function openlevel($thread, $mod, $begin, $end, $thispage, $blog_thread, $lastlink, $ord)
{
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/blogs.php";
global $session;
session_start();
$uid = $_SESSION['uid'];
$objResponse = new xajaxResponse();
$blog = new blogs();
$ret = '';
$cur_user_msgs = array();
list($gr_name, $gr_id, $gr_base) = $blog->GetThread($thread, $err, $mod, get_uid(false));
$blog->GetThreeId($begin, $threearr, 0);
$parent_login = $blog->login;
while ($blog->GetNext()) {
$stopwrite = true;
foreach ($threearr as $temp) {
if ($blog->id == $temp) {
$stopwrite = false;
break;
}
}
if ($stopwrite) {
continue;
}
$msg_num++;
$allow_del = 0;
if ($last_id == $blog->id) {
print "<a name=\"post\" id=\"post\"></a>";
}
if ($blog->id == $edit_id && $blog->login == $_SESSION['login']) {
print "<a name=\"edit\" id=\"edit\"></a>";
}
if ($blog->attach) {
$str = viewattachLeft($blog->login, $blog->attach, "upload", $file, 1000, 600, 307200, !$blog->small, $blog->small == 2 ? 1 : 0);
}
$padding = $blog->level > 19 ? 380 : $blog->level * 20;
if (in_array($blog->reply, $cur_user_msgs)) {
$allow_del = 1;
}
if ($blog->login == $_SESSION['login']) {
$cur_user_msgs[] = $blog->id;
}
$ret .= '<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr valign="top" ';
$ret .= '><td style="';
if ($blog->level) {
$ret .= 'padding-left: ' . $padding . 'px;';
}
$ret .= 'padding-right: 10px;">' . view_avatar($blog->login, $blog->photo) . '
</td>
<td class="bl_text" width="100%">';
if ($winner == $blog->id) {
$ret .= '<a name="winner" id="winner"></a> ';
}
if ($blog->payed) {
$ret .= view_pro();
}
$ret .= $session->view_online_status($blog->login);
$ret .= '<font class="' . $blog->cnt_role . 'name11"><a href="/users/' . $blog->login . '" class="' . $blog->cnt_role . 'name11" title="' . ($blog->uname . " " . $blog->usurname) . '">' . ($blog->uname . " " . $blog->usurname) . '</a> [<a href="/users/' . $blog->login . '" class="' . $blog->cnt_role . 'name11" title="' . $blog->login . '">' . $blog->login . '</a>]</font> ' . date("[d.m.Y | H:i]", strtotimeEx($blog->post_time));
if ($blog->deleted) {
if (isset($blog->thread) && is_array($blog->thread) && count($blog->thread) > 0) {
$buser_id = $blog->thread;
$buser_id = array_pop($buser_id);
$buser_id = $buser_id['fromuser_id'];
}
if ($blog->deluser_id == $blog->fromuser_id) {
$ret .= '<br><br>Комментарий удален автором ' . date("[d.m.Y | H:i]", strtotimeEx($blog->deleted));
} elseif ($blog->deluser_id == $buser_id) {
$ret .= '<br><br>Комментарий удален автором темы ' . date("[d.m.Y | H:i]", strtotimeEx($blog->deleted));
} else {
$ret .= '<br><br>Комментарий удален модератором';
if (!$mod) {
$ret .= '( ';
$del_user = $user->GetName($blog->deluser_id, $err);
$ret .= $del_user['login'] . ' : ' . $del_user['usurname'] . ' ' . $del_user['uname'];
$ret .= ' ) ';
}
$ret .= date("[d.m.Y | H:i]", strtotimeEx($blog->deleted));
}
$ret .= '<br><br>';
} else {
if ($blog->modified) {
$ret .= ' ';
if ($blog->modified_id == $blog->fromuser_id) {
$ret .= '[внесены изменения: ' . date("d.m.Y | H:i]", strtotimeEx($blog->modified));
} else {
$ret .= 'Отредактировано модератором';
if (!$mod) {
$ret .= '( ';
