function html_purify($dirty_html, $config = FALSE)
 {
     require_once APPPATH . 'third_party/htmlpurifier-4.6.0-standalone/HTMLPurifier.standalone.php';
     if (is_array($dirty_html)) {
         foreach ($dirty_html as $key => $val) {
             $clean_html[$key] = html_purify($val, $config);
         }
     } else {
         $ci =& get_instance();
         switch ($config) {
             //settings for rhe WYSIWYG
             case 'comment':
                 $config = HTMLPurifier_Config::createDefault();
                 $config->set('Core.Encoding', $ci->config->item('charset'));
                 $config->set('HTML.Doctype', 'XHTML 1.0 Strict');
                 $config->set('HTML.Allowed', 'a[href|title],img[title|src|alt],em,strong,cite,blockquote,code,ul,ol,li,dl,dt,dd,p,br,h1,h2,h3,h4,h5,h6,span,*[style]');
                 $config->set('AutoFormat.AutoParagraph', TRUE);
                 $config->set('AutoFormat.Linkify', TRUE);
                 $config->set('AutoFormat.RemoveEmpty', TRUE);
                 break;
             case FALSE:
                 $config = HTMLPurifier_Config::createDefault();
                 $config->set('Core.Encoding', $ci->config->item('charset'));
                 $config->set('HTML.Doctype', 'XHTML 1.0 Strict');
                 break;
             default:
                 show_error('The HTMLPurifier configuration labeled "' . htmlentities($config, ENT_QUOTES, 'UTF-8') . '" could not be found.');
         }
         $purifier = new HTMLPurifier($config);
         $clean_html = $purifier->purify($dirty_html);
     }
     return $clean_html;
 }
    /**
     * Methode to compile a Smarty template
     * 
     * @param  $_content template source
     * @return bool true if compiling succeeded, false if it failed
     */
    protected function doCompile($_content)
    {
        /* here is where the compiling takes place. Smarty
       tags in the templates are replaces with PHP code,
       then written to compiled files. */ 
        // init the lexer/parser to compile the template
        $this->lex = new $this->lexer_class($_content, $this);
        $this->parser = new $this->parser_class($this->lex, $this);
        if (isset($this->smarty->_parserdebug)) $this->parser->PrintTrace(); 
        // get tokens from lexer and parse them
        while ($this->lex->yylex() && !$this->abort_and_recompile) {
            if (isset($this->smarty->_parserdebug)) echo "<pre>Line {$this->lex->line} Parsing  {$this->parser->yyTokenName[$this->lex->token]} Token " . htmlentities($this->lex->value) . "</pre>";
            $this->parser->doParse($this->lex->token, $this->lex->value);
        } 

        if ($this->abort_and_recompile) {
            // exit here on abort
            return false;
        } 
        // finish parsing process
        $this->parser->doParse(0, 0); 
        // check for unclosed tags
        if (count($this->_tag_stack) > 0) {
            // get stacked info
            list($_open_tag, $_data) = array_pop($this->_tag_stack);
            $this->trigger_template_error("unclosed {" . $_open_tag . "} tag");
        } 
        // return compiled code
        // return str_replace(array("? >\n<?php","? ><?php"), array('',''), $this->parser->retvalue);
        return $this->parser->retvalue;
    } 
Example #3
1
 public static function toXml($data, $rootNodeName = 'data', $xml = null)
 {
     // turn off compatibility mode as simple xml throws a wobbly if you don't.
     if (ini_get('zend.ze1_compatibility_mode') == 1) {
         ini_set('zend.ze1_compatibility_mode', 0);
     }
     if ($xml == null) {
         $xml = simplexml_load_string("<?xml version='1.0' encoding='utf-8'?><{$rootNodeName} />");
     }
     // loop through the data passed in.
     foreach ($data as $key => $value) {
         // no numeric keys in our xml please!
         if (is_numeric($key)) {
             // make string key...
             $key = "child_" . (string) $key;
         }
         // replace anything not alpha numeric
         $key = preg_replace('/[^a-z]/i', '', $key);
         // if there is another array found recrusively call this function
         if (is_array($value)) {
             $node = $xml->addChild($key);
             // recrusive call.
             ArrayToXML::toXml($value, $rootNodeName, $node);
         } else {
             // add single node.
             $value = htmlentities($value);
             $xml->addChild($key, $value);
         }
     }
     // pass back as string. or simple xml object if you want!
