/** * Copyright (C) 2008-2011 Ulteo SAS * http://www.ulteo.com * Author Julien LANGLOIS <*****@*****.**> * Author Laurent CLOUET <*****@*****.**> * Author Jeremy DESVAGES <*****@*****.**> * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; version 2 * of the License. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. **/ function secure_html($data_) { if (is_array($data_)) { foreach ($data_ as $k => $v) { $data_[$k] = secure_html($v); } } elseif (is_string($data_)) { $data_ = htmlspecialchars($data_, ENT_NOQUOTES); } return $data_; }
function check_php_str($ext_image) { $ext_image = secure_html(trim($ext_image)); $extensions = array_map('trim', explode(',', $ext_image)); $ext_image = array_filter($extensions, function ($value) { if (strstr($value, 'php') !== false) { return false; } return true; }); return implode(', ', $ext_image); }
function secure_search_eshop($text) { $text = convert(trim($text)); $text = preg_replace("/[^\\w-я\\s]/", "", $text); return secure_html($text); }
function options() { global $tpl, $mysql, $cron, $twig; $tpath = locatePluginTemplates(array('config/main', 'config/general.from'), 'eshop', 1); $tVars = array(); if (isset($_REQUEST['submit'])) { pluginSetVariable('eshop', 'count', intval($_REQUEST['count'])); pluginSetVariable('eshop', 'count_search', secure_html($_REQUEST['count_search'])); pluginSetVariable('eshop', 'count_stocks', secure_html($_REQUEST['count_stocks'])); pluginSetVariable('eshop', 'views_count', $_REQUEST['views_count']); pluginSetVariable('eshop', 'bidirect_linked_products', $_REQUEST['bidirect_linked_products']); pluginSetVariable('eshop', 'approve_comments', $_REQUEST['approve_comments']); pluginSetVariable('eshop', 'sort_comments', $_REQUEST['sort_comments']); pluginSetVariable('eshop', 'integrate_gsmg', $_REQUEST['integrate_gsmg']); pluginSetVariable('eshop', 'max_image_size', intval($_REQUEST['max_image_size'])); pluginSetVariable('eshop', 'width_thumb', intval($_REQUEST['width_thumb'])); pluginSetVariable('eshop', 'width', intval($_REQUEST['width'])); pluginSetVariable('eshop', 'height', intval($_REQUEST['height'])); pluginSetVariable('eshop', 'ext_image', check_php_str($_REQUEST['ext_image'])); pluginSetVariable('eshop', 'pre_width', intval($_REQUEST['pre_width'])); pluginSetVariable('eshop', 'catz_max_image_size', intval($_REQUEST['catz_max_image_size'])); pluginSetVariable('eshop', 'catz_width_thumb', intval($_REQUEST['catz_width_thumb'])); pluginSetVariable('eshop', 'catz_width', intval($_REQUEST['catz_width'])); pluginSetVariable('eshop', 'catz_height', intval($_REQUEST['catz_height'])); pluginSetVariable('eshop', 'catz_ext_image', check_php_str($_REQUEST['catz_ext_image'])); pluginSetVariable('eshop', 'email_notify_orders', $_REQUEST['email_notify_orders']); pluginSetVariable('eshop', 'email_notify_comments', $_REQUEST['email_notify_comments']); pluginSetVariable('eshop', 'email_notify_back', $_REQUEST['email_notify_back']); pluginSetVariable('eshop', 'description_delivery', $_REQUEST['description_delivery']); pluginSetVariable('eshop', 'description_order', $_REQUEST['description_order']); pluginSetVariable('eshop', 'description_phones', $_REQUEST['description_phones']); pluginsSaveConfig(); redirect_eshop('?mod=extra-config&plugin=eshop&action=options'); } $views_cnt = intval(pluginGetVariable('eshop', 'views_count')); if ($views_cnt == 2) { $cron_row = $cron->getConfig(); foreach ($cron_row as $key => $value) { if ($value['plugin'] == 'eshop' && $value['handler'] == 'eshop_views') { $cron_min = $value['min']; $cron_hour = $value['hour']; $cron_day = $value['day']; $cron_month = $value['month']; } } if (!isset($cron_min)) { $cron_min = '0,15,30,45'; } if (!isset($cron_hour)) { $cron_hour = '*'; } if (!isset($cron_day)) { $cron_day = '*'; } if (!isset($cron_month)) { $cron_month = '*'; } $cron->unregisterTask('eshop', 'eshop_views'); $cron->registerTask('eshop', 'eshop_views', $cron_min, $cron_hour, $cron_day, $cron_month, '*'); } else { $cron->unregisterTask('eshop', 'eshop_views'); } $count = pluginGetVariable('eshop', 'count'); $count_search = pluginGetVariable('eshop', 'count_search'); $count_stocks = pluginGetVariable('eshop', 'count_stocks'); $views_count = pluginGetVariable('eshop', 'views_count'); $views_count = '<option value="0" ' . ($views_count == 0 ? 