$mod_user = $user->GetName($blog->modified_id, $err);
$ret .= $mod_user['login'] . ' : ' . $mod_user['usurname'] . ' ' . $mod_user['uname'];
$ret .= ' ) ';
}
$ret .= ' ' . date("[d.m.Y | H:i]", strtotimeEx($blog->modified));
}
}
$ret .= '<br>';
if ($winner == $blog->id) {
$ret .= '<font color="#000099" style="font-size:20px">Победитель</font>';
}
$ret .= '<br>';
if ($blog->new == 't') {
$ret .= '<img src="/images/ico_new_blog.gif" alt="" width="44" height="12" border="0"><br>';
}
if ($blog->title) {
$ret .= ' <font class="bl_name">';
if ($blog->login == "Anonymous") {
list($name, $mail) = sscanf($blog->title, "%s @@@: %s");
$ret .= $name . " " . $mail;
} else {
$ret .= reformat($blog->title, 30);
}
$ret .= '</font><br>';
}
$ret .= reformat($blog->msgtext, 50) . '<br>';
if ($blog->attach) {
if ($file) {
$ret .= "<br>" . $str . "<br>";
} else {
$ret .= "</td></tr><tr class=\"qpr\"><td colspan=\"2\"><br>" . $str;
}
}
$ret .= '<br>';
if ($gr_base == 5 && !$winner && $parent_login == $_SESSION['login']) {
$ret .= "<input type=\"submit\" name=\"btn\" value=\"Это победитель\" onClick=\"if (warning(0)) window.location.replace('./view.php?tr=" . $thread . "&ord='.{$ord}.'&winner=" . $blog->id . "'); else return false;\">";
}
$ret .= '<div style="color: #D75A29;font-size:9px;';
if ($blog->attach && !$file) {
$ret .= ' padding-left: ' . ($padding + 60) . 'px;';
}
$ret .= '">';
if ($blog->login == $_SESSION['login'] || $parent_login == $_SESSION['login'] || $allow_del || !$mod) {
$ret .= ' <a href="' . $form_uri . '?id=' . $blog->id . '&action=delete&ord=' . $ord . '" style="color: #D75A29;" onclick="return warning(1);">Удалить</a> |';
}
if ($blog->login == $_SESSION['login'] || !$mod) {
$ret .= '<a href="' . $form_uri . '?id=' . $blog->id . '&action=edit&ord=' . $ord . '&tr=' . $thread . '" style="color: #D75A29;">Редактировать</a> |';
}
$ret .= "<a href=\"javascript: void(0);\" onclick=\"javascript: answer('" . $blog->id . "', '" . ($blog->attach ? $blog->attach : '') . "', '" . get_login($_SESSION["uid"]) . "'); document.getElementById('frm').olduser.value = '" . $_SESSION["uid"] . "'; \" ";
$ret .= 'style="color: #D75A29">Комментировать</a> |
<a href="/blogs/view.php' . "?tr=" . $blog_thread . ($thispage ? "&pagefrom=" . $thispage : "") . "&openlevel=" . $blog->id . "&ord=" . $ord . "#o" . $blog->id . '" style="color: #D75A29">Ссылка</a>
</div>
</td>
</tr>
<tr';
if (!$blog->level || $lastlink == $blog->id) {
$ret .= ' class="qpr"';
}
$ret .= '><td colspan="2" ><br></td></tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr class="n_qpr"><td colspan="3" id="form' . $blog->id . '">';
if ($blog->id == $edit_id && ($blog->login == $_SESSION['login'] || !$mod)) {
$ret .= "\n\t\t\t<script language=\"JavaScript\" type=\"text/javascript\">\n\t\t\t<!--\n\t\t\tanswer(" . $blog->id . ", '" . ($blog->attach ? $blog->attach : '') . "', '" . get_login($_SESSION["uid"]) . "');\n\t\t\tdocument.getElementById('frm').olduser.value = '" . $_SESSION["uid"] . "';\n\t\t\tdocument.getElementById('frm').msg_name.value = '" . $error_flag ? input_ref_scr($msg_name) : input_ref_scr($blog->title) . "';\n\t\t\tdocument.getElementById('frm').msg.value = '" . $error_flag ? input_ref_scr($msg) : input_ref_scr($blog->msgtext) . "';\n\t\t\tdocument.getElementById('frm').btn.value = 'Сохранить';\n\t\t\tdocument.getElementById('frm').action.value = 'change';\n\t\t\t//-->\n\t\t\t</script>";