     return $xml->asXML();
 }
Example #4
0
 public function addeditBanner($Data, $id)
 {
     if ($id == 0) {
         $fields = 'title';
         $_POST['md_title'] = htmlentities($_POST['md_title'], ENT_QUOTES);
         $_POST['md_description'] = htmlentities($_POST['md_description'], ENT_QUOTES);
         if ($_FILES['db_background']['name'] != '') {
             $fileName = removeUnsed($_FILES['db_background']['name']);
             move_uploaded_file($_FILES['db_background']['tmp_name'], UPLOAD_ROOT_PATH . $fileName);
             $FileNameArray = pathinfo('upload/' . $fileName);
             mpeg2flv('upload/' . $fileName, $FileNameArray['filename']);
             $_POST['db_background'] = $fileName;
             $fields .= ', background';
             //$fieldValues .=",'".htmlspecialchars($_POST['db_background'],ENT_QUOTES)."'";
             $_POST['db_background'] = htmlentities($_POST['db_background'], ENT_QUOTES);
         }
     } else {
         if (isset($_POST['video_name'])) {
             $_POST['db_background'] = $_POST['video_name'];
         }
     }
     $query = $this->db->query("select title from tbl_banner where id!=" . $id . " and title='" . $Data['md_title'] . "'");
     $RsCount = $query->result_array();
     if (count($RsCount) == 0) {
         if ($id == 0) {
             $this->insertFormContent();
         } else {
             $this->updateFormContent($id);
         }
         return $id;
     } else {
         return 0;
     }
 }
Example #5
0
 public static function msg($msg, $type)
 {
     $core = core::getInstance();
     if (ROOT == './') {
         $class = array('error' => 'error', 'success' => 'success', 'info' => 'info', 'warning' => 'warning');
         if (!isset($class[$type])) {
             $type = 'info';
         }
         $data = '';
         eval($core->callHook('startShowMsg'));
         if ($msg != '') {
             $data = '<div id="msg" class="' . $class[$type] . '"><p>' . nl2br(htmlentities($msg)) . '</p></div>';
         }
     } else {
         $class = array('error' => 'alert', 'success' => 'success', 'info' => 'info', 'warning' => 'warning');
         if (!isset($class[$type])) {
             $type = 'info';
         }
         $data = '';
         eval($core->callHook('startShowMsg'));
         if ($msg != '') {
             $data = '<div data-alert class="alert-box ' . $class[$type] . ' radius">
  	                                <p>' . nl2br(htmlentities($msg)) . '</p><a href="#" class="close">&times;</a>
  	                        </div>';
         }
     }
     eval($core->callHook('endShowMsg'));
     echo $data;
 }
/**
 * Prints one ore more errormessages on screen
 *
 * @param array Errormessages
 * @param string A %s in the errormessage will be replaced by this string.
 * @author Florian Lippert <*****@*****.**>
 * @author Ron Brand <*****@*****.**>
 */
function standard_error($errors = '', $replacer = '')
{
    global $userinfo, $s, $header, $footer, $lng, $theme;
    $_SESSION['requestData'] = $_POST;
    $replacer = htmlentities($replacer);
    if (!is_array($errors)) {
        $errors = array($errors);
    }
    $link = '';
    if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST']) !== false) {
        $link = '<a href="' . htmlentities($_SERVER['HTTP_REFERER']) . '">' . $lng['panel']['back'] . '</a>';
    }
    $error = '';
    foreach ($errors as $single_error) {
        if (isset($lng['error'][$single_error])) {
            $single_error = $lng['error'][$single_error];
            $single_error = strtr($single_error, array('%s' => $replacer));
        } else {
            $error = 'Unknown Error (' . $single_error . '): ' . $replacer;
            break;
        }
        if (empty($error)) {
            $error = $single_error;
        } else {
            $error .= ' ' . $single_error;
        }
    }
    eval("echo \"" . getTemplate('misc/error', '1') . "\";");
    exit;
}
Example #7
0
 function get_input_box()
 {
     global $msg, $charset;
     //R�cup�ration de la valeur de saisie
     $valeur_ = "field_" . $this->n_ligne . "_s_" . $this->id;
     global ${$valeur_};
     $valeur = ${$valeur_};
     if (!$valeur && $_SESSION["checked_sources"]) {
         $valeur = $_SESSION["checked_sources"];
     }
     if (!is_array($valeur)) {
         $valeur = array();
     }
     //Recherche des sources
     $requete = "SELECT connectors_categ_sources.num_categ, connectors_sources.source_id, connectors_categ.connectors_categ_name as categ_name, connectors_sources.name, connectors_sources.comment, connectors_sources.repository, connectors_sources.opac_allowed, source_sync.cancel FROM connectors_sources LEFT JOIN connectors_categ_sources ON (connectors_categ_sources.num_source = connectors_sources.source_id) LEFT JOIN connectors_categ ON (connectors_categ.connectors_categ_id = connectors_categ_sources.num_categ) LEFT JOIN source_sync ON (connectors_sources.source_id = source_sync.source_id AND connectors_sources.repository=2) WHERE connectors_sources.opac_allowed=1 ORDER BY connectors_categ_sources.num_categ DESC, connectors_sources.name";
     $resultat = mysql_query($requete);
     $r = "<select name='field_" . $this->n_ligne . "_s_" . $this->id . "[]' multiple='yes'>";
     $current_categ = 0;
     $count = 0;
     while ($source = mysql_fetch_object($resultat)) {
         if ($current_categ !== $source->num_categ) {
             $current_categ = $source->num_categ;
             $source->categ_name = $source->categ_name ? $source->categ_name : $msg["source_no_category"];
             $r .= "<optgroup label='" . $source->categ_name . "'>";
             $count++;
