// Display <html><head>...</head> section! (Note: should be done early if actions do not redirect) $AdminUI->disp_html_head(); // Display title, menu, messages, etc. (Note: messages MUST be displayed AFTER the actions) $AdminUI->disp_body_top(); $AdminUI->disp_payload_begin(); /** * Display payload: */ switch ($action) { case 'nil': // Do nothing break; case 'delete': if ($perm_abuse_management) { // Save a tab param for hidden fields of the form memorize_param('tab', 'string', 'abuse'); } // We need to ask for confirmation: $edited_Message->confirm_delete(T_('Delete message?'), 'messaging_messages', $action, get_memorized('action')); default: // No specific request, list all messages: // Cleanup context: forget_param('msg_ID'); // Display messages list: $action = $action == 'preview' ? $action : 'create'; $AdminUI->disp_view('messaging/views/_message_list.view.php', array('messages_list_form_start' => '', 'messages_list_form_end' => '', 'messages_list_body_start' => '', 'messages_list_body_end' => '')); break; } $AdminUI->disp_payload_end(); // Display body bottom, debug info and close </html>: $AdminUI->disp_global_footer();
/** * Set/Activate filterset * * This will also set back the GLOBALS !!! needed for regenerate_url(). * * @param array Filters */ function set_filters($filters) { if (!empty($filters)) { // Activate the filterset (fallback to default filter when a value is not set): $this->filters = array_merge($this->default_filters, $filters); } // Activate preset filters if necessary: $this->activate_preset_filters(); // Page $this->page = param($this->page_param, 'integer', 1); // Country if (has_cross_country_restriction('users', 'list')) { // In case of cross country restrionction we always have to set the ctry filter // In this case we always have a logged in user global $current_User; if (!empty($current_User->ctry_ID) && $current_User->ctry_ID != $this->filters['country']) { // current country filter is not the same $this->filters['country'] = $current_User->ctry_ID; $this->refresh_query = true; } } // asimo> memorize is always false for now, because is not fully implemented if ($this->memorize) { // set back the GLOBALS !!! needed for regenerate_url() : /* * Selected filter preset: */ memorize_param('filter_preset', 'string', $this->default_filters['filter_preset'], $this->filters['filter_preset']); // List of authors to restrict to /* * Restrict by membersonly */ memorize_param('membersonly', 'integer', $this->default_filters['membersonly'], $this->filters['membersonly']); /* * Restrict by keywords */ memorize_param('keywords', 'string', $this->default_filters['keywords'], $this->filters['keywords']); // Search string /* * Restrict by gender */ memorize_param('gender_men', 'integer', strpos($this->default_filters['gender'], 'M') !== false, strpos($this->filters['gender'], 'M') !== false); memorize_param('gender_women', 'integer', strpos($this->default_filters['gender'], 'F') !== false, strpos($this->filters['gender'], 'F') !== false); /* * Restrict by status */ memorize_param('status_activated', 'string', $this->default_filters['status_activated'], $this->filters['status_activated']); memorize_param('account_status', 'string', $this->default_filters['account_status'], $this->filters['account_status']); /* * Restrict by reported state ( was reported or not ) */ memorize_param('reported', 'integer', $this->default_filters['reported'], $this->filters['reported']); /* * Restrict by custom sender email settings */ memorize_param('custom_sender_email', 'integer', $this->default_filters['custom_sender_email'], $this->filters['custom_sender_email']); memorize_param('custom_sender_name', 'integer', $this->default_filters['custom_sender_name'], $this->filters['custom_sender_name']); /* * Restrict by user group */ memorize_param('group', 'string', $this->default_filters['group'], $this->filters['group']); /* * Restrict by locations */ memorize_param('country', 'integer', $this->default_filters['country'], $this->filters['country']); // Search country memorize_param('region', 'integer', $this->default_filters['region'], $this->filters['region']); // Search region memorize_param('subregion', 'integer', $this->default_filters['subregion'], $this->filters['subregion']); // Search subregion memorize_param('city', 'integer', $this->default_filters['city'], $this->filters['city']); // Search city /* * Restrict by age group */ memorize_param('age_min', 