}
}
$ret .= "</td></tr>\n\t\t</table>";
}
$objResponse->assign($begin, "innerHTML", $ret);
return $objResponse;
}
<form action="">
<input type="hidden" name="rating" id="note_rating" value="<?php
echo (int) $aNote['rating'];
?>
">
<div class="b-textarea">
<textarea class="b-textarea__textarea" id="header_note" name="header_note" cols="70" rows="5" onkeyup="(checknote(this))"></textarea>
</div>
<div class="b-buttons b-buttons_padtop_10">
<a href="javascript:void(0);" onclick="xajax_saveHeaderNote('<?php
echo $name;
?>
',$('header_note').get('value'), $('note_rating').get('value'));" class="b-button b-button_flat b-button_flat_grey">Сохранить</a>
   или  <a href="javascript:void(0);" onclick="headerNoteText();" class="b-layout__link b-layout__link_fontsize_11">отменить</a>
</div>
</form>
</div>
<script type="text/javascript">
<?php
// !!! тут нужен htmlspecialchars_decode - эта переменная хранит исходный код заметки который в текстарию подставляется
// !!! изза htmlspecialchars_decode на странице появляется XSS см. http://beta.free-lance.ru/mantis/view.php?id=12887
// @todo Необходимо привести все заметки на сайте к общей системе отображения, сохранения
?>
var headerNote = '<?php
echo input_ref_scr($aNote['n_text']);
?>
';
</script>
function EditNote($login, $action, $text, $rating = 0)
{
session_start();
$objResponse = new xajaxResponse();
$nuid = get_uid(false);
//$text = str_replace('&', '&', $text);
//$text = stripslashes($text);
$text = strip_only(trim($text), '<script>');
$text = change_q_x($text, FALSE, TRUE, "", false, false);
// !! кол-во символов также указано в /scripts/note.js
if (strlen($text) > 200) {
$text = substr($text, 0, 200);
}
switch ($action) {
case "add":
if ($text) {
$error = notes::Add($nuid, $login, $text, 0, "?");
}
break;
case "update":
if ($text) {
$error = notes::Update($nuid, $login, $text, $rating, "?");
} else {
$error = notes::DeleteNote($nuid, $login, "?");
$action = 'delete';
}
break;
}
if ($error) {
return false;
}
$text_src = input_ref_scr(stripslashes($text));
$text_src = str_replace('&', '&', $text_src);
$text = reformat($text, 54, 0, 0, 1, 54);
//$text = addslashes($text);
switch ($action) {
case 'add':
case 'update':
if (is_empty_html($text)) {
$s = "\n document.getElement('div.form-templ').setStyle('display', 'none');\n document.getElement('div.form-templ input').set('disabled', false);\n cancelNote();\n ";
break;
}
$s = "\n n = \$('note_{$login}');\n n.getElement('.uprj-note-cnt>p').set('html', '{$text}');\n n.setStyle('display', 'block');\n\n document.getElement('div.form-templ').setStyle('display', 'none');\n document.getElement('div.form-templ input').set('disabled', false);\n\n if(\$('team_{$login}')) \$('team_{$login}').getElement('.uprj-st3').setStyle('display', 'none');\n cancelNote();\n ";
break;
case 'delete':
$s = "\n n = \$('note_{$login}');\n n.getElement('.uprj-note-cnt>p').set('html', '');\n n.setStyle('display', 'none');\n\n if(\$('team_{$login}')) \$('team_{$login}').getElement('.uprj-st3').setStyle('display', 'inline-block');\n document.getElement('div.uprj-note.form-templ').store('action', false);\n cancelNote();\n ";
