public function store($object_id)
{
global $db;
$object_id = (int) $object_id;
if ($object_id) {
$this->value_intvalue = (int) $this->value_intvalue;
$ins_charvalue = $this->value_charvalue == null ? '' : stripslashes($this->value_charvalue);
$q = new w2p_Database_Query();
$q->addTable('custom_fields_values');
if ($this->value_id) {
$q->addUpdate('value_charvalue', $ins_charvalue);
$q->addUpdate('value_intvalue', $this->value_intvalue);
$q->addWhere('value_id = ' . $this->value_id);
} else {
$q->addInsert('value_module', '');
$q->addInsert('value_field_id', $this->field_id);
$q->addInsert('value_object_id', $object_id);
$q->addInsert('value_charvalue', $ins_charvalue);
$q->addInsert('value_intvalue', $this->value_intvalue);
}
$rs = $q->exec();
$q->clear();
if (!$rs) {
return $db->ErrorMsg() . ' | SQL: ';
}
} else {
return 'Error: Cannot store field (' . $this->field_name . '), associated id not supplied.';
}
}
function sanitizeString($_db, $str)
{
$str = strip_tags($str);
$str = htmlentities($str);
$str = stripslashes($str);
return mysqli_real_escape_string($_db, $str);
}
function art_save_postdata($post_id)
{
// verify this came from the our screen and with proper authorization,
// because save_post can be triggered at other times
if (!wp_verify_nonce($_POST['art-direction-nonce'], plugin_basename(__FILE__))) {
return $post_id;
}
if ('page' == $_POST['post_type']) {
if (!current_user_can('edit_page', $post_id)) {
return $post_id;
}
} else {
if (!current_user_can('edit_post', $post_id)) {
return $post_id;
}
}
// OK, we're authenticated: we need to find and save the data
delete_post_meta($post_id, 'art_direction_single');
delete_post_meta($post_id, 'art_direction_global');
if (trim($_POST['single-code']) != '') {
add_post_meta($post_id, 'art_direction_single', stripslashes($_POST['single-code']));
}
if (trim($_POST['global-code']) != '') {
add_post_meta($post_id, 'art_direction_global', stripslashes($_POST['global-code']));
return true;
}
}
function fetchMethodForm($uid, $step, $update = false)
{
global $task;
switch ($step) {
case 2:
$lists = array();
$lists['action'] = _taskLink($task, $uid, array('step' => $step + 1), false);
return HTML_DMUploadMethod::linkFileForm($lists);
break;
case 3:
$url = stripslashes(JRequest::getString('url', 'http://'));
$err = DMUploadMethod::linkFileProcess($uid, $step, $url);
if ($err['_error']) {
_returnTo($task, $err['_errmsg'], '', array("method" => 'link', "step" => $step - 1, "localfile" => '', "url" => DOCMAN_Utils::safeEncodeURL($url)));
}
$uploaded = DOCMAN_Utils::safeEncodeURL(_DM_DOCUMENT_LINK . $url);
$catid = $update ? 0 : $uid;
$docid = $update ? $uid : 0;
$session = JFactory::getSession();
$session->set('docman.dmfilename', _DM_DOCUMENT_LINK);
$session->set('docman.document_url', $url);
return fetchEditDocumentForm($docid, $uploaded, $catid);
break;
default:
break;
}
return true;
}
function call_order($lng, $para, $filename = 'order', $outHTML = null)
{
$para = $this->fun->array_getvalue($para);
$lngpack = $lng ? $lng : $this->CON['is_lancode'];
$lng = $lng == 'big5' ? $this->CON['is_lancode'] : $lng;
include admin_ROOT . 'datacache/' . $lng . '_pack.php';
$cartid = $this->fun->eccode($this->fun->accept('ecisp_order_list', 'C'), 'DECODE', db_pscode);
$cartid = stripslashes(htmlspecialchars_decode($cartid));
$uncartid = !empty($cartid) ? unserialize($cartid) : null;
$total = $this->fun->eccode($this->fun->accept('ecisp_order_productmoney', 'C'), 'DECODE', db_pscode);
$total = empty($total) ? 0 : $total;
$buylink = $this->get_link('order', array(), $lngpack);
$this->pagetemplate->assign('lngpack', $LANPACK);
$this->pagetemplate->assign('buylink', $buylink);
$this->pagetemplate->assign('ordertotal', number_format($total, 2));
$this->pagetemplate->assign('total', $total);
$this->pagetemplate->assign('uncartid', count($uncartid));
$this->pagetemplate->assign('cartid', $cartid);
if (!empty($outHTML)) {
$output = $this->pagetemplate->fetch(null, null, $outHTML);