         }
         $r .= "<option id='op_" . $source->source_id . "_" . $count . "' value='" . $source->source_id . "'" . (array_search($source->source_id, $valeur) !== false ? " selected" : "") . ">" . htmlentities($source->name . ($source->comment ? " : " . $source->comment : ""), ENT_QUOTES, $charset) . "</option>\n";
     }
     $r .= "</select>";
     return $r;
 }
/**
 * Formats a given decimal value to a local aware currency value
 *
 *
 * @link http://framework.zend.com/manual/de/zend.currency.options.html
 * @param float  $value Value can have a coma as a decimal separator
 * @param array  $config
 * @param string $position where the currency symbol should be displayed
 * @return float|string
 */
function smarty_modifier_currency($value, $config = null, $position = null)
{
    if (!Enlight_Application::Instance()->Bootstrap()->hasResource('Currency')) {
        return $value;
    }
    if (!empty($config) && is_string($config)) {
        $config = strtoupper($config);
        if (defined('Zend_Currency::' . $config)) {
            $config = array('display' => constant('Zend_Currency::' . $config));
        } else {
            $config = array();
        }
    } else {
        $config = array();
    }
    if (!empty($position) && is_string($position)) {
        $position = strtoupper($position);
        if (defined('Zend_Currency::' . $position)) {
            $config['position'] = constant('Zend_Currency::' . $position);
        }
    }
    $currency = Enlight_Application::Instance()->Currency();
    $value = floatval(str_replace(',', '.', $value));
    $value = $currency->toCurrency($value, $config);
    if (function_exists('mb_convert_encoding')) {
        $value = mb_convert_encoding($value, 'HTML-ENTITIES', 'UTF-8');
    }
    $value = htmlentities($value, ENT_COMPAT, 'UTF-8', false);
    return $value;
}
 /**
  * Detects all images in shortcode format and converts them into images, clickable links or raw URLs
  *
  * @param string $text HTML-encoded string
  * @param boolean $imagesEnabled Whether to convert shortcodes into real images
  * @param boolean $linksEnabled Whether to convert shortcodes into real hyperlinks
  *
  * @return string
  */
 public function filter($text, $imagesEnabled, $linksEnabled = true)
 {
     if (preg_match_all(self::SHORTCODE_REGEXP, $text, $matches)) {
         if (count($matches) < 3) {
             return $text;
         }
         foreach ($matches[0] as $key => $shortCode) {
             $imageSrc = $matches[2][$key];
             $imageThumbnailSrc = $matches[3][$key];
             $imageOrgSrc = $matches[4][$key];
             $replace = '';
             if ($imagesEnabled) {
                 $replace = sprintf(self::IMAGE_TAG_TEMPLATE, $imageSrc, $imageThumbnailSrc);
             } else {
                 if ($linksEnabled) {
                     if ($imageOrgSrc == '_') {
                         $imageOrgSrc = $imageSrc;
                     }
                     $url = (!preg_match(self::URL_PROTOCOLS_REGEXP, $imageOrgSrc) ? 'http://' : '') . $imageOrgSrc;
                     $linkBody = htmlentities(urldecode($imageOrgSrc), ENT_QUOTES, 'UTF-8', false);
                     $replace = sprintf('<a href="%s" target="_blank" rel="nofollow">%s</a>', $url, $linkBody);
                 } else {
                     $replace = $imageOrgSrc != '_' ? $imageOrgSrc : $imageSrc;
                 }
             }
             $text = $this->strReplaceFirst($shortCode, $replace, $text);
         }
     }
     return $text;
 }
Example #10
0
function printCorePropertyRow($title, $field, $value, $formText)
{
    global $previewMode, $f, $fp;
    if ($value == '') {
        $text = '<div class="ccm-attribute-field-none">' . t('None') . '</div>';
    } else {
        $text = htmlentities($value, ENT_QUOTES, APP_CHARSET);
    }
    if ($fp->canEditFileProperties() && !$previewMode) {
        $html = '
	<tr class="ccm-attribute-editable-field">
		<td><strong><a href="javascript:void(0)">' . $title . '</a></strong></td>
		<td width="100%" class="ccm-attribute-editable-field-central"><div class="ccm-attribute-editable-field-text">' . $text . '</div>
		<form method="post" action="' . REL_DIR_FILES_TOOLS_REQUIRED . '/files/properties">
		<input type="hidden" name="attributeField" value="' . $field . '" />
		<input type="hidden" name="fID" value="' . $f->getFileID() . '" />
		<input type="hidden" name="task" value="update_core" />
		<div class="ccm-attribute-editable-field-form ccm-attribute-editable-field-type-text">
		' . $formText . '
		</div>
		</form>
		</td>
		<td class="ccm-attribute-editable-field-save"><a href="javascript:void(0)"><img src="' . ASSETS_URL_IMAGES . '/icons/edit_small.png" width="16" height="16" class="ccm-attribute-editable-field-save-button" /></a>
		<img src="' . ASSETS_URL_IMAGES . '/throbber_white_16.gif" width="16" height="16" class="ccm-attribute-editable-field-loading" />
		</td>
	</tr>';
    } else {
        $html = '
		<tr>
			<td><strong>' . $title . '</strong></td>
			<td width="100%" colspan="2">' . $text . '</td>
		</tr>';
    }
    print $html;
}
Example #11
0
 public function format($in, $options = POST_BBCODE)
 {
     $strtr = array();
     if (!($options & POST_HTML)) {
         $in = htmlentities($in, ENT_COMPAT, 'UTF-8');
     }
     if ($options & POST_BBCODE) {
         $in = $this->pre_parse_links($in);
         $in = $this->bbcode_parse($in);
     }
     // Yes, this looks silly, but trust me.
     if (!($options & POST_HTML) || $options & POST_HTML && $options & POST_BREAKS) {
         $strtr["\n"] = "<br />\n";
     }
     // Don't format emoticons!