'selected' : '') . '>Нет</option><option value="1" ' . ($views_count == 1 ? 'selected' : '') . '>Да</option><option value="2" ' . ($views_count == 2 ? 'selected' : '') . '>Отложенное</option>'; $bidirect_linked_products = pluginGetVariable('eshop', 'bidirect_linked_products'); $bidirect_linked_products = '<option value="0" ' . ($bidirect_linked_products == 0 ? 'selected' : '') . '>Нет</option><option value="1" ' . ($bidirect_linked_products == 1 ? 'selected' : '') . '>Да</option>'; $approve_comments = pluginGetVariable('eshop', 'approve_comments'); $approve_comments = '<option value="0" ' . ($approve_comments == 0 ? 'selected' : '') . '>Нет</option><option value="1" ' . ($approve_comments == 1 ? 'selected' : '') . '>Да</option>'; $sort_comments = pluginGetVariable('eshop', 'sort_comments'); $sort_comments = '<option value="0" ' . ($sort_comments == 0 ? 'selected' : '') . '>Новые снизу</option><option value="1" ' . ($sort_comments == 1 ? 'selected' : '') . '>Новые сверху</option>'; $integrate_gsmg = pluginGetVariable('eshop', 'integrate_gsmg'); $integrate_gsmg = '<option value="0" ' . ($integrate_gsmg == 0 ? 'selected' : '') . '>Нет</option><option value="1" ' . ($integrate_gsmg == 1 ? 'selected' : '') . '>Да</option>'; $max_image_size = pluginGetVariable('eshop', 'max_image_size'); $width_thumb = pluginGetVariable('eshop', 'width_thumb'); $width = pluginGetVariable('eshop', 'width'); $height = pluginGetVariable('eshop', 'height'); $ext_image = pluginGetVariable('eshop', 'ext_image'); $pre_width = pluginGetVariable('eshop', 'pre_width'); $catz_max_image_size = pluginGetVariable('eshop', 'catz_max_image_size'); $catz_width_thumb = pluginGetVariable('eshop', 'catz_width_thumb'); $catz_width = pluginGetVariable('eshop', 'catz_width'); $catz_height = pluginGetVariable('eshop', 'catz_height'); $catz_ext_image = pluginGetVariable('eshop', 'catz_ext_image'); $email_notify_orders = pluginGetVariable('eshop', 'email_notify_orders'); $email_notify_comments = pluginGetVariable('eshop', 'email_notify_comments'); $email_notify_back = pluginGetVariable('eshop', 'email_notify_back'); $description_delivery = pluginGetVariable('eshop', 'description_delivery'); $description_order = pluginGetVariable('eshop', 'description_order'); $description_phones = pluginGetVariable('eshop', 'description_phones'); $tEntry = array('count' => $count, 'count_search' => $count_search, 'count_stocks' => $count_stocks, 'views_count' => $views_count, 'bidirect_linked_products' => $bidirect_linked_products, 'approve_comments' => $approve_comments, 'sort_comments' => $sort_comments, 'integrate_gsmg' => $integrate_gsmg, 'max_image_size' => $max_image_size, 'width_thumb' => $width_thumb, 'width' => $width, 'height' => $height, 'ext_image' => $ext_image, 'pre_width' => $pre_width, 'catz_max_image_size' => $catz_max_image_size, 'catz_width_thumb' => $catz_width_thumb, 'catz_width' => $catz_width, 'catz_height' => $catz_height, 'catz_ext_image' => $catz_ext_image, 'email_notify_orders' => $email_notify_orders, 'email_notify_comments' => $email_notify_comments, 'email_notify_back' => $email_notify_back, 'description_delivery' => $description_delivery, 'description_order' => $description_order, 'description_phones' => $description_phones); $xt = $twig->loadTemplate($tpath['config/general.from'] . 'config/' . 'general.from.tpl'); $tVars = array('entries' => isset($tEntry) ? $tEntry : ''); $xg = $twig->loadTemplate($tpath['config/main'] . 'config/' . 'main.tpl'); $tVars = array('entries' => $xt->render($tVars), 'php_self' => $PHP_SELF, 'plugin_url' => admin_url . '/admin.php?mod=extra-config&plugin=eshop', 'skins_url' => skins_url, 'admin_url' => admin_url, 'home' => home, 'current_title' => 'Настройки'); print $xg->render($tVars); }