} else {
$output = $this->pagetemplate->fetch($lng . '/lib/' . $filename);
}
return $output;
}
/**
* Wrapper for stripslashes() that complies with gpc_magic_quotes
* @param string $string
* @return string
*/
function contrexx_stripslashes($string)
{
if (CONTREXX_ESCAPE_GPC) {
return stripslashes($string);
}
return $string;
}
private static function sanitize($value)
{
$value = trim($value);
$value = stripslashes($value);
$value = htmlspecialchars($value);
return $value;
}
public function metaform()
{
$value = $this->getValue();
$data = $this->getData();
$attributes = $this->getAttr();
$form = array();
$options = array();
if (isset($data['options'])) {
if (!is_admin()) {
$new_options = array();
foreach ($data['options'] as $key => $option) {
$tmp = $option['value'];
$option['value'] = $option['types-value'];
$option['types-value'] = $tmp;
$new_options[$key] = $option;
unset($tmp);
}
$data['options'] = $new_options;
}
foreach ($data['options'] as $key => $option) {
$one_option_data = array('#value' => $option['value'], '#title' => stripslashes($option['title']));
/**
* add default value if needed
* issue: frontend, multiforms CRED
*/
// if (array_key_exists('types-value', $option)) {
// $one_option_data['#types-value'] = $option['types-value'];
// }
$options[] = $one_option_data;
}
}
/**
* for user fields we reset title and description to avoid double
* display
*/
$title = $this->getTitle();
if (empty($title)) {
$title = $this->getTitle(true);
}
$options = apply_filters('wpt_field_options', $options, $title, 'select');
/**
* default_value
*/
if (!empty($value) || $value == '0') {
$data['default_value'] = $value;
}
$is_multiselect = array_key_exists('multiple', $attributes) && 'multiple' == $attributes['multiple'];
$default_value = isset($data['default_value']) ? $data['default_value'] : null;
//Fix https://icanlocalize.basecamphq.com/projects/7393061-toolset/todo_items/189219391/comments
if ($is_multiselect) {
$default_value = new RecursiveIteratorIterator(new RecursiveArrayIterator($default_value));
$default_value = iterator_to_array($default_value, false);
}
//##############################################################################################
/**
* metaform
*/
$form[] = array('#type' => 'select', '#title' => $this->getTitle(), '#description' => $this->getDescription(), '#name' => $this->getName(), '#options' => $options, '#default_value' => $default_value, '#multiple' => $is_multiselect, '#validate' => $this->getValidationData(), '#class' => 'form-inline', '#repetitive' => $this->isRepetitive());
return $form;
}
function load_settings()
{
global $system__options_general, $system__options_defaults;
$query = "SELECT * FROM " . table('options') . "\n WHERE option_type='general' OR option_type='default'";
$result = or_query($query);
while ($line = pdo_fetch_assoc($result)) {
$settings[$line['option_name']] = stripslashes($line['option_value']);
}
foreach ($system__options_general as $option) {
if (isset($option['type']) && ($option['type'] == 'line' || $option['type'] == 'comment')) {
} else {
if (!isset($settings[$option['option_name']])) {
$settings[$option['option_name']] = $option['default_value'];
}
}
}
foreach ($system__options_defaults as $option) {
if (isset($option['type']) && ($option['type'] == 'line' || $option['type'] == 'comment')) {
} else {
if (!isset($settings[$option['option_name']])) {
$settings[$option['option_name']] = $option['default_value'];
}
}
}
return $settings;
}
public static function strips($data)
{
foreach ($data as $i => $v) {
$data[$i] = stripslashes($v);
}
return $data;
}
function mres($input)
{
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
}
return mysql_real_escape_string($input);
}
function sendMessage($form, $to, $subject, $body, $avatar = false, $allow_html = true)
{
if ($allow_html) {
$this->header = $subject;
$this->m_text = $body;
} else {
$this->header = stripslashes(htmlspecialchars($subject));
$this->m_text = stripslashes(htmlspecialchars($body));