     if ($options & POST_EMOTICONS) {
         if (isset($this->emoticons['click_replacement'])) {
             $strtr = array_merge($strtr, $this->emoticons['click_replacement']);
         }
         if (isset($this->emoticons['replacement'])) {
             $strtr = array_merge($strtr, $this->emoticons['replacement']);
         }
     }
     $in = strtr($in, $strtr);
     return $in;
 }
Example #12
0
 /**
  * Set count and period from the string or throw Exception
  */
 function fromString($string)
 {
     if ($string instanceof Am_Period) {
         $this->count = $string->getCount();
         $this->unit = $string->getUnit();
     }
     $string = trim(strtolower($string));
     if ($string === '') {
         $this->count = $this->unit = null;
     } elseif (preg_match('/^(\\d{4}-\\d{2}-\\d{2})(fixed|lifetime)*$/', $string, $regs)) {
         $this->count = $regs[1];
         $this->unit = self::FIXED;
     } elseif (preg_match($regex = '/^(\\d+)\\s*(|w|' . join('|', array(self::DAY, self::MONTH, self::YEAR)) . ')$/', $string, $regs)) {
         $this->count = intval($regs[1]);
         $this->unit = $regs[2] == '' ? self::DAY : $regs[2];
         if ($this->unit == 'w') {
             $this->count *= 7;
             $this->unit = self::DAY;
         }
     } elseif (preg_match('/lifetime$/', $string)) {
         $this->count = self::MAX_SQL_DATE;
         $this->unit = self::FIXED;
     } else {
         throw new Am_Exception_InternalError("Unknown format of Am_Period string : [" . htmlentities($string) . "]");
     }
 }
/**
 * get Request Var
 *
 * @param $varName
 * @param $return
 * @return string
 */
function tfb_getRequestVar($varName, $return = '')
{
    if (array_key_exists($varName, $_REQUEST)) {
        // If magic quoting on, strip magic quotes:
        /**
        * TODO:
        * Codebase needs auditing to remove any unneeded stripslashes
        * calls before uncommenting this.  Also using this really means
        * checking any addslashes() calls to see if they're really needed
        * when magic quotes is on.
        if(ini_get('magic_quotes_gpc')){
        	tfb_strip_quotes($_REQUEST[$varName]);
        }
        */
        $return = htmlentities(trim($_REQUEST[$varName]), ENT_QUOTES);
        /*
        disabled, need to fix deadeye's implementation
        if ($varName == 'transfer' && isHash($return)) {
        	$name = getTransferFromHash($return);
        	if (!empty($name))
        		return $name;
        	else
        		return $return;
        }
        */
    }
    return $return;
}
Example #14
0
 /**
  * Implements all 3 steps of the Direct Post Method for demonstration
  * purposes.
  */
 public static function directPostDemo($url, $api_login_id, $transaction_key, $amount = "0.00", $md5_setting = "")
 {
     // Step 1: Show checkout form to customer.
     if (!count($_POST) && !count($_GET)) {
         $fp_sequence = time();
         // Any sequential number like an invoice number.
         echo M2_AuthorizeNetDPM::getCreditCardForm($amount, $fp_sequence, $url, $api_login_id, $transaction_key);
     } elseif (count($_POST)) {
         $response = new M2_AuthorizeNetSIM($api_login_id, $md5_setting);
         if ($response->isAuthorizeNet()) {
             if ($response->approved) {
                 // Do your processing here.
                 $redirect_url = $url . '?response_code=1&transaction_id=' . $response->transaction_id;
             } else {
                 // Redirect to error page.
                 $redirect_url = $url . '?response_code=' . $response->response_code . '&response_reason_text=' . $response->response_reason_text;
             }
             // Send the Javascript back to AuthorizeNet, which will redirect user back to your site.
             echo M2_AuthorizeNetDPM::getRelayResponseSnippet($redirect_url);
         } else {
             echo "Error -- not AuthorizeNet. Check your MD5 Setting.";
         }
     } elseif (!count($_POST) && count($_GET)) {
         if ($_GET['response_code'] == 1) {
             echo "Thank you for your purchase! Transaction id: " . htmlentities($_GET['transaction_id']);
         } else {
             echo "Sorry, an error occurred: " . htmlentities($_GET['response_reason_text']);
         }
     }
 }
function podPress_feedSafeContent($input, $aggressive = FALSE, $removescripts = FALSE)
{
    global $podPress;
    // All values should be plain text (no markup or HTML). [...] CDATA sections are strongly discouraged. (see http://www.apple.com/itunes/podcasts/specs.html#encoding)
    if (TRUE === $removescripts) {
        // this option is only reachable via php source code and via the WP backend
        $input = preg_replace('/<script[\\w\\W]*<\\/script>/i', '', $input);
    }
    $input = strip_tags($input);
    // replace the relevant characters with their HTML entities
    if (TRUE === $aggressive) {
        if (TRUE === version_compare(PHP_VERSION, '5.2.3', '>=')) {
            $result = htmlentities($input, ENT_NOQUOTES, get_bloginfo('charset'), FALSE);
        } else {
            $result = htmlentities($input, ENT_NOQUOTES, get_bloginfo('charset'));
        }
    } else {
        if (TRUE === version_compare(PHP_VERSION, '5.2.3', '>=')) {
            $result = htmlspecialchars($input, ENT_NOQUOTES, get_bloginfo('charset'), FALSE);
        } else {
            $result = htmlspecialchars($input, ENT_NOQUOTES, get_bloginfo('charset'));
        }
    }
    $input = $result;
    $result = str_replace('&nbsp;', ' ', $input);
    // transform all HTML entities in to their numeric equivalents
    $result = ent2ncr($result);
    return $result;
}
Example #16
0
 /**
  * updates the profile database
  * (TODO) This needs cleaning code, badly. Avatar could be _anything_, for christ's sake.
