public static function get($name, $decodearray = false)
{
$val = array_key_exists("WHMCS" . $name, $_COOKIE) ? $_COOKIE["WHMCS" . $name] : "";
if ($decodearray) {
$val = json_decode(base64_decode($val), true);
$val = is_array($val) ? htmlspecialchars_array($val) : array();
}
return $val;
}
/**
* Classic PHP htmlspecialchars calling recursively on the array.
*/
function htmlspecialchars_array($array = array())
{
if ($array) {
foreach ($array as $k => $v) {
if (is_array($v)) {
$array[$k] = htmlspecialchars_array($v);
} else {
$array[$k] = htmlspecialchars($v);
}
}
}
return $array;
}
</p><div>
<pre><?php
echo '$_GET = ' . print_r(htmlspecialchars_array($_GET), 1);
?>
</pre>
<pre><?php
echo '$_POST = ' . print_r(htmlspecialchars_array($_POST), 1);
?>
</pre>
<?php
$post_data = $_COOKIE;
unset($post_data['username']);
unset($post_data['password']);
?>
<pre><?php
echo '$_COOKIE = ' . print_r(htmlspecialchars_array($post_data), 1);
?>
</pre>
</div></div>
<div><p><?php
echo $GLOBALS['lang']['msg']['include_file'];
?>
</p><div>
<table style='width:100%'>
<tbody>
<?php
foreach (get_included_files() as $iInt => $sData) {
?>
<tr><td style='width:30px'><?php
echo $iInt;
?>
function processPipedTicket($to, $name, $email, $subject, $message, $attachment)
{
global $whmcs;
global $CONFIG;
global $supportticketpipe;
global $pipenonregisteredreplyonly;
$supportticketpipe = true;
$decodestring = $subject . "##||-MESSAGESPLIT-||##" . $message;
$decodestring = pipeDecodeString($decodestring);
$decodestring = explode("##||-MESSAGESPLIT-||##", $decodestring);
$subject = $decodestring[0];
$message = $decodestring[1];
$raw_message = $message;
$result = select_query("tblticketspamfilters", "", "");
while ($data = mysql_fetch_array($result)) {
$id = $data['id'];
$type = $data['type'];
$content = $data['content'];
if ($type == "sender") {
if (strtolower($content) == strtolower($email)) {
$mailstatus = "Blocked Sender";
}
}
if ($type == "subject") {
if (strpos("x" . strtolower($subject), strtolower($content))) {
$mailstatus = "Blocked Subject";
}
}
if ($type == "phrase") {
if (strpos("x" . strtolower($message), strtolower($content))) {
$mailstatus = "Blocked Phrase";
}
}
}
run_hook("TicketPiping", array());
if (!$mailstatus) {
$pos = strpos($subject, "[Ticket ID: ");
if ($pos === false) {
} else {
$tid = substr($subject, $pos + 12);
$tid = substr($tid, 0, strpos($tid, "]"));
$result = select_query("tbltickets", "", array("tid" => $tid));
$data = mysql_fetch_array($result);
$tid = $data['id'];
}
$to = trim($to);
$toemails = explode(",", $to);
$deptid = "";
foreach ($toemails as $toemail) {
if (!$deptid) {
$result = select_query("tblticketdepartments", "", array("email" => trim(strtolower($toemail))));
$data = mysql_fetch_array($result);
$deptid = $data['id'];
$to = $data['email'];
$deptclientsonly = $data['clientsonly'];
$deptpiperepliesonly = $data['piperepliesonly'];
continue;
}
}
if (!$deptid) {
$result = select_query("tblticketdepartments", "", array("hidden" => ""), "order", "ASC", "1");
$data = mysql_fetch_array($result);
$deptid = $data['id'];
$to = $data['email'];
$deptclientsonly = $data['clientsonly'];
$deptpiperepliesonly = $data['piperepliesonly'];
}
if (!$deptid) {
$mailstatus = "Department Not Found";
} else {
if ($to == $email) {
$mailstatus = "Blocked Potential Email Loop";
} else {
$messagebackup = $message;
$result = select_query("tblticketbreaklines", "", "", "id", "ASC");
while ($data = mysql_fetch_array($result)) {
$breakpos = strpos($message, $data['breakline']);
if ($breakpos) {
$message = substr($message, 0, $breakpos);
}
}
if (!$message) {
$message = $messagebackup;
}
$message = trim($message);
$result = select_query("tbladmins", "id", array("email" => $email));
$data = mysql_fetch_array($result);
$adminid = $data['id'];
if ($adminid) {
if ($tid) {
$_SESSION['adminid'] = $adminid;
AddReply($tid, "", "", $message, true, $attachment);