}
$this->send_date = date("Y-m-d H:i:s");
$this->author_id = $form;
$this->recipient_id = $to;
if (!$avatar) {
$user = new UserModel();
$user->load($from);
$this->avatar_id = $user->getUserAvatar($user->id);
$this->avatar_id = $this->avatar_id['id'];
} else {
$this->avatar_id = $avatar;
}
$this->is_read = 0;
$this->is_deleted = 0;
$messageId = $this->save();
return $messageId;
}
function validation($data, $files)
{
global $COURSE, $CFG;
$errors = parent::validation($data, $files);
$textlib = textlib_get_instance();
$name = trim(stripslashes($data['name']));
if ($data['id'] and $group = get_record('groups', 'id', $data['id'])) {
if ($textlib->strtolower($group->name) != $textlib->strtolower($name)) {
if (groups_get_group_by_name($COURSE->id, $name)) {
$errors['name'] = get_string('groupnameexists', 'group', $name);
}
}
if (!empty($CFG->enrol_manual_usepasswordpolicy) and $data['enrolmentkey'] != '' and $group->enrolmentkey !== $data['enrolmentkey']) {
// enforce password policy only if changing password
$errmsg = '';
if (!check_password_policy($data['enrolmentkey'], $errmsg)) {
$errors['enrolmentkey'] = $errmsg;
}
}
} else {
if (groups_get_group_by_name($COURSE->id, $name)) {
$errors['name'] = get_string('groupnameexists', 'group', $name);
}
}
return $errors;
}
/**
* Handle a POST request for this map save ressource
* @param Request request
* @return Response
*/
function post($request)
{
$response = new Response($request);
if (isset($_POST['map'])) {
// Remove those slashes
if (get_magic_quotes_gpc()) {
$map = stripslashes($_POST['map']);
} else {
$map = $_POST['map'];
}
$map_obj = json_decode($map);
$geocacheManager = GeocacheManager::getInstance();
$geocaches = $geocacheManager->parseGeocaches($map_obj->{"geocaches"});
foreach ($geocaches as $geocache) {
$geocache->save();
}
$ownWaypoints = $geocacheManager->parseOwnWaypoints($map_obj->{"costumMarkers"});
foreach ($ownWaypoints as $ownWaypoint) {
$ownWaypoint->save();
}
$response->code = Response::OK;
$response->addHeader('Content-type', 'text/plain');
$response->body = print_r($map, true);
} else {
$response->code = Response::BADREQUEST;
}
return $response;
}
function getTangentText($type, $keyword)
{
global $dbHost, $dbUser, $dbPassword, $dbName;
$link = @mysql_connect($dbHost, $dbUser, $dbPassword);
if (!$link) {
die("Cannot connect : " . mysql_error());
}
if (!@mysql_select_db($dbName, $link)) {
die("Cannot find database : " . mysql_error());
}
$result = mysql_query("SELECT sr_keywords, sr_text FROM soRandom WHERE sr_type = '" . $type . "' ORDER BY sr_ID ASC;", $link);
$tempCounter = 0;
while ($row = mysql_fetch_assoc($result)) {
$pKey = "/" . $keyword . "/";
$pos = preg_match($pKey, $row['sr_keywords']);
//echo $pos . " is pos<br>";
//echo $keyword;
//echo " is keyword and this is the search return: " . $row['keywords'];
if ($pos != 0) {
$text[$tempCounter] = stripslashes($row["sr_text"]);
$tempCounter++;
}
}
mysql_close($link);
//$text=htmlentities($text);
return $text;
}
public function autoRun()
{
if (!eregi('redirecionar=', $_SERVER['QUERY_STRING']) && !$this->system->input['redirecionar']) {
$this->redir = base64_encode('index.php?' . $_SERVER['QUERY_STRING']);
} else {
$this->redir = stripslashes($this->system->input['redirecionar']);
}
switch ($this->system->input['do']) {
case 'nova':
$this->doEdicao();
break;
case 'editar':
$this->doEdicao();
break;
case 'buscar':
$this->doListar();
break;
case 'listar':
$this->doListar();
break;
case 'apagar':
$this->doDeletar();
break;
default:
$this->pagina404();
break;
}
}
static function undecorate($str)
{
if (!get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return $str;
}
function validate($data = null)
{
$this->errors = array();
if (!empty($data)) {
$data = empty($data[$this->model]) ? $data : $data[$this->model];
foreach ($data as $dkey => $dval) {
$this->data->{$dkey} = stripslashes($dval);
}
extract($data, EXTR_SKIP);
if (empty($gallery_id)) {
$this->errors['title'] = __('No gallery was specified', $this->plugin_name);