  *
  * gender, 0 = undecided, 1 = female, 2 = male.
  * 
  * @return string html
  */
 public function update_profile()
 {
     if ($_POST['submit'] != "Submit") {
         //stops you wiping your profile with GET
         $update_profile = $this->edit_profile_page("");
         return $update_profile;
     }
     $this->core("email");
     if (!$this->email->validate($_POST['email'])) {
         $update_profile = $this->edit_profile_page($this->skin->error_box($this->lang->email_wrong_format));
         return $update_profile;
     }
     foreach (json_decode($this->settings->get['custom_fields'], true) as $field => $default) {
         $this->player->{$field} = htmlentities($_POST[$field], ENT_QUOTES, 'utf-8');
     }
     $this->player->email = $_POST['email'];
     $this->player->description = htmlentities($_POST['description'], ENT_QUOTES, 'utf-8');
     $this->player->gender = intval($_POST['gender']);
     $this->player->msn = htmlentities($_POST['msn'], ENT_QUOTES, 'utf-8');
     $this->player->aim = htmlentities($_POST['aim'], ENT_QUOTES, 'utf-8');
     $this->player->skype = htmlentities($_POST['skype'], ENT_QUOTES, 'utf-8');
     $this->player->skin = htmlentities($_POST['skin'], ENT_QUOTES, 'utf-8');
     if ($_POST['show_email'] == 'on') {
         $this->player->show_email = 1;
     } else {
         $this->player->show_email = 0;
     }
     $this->player->update_player();
     $update_profile = $this->edit_profile_page($this->skin->success_box($this->lang->profile_updated));
     return $update_profile;
 }
Example #17
0
function display_search_form($objectType, $searchString = "")
{
    $me = htmlentities($_SERVER["PHP_SELF"]);
    $searchString = htmlentities($searchString);
    $objectType = !empty($objectType) ? htmlentities($objectType) : "";
    $check_user = $objectType == "" || $objectType == "user" ? "checked " : "";
    $check_printer = $objectType == "printer" ? "checked " : "";
    echo "<!-- Begin search form -->\n";
    echo "<div id=\"search_form\">\n";
    echo "  <form name=\"search_form\" action=\"{$me}?section=find\" method=\"post\">\n";
    echo "    <label>Text to search: \n";
    echo "      <input type=\"text\" name=\"iSearchString\" value=\"{$searchString}\" />\n";
    echo "    </label>\n";
    echo "    <fieldset>\n";
    echo "      <legend>Object type</legend>\n";
    echo "      <label>\n";
    echo "        <input type=\"radio\" name=\"iSearchType\" value=\"user\" {$check_user}/>\n";
    echo "      Users</label>\n";
    echo "      <label>\n";
    echo "        <input type=\"radio\" name=\"iSearchType\" value=\"printer\" {$check_printer}/>\n";
    echo "      Printer</label>\n";
    echo "    </fieldset>\n";
    echo "    <input type=\"submit\" value=\"submit\" \\>\n";
    echo "    <input type=\"reset\" value=\"clear\" />\n";
    echo "  </form>\n";
    echo "</div> \n";
    echo "<!-- End search form -->\n";
}
Example #18
0
function check_input($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlentities($data, ENT_QUOTES, 'UTF-8');
    return $data;
}
Example #19
0
function sanitizeString($_db, $str)
{
    $str = strip_tags($str);
    $str = htmlentities($str);
    $str = stripslashes($str);
    return mysqli_real_escape_string($_db, $str);
}
Example #20
0
function sanitizeString($var)
{
    $var = stripslashes($var);
    $var = strip_tags($var);
    $var = htmlentities($var);
    return $var;
}
Example #21
0
    /**
     * showOptionsPage
     * Displays the print option page.
     *
     * @return Void Does not return anything.
