/** * getQueryText * * creates a parameter-value based sql query * * @param string $query * sql text * @param array $params * parameter key => values pairs * * @return string * sql text */ function getQueryText($query, $params) { if (isset($params)) { foreach ($params as $key => $value) { $query = str_replace('%' . $key, EasyContactFormsUtils::addMSlashes($value), $query); } } return $query; }
/** * escapeRequest * * Escapes a request * * @param array $_imap * request data * @param array $strflds * string items * @param array $numflds * int items * * @return array * escaped request data */ function escapeRequest($_imap, $strflds = NULL, $numflds = NULL) { if ($strflds) { foreach ($strflds as $fld) { if (isset($_imap[$fld])) { $_imap[$fld] = EasyContactFormsUtils::addMSlashes($_imap[$fld]); } } } if ($numflds) { foreach ($numflds as $fld) { if (isset($_imap[$fld])) { $_imap[$fld] = intval($_imap[$fld]); } } } return $_imap; }
$filedirectory = EASYCONTACTFORMS__fileUploadDir; if (!is_dir($filedirectory)) { EasyContactFormsUtils::createFolder($filedirectory); } $ds = DIRECTORY_SEPARATOR; $sid = $map['sid']; $filespec = $_FILES[$filerequestid]; $newpath = $filedirectory . $ds . $sid . $fld->get('id'); $tmpname = $filespec['tmp_name']; if (!move_uploaded_file($tmpname, $newpath)) { return; } $newpath = str_replace("\\", "/", $newpath); $filespec['tmp_name'] = $newpath; $filespec = serialize($filespec); $filespec = EasyContactFormsUtils::addMSlashes($filespec); EasyContactFormsSecurityManager::setSessionValue($filerequestid, $filespec, $map); break; case 3: if (!isset($this->sessionid)) { $this->sessionid = EasyContactFormsSecurityManager::getSid(); } $varmap['id-' . $fldid] = $this->sessionid; break; case 8: if (isset($ufovalidators) && $ufovalidators === FALSE) { $ufovalidators = TRUE; $vjs[] = "if(typeof(ufoValidators)=='undefined'){ufoValidators={};};"; } if (!isset($form->fileuploadsriptloaded)) { $form->fileuploadsriptloaded = true;
/** * webdirUpload * * takes a file from a temporary folder, registers it in the file * manager * places the file to a web directory for direct download and makes a * thumbnail * copy if it is necessary * * @param array $_uldmap * request data */ function webdirUpload($_uldmap) { $filerequestid = $_uldmap['t'] . '_' . $_uldmap['fld'] . '_' . $_uldmap['oid']; if ($_FILES[$filerequestid]['error'] != UPLOAD_ERR_OK) { return FALSE; } $oowner = $_uldmap['easycontactusr']->id; $filename = $_FILES[$filerequestid]['name']; $tmpname = $_FILES[$filerequestid]['tmp_name']; $filesize = $_FILES[$filerequestid]['size']; $filetype = EasyContactFormsUtils::addMSlashes($_FILES[$filerequestid]['type']); $id = intval($_uldmap['oid']); $Type = EasyContactFormsUtils::addMSlashes($_uldmap['t']); $fieldname = EasyContactFormsUtils::addMSlashes($_uldmap['fld']); $filename = EasyContactFormsUtils::addMSlashes($filename); $ds = DIRECTORY_SEPARATOR; $targdir = EASYCONTACTFORMS__fileUploadDir . $ds . $Type . $ds . $id . $ds . $fieldname; $query = "SELECT Name FROM #wp__easycontactforms_files WHERE Doctype='{$Type}' AND Docid='{$id}' AND Docfield='{$fieldname}'"; $name = EasyContactFormsDB::getValue($query); if (is_file($targdir . $ds . $name)) { unlink($targdir . $ds . $name); } $query = "DELETE FROM #wp__easycontactforms_files WHERE Doctype='{$Type}' AND Docid='{$id}' AND Docfield='{$fieldname}'"; EasyContactFormsDB::query($query); $valuemap = array(); $valuemap['Count'] = '0'; $valuemap['Docfield'] = $fieldname; $valuemap['Doctype'] = $Type; $valuemap['Docid'] = $id; $valuemap['Name'] = $filename; $valuemap['Size'] = $filesize; $valuemap['Type'] = $filetype; $valuemap['Protected'] = 0; $valuemap['Webdir'] = 1; $valuemap['Storagename'] = $filename; $valuemap['ObjectOwner'] = $oowner; $isid = EasyContactFormsDB::insert($valuemap, 'Files'); if ($Type == 'Files') { $valuemap = array(); $valuemap['Docid'] = $isid; EasyContactFormsDB::update($valuemap, 'Files', $isid); } if (!is_dir($targdir)) { EasyContactFormsUtils::createFolder($targdir); } $newpath = $targdir . $ds . $filename; move_uploaded_file($tmpname, $newpath); if (isset($_uldmap['thumbnailx'])) { $newfieldname = 'thumb' . $fieldname; $newfilename = 'thumb' . $filename; $newtargdir = EASYCONTACTFORMS__fileUploadDir . $ds . $Type . $ds . $id . $ds . $newfieldname; $query = "SELECT Name FROM #wp__easycontactforms_files WHERE Doctype='{$Type}' AND Docid='{$id}' AND Docfield='thumb{$fieldname}'"; $name = EasyContactFormsDB::getValue($query); if (is_file($newtargdir . $ds . $name)) { unlink($newtargdir . $ds . $name); } EasyContactFormsUtils::createFolder($newtargdir); EasyContactFormsFiles::imgResize($newpath, $newtargdir . $ds . $newfilename, $_uldmap['thumbnailx'], $_uldmap['thumbnaily'], 0xffffff, 80); $query = "DELETE FROM #wp__easycontactforms_files WHERE Doctype='{$Type}' AND Docid='{$id}' AND Docfield='{$newfieldname}'"; EasyContactFormsDB::query($query); $valuemap = array(); $valuemap['Count'] = '0'; $valuemap['Docfield'] = $newfieldname; $valuemap['Doctype'] = $Type; $valuemap['Docid'] = $id; $valuemap['Name'] = $newfilename; $valuemap['Size'] = filesize($newtargdir . $ds . $newfilename); $valuemap['Type'] = $filetype; $valuemap['Protected'] = 0; $valuemap['Webdir'] = 1; $valuemap['Storagename'] = $newfilename; $valuemap['ObjectOwner'] = $oowner; EasyContactFormsDB::insert($valuemap, 'Files'); } echo json_encode(array('success' => 'TRUE')); return TRUE; }