/** * Replace {:=key} in $text with $map.key value. * Replace {:=key.subkey} with $map.key.subkey value. * Use "(array)$obj" for objects. Use 'prefix' as * shortcut for ['{:=', '}', 'prefix' ] ({:=prefix.tag} replace). * * @author Roland Kujundzic <*****@*****.**> * @param string $text * @param map $map use "(array)$obj" for objects * @param array $conf (default = [ '{:=', '}', '' ]) * @return string */ function replace_tags($text, $map, $conf = array('{:=', '}', '')) { if (is_string($conf)) { $conf = ['{:=', '}', $conf]; } foreach ($map as $key => $value) { if (is_array($value)) { $sub_conf = $conf; $sub_conf[2] = empty($conf[2]) ? $key : $conf[2] . '.' . $key; $text = replace_tags($text, $value, $sub_conf); } else { $prefix = empty($conf[2]) ? '' : $conf[2] . '.'; $text = str_replace($conf[0] . $prefix . $key . $conf[1], $value, $text); } } return $text; }
$_SESSION['formerrors']['add_software']['name'] = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strName}'"), E_USER_ERROR); } // Check this is not a duplicate $sql = "SELECT id FROM `{$dbSoftware}` WHERE LCASE(name)=LCASE('{$name}') LIMIT 1"; $result = mysql_query($sql); if (mysql_num_rows($result) >= 1) { $errors++; $_SESSION['formerrors']['add_software']['duplicate'] .= $strARecordAlreadyExistsWithTheSameName; } // add product if no errors if ($errors == 0) { $sql = "INSERT INTO `{$dbSoftware}` (name, vendorid, lifetime_start, lifetime_end) VALUES ('{$name}','{$vendor}','{$lifetime_start}','{$lifetime_end}')"; $result = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } if (!$result) { echo "<p class='error'>{$strAdditionFail}</p>"; } else { $id = mysql_insert_id(); replace_tags(TAG_SKILL, $id, $tags); journal(CFG_LOGGING_DEBUG, 'Skill Added', "Skill {$id} was added", CFG_JOURNAL_DEBUG, $id); html_redirect("products.php"); //clear form data $_SESSION['formdata']['add_software'] = NULL; } } else { include APPLICATION_INCPATH . 'htmlheader.inc.php'; html_redirect($_SERVER['PHP_SELF'], FALSE); } }
echo '<input type="text" class="odd" id="deauthtimes' . $i . '" size="3" value="5" onFocus="if(this.value == \'5\') {this.value = \'\';}" onBlur="if (this.value == \'\') {this.value = \'5\';}">'; echo ' <a href="javascript:deauth(\'' . $p[$interface][$i]["Address"] . '\', \'\', $(\'#deauthtimes' . $i . '\').val());">Run</a>'; echo '</td>'; echo '<td align="center">'; if ($is_capture_running) { if (exec("cat " . $module_path . "captures/lock") == $p[$interface][$i]["Address"]) { echo '<a class="cap_link" href="javascript:cancel_capture();">Stop</a>'; } else { echo '<a class="cap_link" href="javascript:void(0);">-</a>'; } } else { echo '<a class="cap_link" href="javascript:capture(\'' . $p[$interface][$i]["Address"] . '\', \'' . $p[$interface][$i]["Channel"] . '\');">Capture</a>'; } echo '</td>'; $tags = array("SSID" => $p[$interface][$i]["ESSID"], "BSSID" => $p[$interface][$i]["Address"], "CHANNEL" => $p[$interface][$i]["Channel"]); $custom_command = addslashes(replace_tags($tags, $custom_commands[0])); echo '<td align="center">'; if ($is_custom_running) { echo '<a href="javascript:cancel_custom_script();">Cancel</a>'; } else { echo '<a href="javascript:execute_custom_script(\'' . base64_encode($custom_command) . '\');">Execute</a>'; } echo '</td>'; echo '</tr>'; for ($j = 0; $j < count($clients); $j++) { echo '<tr class="even">'; if ($clients[$j][5] == $p[$interface][$i]["Address"]) { echo '<td class="clients" align="center">Client ' . $clientN . '</td>'; $MAC_address = explode(":", $clients[$j][0]); echo '<td class="clients"><a target="_new" title="OUI search" href="http://standards.ieee.org/cgi-bin/ouisearch?' . $MAC_address[0] . '-' . $MAC_address[1] . '-' . $MAC_address[2] . '">' . $clients[$j][0] . '</a></td>'; echo '<td> </td>';