     */
    function showOptionsPage()
    {
        $statstype = $this->_getGETRequest('statstype', null);
        if ($statstype == null) {
            return false;
            exit;
        }
        $path = $this->_getGETRequest('path', '');
        SendStudio_Functions::LoadLanguageFile('stats');
        $stats_api = $this->GetApi('Splittest_Stats');
        $bg_color = 'white';
        $print_options = '<input type="hidden" name="statstype" value="' . htmlentities($statstype, ENT_QUOTES, SENDSTUDIO_CHARSET) . '" />';
        switch ($statstype) {
            case 'splittest':
                $splitStatIds = $this->_getGETRequest('statids', null);
                $jobIds = $this->_getGETRequest('jobids', null);
                $splitStatIds = SplitTest_API::FilterIntSet($splitStatIds);
                $jobIds = SplitTest_API::FilterIntSet($jobIds);
                $print_options .= '<input type="hidden" name="split_statids" value="' . implode(',', $splitStatIds) . '" />';
                $print_options .= '<input type="hidden" name="jobids" value="' . implode(',', $jobIds) . '" />';
                $options = array('snapshot' => GetLang('Addon_splittest_Menu_ViewStats'), 'open' => GetLang('Addon_splittest_open_summary'), 'click' => GetLang('Addon_splittest_linkclick_summary'), 'bounce' => GetLang('Addon_splittest_bounce_summary'), 'unsubscribe' => GetLang('Addon_splittest_unsubscribe_summary'));
                foreach ($options as $key => $val) {
                    $bg_color = $bg_color == 'white' ? '#EDECEC' : 'white';
                    $print_options .= '<div style="background-color: ' . $bg_color . '; padding: 5px; margin-bottom: 5px;">';
                    $print_options .= '<input id="print_' . $key . '" type="checkbox" name="options[]" value="' . $key . '" checked="checked" style="margin:0;"/>
						<label for="print_' . $key . '">' . $val . '</label>' . "\n";
                    $print_options .= '</div>' . "\n";
                }
                break;
        }
        $this->template_system->assign('path', $path);
        $this->template_system->Assign('title', GetLang('Addon_splittest_PrintSplitTestStatistics'));
        $this->template_system->Assign('print_options', $print_options);
        $this->template_system->ParseTemplate('print_stats_options');
    }
Example #22
0
function cht_message_parse($msg, $escaped = false, $author_auth = 0)
{
    global $supernova, $config;
    // $user_auth_level = isset($user['authlevel']) ? $user['authlevel'] : AUTH_LEVEL_ANONYMOUS;
    $msg = htmlentities($msg, ENT_COMPAT, 'UTF-8');
    $msg = str_replace('sn://', SN_ROOT_VIRTUAL, $msg);
    !empty($config->url_faq) ? $msg = str_replace('faq://', $config->url_faq, $msg) : false;
    foreach ($supernova->design['bbcodes'] as $auth_level => $replaces) {
        if ($auth_level > $author_auth) {
            continue;
        }
        foreach ($replaces as $key => $html) {
            $msg = preg_replace('' . $key . '', $html, $msg);
        }
    }
    foreach ($supernova->design['smiles'] as $auth_level => $replaces) {
        if ($auth_level > $author_auth) {
            continue;
        }
        foreach ($replaces as $key => $imgName) {
            $msg = preg_replace("#" . addcslashes($key, '()[]{}') . "#isU", "<img src=\"design/images/smileys/" . $imgName . ".gif\" align=\"absmiddle\" title=\"" . $key . "\" alt=\"" . $key . "\">", $msg);
        }
    }
    return str_replace($escaped ? '\\r\\n' : "\r\n", '<br />', $msg);
}
    public function table($c, $sql, $exe_array)
    {
        $out = '';
        $conn = $this->conn($c);
        $query = $conn->prepare($sql);
        try {
            $query->execute($exe_array);
            $token = md5(sha1(time()));
            $_SESSION['token'] = $token;
            while ($rows = $query->fetch()) {
                $out .= '<div class="row">';
                $visibilityx = $rows['smi_visibility'] == 1 ? "red" : "green";
                $link_visibility = "?action=newsModule&type=" . $_GET['type'] . "&id=" . $_GET['id'] . "&newsidx=" . $rows['smi_idx'] . "&super=" . $_GET['super'] . "&visibilitychnage=true&token=" . $_SESSION['token'];
                $out .= '<span class="cell primary"><a href="' . htmlentities($link_visibility) . '" style="color:' . $visibilityx . '" title="Change visibility"><i class="fa fa-dot-circle-o"></i></a></span>';
                $out .= '<span class="cell">' . $rows['smi_idx'] . '</span>';
                $out .= '<span class="cell" style="width:100px">' . date("d-m-Y", $rows['smi_date']) . '</span>';
                $out .= '<span class="cell"><a href="?action=editNewsItem&id=' . $_GET['id'] . '&type=' . $_GET['type'] . '&newsidx=' . $rows['smi_idx'] . '&super=' . $_GET['super'] . '&token=' . $_SESSION['token'] . '">' . $rows['smi_title'] . '</a> <br /> <a href="' . WEBSITE . LANG . "/" . htmlentities($rows['smi_slug']) . '" class="slugs" target="_blank">' . WEBSITE . LANG . "/" . $rows['smi_slug'] . '</a></span>';
                $out .= '<span class="cell">' . $rows['smi_tags'] . '</span>';
                $insert_image_link = '<a href="?action=editNewsItem&type=' . $_GET['type'] . '&id=' . $_GET['id'] . '&newsidx=' . $rows['smi_idx'] . '&super=' . $_GET['super'] . '&token=' . $_SESSION['token'] . '#tabs-3" title="Attach pictures"> <i class="fa fa-picture-o"></i></a>';
                $insert_image_link .= '<a href="?action=editNewsItem&type=' . $_GET['type'] . '&id=' . $_GET['id'] . '&newsidx=' . $rows['smi_idx'] . '&super=' . $_GET['super'] . '&token=' . $_SESSION['token'] . '#tabs-4" title="Attach files"> <i class="fa fa-file"></i></a>';
