = $this->_request_type != self::REQUEST_COMET ? ob_get_clean() : ''; if (empty($text) && !empty($content)) { $text = $content; } if (!empty($this->result_ids)) { $result_ids = array(); // get the matching ids foreach ($this->result_ids as $r_id) { if (strpos($r_id, '*')) { $clear_id = str_replace('*', '\\w+?', $r_id); preg_match_all('/<[^>]*?id=(?:\'|")(' . $clear_id . '\\w*?)(?:\'|")[^>]*?>/isS', $text, $ids); if (!empty($ids[1])) { foreach ($ids[1] as $r_id2) { $result_ids[] = $r_id2; } } } else { $result_ids[] = $r_id; } } foreach ($result_ids as $r_id) { if (strpos($text, ' id="' . $r_id . '">') !== false) { $start = strpos($text, ' id="' . $r_id . '">') + strlen(' id="' . $r_id . '">'); $end = strpos($text, '<!--' . $r_id . '--></'); $this->assignHtml($r_id, substr($text, $start, $end - $start)); // Assume that all data should be put to div with this ID } elseif ($this->_skip_result_ids_check == true) { $this->assignHtml($r_id, $text); } } if ($this->full_render && preg_match('/<title>(.*?)<\\/title>/s', $text, $m)) { $this->assign('title', html_entity_decode($m[1], ENT_QUOTES)); } // Fix for payment processor form, should be removed after payments refactoring if (Embedded::isEnabled() && empty($this->_result['html']) && $this->_skip_result_ids_check == false && !empty($text)) { foreach ($this->result_ids as $r_id) { $text .= '<script type="text/javascript">if (document.process) { document.process.target="_parent"; document.process.submit(); }</script>'; $this->assignHtml($r_id, $text); break; } } $text = ''; } if (empty($this->_result['non_ajax_notifications'])) { $this->assign('notifications', fn_get_notifications()); } if (Embedded::isEnabled()) { $this->assign('session_data', array('name' => Session::getName(), 'id' => Session::getId())); } if (!empty($this->anchor)) { $this->assign('anchor', $this->anchor); } // we call session saving directly session_write_close(); // Prepare response $response = $this->_result; if (fn_string_not_empty($text)) { $response['text'] = trim($text); } $response = json_encode($response, JSON_UNESCAPED_UNICODE); if (!headers_sent()) { header(' ', true, 200); // force 200 header, because we still need to return content if (Embedded::isEnabled() || $this->_request_type == self::REQUEST_JSONP_POST) { header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"'); // for IE cors } } if ($this->_request_type == self::REQUEST_XML) { // Return json object header('Content-type: ' . $this->_content_type . '; charset=' . CHARSET); } elseif ($this->_request_type == self::REQUEST_JSONP) { // Return jsonp object header('Content-type: ' . $this->_content_type . '; charset=' . CHARSET); $response = $this->callback . '(' . $response . ');'; } elseif ($this->_request_type == self::REQUEST_JSONP_POST) { // Return jsonp object header("X-Frame-Options: ", true); $response = '<script type="text/javascript" src="' . Registry::get('config.current_location') . '/js/lib/jquery/jquery.min.js' . '"></script> <script type="text/javascript" src="' . Registry::get('config.current_location') . '/js/lib/postmessage/jquery.ba-postmessage.js' . '"></script> <script type="text/javascript"> var Tygh = {}; Tygh.$ = jQuery.noConflict(true); </script> <script type="text/javascript">Tygh.$.postMessage( "' . fn_js_escape($response) . '",\'' . Embedded::getUrl() . '\');</script>'; } else { // Return html textarea object $response = '<textarea>' . fn_html_escape($response) . '</textarea>'; } fn_echo($response); } }