'integer', $this->default_filters['age_min'], $this->filters['age_min']); memorize_param('age_max', 'integer', $this->default_filters['age_max'], $this->filters['age_max']); /* * Restrict by organization */ memorize_param('org', 'integer', $this->default_filters['org'], $this->filters['org']); /* * Restrict by user fields */ $filters_uf_types = array(); $filters_uf_values = array(); $userfields = !empty($this->filters['userfields']) ? $this->filters['userfields'] : $this->default_filters['userfields']; foreach ($userfields as $field) { $filters_uf_types[] = $field['type']; $filters_uf_values[] = $field['value']; } memorize_param('criteria_type', 'array', $filters_uf_types, $filters_uf_types); memorize_param('criteria_value', 'array', $filters_uf_values, $filters_uf_values); /* * order: */ $order = param($this->order_param, 'string', ''); $this->order = $order != '' ? $order : $this->filters['order']; if ($this->order != $this->filters['order']) { // Save order from request $this->filters['order'] = $this->order; $this->save_filterset(); $this->refresh_query = true; } memorize_param($this->order_param, 'string', $this->default_filters['order'], $this->order); // Order // 'paged' memorize_param($this->page_param, 'integer', 1, $this->page); // List page number in paged display } }
* * b2evolution - {@link http://b2evolution.net/} * Released under GNU GPL License - {@link http://b2evolution.net/about/license.html} * @copyright (c)2003-2013 by Francois Planque - {@link http://fplanque.com/} * * {@internal Note: we need at least one file in the main package}} * * @package main */ /** * First thing: Do the minimal initializations required for b2evo: */ require_once dirname(__FILE__) . '/conf/_config.php'; require_once $inc_path . '_main.inc.php'; if (!init_requested_blog()) { // No specific blog to be displayed: echo 'No default blog is set.'; exit; } // Memorize that blog param as DEFAULT so that it doesn't get passed in regenerate_url() memorize_param('blog', 'integer', $blog); // A blog has been requested... Let's set a few default params: # You could *force* a specific skin here with this setting: # $skin = 'basic'; # This setting retricts posts to those published, thus hiding drafts. # You should not have to change this. $show_statuses = array(); # Additionnaly, you can set other values (see URL params in the manual)... # $order = 'ASC'; // This for example would display the blog in chronological order... // That's it, now let b2evolution do the rest! :) require $inc_path . '_blog_main.inc.php';
/** * Set/Activate filterset * * This will also set back the GLOBALS !!! needed for regenerate_url(). * * @param array Filters * @param boolean TRUE to memorize the filter params * @param boolean TRUE to use filters from previous request (from array $this->filters if it was defined before) */ function set_filters($filters, $memorize = true, $use_previous_filters = false) { if (!empty($filters)) { // Activate the filterset (fallback to default filter when a value is not set): if ($use_previous_filters) { // If $this->filters were activated before(e.g. on load from request), they can be saved here $this->filters = array_merge($this->default_filters, $this->filters, $filters); } else { // Don't use the filters from previous request $this->filters = array_merge($this->default_filters, $filters); } } // Activate preset filters if necessary: $this->activate_preset_filters(); // Funky oldstyle params: $this->limit = $this->filters['comments']; // for compatibility with parent class $this->page = $this->filters['page']; // asimo> memorize is always false for now, because is not fully implemented if ($memorize) { // set back the GLOBALS !!! needed for regenerate_url() : /* * Selected filter preset: */ memorize_param($this->param_prefix . 'filter_preset', 'string', $this->default_filters['filter_preset'], $this->filters['filter_preset']); // List of authors to restrict to /* * Restrict to selected authors attribute: */ memorize_param($this->param_prefix . 'author_IDs', 'string', $this->default_filters['author_IDs'], $this->filters['author_IDs']); // List of authors ID to restrict to memorize_param($this->param_prefix . 'author', 'string', $this->default_filters['author'], $this->filters['author']); // List of authors ID to restrict to memorize_param($this->param_prefix . 'author_email', 'string', $this->default_filters['author_email'], $this->filters['author_email']); // List of authors email to restrict to memorize_param($this->param_prefix . 