$_SESSION['adminid'] = "";
$mailstatus = "Ticket Reply Imported Successfully";
} else {
$mailstatus = "Ticket ID Not Found";
}
} else {
$result = select_query("tblclients", "id", array("email" => $email));
$data = mysql_fetch_array($result);
$userid = $data['id'];
if (!$userid) {
$result = select_query("tblcontacts", "id,userid", array("email" => $email));
$data = mysql_fetch_array($result);
$userid = $data['userid'];
$contactid = $data['id'];
if ($userid) {
$ccemail = $email;
}
}
if ($deptclientsonly == "on" && !$userid) {
$mailstatus = "Unregistered Email Address";
$result = select_query("tblticketdepartments", "", array("id" => $deptid));
$data = mysql_fetch_array($result);
$noautoresponder = $data['noautoresponder'];
if (!$noautoresponder) {
sendMessage("Bounce Message", "", array($name, $email));
}
} else {
if ($userid == "") {
$from['name'] = $name;
$from['email'] = $email;
}
$filterdate = date("YmdHis", mktime(date("H"), date("i") - 15, date("s"), date("m"), date("d"), date("Y")));
$query = "SELECT count(*) FROM tbltickets WHERE date>'" . $filterdate . "' AND (email='" . mysql_real_escape_string($email) . "'";
if ($userid) {
$query .= " OR userid=" . (int) $userid;
}
$query .= ")";
$result = full_query($query);
$data = mysql_fetch_array($result);
$numtickets = $data[0];
if (10 < $numtickets) {
$mailstatus = "Exceeded Limit of 10 Tickets within 15 Minutes";
} else {
run_hook("TransliterateTicketText", array("subject" => $subject, "message" => $message));
if ($tid) {
AddReply($tid, $userid, $contactid, htmlspecialchars_array($message), "", $attachment, htmlspecialchars_array($from));
$mailstatus = "Ticket Reply Imported Successfully";
} else {
if ($pipenonregisteredreplyonly && !$userid) {
$mailstatus = "Blocked Ticket Opening from Unregistered User";
} else {
if ($deptpiperepliesonly) {
$mailstatus = "Only Replies Allowed by Email";
} else {
openNewTicket(htmlspecialchars_array($userid), htmlspecialchars_array($contactid), htmlspecialchars_array($deptid), htmlspecialchars_array($subject), htmlspecialchars_array($message), "Medium", $attachment, htmlspecialchars_array($from), "", htmlspecialchars_array($ccemail));
$mailstatus = "Ticket Imported Successfully";
}
}
}
}
}
}
}
}
} else {
if ($attachment) {
global $attachments_dir;
$attachment = explode("|", $attachment);
foreach ($attachment as $file) {
deleteFile($attachments_dir, $file);
}
}
}
if ($mailstatus == "") {
$mailstatus = "Ticket Import Failed";
}
$table = "tblticketmaillog";
$array = "";
$array = array("date" => "now()", "to" => $to, "name" => $name, "email" => $email, "subject" => $subject, "message" => $message, "status" => $mailstatus);
insert_query($table, htmlspecialchars_array($array));
}
}
public static function instance()
{
if (self::$instance == NULL) {
try {
self::$instance = new PDO('sqlite:' . DATABASE_FILE);
} catch (Exception $e) {
error($e);
}
}
return self::$instance;
}
}
$_POST = htmlspecialchars_array($_POST);
$_GET = htmlspecialchars_array($_GET);
$_SERVER = htmlspecialchars_array($_SERVER);
$_ERRORS = array();
if (!isset($_GET['action'])) {
$_GET['action'] = '';
}
if (isset($_GET['id']) && !is_numeric($_GET['id'])) {
exit('Possible SQL Injection attack. Exiting.');
}
if (false === file_exists(DATABASE_FILE)) {
try {
DB::instance()->beginTransaction();
DB::instance()->exec('
CREATE TABLE streams(
id INTEGER PRIMARY KEY,
name TEXT,
priority INTEGER
/**
* 对数组内的字符串进行htmlspecialchars
* @param array $array 待过滤字符串
* @return array
* @since 1.4
*/
function htmlspecialchars_array($array)
{
foreach ($array as $key => &$value) {
if (is_array($value)) {
$value = htmlspecialchars_array($value);
} else {
if (is_string($value)) {
$value = htmlspecialchars($value);
}
}
}
return $array;
}
function htmlspecialchars_array($array)
{
if (!is_array($array)) {
return htmlspecialchars($array, ENT_QUOTES);
}
foreach ($array as $k => $val) {