} return $tag; } function grv_get_post_comments($id) { $comments = get_comments(array('post_id' => $id, 'status' => 'approve')); $data = array(); foreach ($comments as $comment) { $data = array('author' => $comment->comment_author, 'content' => $comment->comment_content); } return $data; }
$errors = 0; if ($name == '') { $errors = 1; $errors_string .= user_alert(sprintf($strFieldMustNotBeBlank, "'{$strName}'"), E_USER_ERROR); } if ($email == '') { $errors = 1; $errors_string .= user_alert(sprintf($strFieldMustNotBeBlank, "'{$strEmail}'"), E_USER_ERROR); } if ($telephone == '') { $errors = 1; $errors_string .= user_alert(sprintf($strFieldMustNotBeBlank, "'{$strTelephone}'"), E_USER_ERROR); } // edit site if no errors if ($errors == 0) { replace_tags(3, $site, $tags); if (isset($licenserx)) { $licenserx = '1'; } else { $licenserx = '0'; } // update site if ($active == 'true') { $activeStr = 'true'; } else { $activeStr = 'false'; } $sql = "UPDATE `{$dbSites}` SET name='{$name}', department='{$department}', address1='{$address1}', address2='{$address2}', city='{$city}', "; $sql .= "county='{$county}', postcode='{$postcode}', country='{$country}', telephone='{$telephone}', fax='{$fax}', email='{$email}', "; $sql .= "websiteurl='{$websiteurl}', notes='{$notes}', typeid='{$typeid}', owner='{$owner}', freesupport='{$incident_quantity}', active='{$activeStr}' WHERE id='{$site}' LIMIT 1"; // licenserx='$licenserx'
$error[] = sprintf($strFieldMustNotBeBlank, $strName); } if ($startdate > $duedate and $duedate != '' and $duedate > 0) { $startdate = $duedate; } if (count($error) >= 1) { include APPLICATION_INCPATH . 'htmlheader.inc.php'; echo "<p class='error'>{$strPleaseCheckData}</p>"; echo "<ul class='error'>"; foreach ($error as $err) { echo "<li>{$err}</li>"; } echo "</ul>"; include APPLICATION_INCPATH . 'htmlfooter.inc.php'; } else { replace_tags(4, $id, $tags); if ($startdate > 0) { $startdate = date('Y-m-d', $startdate); } else { $startdate = ''; } if ($duedate > 0) { $duedate = date('Y-m-d', $duedate); } else { $duedate = ''; } if ($enddate > 0) { $enddate = date('Y-m-d', $enddate); } else { $enddate = ''; }
require 'core.php'; require APPLICATION_LIBPATH . 'functions.inc.php'; // This page requires authentication require APPLICATION_LIBPATH . 'auth.inc.php'; // External variables $id = cleanvar($_REQUEST['id']); $name = $_REQUEST['name']; $action = $_POST['action']; if ($action == 'save') { // External variables $vendor = cleanvar($_POST['vendor']); $name = cleanvar($_POST['name']); $description = cleanvar($_POST['description']); $productid = cleanvar($_POST['productid']); $tags = cleanvar($_POST['tags']); replace_tags(TAG_PRODUCT, $productid, $tags); // update database $sql = "UPDATE `{$dbProducts}` SET vendorid='{$vendor}', name='{$name}', description='{$description}' WHERE id='{$productid}' LIMIT 1 "; $result = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } if (!$result) { trigger_error("Update of product failed: {$sql}", E_USER_WARNING); } else { journal(CFG_LOGGING_NORMAL, 'Product Edited', "Product {$productid} was edited", CFG_JOURNAL_PRODUCTS, $productid); html_redirect("products.php"); } } else { $title = $strEditProduct; include APPLICATION_INCPATH . 'htmlheader.inc.php';
