function linkenize($str)
{
$str = trim($str);
$str = sanitize_html_string($str);
$str = preg_replace('=([^\\s]*:\\/\\/)(www.)?([^<\\s]{0,60})([0-9;&#]*)([^<\\s]*)=', '<a href="http://\\2\\3\\4\\5" target=\'_new\'>\\1\\2\\3\\4..</a>', $str);
return $str;
}
$tpl->assign("theme", $theme);
$tpl->assign("title", $title);
$tpl->assign("headingtitletxt", $headingtitletxt);
$tpl->assign("addentrytxt", $addentrytxt);
$tpl->assign("viewguestbooktxt", $viewguestbooktxt);
$tpl->assign("newpostfirsttxt", $newpostfirsttxt);
$tpl->assign("newpostlasttxt", $newpostlasttxt);
$tpl->assign("searchlabeltxt", $searchlabeltxt);
$tpl->assign("searchbuttontxt", $searchbuttontxt);
$tpl->assign("currentyear", date("Y"));
$tpl->assign("goback", $goback);
$search = sanitize_html_string($_POST['search_term']);
$pageNum = sanitize_int($_GET['page'], 0, 9000);
// Set Search Variables
if ($search == "") {
$search = sanitize_html_string($_GET['search_term']);
}
if ($pageNum == "") {
$pageNum = 0;
}
// If no search term then exit
if ($search == "") {
$tpl->assign("error_msg", $msgnosearchterm);
$html = $tpl->draw('error', $return_string = true);
echo $html;
exit;
}
// Check that the data file contains entries
$filename = "data/list.txt";
$handle = fopen($filename, "r");
if (filesize($filename) == 0) {
function check($input, $flags, $min = '', $max = '')
{
$oldput = $input;
if ($flags & UTF8) {
$input = my_utf8_decode($input);
}
if ($flags & PARANOID) {
$input = sanitize_paranoid_string($input, $min, $max);
}
if ($flags & INT) {
$input = sanitize_int($input, $min, $max);
}
if ($flags & FLOAT) {
$input = sanitize_float($input, $min, $max);
}
if ($flags & HTML) {
$input = sanitize_html_string($input, $min, $max);
}
if ($flags & LDAP) {
$input = sanitize_ldap_string($input, $min, $max);
}
if ($flags & SYSTEM) {
$input = sanitize_system_string($input, $min, $max, TRUE);
}
if ($input != $oldput) {
return FALSE;
}
return TRUE;
}
<?php
}
?>
</div>
<div style='clear: both'></div>
<?php
foreach ($data as $row) {
if (Permission::model()->hasSurveyPermission($surveyid, 'responses', 'read')) {
?>
<div class='statisticscolumnid col-sm-1'>
<a href='<?php
echo Yii::app()->getController()->createUrl("admin/responses/sa/view/surveyid/" . $surveyid . "/id/" . $row['id']);
?>
' target='_blank' title='<?php
eT("View response");
?>
' data-toggle="tooltip" data-placement="top">
<span class="fa fa-search"></span>
</a>
</div>
<?php
}
?>
<div class='statisticscolumndata col-sm-11 text-left' >
<?php
echo sanitize_html_string($row['value']);
?>
</div>
<?php
}
<em>
<?php
templatereplace($question->question, array(),$aReplacementData,'Unspecified', false ,$question->qid);
echo viewHelper::stripTagsEM(LimeExpressionManager::GetLastPrettyPrintExpression());
?>
</em>
</span>
</div>
<!-- Other questions -->
<?php else: ?>
<a href="<?php echo $this->createUrl("/admin/questions/sa/view/surveyid/$iSurveyId/gid/".$aGroup->gid."/qid/".$question->qid); ?>" class="question-link" >
<span class="question-collapse-title">
<span class="glyphicon glyphicon-list"></span>
<strong>
<?php echo sanitize_html_string(strip_tags($question->title));?>
</strong>
<br/>
<em>
<?php
templatereplace($question->question, array(),$aReplacementData,'Unspecified', false ,$question->qid);
echo viewHelper::stripTagsEM(LimeExpressionManager::GetLastPrettyPrintExpression());
?>
</em>
</span>
</a>
<?php endif; ?>
<?php endif; ?>
<?php endforeach;?>
<?php else:?>
<a href="" onclick="event.preventDefault();" style="cursor: default;">
$message_log_string = $message_time_log . " | " . $message_ip_log . " | " . $message_ip_address_log . " | " . sanitize_html_string($yourname) . " | " . sanitize_html_string($yourmessage) . "\n";
$fp = fopen("data/message_spam.log", "a");
fwrite($fp, $message_log_string);
fclose($fp);