                $out .= '<span class="cell">
						<a href="' . WEBSITE . LANG . "/" . htmlentities($rows['smi_slug']) . '" target="_blank" title="Check news"><i class="fa fa-eye"></i></a>
						<a href="?action=editNewsItem&type=' . $_GET['type'] . '&id=' . $_GET['id'] . '&newsidx=' . $rows['smi_idx'] . '&type=' . $_GET['type'] . '&super=' . $_GET['super'] . '&token=' . $_SESSION['token'] . '" title="Edit news"><i class="fa fa-pencil-square-o"></i></a>
						' . $insert_image_link . '
						<a href="javascript:;" onclick="deleteComfirm(\'?action=newsModule&type=' . $_GET['type'] . '&id=' . $_GET['id'] . '&nidx=' . $rows['smi_idx'] . '&super=' . $_GET['super'] . '&remove=true&token=' . $_SESSION['token'] . '\')" title="Remove news"><i class="fa fa-times"></i></a>
				</span>';
                $out .= '</div>';
            }
        } catch (Exception $e) {
        }
        return $out;
    }
Example #24
0
 function insert($reload = true)
 {
     if (!isset($this->is_approved)) {
         $this->is_approved = !$this->getDi()->config->get('manually_approve');
     }
     if (empty($this->remote_addr)) {
         $this->remote_addr = htmlentities(@$_SERVER['REMOTE_ADDR']);
     }
     if (empty($this->user_agent)) {
         $this->user_agent = @$_SERVER['HTTP_USER_AGENT'];
     }
     if (empty($this->added)) {
         $this->added = $this->getDi()->sqlDateTime;
     }
     $this->getDi()->hook->call(new Am_Event_UserBeforeInsert($this));
     $ret = parent::insert($reload);
     if ($this->_passwordChanged) {
         $event = new Am_Event_SetPassword($this, $this->getPlaintextPass());
         $this->getDi()->savedPassTable->setPass($event);
         $this->getDi()->hook->call($event);
     }
     if ($this->_passwordGenerated) {
         $crypt = new Crypt_Blowfish($this->getDi()->app->getSiteKey());
         $pg = $crypt->encrypt($this->getPlaintextPass());
         $this->getDi()->store->set('pass-generated-' . $this->pk(), base64_encode($pg), '+6 hours');
     }
     $this->getDi()->hook->call(new Am_Event_UserAfterInsert($this));
     $this->_passwordChanged = false;
     return $ret;
 }
 private function putEventListElement($event)
 {
     print '<div style="font-size:10px;color:grey;">' . date('Y-m-d H:m', strtotime($event['created']));
     $this->putLink('?action=printEventDetails&showThisEvent=' . htmlentities($event['id']) . '&calendarId=' . htmlentities($_GET['showThisCalendar']), $event['summary']);
     print '</div>';
     print '<br>';
 }
 public function initContent()
 {
     if ($this->action == 'select_delete') {
         $this->context->smarty->assign(array('delete_form' => true, 'url_delete' => htmlentities($_SERVER['REQUEST_URI']), 'boxes' => $this->boxes));
     }
     parent::initContent();
 }
    public function table($c, $sql, $exe_array)
    {
        $out = '';
        $conn = $this->conn($c);
        $query = $conn->prepare($sql);
        try {
            $query->execute($exe_array);
            $token = md5(sha1(time()));
            $_SESSION['token'] = $token;
            $cname = $this->componentname($c);
            while ($rows = $query->fetch()) {
                $out .= '<div class="row">';
                $out .= '<span class="cell">' . $rows['idx'] . '</span>';
                $out .= '<span class="cell">';
                if ($rows['position'] >= 2) {
                    $out .= '<a href="?action=componentModule&id=' . $_GET['id'] . '&up=true&cidx=' . $rows['idx'] . '&token=' . $_SESSION['token'] . '" class="changeposition" title="Move up"><i class="fa fa-arrow-circle-up"></i></a>';
                }
                if ($this->maxpos($c) > $rows['position']) {
                    $out .= '<a href="?action=componentModule&id=' . $_GET['id'] . '&down=true&cidx=' . $rows['idx'] . '&token=' . $_SESSION['token'] . '" class="changeposition" title="Move down"><i class="fa fa-arrow-circle-down"></i></a>';
                }
                $out .= '</span>';
                $out .= '<span class="cell"><a href="?action=editComponentsModule&id=' . $rows['idx'] . '&token=' . $_SESSION['token'] . '">' . $rows['title'] . '</a></span>';
                $out .= '<span class="cell">' . $cname . '</span>';
                $out .= '<span class="cell"><a href="' . htmlentities($rows['url']) . '" target="_blank">' . htmlentities($rows['url']) . '</a></span>';
                $out .= '<span class="cell" style="width:120px;">
						<a href="?action=editComponentsModule&id=' . $rows['idx'] . '&token=' . $_SESSION['token'] . '" title="Edit components"><i class="fa fa-pencil-square-o"></i></a>
						<a href="javascript:;" onclick="deleteComfirm(\'?action=componentModule&id=' . $_GET['id'] . '&commodelid=' . $rows['idx'] . '&remove=true&token=' . $_SESSION['token'] . '\')" title="Remove components"><i class="fa fa-times"></i></a>
						</span>';
                $out .= '</div>';
            }
        } catch (Exception $e) {
        }
        return $out;
    }
Example #28
0
    public function displayForm($isMainTab = true)
    {
        global $currentIndex;
        parent::displayForm();
        if (!($obj = $this->loadObject(true))) {
            return;
        }
        echo '
		<form action="' . $currentIndex . '&submitAdd' . $this->table . '=1&token=' . $this->token . '" method="post">
			' . ($obj->id ? '<input type="hidden" name="id_' . $this->table . '" value="' . $obj->id . '" />' : '') . '
			<fieldset><legend><img src="../img/admin/profiles.png" />' . $this->l('Profiles') . '</legend>
				<label>' . $this->l('Name:') . ' </label>
				<div class="margin-form">';