protected function body($file) { $offered = array(); if ($this->options['disable_cat_d'] == "Y") { $visible_categories = $this->getVisibleCategories(); } $fields = array('p.product_id', 'p.product_code', 'd.lang_code', 'pc.category_id', 'cd.category', 'pp.price', 'p.list_price', 'p.status', 'p.amount', 'p.weight', 'p.shipping_freight', 'p.free_shipping', 'd.product', 'd.full_description', 'p.company_id', 'p.tracking', 'p.list_price', 'p.yml_brand', 'p.yml_origin_country', 'p.yml_store', 'p.yml_pickup', 'p.yml_delivery', 'p.yml_adult', 'p.yml_cost', 'p.yml_export_yes', 'p.yml_bid', 'p.yml_cbid', 'p.yml_model', 'p.yml_sales_notes', 'p.yml_type_prefix', 'p.yml_market_category', 'p.yml_manufacturer_warranty', 'p.yml_seller_warranty'); $fields[] = "(\n SELECT GROUP_CONCAT(IF(pc2.link_type = 'M', CONCAT(pc2.category_id, 'M'), pc2.category_id))\n FROM ?:products_categories as pc2\n WHERE product_id = p.product_id\n ) as category_ids"; $joins = array(db_quote("LEFT JOIN ?:product_descriptions as d ON d.product_id = p.product_id AND d.lang_code = ?s", $this->lang_code), db_quote("LEFT JOIN ?:product_prices as pp" . " ON pp.product_id = p.product_id AND pp.lower_limit = 1 AND pp.usergroup_id = 0"), db_quote("LEFT JOIN ?:products_categories as pc ON pc.product_id = p.product_id AND pc.link_type = ?s", 'M'), db_quote("LEFT JOIN ?:category_descriptions as cd ON cd.category_id = pc.category_id AND cd.lang_code = ?s", $this->lang_code)); $condition = ''; if ($this->company_id > 0) { $condition .= db_quote(' AND company_id = ?i', $this->company_id); } $product_ids = db_get_fields("SELECT product_id FROM ?:products WHERE yml_export_yes = ?s AND status = ?s " . $condition, 'Y', 'A'); $offset = 0; while ($ids = array_slice($product_ids, $offset, self::ITERATION_ITEMS)) { $offset += self::ITERATION_ITEMS; $products = db_get_array('SELECT ' . implode(', ', $fields) . ' FROM ?:products as p' . ' ' . implode(' ', $joins) . ' WHERE p.product_id IN(?n)', $ids); $products_images_main = fn_get_image_pairs($ids, 'product', 'M', false, true, $this->lang_code); $products_images_additional = fn_get_image_pairs($ids, 'product', 'A', false, true, $this->lang_code); $params = array('get_options' => false, 'get_taxed_prices' => false, 'detailed_params' => false); fn_gather_additional_products_data($products, $params); foreach ($products as $k => &$product) { $is_broken = false; $price = !floatval($product['price']) ? fn_parse_price($product['price']) : intval($product['price']); if ($this->options['export_null_price'] == 'N' && empty($price)) { $is_broken = true; } if (in_array($product['category_id'], $this->disabled_category_ids)) { $is_broken = true; } if ($this->options['disable_cat_d'] == 'Y' && !in_array($product['category_id'], $visible_categories)) { $is_broken = true; } $product['product'] = $this->escape($product['product']); $product['full_description'] = $this->escape($product['full_description']); $product['product_features'] = $this->getProductFeatures($product); $product['brand'] = $this->getBrand($product); if ($this->options['export_type'] == 'vendor_model') { if (empty($product['brand']) || empty($product['yml_model'])) { $is_broken = true; } } if ($product['tracking'] == 'O') { $product['amount'] = db_get_field("SELECT SUM(amount) FROM ?:product_options_inventory WHERE product_id = ?i", $product['product_id']); } if ($this->options['export_stock'] == 'Y' && $product['amount'] <= 0) { $is_broken = true; } if ($is_broken) { unset($products[$k]); continue; } $product['product_url'] = fn_html_escape(fn_url('products.view?product_id=' . $product['product_id'])); // Images $images = array_merge($products_images_main[$product['product_id']], $products_images_additional[$product['product_id']]); $product['images'] = array_slice($images, 0, self::IMAGES_LIMIT); list($key, $value) = $this->offer($product); $offered[$key] = $value; } if (!empty($offered)) { fwrite($file, fn_yandex_market_array_to_yml($offered)); unset($offered); } } }