$tpl->assign("error_msg", $msgspamdetected);
$html = $tpl->draw('error', $return_string = true);
echo $html;
exit;
}
}
// Log visitor IP Number and IP Address if option is set by guestbook administrator ---------------
if ($gbIPLogKey == 1) {
$message_ip_log = $_SERVER['REMOTE_ADDR'];
$message_ip_address_log = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$message_time_log = $date;
$message_log_string = $message_time_log . " | " . $message_ip_log . " | " . $message_ip_address_log . " | " . sanitize_html_string($yourname) . "\n";
$fp = fopen("data/message_post.log", "a");
fwrite($fp, $message_log_string);
fclose($fp);
}
// Notify administrator of new email if option is selected ----------------------------------------
if ($notify_admin == 1) {
mail("{$notify_admin_email}", "{$notify_subject}", "{$notify_message}");
}
// Smiley face insertion into the message ---------------------------------------------------------
$yourname = clean_message(stripslashes($yourname));
$yourmessage = clean_message(stripslashes($yourmessage));
// Call for filtering bad words -------------------------------------------------------------------
if ($gbBadWordsKey == 1) {
$yourmessage = swapBadWords($yourmessage);
}
private function _saveSettings()
{
if ($_POST['action'] !== "globalsettingssave") {
return;
}
if (!Permission::model()->hasGlobalPermission('settings', 'update')) {
$this->getController()->redirect(array('/admin'));
}
Yii::app()->loadHelper('surveytranslator');
$iPDFFontSize = sanitize_int($_POST['pdffontsize']);
if ($iPDFFontSize < 1) {
$iPDFFontSize = 9;
}
$iPDFLogoWidth = sanitize_int($_POST['pdflogowidth']);
if ($iPDFLogoWidth < 1) {
$iPDFLogoWidth = 50;
}
$maxemails = $_POST['maxemails'];
if (sanitize_int($_POST['maxemails']) < 1) {
$maxemails = 1;
}
$defaultlang = sanitize_languagecode($_POST['defaultlang']);
$aRestrictToLanguages = explode(' ', sanitize_languagecodeS($_POST['restrictToLanguages']));
if (!in_array($defaultlang, $aRestrictToLanguages)) {
// Force default language in restrictToLanguages
$aRestrictToLanguages[] = $defaultlang;
}
if (count(array_diff(array_keys(getLanguageData(false, Yii::app()->session['adminlang'])), $aRestrictToLanguages)) == 0) {
$aRestrictToLanguages = '';
} else {
$aRestrictToLanguages = implode(' ', $aRestrictToLanguages);
}
setGlobalSetting('defaultlang', $defaultlang);
setGlobalSetting('restrictToLanguages', trim($aRestrictToLanguages));
setGlobalSetting('sitename', strip_tags($_POST['sitename']));
setGlobalSetting('defaulthtmleditormode', sanitize_paranoid_string($_POST['defaulthtmleditormode']));
setGlobalSetting('defaultquestionselectormode', sanitize_paranoid_string($_POST['defaultquestionselectormode']));
setGlobalSetting('defaulttemplateeditormode', sanitize_paranoid_string($_POST['defaulttemplateeditormode']));
if (!Yii::app()->getConfig('demoMode')) {
$sTemplate = Yii::app()->getRequest()->getPost("defaulttemplate");
if (array_key_exists($sTemplate, getTemplateList())) {
setGlobalSetting('defaulttemplate', $sTemplate);
}
}
// we set the admin theme
$sAdmintheme = sanitize_paranoid_string($_POST['admintheme']);
setGlobalSetting('admintheme', $sAdmintheme);
// we check if it's a user theme
$usertemplatethemerootdir = Yii::app()->getConfig("uploaddir") . '/admintheme/' . $sAdmintheme;
if ($usertemplatethemerootdir && file_exists($usertemplatethemerootdir) && is_dir($usertemplatethemerootdir)) {
$adminimagebaseurl = Yii::app()->getBaseUrl(true) . "/upload/admintheme/{$sAdmintheme}/images/";
setGlobalSetting('adminimagebaseurl', $adminimagebaseurl);
setGlobalSetting('adminimageurl', $adminimagebaseurl . 'images/14/');
} else {
$adminimagebaseurl = Yii::app()->getBaseUrl(true) . "/styles/{$sAdmintheme}/images/";
setGlobalSetting('adminimagebaseurl', $adminimagebaseurl);