        foreach ($this->_languages as $language) {
            echo '
					<div id="name_' . $language['id_lang'] . '" style="display: ' . ($language['id_lang'] == $this->_defaultFormLanguage ? 'block' : 'none') . '; float: left;">
						<input size="33" type="text" name="name_' . $language['id_lang'] . '" value="' . htmlentities($this->getFieldValue($obj, 'name', (int) $language['id_lang']), ENT_COMPAT, 'UTF-8') . '" /><sup> *</sup>
					</div>';
        }
        $this->displayFlags($this->_languages, $this->_defaultFormLanguage, 'name', 'name');
        echo '		<div class="clear"></div>
				</div>
				<div class="margin-form">
					<input type="submit" value="' . $this->l('   Save   ') . '" name="submitAdd' . $this->table . '" class="button" />
				</div>
				<div class="small"><sup>*</sup> ' . $this->l('Required field') . '</div>
			</fieldset>
		</form>';
    }
Example #29
0
 /**
  *
  * @return string
  */
 public function getCode()
 {
     if (isset($_POST['save'])) {
         foreach ($_POST as $property => $value) {
             if ($property != "save" && $property != "roles") {
                 $settings = Settings::getRootInstance()->specify($this->areaType, $this->area);
                 if ($this->dir != "" && $this->dir != "/") {
                     $settings = $settings->dir($this->dir);
                 }
                 $settings->set($property, $value, $this->role);
             }
         }
         Settings::forceReload();
         Cache::clear();
         Language::GetGlobal()->ClearCache();
         if (@header("Location:" . str_replace("&save_settings=1", "", $_SERVER['REQUEST_URI']))) {
             exit;
         } else {
             die("<script>window.location.href = '" . str_replace("&save_settings=1", "", $_SERVER['REQUEST_URI']) . "';</script>");
         }
         $changed = true;
     }
     $template = new Template();
     $template->load($this->template);
     if ($this->area != "global" || $this->areaType != "global") {
         $roleselector = "<select name=\"roles\" onchange=\"document.location.href='" . $this->url . $this->getQuerySeperator() . "areatype=" . urlencode($this->areaType) . "&area=" . urlencode($this->area) . "&role=' + this.options[this.selectedIndex].value + '&save_settings=1';\">";
     } else {
         $roleselector = "<select name=\"roles\" onchange=\"document.location.href='" . $this->url . $this->getQuerySeperator() . "role=' + this.options[this.selectedIndex].value + '&save_settings=1';\">";
     }
     $roles = DataBase::Current()->ReadRows("SELECT * FROM {'dbprefix'}roles ORDER BY name");
     if ($roles) {
         foreach ($roles as $role) {
             if ($this->role == $role->id) {
                 $roleselector .= "<option value=\"" . $role->id . "\" selected=\"selected\">" . htmlentities($role->name) . "</option>";
             } else {
                 $roleselector .= "<option value=\"" . $role->id . "\">" . $role->name . "</option>";
             }
         }
     }
     $roleselector .= "</select>";
     $template->assign_var("ROLES", $roleselector);
     if ($this->area != "global" || $this->areaType != "global") {
         $template->assign_var("URL", $this->url . $this->getQuerySeperator() . "areatype=" . urlencode($this->areaType) . "&area=" . urlencode($this->area) . "&role=" . $this->role . "&save_settings=1");
     } else {
         $template->assign_var("URL", $this->url . $this->getQuerySeperator() . "role=" . $this->role . "&save_settings=1");
     }
     $rows = Settings::getRootInstance()->specify($this->areaType, $this->area)->dir($this->dir)->getRows($this->role);
     if ($rows) {
         foreach ($rows as $row) {
             $index = $template->add_loop_item("SETTINGS");
             $template->assign_loop_var("SETTINGS", $index, "PROPERTY", $row['name']);
             $template->assign_loop_var("SETTINGS", $index, "DESCRIPTION", htmlentities($row['description']));
             $control = new $row['type']();
             $control->name = $row['name'];
             $control->value = $row['value'];
             $template->assign_loop_var("SETTINGS", $index, "CONTROL", $control->getCode());
         }
     }
     return $template->getCode();
 }
function wpdm_dir_tree()
{
    $root = '';
    if (!isset($_GET['task']) || $_GET['task'] != 'wpdm_dir_tree') {
        return;
    }
    $_POST['dir'] = urldecode($_POST['dir']);
    if (file_exists($_POST['dir'])) {
        $files = scandir($_POST['dir']);
        natcasesort($files);
        if (count($files) > 2) {
            /* The 2 accounts for . and .. */
            echo "<ul class=\"jqueryFileTree\" style=\"display: none;\">";
            // All dirs
            foreach ($files as $file) {
                if ($file != '.' && $file != '..' && file_exists($root . $_POST['dir'] . $file) && is_dir($root . $_POST['dir'] . $file)) {
                    echo "<li class=\"directory collapsed\"><a id=\"" . uniqid() . "\" href=\"#\" rel=\"" . htmlentities($_POST['dir'] . $file) . "/\">" . htmlentities($file) . "</a></li>";
                }
            }
            // All files
            foreach ($files as $file) {
                if ($file != '.' && $file != '..' && file_exists($root . $_POST['dir'] . $file) && !is_dir($root . $_POST['dir'] . $file)) {
                    $ext = preg_replace('/^.*\\./', '', $file);
                    echo "<li class=\"file ext_{$ext}\"><a id=\"" . uniqid() . "\" href=\"#\" rel=\"" . htmlentities($_POST['dir'] . $file) . "\">" . htmlentities($file) . "</a></li>";
                }
            }
            echo "</ul>";
        }
    }
}