break;
}
$objResponse->script($s);
return $objResponse;
}
?>
";
_frm2.v_pcost.value = "<?php
echo $cost;
?>
";
_frm2.v_ptime.value = "<?php
echo $time_value;
?>
";
_frm2.v_ptimeei.value = "<?php
echo $time_type;
?>
";
_frm2.v_video_link.value = "<?php
echo str_replace('"', '\\"', input_ref_scr($video_link));
?>
";
_frm2.v_descr.value = "<?php
echo str_replace('"', '\\"', htmlspecialchars_decode(str_replace("\n", '\\n', $descr)));
?>
";
if(<?php
echo $in_shop;
?>
==1) {
_frm.in_shop.checked = true;
} else {
_frm.in_shop.checked = false;
prjid = new Array();
prjprevtype = new Array();
prof_ids = new Array();
profnames = new Array();
prjinprof = new Array();
<?php
$ilast = $i = 0;
$lastprof = -1;
$j = 0;
if ($prjs) {
foreach ($prjs as $ikey => $prj) {
if ($prj['id']) {
print 'prjn[' . $prj['id'] . "] = '" . $i . "';\nprjid[{$i}] = '" . $prj['id'] . "';\nprjname[{$i}] = '" . input_ref_scr($prj['name']) . "';\nprjlink[{$i}] = '" . input_ref_scr($prj['link']) . "';\nprjdescr[{$i}] = '" . input_ref_scr($prj['descr']) . "';\nprjprevtype[{$i}] = '" . $prj['prj_prev_type'] . "';\n\n";
++$i;
}
$curprof = $prj['prof_id'];
if ($lastprof != $curprof) {
if ($lastprof != -1 && $i - $ilast > 1) {
print 'prjinprof[' . ($j - 1) . "] = '" . ($i - $ilast) . "';\n";
}
print "prof_ids[{$j}] = '" . $prof['prof_id'] . "';\nprofnames[{$j}] = '" . $prof['name'] . "';\n\n";
++$j;
$ilast = $i;
$lastprof = $curprof;
}
}
}
if ($i - $ilast > 0) {
?>
, '');
answer(<?php
echo $reply;
?>
, null, '');
document.getElementById('frm').msg_name.value = "<?php
echo stripslashes(input_ref_scr($msg_name));
?>
";
document.getElementById('frm').msg.value = "<?php
echo input_ref_scr($msg);
?>
";
if(document.getElementById('frm').yt_link != undefined) document.getElementById('frm').yt_link.value = "<?php
echo preg_replace("/\\//", '\\/', stripslashes(input_ref_scr($yt_link)));
?>
";
<?php
if ($yt_link) {
?>
yt_link = true;
if(document.getElementById('frm').yt_link != undefined) $('yt_link').style.display = 'block';
<?php
} else {
?>
yt_link = false;
if(document.getElementById('frm').yt_link != undefined) $('yt_link').style.display = 'none';
<?php
}
?>
}
// срок окончания ПРО - только для админов
if (hasPermissions('users') && $user->is_pro === 't') {
$proLast = payed::ProLast($user->login);
$proDate = $proLast['cnt'] ? date('d-m-Y в h:i', strtotime($proLast['cnt'])) : null;
}
$access_favorite = $_SESSION['login'] && $user->login != $_SESSION['login'];
$access_contacts = ($user->isCurrent() || is_view_contacts($user->uid) || hasPermissions('users')) && is_contacts_not_empty($user);
$show_contacts_col = $access_favorite || $access_contacts;
?>
<?php
if ($user->login == $_SESSION['login'] || hasPermissions('users')) {
?>
<script type="text/javascript">
statusTxt="<?php
echo ref_scr(input_ref_scr($user->status_text));
?>
";
statusTxtSrc= <?php
echo json_encode(array('data' => iconv('CP1251', 'UTF8', $user->status_text)));
?>
;
statusType=<?php
echo $user->status_type;
?>
;
statstr=new Array();
<?php
for ($i = -1; $ststr = $user->statusToStr($i); $i++) {
?>
statstr[<?php