function fn_array_to_xml($data) { if (!is_array($data)) { return fn_html_escape($data); } $return = ''; foreach ($data as $key => $value) { $attr = ''; if (is_array($value) && is_numeric(key($value))) { foreach ($value as $k => $v) { $arr = array($key => $v); $return .= fn_array_to_xml($arr); unset($value[$k]); } unset($data[$key]); continue; } if (strpos($key, '@') !== false) { $data = explode('@', $key); $key = $data[0]; unset($data[0]); if (count($data) > 0) { foreach ($data as $prop) { if (strpos($prop, '=') !== false) { $prop = explode('=', $prop); $attr .= ' ' . $prop[0] . '="' . $prop[1] . '"'; } else { $attr .= ' ' . $prop . '=""'; } } } } $return .= '<' . $key . $attr . '>' . fn_array_to_xml($value) . '</' . $key . '>'; } return $return; }
function fn_compact_value($value, $max_width) { $escaped = false; $length = strlen($value); $new_value = $value = fn_html_escape($value, true); if (strlen($new_value) != $length) { $escaped = true; } if ($length > $max_width) { $len_to_strip = $length - $max_width; $center_pos = $length / 2; $new_value = substr($value, 0, $center_pos - $len_to_strip / 2) . '...' . substr($value, $center_pos + $len_to_strip / 2); } return $escaped == true ? fn_html_escape($new_value) : $new_value; }
public static function piecesXml($pieces) { $xml = array(); if (!empty($pieces)) { $invoice_full_desc = ''; $xml[] = ' <Pieces>'; foreach ($pieces as $piece_key => $piece) { $piece_for_xml = array('PieceID' => $piece['barcode'], 'Description' => $piece['data']['description'], 'ClientBarcode' => $piece['data']['barcode'], 'Weight' => $piece['data']['weight'], 'Length' => $piece['data']['length'], 'Width' => $piece['data']['width'], 'Depth' => $piece['data']['height']); $xml[] = ' ' . self::arraySimpleXml('Piece', $piece_for_xml, 'open'); foreach ($piece['data']['products'] as $subpice) { if ($subpice['product'] != 'Доставка') { $subpice_for_xml = array('Description' => fn_html_escape($subpice['product']), 'Cost' => $subpice['price'], 'ProductCode' => $subpice['product_code'], 'Quantity' => $subpice['amount']); $xml[] = ' ' . self::arraySimpleXml('SubPiece', $subpice_for_xml); $invoice_full_desc .= $subpice['product_code'] . ' ' . $subpice['product'] . '; '; } } $xml[] = ' </Piece>'; } $xml[] = ' </Pieces>'; } return array($xml, $invoice_full_desc); }
/** * Destructor: cache output and display valid javascript code */ function __destruct() { static $called = false; if ($called == false && !defined('AJAX_REDIRECT')) { $called = true; $text = ob_get_clean(); if (!empty($this->result_ids)) { foreach ($this->result_ids as $r_id) { if (strpos($text, ' id="' . $r_id . '">') !== false) { $start = strpos($text, ' id="' . $r_id . '">') + strlen(' id="' . $r_id . '">'); $end = strpos($text, '<!--' . $r_id . '--></'); $this->assign_html($r_id, substr($text, $start, $end - $start)); } } $text = ''; } $this->assign('notifications', fn_get_notifications()); // we call session saving directly session_write_close(); if ($this->request_type == self::REQUEST_XML) { header('Content-type: ' . $this->content_type); // Return json object echo '{text: ' . $this->php2js(trim($text)) . ', data : ' . $this->php2js($this->_result) . '}'; } else { // Return html textarea object echo '<textarea>' . fn_html_escape('{text: ' . $this->php2js(trim($text)) . ', data : ' . $this->php2js($this->_result) . '}') . '</textarea>'; } } }