function social_config() { global $tpl, $mysql, $lang, $twig; $tpath = locatePluginTemplates(array('config/main', 'config/social'), 'guestbook', 1); if (isset($_REQUEST['submit'])) { pluginSetVariable('guestbook', 'vk_client_id', secure_html($_REQUEST['vk_client_id'])); pluginSetVariable('guestbook', 'vk_client_secret', secure_html($_REQUEST['vk_client_secret'])); pluginSetVariable('guestbook', 'facebook_client_id', secure_html($_REQUEST['facebook_client_id'])); pluginSetVariable('guestbook', 'facebook_client_secret', secure_html($_REQUEST['facebook_client_secret'])); pluginSetVariable('guestbook', 'google_client_id', secure_html($_REQUEST['google_client_id'])); pluginSetVariable('guestbook', 'google_client_secret', secure_html($_REQUEST['google_client_secret'])); pluginSetVariable('guestbook', 'instagram_client_id', secure_html($_REQUEST['instagram_client_id'])); pluginSetVariable('guestbook', 'instagram_client_secret', secure_html($_REQUEST['instagram_client_secret'])); pluginsSaveConfig(); msg(array("text" => $lang['gbconfig']['msgo_settings_saved'])); } $vk_client_id = pluginGetVariable('guestbook', 'vk_client_id'); $vk_client_secret = pluginGetVariable('guestbook', 'vk_client_secret'); $facebook_client_id = pluginGetVariable('guestbook', 'facebook_client_id'); $facebook_client_secret = pluginGetVariable('guestbook', 'facebook_client_secret'); $google_client_id = pluginGetVariable('guestbook', 'google_client_id'); $google_client_secret = pluginGetVariable('guestbook', 'google_client_secret'); $instagram_client_id = pluginGetVariable('guestbook', 'instagram_client_id'); $instagram_client_secret = pluginGetVariable('guestbook', 'instagram_client_secret'); $xt = $twig->loadTemplate($tpath['config/social'] . 'config/social.tpl'); $tVars = array('skins_url' => skins_url, 'home' => home, 'tpl_home' => admin_url, 'vk_client_id' => $vk_client_id, 'vk_client_secret' => $vk_client_secret, 'facebook_client_id' => $facebook_client_id, 'facebook_client_secret' => $facebook_client_secret, 'google_client_id' => $google_client_id, 'google_client_secret' => $google_client_secret, 'instagram_client_id' => $instagram_client_id, 'instagram_client_secret' => $instagram_client_secret); $xg = $twig->loadTemplate($tpath['config/main'] . 'config/main.tpl'); $tVars = array('entries' => $xt->render($tVars)); print $xg->render($tVars); }
function popup_info($msg_) { $msg_ = secure_html($msg_); if (!isset($_SESSION['infomsg'])) { $_SESSION['infomsg'] = array(); } if (is_array($msg_)) { foreach ($msg_ as $infomsg) { $_SESSION['infomsg'][] = $infomsg; } } else { $_SESSION['infomsg'][] = $msg_; } return true; }
function comments_add($params) { global $tpl, $template, $twig, $ip, $SYSTEM_FLAGS, $config, $userROW, $mysql, $TemplateCache; // Prepare basic reply array $results = array(); if (isset($userROW)) { $SQL['name'] = $userROW['name']; $SQL['author'] = $userROW['name']; $SQL['author_id'] = $userROW['id']; $SQL['mail'] = $userROW['mail']; $is_member = 1; $memberRec = $userROW; } else { $SQL['name'] = secure_html(convert(trim($params['comment_author']))); $SQL['author'] = secure_html(convert(trim($params['comment_author']))); $SQL['author_id'] = 0; $SQL['mail'] = secure_html(convert(trim($params['comment_email']))); $is_member = 0; $memberRec = ""; } $SQL['text'] = secure_html(convert(trim($params['comment_text']))); $SQL['product_id'] = $params['product_id']; $SQL['postdate'] = time() + $config['date_adjust'] * 60; $SQL['text'] = str_replace("\r\n", "<br />", $SQL['text']); $SQL['ip'] = $ip; $SQL['reg'] = $is_member ? '1' : '0'; $approve_comments = pluginGetVariable('eshop', 'approve_comments'); if ($approve_comments == "1") { $SQL['status'] = '0'; } else { $SQL['status'] = '1'; } if (empty($SQL['name'])) { $error_text[] = 'Вы не ввели имя!'; } if (empty($SQL['mail'])) { $error_text[] = 