}
if (empty($slide_id)) {
$this->errors['title'] = __('No slide was specified', $this->plugin_name);
}
if (empty($this->errors)) {
if ($galleryslide = $this->find(array('gallery_id' => $gallery_id, 'slide_id' => $slide_id))) {
$this->data->id = $galleryslide->id;
}
}
} else {
$this->errors[] = __('No data was posted', $this->plugin_name);
}
return $this->errors;
}
public function save_all()
{
global $wpdb;
$flag = FALSE;
$ips_id_col = $wpdb->get_col('SELECT id FROM ' . $wpdb->prefix . 'formmaker_blocked');
foreach ($ips_id_col as $ip_id) {
if (isset($_POST['ip' . $ip_id])) {
$ip = esc_html(stripslashes($_POST['ip' . $ip_id]));
if ($ip == '') {
$wpdb->query($wpdb->prepare('DELETE FROM ' . $wpdb->prefix . 'formmaker_blocked WHERE id="%d"', $ip_id));
} else {
$flag = TRUE;
$wpdb->update($wpdb->prefix . 'formmaker_blocked', array('ip' => $ip), array('id' => $ip_id));
}
}
}
if ($flag) {
$message = 1;
} else {
$message = 0;
}
// $this->display();
$page = WDW_FM_Library::get('page');
WDW_FM_Library::fm_redirect(add_query_arg(array('page' => $page, 'task' => 'display', 'message' => $message), admin_url('admin.php')));
}
protected function prepare()
{
include ABSPATH . 'wp-admin/includes/class-wp-upgrader.php';
try {
$this->api = $api = Sputnik::get_plugin($this->id);
} catch (Exception $e) {
status_header(500);
$this->header();
echo '<p>' . $e->getMessage() . '</p>';
$this->footer();
return;
}
if (!Sputnik::is_purchased($this->api->slug)) {
wp_redirect(Sputnik_Admin::build_url(array('buy' => $this->id)));
die;
}
if (!current_user_can('install_plugins')) {
wp_die(__('You do not have sufficient permissions to install plugins for this site.', 'sputnik'));
}
check_admin_referer($this->nonce_prefix . $this->api->slug);
include_once ABSPATH . 'wp-admin/includes/plugin-install.php';
$title = sprintf($this->title_format, $this->api->name . ' ' . $this->api->version);
$nonce = $this->nonce_prefix . $this->id;
$url = 'update.php?action=install-plugin&plugin=' . $this->id;
if (isset($_GET['from'])) {
$url .= '&from=' . urlencode(stripslashes($_GET['from']));
}
$type = 'web';
//Install plugin type, From Web or an Upload.
if ($this->api->is_theme) {
$this->upgrader = new Sputnik_ThemeUpgrader(new Sputnik_View_Install_Skin(compact('title', 'url', 'nonce', 'plugin', 'api')));
} else {
$this->upgrader = new Sputnik_Upgrader(new Sputnik_View_Install_Skin(compact('title', 'url', 'nonce', 'plugin', 'api')));
}
}
function content_569a53138b5903_87780724($_smarty_tpl)
{
?>
<!-- Block search module TOP -->
<div id="search_block_top" class="col-sm-4 clearfix">
<form id="searchbox" method="get" action="<?php
echo htmlspecialchars($_smarty_tpl->tpl_vars['link']->value->getPageLink('search', null, null, null, false, null, true), ENT_QUOTES, 'UTF-8', true);
?>
" >
<input type="hidden" name="controller" value="search" />
<input type="hidden" name="orderby" value="position" />
<input type="hidden" name="orderway" value="desc" />
<input class="search_query form-control" type="text" id="search_query_top" name="search_query" placeholder="<?php
echo smartyTranslate(array('s' => 'Search', 'mod' => 'blocksearch'), $_smarty_tpl);
?>
" value="<?php
echo stripslashes(mb_convert_encoding(htmlspecialchars($_smarty_tpl->tpl_vars['search_query']->value, ENT_QUOTES, 'UTF-8', true), "HTML-ENTITIES", 'UTF-8'));
?>
" />
<button type="submit" name="submit_search" class="btn btn-default button-search">
<span><?php
echo smartyTranslate(array('s' => 'Search', 'mod' => 'blocksearch'), $_smarty_tpl);
?>
</span>
</button>
</form>
</div>
<!-- /Block search module TOP --><?php
}
function inp($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
function PMA_gpc_extract($array, &$target, $sanitize = TRUE)
{
if (!is_array($array)) {
return FALSE;
}
$is_magic_quotes = get_magic_quotes_gpc();
foreach ($array as $key => $value) {
/**
* 2005-02-22, rabus:
*
* This is just an ugly hotfix to avoid changing internal config
* parameters.