'author_url', 'string', $this->default_filters['author_url'], $this->filters['author_url']); // List of authors url to restrict to memorize_param($this->param_prefix . 'url_match', 'string', $this->default_filters['url_match'], $this->filters['url_match']); // List of authors url to restrict to memorize_param($this->param_prefix . 'include_emptyurl', 'string', $this->default_filters['include_emptyurl'], $this->filters['include_emptyurl']); // List of authors url to restrict to memorize_param($this->param_prefix . 'author_IP', 'string', $this->default_filters['author_IP'], $this->filters['author_IP']); // List of authors ip to restrict to /* * Restrict to selected rating: */ memorize_param($this->param_prefix . 'rating_toshow', 'array', $this->default_filters['rating_toshow'], $this->filters['rating_toshow']); // Rating to restrict to memorize_param($this->param_prefix . 'rating_turn', 'string', $this->default_filters['rating_turn'], $this->filters['rating_turn']); // Rating to restrict to memorize_param($this->param_prefix . 'rating_limit', 'integer', $this->default_filters['rating_limit'], $this->filters['rating_limit']); // Rating to restrict to /* * Restrict by keywords */ memorize_param($this->param_prefix . 's', 'string', $this->default_filters['keywords'], $this->filters['keywords']); // Search string memorize_param($this->param_prefix . 'sentence', 'string', $this->default_filters['phrase'], $this->filters['phrase']); // Search for sentence or for words memorize_param($this->param_prefix . 'exact', 'integer', $this->default_filters['exact'], $this->filters['exact']); // Require exact match of title or contents /* * Restrict to selected statuses: */ memorize_param($this->param_prefix . 'show_statuses', 'array', $this->default_filters['statuses'], $this->filters['statuses']); // List of statuses to restrict to /* * Restrict to not active/expired comments: */ memorize_param($this->param_prefix . 'expiry_statuses', 'array', $this->default_filters['expiry_statuses'], $this->filters['expiry_statuses']); // List of expiry statuses to restrict to /* * Restrict to selected comment type: */ memorize_param($this->param_prefix . 'type', 'string', $this->default_filters['types'], $this->filters['types']); // List of comment types to restrict to /* * Restrict to current User specific permission: */ memorize_param($this->param_prefix . 'user_perm', 'string', $this->default_filters['user_perm'], $this->filters['user_perm']); // Restrict to comments with permitted action for the current User /* * Restrict to the statuses we want to show: */ // Note: oftentimes, $show_statuses will have been preset to a more restrictive set of values //memorize_param( $this->param_prefix.'show_statuses', 'array', $this->default_filters['visibility_array'], $this->filters['visibility_array'] ); // Array of sharings to restrict to /* * OLD STYLE orders: */ memorize_param($this->param_prefix . 'order', 'string', $this->default_filters['order'], $this->filters['order']); // ASC or DESC // This order style is OK, because sometimes the commentList is not displayed on a table so we cannot say we want to order by a specific column. memorize_param($this->param_prefix . 'orderby', 'string', $this->default_filters['orderby'], $this->filters['orderby']); // list of fields to order by (TODO: change that crap) /* * Paging limits: */ memorize_param($this->param_prefix . 'comments', 'integer', $this->default_filters['comments'], $this->filters['comments']); // # of units to display on the page // 'paged' memorize_param($this->page_param, 'integer', 1, $this->filters['page']); // List page number in paged display } }
/** * Set/Activate filterset * * This will also set back the GLOBALS !!! needed for regenerate_url(). * * @param array Filters * @param boolean TRUE to memorize the filter params * @param boolean TRUE to use filters from previous request (from array $this->filters if it was defined before) */ function set_filters($filters, $memorize = true, $use_previous_filters = false) { if (!empty($filters)) { // Activate the filterset (fallback to default filter when a value is not set): if ($use_previous_filters) { // If $this->filters were activated before(e.g. on load from request), they can be saved here $this->filters = array_merge($this->default_filters, $this->filters, $filters); } else { // Don't use the filters from previous request $this->filters = array_merge($this->default_filters, $filters); } } // Activate preset filters if necessary: $this->activate_preset_filters(); // Funky oldstyle params: $this->limit = $this->filters['posts']; // for compatibility with parent class $this->page = $this->filters['page']; if ($memorize) { // set back the GLOBALS !!! needed for regenerate_url() : /* * Selected filter preset: */ memorize_param($this->param_prefix . 