'Вы не ввели email!'; } if (empty($SQL['text'])) { $error_text[] = 'Вы не написали комментарий!'; } if (empty($error_text)) { // Create comment $vnames = array(); $vparams = array(); foreach ($SQL as $k => $v) { $vnames[] = $k; $vparams[] = db_squote($v); } $mysql->query("insert into " . prefix . "_eshop_products_comments (" . implode(",", $vnames) . ") values (" . implode(",", $vparams) . ")"); // Update comment counter $mysql->query("update " . prefix . "_eshop_products set comments = comments + 1 where id = " . db_squote($SQL['product_id']) . " "); $notify_tpath = locatePluginTemplates(array('mail/lfeedback_comment'), 'eshop', pluginGetVariable('eshop', 'localsource')); $notify_xt = $twig->loadTemplate($notify_tpath['mail/lfeedback_comment'] . 'mail/' . 'lfeedback_comment.tpl'); $prd = $mysql->record("SELECT * FROM " . prefix . "_eshop_products WHERE id=" . db_squote($SQL['product_id']) . " "); $fulllink = checkLinkAvailable('eshop', 'show') ? generateLink('eshop', 'show', array('alt' => $prd['url'])) : generateLink('core', 'plugin', array('plugin' => 'eshop', 'handler' => 'show'), array('alt' => $prd['url'])); $prd['fulllink'] = $fulllink; $pVars = array('vproduct' => $prd, 'vnames' => $SQL); $mailBody = $notify_xt->render($pVars); $mailSubject = "Новый комментарий с сайта"; $mailTo = pluginGetVariable('eshop', 'email_notify_comments'); $mail_from = pluginGetVariable('eshop', 'email_notify_back'); if ($mail_from == "") { $mail_from = false; } if ($mailTo != "") { sendEmailMessage($mailTo, $mailSubject, $mailBody, $filename = false, $mail_from, $ctype = 'text/html'); } $results = array('eshop_comments' => 100, 'eshop_comments_text' => iconv('Windows-1251', 'UTF-8', 'Комментарий успешно добавлен!'), 'eshop_comments_show' => iconv('Windows-1251', 'UTF-8', comments_show_handler($params))); } else { $results = array('eshop_comments' => 2, 'eshop_comments_text' => iconv('Windows-1251', 'UTF-8', implode('<br />', $error_text)), 'eshop_comments_show' => iconv('Windows-1251', 'UTF-8', comments_show_handler($params))); } return array('status' => 1, 'errorCode' => 0, 'data' => $results); }
function guestbook_edit() { global $template, $tpl, $userROW, $ip, $config, $mysql, $twig, $lang, $CurrentHandler; $id = intval(isset($CurrentHandler['params']['id']) ? $CurrentHandler['params']['id'] : (isset($_REQUEST['id']) ? secure_html(convert(trim($_REQUEST['id']))) : '')); $tpath = locatePluginTemplates(array('guestbook.edit'), 'guestbook', pluginGetVariable('guestbook', 'localsource')); $xt = $twig->loadTemplate($tpath['guestbook.edit'] . 'guestbook.edit.tpl'); // admin permission is required to edit messages if (is_array($userROW) && $userROW['status'] == "1") { // get fields $fdata = $mysql->select("SELECT * FROM " . prefix . "_guestbook_fields"); if (!is_array($row = $mysql->record("SELECT * FROM " . prefix . "_guestbook WHERE id=" . db_squote(intval($id))))) { $tVars = array('error' => $lang['guestbook']['error_no_entry']); $template['vars']['mainblock'] = $xt->render($tVars); return; } $row['message'] = str_replace("<br />", "\r\n", $row['message']); $row['answer'] = str_replace("<br />", "\r\n", $row['answer']); // output fields data $tFields = array(); foreach ($fdata as $fnum => $frow) { $tField = array('id' => $frow['id'], 'name' => $frow['name'], 'placeholder' => $frow['placeholder'], 'default_value' => $frow['default_value'], 'required' => intval($frow['required']), 'value' => $row[$frow['id']]); $tFields[] = $tField; } // Error notification $error = isset($_REQUEST['error']) && $_REQUEST['error'] ? $lang['guestbook']['error_field_required'] : ''; $tVars = array('author' => $row['author'], 'answer' => $row['answer'], 'message' => $row['message'], 'id' => $row['id'], 'fields' => $tFields, 'error' => $error); $template['vars']['mainblock'] = $xt->render($tVars); } else { $tVars = array('error' => $lang['guestbook']['error_no_permission']); $template['vars']['mainblock'] = $xt->render($tVars); } }