setGlobalSetting('adminimageurl', $adminimagebaseurl . '/14/');
}
//setGlobalSetting('adminthemeiconsize', trim(file_get_contents(Yii::app()->getConfig("styledir").DIRECTORY_SEPARATOR.sanitize_paranoid_string($_POST['admintheme']).DIRECTORY_SEPARATOR.'iconsize')));
setGlobalSetting('emailmethod', strip_tags($_POST['emailmethod']));
setGlobalSetting('emailsmtphost', strip_tags(returnGlobal('emailsmtphost')));
if (returnGlobal('emailsmtppassword') != 'somepassword') {
setGlobalSetting('emailsmtppassword', strip_tags(returnGlobal('emailsmtppassword')));
}
setGlobalSetting('bounceaccounthost', strip_tags(returnGlobal('bounceaccounthost')));
setGlobalSetting('bounceaccounttype', strip_tags(returnGlobal('bounceaccounttype')));
setGlobalSetting('bounceencryption', strip_tags(returnGlobal('bounceencryption')));
setGlobalSetting('bounceaccountuser', strip_tags(returnGlobal('bounceaccountuser')));
if (returnGlobal('bounceaccountpass') != 'enteredpassword') {
setGlobalSetting('bounceaccountpass', strip_tags(returnGlobal('bounceaccountpass')));
}
setGlobalSetting('emailsmtpssl', sanitize_paranoid_string(Yii::app()->request->getPost('emailsmtpssl', '')));
setGlobalSetting('emailsmtpdebug', sanitize_int(Yii::app()->request->getPost('emailsmtpdebug', '0')));
setGlobalSetting('emailsmtpuser', strip_tags(returnGlobal('emailsmtpuser')));
setGlobalSetting('filterxsshtml', strip_tags($_POST['filterxsshtml']));
$warning = '';
// make sure emails are valid before saving them
if (Yii::app()->request->getPost('siteadminbounce', '') == '' || validateEmailAddress(Yii::app()->request->getPost('siteadminbounce'))) {
setGlobalSetting('siteadminbounce', strip_tags(Yii::app()->request->getPost('siteadminbounce')));
} else {
$warning .= gT("Warning! Admin bounce email was not saved because it was not valid.") . '<br/>';
}
if (Yii::app()->request->getPost('siteadminemail', '') == '' || validateEmailAddress(Yii::app()->request->getPost('siteadminemail'))) {
setGlobalSetting('siteadminemail', strip_tags(Yii::app()->request->getPost('siteadminemail')));
} else {
$warning .= gT("Warning! Admin email was not saved because it was not valid.") . '<br/>';
}
setGlobalSetting('siteadminname', strip_tags($_POST['siteadminname']));
setGlobalSetting('shownoanswer', sanitize_int($_POST['shownoanswer']));
setGlobalSetting('showxquestions', $_POST['showxquestions']);
setGlobalSetting('showgroupinfo', $_POST['showgroupinfo']);
setGlobalSetting('showqnumcode', $_POST['showqnumcode']);
$repeatheadingstemp = (int) $_POST['repeatheadings'];
if ($repeatheadingstemp == 0) {
$repeatheadingstemp = 25;
}
setGlobalSetting('repeatheadings', $repeatheadingstemp);
setGlobalSetting('maxemails', sanitize_int($maxemails));
$iSessionExpirationTime = (int) $_POST['iSessionExpirationTime'];
if ($iSessionExpirationTime == 0) {
$iSessionExpirationTime = 7200;
}
setGlobalSetting('iSessionExpirationTime', $iSessionExpirationTime);
setGlobalSetting('ipInfoDbAPIKey', $_POST['ipInfoDbAPIKey']);
setGlobalSetting('pdffontsize', $iPDFFontSize);
setGlobalSetting('pdfshowheader', $_POST['pdfshowheader']);
setGlobalSetting('pdflogowidth', $iPDFLogoWidth);
setGlobalSetting('pdfheadertitle', $_POST['pdfheadertitle']);
setGlobalSetting('pdfheaderstring', $_POST['pdfheaderstring']);
setGlobalSetting('googleMapsAPIKey', $_POST['googleMapsAPIKey']);
setGlobalSetting('googleanalyticsapikey', $_POST['googleanalyticsapikey']);
setGlobalSetting('googletranslateapikey', $_POST['googletranslateapikey']);
setGlobalSetting('force_ssl', $_POST['force_ssl']);
setGlobalSetting('surveyPreview_require_Auth', $_POST['surveyPreview_require_Auth']);
setGlobalSetting('RPCInterface', $_POST['RPCInterface']);
setGlobalSetting('rpc_publish_api', (bool) $_POST['rpc_publish_api']);
$savetime = (double) $_POST['timeadjust'] * 60 . ' minutes';