'filter_preset', 'string', $this->default_filters['filter_preset'], $this->filters['filter_preset']); // List of authors to restrict to /* * Blog & Chapters/categories restrictions: */ // Get chapters/categories (and compile those values right away) if (isset($this->filters['cat_modifier'])) { // Update cat param with the cat modifier only if it was set explicitly, otherwise it may overwrite the global $cat variable memorize_param('cat', '/^[*\\-]?([0-9]+(,[0-9]+)*)?$/', $this->default_filters['cat_modifier'], $this->filters['cat_modifier']); // Category modifier } memorize_param('catsel', 'array', $this->default_filters['cat_array'], $this->filters['cat_array']); memorize_param($this->param_prefix . 'cat_focus', 'string', $this->default_filters['cat_focus'], $this->filters['cat_focus']); // Categories to search on // TEMP until we get this straight: // fp> this would only be used for the categories widget and setting it here overwtrites the interesting values when a post list widget is tirggered // fp> if we need it here we want to use a $set_globals params to this function // global $cat_array, $cat_modifier; // $cat_array = $this->default_filters['cat_array']; // $cat_modifier = $this->default_filters['cat_modifier']; /* * Restrict to selected tags: */ memorize_param($this->param_prefix . 'tags', 'string', $this->default_filters['tags'], $this->filters['tags']); /* * Restrict to selected authors: */ // List of authors users IDs to restrict to memorize_param($this->param_prefix . 'author', 'string', $this->default_filters['authors'], $this->filters['authors']); // List of authors users logins to restrict to memorize_param($this->param_prefix . 'author_login', 'string', $this->default_filters['authors_login'], $this->filters['authors_login']); /* * Restrict to selected assignees: */ // List of assignees users IDs to restrict to memorize_param($this->param_prefix . 'assgn', 'string', $this->default_filters['assignees'], $this->filters['assignees']); // List of assignees users logins to restrict to memorize_param($this->param_prefix . 'assgn_login', 'string', $this->default_filters['assignees_login'], $this->filters['assignees_login']); /* * Restrict to selected author OR assignee: */ memorize_param($this->param_prefix . 'author_assignee', 'string', $this->default_filters['author_assignee'], $this->filters['author_assignee']); /* * Restrict to selected locale: */ memorize_param($this->param_prefix . 'lc', 'string', $this->default_filters['lc'], $this->filters['lc']); // Locale to restrict to /* * Restrict to selected statuses: */ memorize_param($this->param_prefix . 'status', 'string', $this->default_filters['statuses'], $this->filters['statuses']); // List of statuses to restrict to /* * Restrict to selected post type: */ memorize_param($this->param_prefix . 'types', 'integer', $this->default_filters['types'], $this->filters['types']); // List of post types to restrict to /* * Restrict by keywords */ memorize_param($this->param_prefix . 's', 'string', $this->default_filters['keywords'], $this->filters['keywords']); // Search string memorize_param($this->param_prefix . 'scope', 'string', $this->default_filters['keyword_scope'], $this->filters['keyword_scope']); // Scope of search string memorize_param($this->param_prefix . 'sentence', 'string', $this->default_filters['phrase'], $this->filters['phrase']); // Search for sentence or for words memorize_param($this->param_prefix . 'exact', 'integer', $this->default_filters['exact'], $this->filters['exact']); // Require exact match of title or contents /* * Specific Item selection? */ memorize_param($this->param_prefix . 'm', '/^\\d{4}(0[1-9]|1[0-2])?(?(1)(0[1-9]|[12][0-9]|3[01])?)(?(2)([01][0-9]|2[0-3])?)(?(3)([0-5][0-9]){0,2})$/', $this->default_filters['ymdhms'], $this->filters['ymdhms']); // YearMonth(Day) to display memorize_param($this->param_prefix . 'w', '/^(0?[0-9]|[1-4][0-9]|5[0-3])$/', $this->default_filters['week'], $this->filters['week']); // Week number memorize_param($this->param_prefix . 'dstart', 'integer', $this->default_filters['ymdhms_min'], $this->filters['ymdhms_min']); // YearMonth(Day) to start at memorize_param($this->param_prefix . 