$array[$k] = htmlspecialchars_array($val);
}
return $array;
}
/**
* htmlspecialchars_array
*
* @text array
*/
function htmlspecialchars_array(&$array)
{
reset($array);
while (list($key, $val) = each($array)) {
if (is_array($val)) {
$array[$key] = htmlspecialchars_array($val);
} elseif (is_string($val)) {
$array[$key] = htmlspecialchars($val);
}
}
return $array;
}
function store($p_admin, $p_user_id=null)
{
require_once 'HTML/QuickForm.php';
$mask = $this->_getFormMask($p_admin);
$form = new html_QuickForm('blog_entry', 'post', '', null, null, true);
FormProcessor::parseArr2Form($form, $mask);
if ($form->validate() && SecurityToken::isValid()){
$data = $form->getSubmitValues(true);
foreach ($data['BlogEntry'] as $k => $v) {
// clean user input
if (!in_array($k, self::$m_html_allowed_fields)) {
$data['BlogEntry'][$k] = htmlspecialchars_array($v);
}
}
if ($data['f_entry_id']) {
foreach ($data['BlogEntry'] as $k => $v) {
if (is_array($v)) {
foreach($v as $key => $value) {
if ($value) {
$string .= "$key, ";
}
}
$v = substr($string, 0, -2);
unset ($string);
}
$this->setProperty($k, $v);
}
if ($data['BlogEntry_Image_remove']) {
BlogImageHelper::RemoveImageDerivates('entry', $data['f_entry_id']);
}
if ($data['BlogEntry_Image']) {
BlogImageHelper::StoreImageDerivates('entry', $data['f_entry_id'], $data['BlogEntry_Image']);
}
Blog::TriggerCounters(self::GetBlogId($data['f_entry_id']));
return true;
} elseif ($this->create(
$data['f_blog_id'],
$p_user_id,
$data['BlogEntry']['title'],
$data['BlogEntry']['content'],
$data['f_mood_id'])) {
// admin and owner can override status setting
if ($data['BlogEntry']['status']) {
$this->setProperty('status', $data['BlogEntry']['status']);
}
if ($p_admin && $data['BlogEntry']['admin_status']) {
$this->setProperty('admin_status', $data['BlogEntry']['admin_status']);
}
if ($data['BlogEntry_Image']) {
BlogImageHelper::StoreImageDerivates('entry', $this->getProperty('entry_id'), $data['BlogEntry_Image']);
}
Blog::TriggerCounters($this->getProperty('fk_blog_id'));
return true;
}
}
return false;
}
/**
* Applies htmlspecialchars to an array of data
*
* @deprec sanitize_tags
* @param $data
* @return array
*/
function htmlspecialchars_array($data)
{
if (is_array($data)) {
foreach ($data as $k => $v) {
$data[$k] = is_array($v) ? htmlspecialchars_array($v) : htmlspecialchars($v);
}
}
return $data;
}
function store($p_admin, $p_user_id=null)
{
require_once 'HTML/QuickForm.php';
$mask = $this->getFormMask($p_admin);
$form = new html_QuickForm('blog', 'post', '', null, null, true);
FormProcessor::parseArr2Form($form, $mask);
if ($form->validate() && SecurityToken::isValid()){
$data = $form->getSubmitValues(true);
foreach ($data['Blog'] as $k => $v) {
// clean user input
if (!in_array($k, self::$m_html_allowed_fields)) {
$data['Blog'][$k] = htmlspecialchars_array($v);
}
}
if ($data['f_blog_id']) {
foreach ($data['Blog'] as $k => $v) {
$this->setProperty($k, $v);
}
if ($data['Blog_Image_remove']) {
BlogImageHelper::RemoveImageDerivates('blog', $data['f_blog_id']);
}
if ($data['Blog_Image']) {
BlogImageHelper::StoreImageDerivates('blog', $data['f_blog_id'], $data['Blog_Image']);
}
return true;
} elseif ($this->create(
isset($p_user_id) ? $p_user_id : $data['Blog']['fk_user_id'],
$data['Blog']['fk_language_id'],
$data['Blog']['title'],
$data['Blog']['info'],
$data['Blog']['request_text'],
$data['Blog']['feature'])) {
if ($data['Blog']['status']) {
$this->setProperty('status', $data['Blog']['status']);
}
if ($p_admin && $data['Blog']['admin_status']) {
$this->setProperty('admin_status', $data['Blog']['admin_status']);
}
if ($p_admin && $data['Blog']['admin_remark']) {
$this->setProperty('admin_remark', $data['Blog']['admin_remark']);
}
if ($data['Blog_Image']) {
BlogImageHelper::StoreImageDerivates('blog', $this->getProperty('blog_id'), $data['BlogEntry_Image']);
}
return true;
}
}
return false;
}