*
* Currently, the following variable names are rejected when found in
* $_GET or $_POST: cfg, GLOBALS, str* and _*
*/
if ($sanitize && is_string($key) && ($key == 'cfg' || $key == 'GLOBALS' || substr($key, 0, 3) == 'str' || $key[0] == '_')) {
continue;
}
if (is_array($value)) {
// there could be a variable coming from a cookie of
// another application, with the same name as this array
unset($target[$key]);
PMA_gpc_extract($value, $target[$key], FALSE);
} else {
if ($is_magic_quotes) {
$target[$key] = stripslashes($value);
} else {
$target[$key] = $value;
}
}
}
return TRUE;
}
function stripStr($str)
{
if (get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return addslashes(htmlspecialchars($str, ENT_QUOTES, 'UTF-8'));
}
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = $theValue != "" ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = $theValue != "" ? intval($theValue) : "NULL";
break;
case "double":
$theValue = $theValue != "" ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = $theValue != "" ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = $theValue != "" ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
function Net_DNS_RR_TXT(&$rro, $data, $offset = '')
{
$this->name = $rro->name;
$this->type = $rro->type;
$this->class = $rro->class;
$this->ttl = $rro->ttl;
$this->rdlength = $rro->rdlength;
$this->rdata = $rro->rdata;
if ($offset) {
if ($this->rdlength > 0) {
$maxoffset = $this->rdlength + $offset;
while ($maxoffset > $offset) {
list($text, $offset) = Net_DNS_Packet::label_extract($data, $offset);
$this->text[] = $text;
}
}
} else {
$data = str_replace('\\\\', chr(1) . chr(1), $data);
/* disguise escaped backslash */
$data = str_replace('\\"', chr(2) . chr(2), $data);
/* disguise \" */
ereg('("[^"]*"|[^ \\t]*)[ \\t]*$', $data, $regs);
$regs[1] = str_replace(chr(2) . chr(2), '\\"', $regs[1]);
$regs[1] = str_replace(chr(1) . chr(1), '\\\\', $regs[1]);
$regs[1] = stripslashes($regs[1]);
$this->text = $regs[1];
}
}
/**
* Set of functions used with the relation and pdf feature
*/
function PMA_transformation_getOptions($string)
{
$transform_options = array();
/* Parse options */
for ($nextToken = strtok($string, ','); $nextToken !== false; $nextToken = strtok(',')) {
$trimmed = trim($nextToken);
if ($trimmed[0] == '\'' && $trimmed[strlen($trimmed) - 1] == '\'') {
$transform_options[] = substr($trimmed, 1, -1);
} else {
if ($trimmed[0] == '\'') {
$trimmed = ltrim($nextToken);
while ($nextToken !== false) {
$nextToken = strtok(',');
$trimmed .= $nextToken;
$rtrimmed = rtrim($trimmed);
if ($rtrimmed[strlen($rtrimmed) - 1] == '\'') {
break;
}
}
$transform_options[] = substr($rtrimmed, 1, -1);
} else {
$transform_options[] = $nextToken;
}
}
}
// strip possible slashes to behave like documentation says
$result = array();
foreach ($transform_options as $val) {
$result[] = stripslashes($val);
}
return $result;
}
function mysql_fix_string($conn, $string)
{
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
return $conn->real_escape_string($string);
}
function replace_input($input)
{
$output = stripslashes($input);
$output = filter_var($output, FILTER_SANITIZE_SPECIAL_CHARS);
$output = trim($output, "/");
return $output;
}
public function saveFile($data)
{
$post = (object) $data;
self::setMapping();
// recupera variáveis
$fileData = $_FILES["filedata"];
$fileName = $fileData["name"];
$fileType = $fileData["type"];
$tempName = $fileData["tmp_name"];
$dataType = self::$mapping[$fileType];
if (!is_uploaded_file($tempName)) {
self::$response->success = false;
self::$response->text = "O arquivo não foi enviado com sucesso. Erro de sistema: {$fileData['error']}.";
return json_encode(self::$response);
}
if (!array_key_exists($fileType, self::$mapping)) {
return '{"success":false,"records":0,"error":2,"root":[],"text":"Tipo de arquivo não mapeado para esta operação!"}';
}
// comprime arquivo temporário
if ($dataType === true) {
self::sizeFile();
self::workSize($tempName);
}
$tempData = base64_encode(file_get_contents($tempName));
// recupera extensão do arquivo
$fileExtension = strtoupper(strrchr($fileName, "."));
$fileExtension = str_replace(".", "", $fileExtension);
$fileInfo = array("fileType" => $fileType, "fileExtension" => $fileExtension, "dataType" => $dataType, "fileName" => $fileName);
$fileInfo = stripslashes(json_encode($fileInfo));
$affectedRows = $this->exec("update {$post->tableName} set filedata = '{$tempData}', fileinfo = '{$fileInfo}' where id = {$post->id}");
unlink($tempName);
return $affectedRows;
}