'dstop', 'integer', $this->default_filters['ymdhms_max'], $this->filters['ymdhms_max']); // YearMonth(Day) to start at // TODO: show_past/future should probably be wired on dstart/dstop instead on timestamps -> get timestamps out of filter perimeter if (is_null($this->default_filters['ts_min']) && is_null($this->default_filters['ts_max'])) { // We have not set a strict default -> we allow overridding: memorize_param($this->param_prefix . 'show_past', 'integer', 0, $this->filters['ts_min'] == 'now' ? 0 : 1); memorize_param($this->param_prefix . 'show_future', 'integer', 0, $this->filters['ts_max'] == 'now' ? 0 : 1); } /* * Restrict to the statuses we want to show: */ // Note: oftentimes, $show_statuses will have been preset to a more restrictive set of values memorize_param($this->param_prefix . 'show_statuses', 'array', $this->default_filters['visibility_array'], $this->filters['visibility_array']); // Array of sharings to restrict to /* * OLD STYLE orders: */ memorize_param($this->param_prefix . 'order', 'string', $this->default_filters['order'], $this->filters['order']); // ASC or DESC // This order style is OK, because sometimes the commentList is not displayed on a table so we cannot say we want to order by a specific column. It's not a crap. memorize_param($this->param_prefix . 'orderby', 'string', $this->default_filters['orderby'], $this->filters['orderby']); // list of fields to order by (TODO: change that crap) /* * Paging limits: */ memorize_param($this->param_prefix . 'unit', 'string', $this->default_filters['unit'], $this->filters['unit']); // list unit: 'posts' or 'days' memorize_param($this->param_prefix . 'posts', 'integer', $this->default_filters['posts'], $this->filters['posts']); // # of units to display on the page // 'paged' memorize_param($this->page_param, 'integer', 1, $this->filters['page']); // List page number in paged display } }
die('Please, do not access this page directly.'); } global $blog, $admin_url, $UserSettings; global $datestartinput, $datestart, $datestopinput, $datestop, $email; if (param_date('datestartinput', T_('Invalid date'), false, NULL) !== NULL) { // We have a user provided localized date: memorize_param('datestart', 'string', NULL, trim(form_date($datestartinput))); memorize_param('datestartinput', 'string', NULL, empty($datestartinput) ? NULL : date(locale_datefmt(), strtotime($datestartinput))); } else { // We may have an automated param transmission date: param('datestart', 'string', '', true); } if (param_date('datestopinput', T_('Invalid date'), false, NULL) !== NULL) { // We have a user provided localized date: memorize_param('datestop', 'string', NULL, trim(form_date($datestopinput))); memorize_param('datestopinput', 'string', NULL, empty($datestopinput) ? NULL : date(locale_datefmt(), strtotime($datestopinput))); } else { // We may have an automated param transmission date: param('datestop', 'string', '', true); } param('email', 'string', '', true); // Create result set: $SQL = new SQL(); $SQL->SELECT('SQL_NO_CACHE emlog_ID, emlog_timestamp, emlog_user_ID, emlog_to, emlog_result, emlog_subject'); $SQL->FROM('T_email__log'); $count_SQL = new SQL(); $count_SQL->SELECT('SQL_NO_CACHE COUNT(emlog_ID)'); $count_SQL->FROM('T_email__log'); if (!empty($datestart)) { // Filter by start date $SQL->WHERE_and('emlog_timestamp >= ' . $DB->quote($datestart . ' 00:00:00'));
/** * Get a param from Request and save it to UserSettings, or default to previously saved user setting. * * If the user setting was not set before (and there's no default given that gets returned), $default gets used. * * @todo Move this to _abstractsettings.class.php - the other Settings object can also make use of it! * * @param string Request param name * @param string User setting name. Make sure this is unique! * @param string Force value type to one of: * - integer * - float * - string (strips (HTML-)Tags, trims whitespace) * - array * - object * - null * - html (does nothing) * - '' (does nothing) * - '/^...$/' check regexp pattern match (string) * - boolean (will force type to boolean, but you can't use 'true' as a default since it has special meaning. There is no real reason to pass booleans on a URL though. Passing 0 and 1 as integers seems to be best practice). * Value type will be forced only if resulting value (probably from default then) is !