// check for blank contact if ($contact == 0) { $errors += 1; $error_string .= "<p class='error'>You must select a contact</p>\n"; } // check for blank title if ($title == '') { $errors += 1; $error_string .= "<p class='error'>You must enter a title</p>\n"; } if ($errors > 0) { echo "<div>{$bodytext}</div>"; } if ($errors == 0) { $addition_errors = 0; replace_tags(2, $id, $tags); // update support incident $sql = "UPDATE `{$dbIncidents}` "; $sql .= "SET externalid='{$externalid}', ccemail='{$ccemail}', "; $sql .= "escalationpath='{$escalationpath}', externalengineer='{$externalengineer}', externalemail='{$externalemail}', title='{$title}', "; $sql .= "contact='{$contact}', softwareid='{$software}', productversion='{$productversion}', "; $sql .= "productservicepacks='{$productservicepacks}', lastupdated='{$now}' WHERE id='{$id}'"; $result = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } if (!$result) { $addition_errors = 1; $addition_errors_string .= "<p class='error'>Update of incident failed</p>\n"; } if ($addition_errors == 0) {
$liked = "Like"; if (mysqli_num_rows(mysqli_query($connection, "SELECT * FROM likes WHERE userid='" . $_SESSION['id'] . "' AND postid='" . $row[0] . "'"))) { $liked = "Unlike"; } if ($likes == 1) { $like_t = "Like"; } draw_small_avatar($user[1]); echo "<div class='post'><div class='post_header'>"; echo "<b><a class='profile_a' href='?view=" . $user[0] . "'>" . $user[1] . "</a></b> - " . date("M jS y g:ia", $row[1]); if ($_SESSION['id'] == $row[2] || $_SESSION['id'] == 1) { echo "<a class='erase' href='?erase=" . $row[0] . "'></a>"; echo "<a class='edit' href='?editpost=" . $row[0] . "'></a>"; } echo "</div><pre>"; echo markdown(replace_tags($row[3])); echo "</pre><div class='post_footer'>"; if ($_SESSION['id'] != $row[2]) { echo "<a href='?like={$row['0']}' class='like_a'>{$liked}</a> · <a href='#comment={$row['0']}' class='comm_a'>Comment</a>"; } echo "<span class='likes'>{$likes} {$like_t}</span>"; if ($_SESSION['id'] != $row[2]) { echo "<form method='post' class='add_comment'><textarea class='comment' placeholder='Comment ...'></textarea></form>"; } echo "<div style='clear: both;'></div></div></div><br/>"; } if (!$num) { echo "There is no messages yet. <br/>"; } } }
$dataprotection_phone = 'No'; } if ($dataprotection_address != '') { $dataprotection_address = 'Yes'; } else { $dataprotection_address = 'No'; } if ($active == 'true') { $activeStr = 'true'; } else { $activeStr = 'false'; } /* TAGS */ replace_tags(1, $contact, $tags); $sql = "UPDATE `{$dbContacts}` SET courtesytitle='{$courtesytitle}', surname='{$surname}', forenames='{$forenames}', siteid='{$siteid}', email='{$email}', phone='{$phone}', mobile='{$mobile}', fax='{$fax}', "; $sql .= "address1='{$address1}', address2='{$address2}', city='{$city}', county='{$county}', postcode='{$postcode}', "; $sql .= "country='{$country}', dataprotection_email='{$dataprotection_email}', dataprotection_phone='{$dataprotection_phone}', "; $sql .= "notes='{$notes}', dataprotection_address='{$dataprotection_address}' , department='{$department}' , jobtitle='{$jobtitle}', "; $sql .= "notify_contactid='{$notify_contactid}', "; $sql .= "active = '{$activeStr}', "; $sql .= "timestamp_modified={$now} WHERE id='{$contact}'"; $result = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } if (!$result) { trigger_error("Update of contact failed: {$sql}", E_USER_WARNING); } else { plugin_do('save_contact_form');