/** * Add/remove html special chars * * @param mixed $data data to filter * @param bool $revert if true, decode special chars * @return mixed filtered variable */ function fn_html_escape($data, $revert = false) { if (is_array($data)) { foreach ($data as $k => $sub) { if (is_string($k)) { $_k = $revert == false ? htmlspecialchars($k, ENT_QUOTES, 'UTF-8') : htmlspecialchars_decode($k, ENT_QUOTES); if ($k != $_k) { unset($data[$k]); } } else { $_k = $k; } if (is_array($sub) === true) { $data[$_k] = fn_html_escape($sub, $revert); } elseif (is_string($sub)) { $data[$_k] = $revert == false ? htmlspecialchars($sub, ENT_QUOTES, 'UTF-8') : htmlspecialchars_decode($sub, ENT_QUOTES); } } } else { $data = $revert == false ? htmlspecialchars($data, ENT_QUOTES, 'UTF-8') : htmlspecialchars_decode($data, ENT_QUOTES); } return $data; }
function fn_mailru_array_to_yml($data, $level = 0) { if (!is_array($data)) { return fn_html_escape($data); } $return = ''; foreach ($data as $key => $value) { $attr = ''; if (is_array($value) && is_numeric(key($value))) { foreach ($value as $k => $v) { $arr = array($key => $v); $return .= fn_array_to_xml($arr); unset($value[$k]); } unset($data[$key]); continue; } if (strpos($key, '@') !== false) { $data = explode('@', $key); $key = $data[0]; unset($data[0]); if (count($data) > 0) { foreach ($data as $prop) { if (strpos($prop, '=') !== false) { $prop = explode('=', $prop); $attr .= ' ' . $prop[0] . '="' . $prop[1] . '"'; } else { $attr .= ' ' . $prop . '=""'; } } } } $tab = str_repeat(" ", $level); if (empty($value)) { if ($key == 'local_delivery_cost') { $return .= $tab . "<" . $key . $attr . ">" . fn_mailru_array_to_yml($value, $level + 1) . '</' . $key . ">\n"; } else { $return .= $tab . "<" . $key . $attr . "/>\n"; } } elseif (is_array($value)) { $return .= $tab . "<" . $key . $attr . ">\n" . fn_mailru_array_to_yml($value, $level + 1) . '</' . $key . ">\n"; } else { $return .= $tab . "<" . $key . $attr . '>' . fn_mailru_array_to_yml($value, $level + 1) . '</' . $key . ">\n"; } } return $return; }
function get_var($var, $default = NULL) { if (!isset($this->_tpl_vars[$var])) { $this->_tpl_vars[$var] = $default === NULL ? array() : $default; } return fn_html_escape($this->_tpl_vars[$var], true); }
/** * Smarty escape modifier plugin * * Type: modifier<br> * Name: escape<br> * Purpose: Escape the string according to escapement type * @link http://smarty.php.net/manual/en/language.modifier.escape.php * escape (Smarty online manual) * @author Monte Ohrt <monte at ohrt dot com> * @param string * @param html|htmlall|url|quotes|hex|hexentity|javascript * @return string */ function smarty_modifier_escape($string, $esc_type = 'html', $char_set = 'ISO-8859-1') { if (is_array($string)) { foreach ($string as $k => $sub) { $string[$k] = smarty_modifier_escape($sub, $esc_type, $char_set); } } else { if (strpos($string, 'class="cm-translate') !== false) { return $string; } $string = fn_html_escape($string, true); switch ($esc_type) { case 'html': return fn_html_escape($string); case 'htmlall': return htmlentities($string, ENT_QUOTES, $char_set); case 'url': return rawurlencode($string); case 'urlpathinfo': return str_replace('%2F', '/', rawurlencode($string)); case 'quotes': // escape unescaped single quotes return preg_replace("%(?<!\\\\)'%", "\\'", $string); case 'hex': // escape every character into hex $return = ''; for ($x = 0; $x < strlen($string); $x++) { $return .= '%' . bin2hex($string[$x]); } return $return; case 'hexentity': $return = ''; for ($x = 0; $x < strlen($string); $x++) { $return .