//makes sure it is a number, at least 0
if (substr($savetime, 0, 1) != '-' && substr($savetime, 0, 1) != '+') {
$savetime = '+' . $savetime;
}
setGlobalSetting('timeadjust', $savetime);
setGlobalSetting('usercontrolSameGroupPolicy', strip_tags($_POST['usercontrolSameGroupPolicy']));
// Boxes
for ($i = 1; $i < 7; $i++) {
$box = Boxes::model()->find(array('condition' => 'position=:positionId', 'params' => array(':positionId' => $i)));
$box->url = sanitize_html_string($_POST['box-url-' . $i]);
$box->title = sanitize_html_string($_POST['box-title-' . $i]);
$box->ico = sanitize_html_string($_POST['box-ico-' . $i]);
$box->desc = sanitize_html_string($_POST['box-desc-' . $i]);
$box->save();
}
Yii::app()->session['flashmessage'] = $warning . gT("Global settings were saved.");
// Redirect if user clicked save-and-close-button
if (isset($_POST['saveandclose'])) {
$url = htmlspecialchars_decode(Yii::app()->session['refurl']);
if ($url) {
Yii::app()->getController()->redirect($url);
} else {
$url = Yii::app()->createUrl('admin');
Yii::app()->getController()->redirect($url);
}
}
}
function sanitize($input, $flags, $min = '', $max = '')
{
if ($flags & UTF8) {
$input = my_utf8_decode($input);
}
if ($flags & PARANOID) {
$input = sanitize_paranoid_string($input, $min, $max);
}
if ($flags & INT) {
$input = sanitize_int($input, $min, $max);
}
if ($flags & FLOAT) {
$input = sanitize_float($input, $min, $max);
}
if ($flags & HTML) {
$input = sanitize_html_string($input, $min, $max);
}
if ($flags & SQL) {
$input = sanitize_sql_string($input, $min, $max);
}
if ($flags & LDAP) {
$input = sanitize_ldap_string($input, $min, $max);
}
if ($flags & SYSTEM) {
$input = sanitize_system_string($input, $min, $max);
}
return $input;
}
include "views/not_logged_in.php";
?>
</li>
</ul>
</nav>
</div>
<br />
<?php
// If the user has specified an email, show recovery questions.
if (isset($_POST['email'])) {
?>
<form method="POST">
<p>If you answer your security questions correctly, your password will be changed to your Date of Birth in mmddyyyy format.</p>
<input type="hidden" value="<?php
echo sanitize_html_string($_POST['email']);
?>
" name="forgot-email" />
<table><tr>
<td><label>What is the name of your first pet?</label></td>
<td><input type="text" class="form-control" autofocus name="q1" /></td>
</tr><tr>
<td><label>What is the make of your first car?</label></td>
<td><input type="text" class="form-control" name="q2" /></td>
</tr><tr>
<td><label>What is the name of your first employer?</label></td>
<td><input type="text" class="form-control" name="q3" /></td>
</tr></table>
<button class="btn btn-info">Submit</button>
</form>
$error = 'You must type a comment first.';
} else {
add_comment($cleanHTML, $destinationID, $userAdding);
header('Location: ?action=viewDestination&destinationID=' . $destinationID);
}
} else {
if ($action == 'editComment') {
//loads the edit comment page
$commentID = $_POST['commentID'];
$comment = get_comment_By_ID($commentID);
include 'views/edit.php';
} else {
if ($action == 'commentEdited') {
//Edits the desired comment and saves it to the databse then reloads the vacation spots page
$newContent = nl2br($_POST['content']);
$cleanHTML = sanitize_html_string($newContent);
$commentID = $_POST['commentID'];
$destinationID = $_POST['destinationID'];
edit_comment($cleanHTML, $commentID);
header('Location: ?action=viewDestination&destinationID=' . $destinationID);
} else {
if ($action == 'deleteComment') {
//Deletes the desired comment
$commentID = $_POST['commentID'];
$destinationID = $_POST['destinationID'];
delete_comment($commentID);
header('Location: ?action=viewDestination&destinationID=' . $destinationID);
} else {
if ($action == 'logIn') {
//loads the log in page
if (isset($_POST['action'])) {