= '&#x' . bin2hex($string[$x]) . ';'; } return $return; case 'decentity': $return = ''; for ($x = 0; $x < strlen($string); $x++) { $return .= '&#' . ord($string[$x]) . ';'; } return $return; case 'javascript': // escape quotes and backslashes, newlines, etc. return strtr($string, array('\\' => '\\\\', "'" => "\\'", '"' => '\\"', "\r" => '\\r', "\n" => '\\n', '</' => '<\\/')); case 'mail': // safe way to display e-mail address on a web page return str_replace(array('@', '.'), array(' [AT] ', ' [DOT] '), $string); case 'nonstd': // escape non-standard chars, such as ms document quotes $_res = ''; for ($_i = 0, $_len = strlen($string); $_i < $_len; $_i++) { $_ord = ord(substr($string, $_i, 1)); // non-standard char, escape it if ($_ord >= 126) { $_res .= '&#' . $_ord . ';'; } else { $_res .= substr($string, $_i, 1); } } return $_res; default: return $string; } } return $string; }
/** * Smarty plugin * @package Smarty * @subpackage plugins */ function smarty_modifier_unescape($data) { return fn_html_escape($data, true); }
/** * Add/remove html special chars * * @param mixed $data data to filter * @param boolean $revert if true, decode special chars * @return mixed filtered variable */ function fn_html_escape($data, $revert = false) { if (is_array($data)) { foreach ($data as $k => $sub) { if (is_array($sub) === true) { $data[$k] = fn_html_escape($sub, $revert); } else { $data[$k] = $revert == false ? htmlspecialchars($sub, ENT_QUOTES, 'UTF-8') : htmlspecialchars_decode($sub, ENT_QUOTES); } } } else { $data = $revert == false ? htmlspecialchars($data, ENT_QUOTES, 'UTF-8') : htmlspecialchars_decode($data, ENT_QUOTES); } return $data; }
function fn_statistics_track_robots($tpl_output, &$view) { if (strpos($tpl_output, '<title>') === false) { return $tpl_output; } $sess_id = db_get_field('SELECT sess_id FROM ?:stat_sessions WHERE uniq_code = ?i AND timestamp > ?i', fn_crc32($_SERVER['HTTP_USER_AGENT']), TIME - 24 * 60 * 60); if (empty($sess_id)) { $ip = fn_get_ip(true); $referer = !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; $parse_url = parse_url($referer); $stat_data = array('user_agent' => $_SERVER['HTTP_USER_AGENT'], 'host_ip' => $ip['host'], 'proxy_ip' => $ip['proxy'], 'client_language' => $_SERVER['HTTP_ACCEPT_LANGUAGE'], 'ip_id' => fn_stat_ip_exist($ip), 'client_type' => 'B', 'robot' => CRAWLER, 'referrer' => $referer, 'timestamp' => TIME, 'referrer_scheme' => empty($parse_url['scheme']) ? '' : $parse_url['scheme'], 'referrer_host' => empty($parse_url['host']) ? '' : $parse_url['host'], 'expiry' => 0, 'uniq_code' => fn_crc32($_SERVER['HTTP_USER_AGENT'])); $request_type = STAT_LAST_REQUEST; $sess_id = db_query('INSERT INTO ?:stat_sessions ?e', $stat_data); $last_url = ''; } else { $last_url = db_get_field("SELECT url FROM ?:stat_requests WHERE sess_id = ?i AND (request_type & ?i) = ?i", $sess_id, STAT_LAST_REQUEST, STAT_LAST_REQUEST); db_query("UPDATE ?:stat_requests SET request_type = request_type & " . STAT_ORDINARY_REQUEST . " WHERE sess_id = ?s", $sess_id); $request_type = STAT_END_REQUEST; } // Add to stat requests $this_url = fn_stat_prepare_url(REAL_URL); if ($last_url != $this_url) { $title = ''; if (preg_match_all('/\\<title\\>(.*?)\\<\\/title\\>/', $tpl_output, $m)) { $title = fn_html_escape($m[1][0], true); } $ve = array('sess_id' => $sess_id, 'timestamp' => TIME, 'url' => $this_url, 'title' => $title, 'https' => defined('HTTPS') ? 'Y' : 'N', 'loadtime' => microtime(true) - MICROTIME, 'request_type' => $request_type); db_query("INSERT INTO ?:stat_requests ?e", $ve); } return $tpl_output; }