== NULL * @param mixed Default value or TRUE if user input required * @param boolean Do we need to memorize this to regenerate the URL for this page? * @param boolean Override if variable already set * @return NULL|mixed NULL, if neither a param was given nor {@link $UserSettings} knows about it. */ function param_Request($param_name, $uset_name, $type = '', $default = '', $memorize = false, $override = false) { $value = param($param_name, $type, NULL, $memorize, $override, false); // we pass NULL here, to see if it got set at all if ($value !== false) { // we got a value $this->set($uset_name, $value); $this->dbupdate(); } else { // get the value from user settings $value = $this->get($uset_name); if (is_null($value)) { // it's not saved yet and there's not default defined ($_defaults) $value = $default; } if ($memorize) { // Memorize param memorize_param($param_name, $type, $default, $value); } } set_param($param_name, $value); return get_param($param_name); }
$AdminUI->disp_payload_end(); break; case 'view': case 'delete': // View a single post: // Memorize 'p' in case we reload while changing some display settings memorize_param('p', 'integer', NULL); // Begin payload block: $AdminUI->disp_payload_begin(); // We use the "full" view for displaying single posts: $AdminUI->disp_view('items/views/_item_list_full.view.php'); // End payload block: $AdminUI->disp_payload_end(); break; case 'history': memorize_param('action', 'string', NULL); // Begin payload block: $AdminUI->disp_payload_begin(); // view: $AdminUI->disp_view('items/views/_item_history.view.php'); // End payload block: $AdminUI->disp_payload_end(); break; case 'history_details': // Begin payload block: $AdminUI->disp_payload_begin(); // view: $AdminUI->disp_view('items/views/_item_history_details.view.php'); // End payload block: $AdminUI->disp_payload_end(); break;
if ($edited_Group->ID == $Settings->get('newusers_grp_ID')) { $Messages->add(T_('You can\'t delete the default group for new users!'), 'error'); $action = 'view_group'; break; } if (param('confirm', 'integer', 0)) { // confirmed, Delete from DB: $msg = sprintf(T_('Group «%s» deleted.'), $edited_Group->dget('name')); $edited_Group->dbdelete($Messages); unset($edited_Group); forget_param('grp_ID'); $Messages->add($msg, 'success'); $action = 'list'; } else { // not confirmed, Check for restrictions: memorize_param('grp_ID', 'integer', true); if (!$edited_Group->check_delete(sprintf(T_('Cannot delete Group «%s»'), $edited_Group->dget('name')))) { // There are restrictions: $action = 'view_group'; } } break; } } // We might delegate to this action from above: if ($action == 'edit_user') { $Plugins->trigger_event('PluginUserSettingsEditAction', $tmp_params = array('User' => &$edited_User)); $Session->delete('core.changepwd.request_id'); // delete the request_id for password change request (from /htsrv/login.php) } // Display <html><head>...</head> section! (Note: should be done early if actions do not redirect)
// Set revision from request if ($phpsvnclient->getVersion() < $svn_revision) { // Incorrect revision number echo '<p class="red">' . sprintf(T_('Please select a correct revision number. The latest revision is %s.'), $phpsvnclient->getVersion()) . '</p>'; evo_flush(); $action = 'start'; break; // Stop an upgrade from SVN } else { // Use only correct revision $phpsvnclient->setVersion($svn_revision); } } $repository_version = $phpsvnclient->getVersion(); $upgrade_name = 'export_svn_' . $repository_version; memorize_param('upd_name', 'string', '', $upgrade_name); $upgrade_folder = $upgrade_path . $upgrade_name; if (file_exists($upgrade_path . $upgrade_name)) { // Current version already is downloaded echo '<p class="green">' . sprintf(T_('Revision %s has already been downloaded. Using: %s'), $repository_version, $upgrade_path . $upgrade_name); } else { // Download files echo '<p>' . sprintf(T_('Downloading package to «<strong>%s</strong>»...'), $upgrade_folder); evo_flush(); // Export all files in temp folder for following coping $svn_result = $phpsvnclient->checkOut($svn_folder, $upgrade_folder, false, true); echo '</p>'; if ($svn_result === false) { // Checkout is failed echo '<p style="color:red">' . sprintf(T_('Unable to download package from «%s»'), $svn_url) . '</p>'; evo_flush();
/** * Display hits results table */ function hits_results_block($params = array()) { if (!is_logged_in()) { // Only logged in users can access to this function return; } global $current_User; if (!$current_User->check_perm('stats', 'view')) { // Current user has no permission to view all stats (aggregated stats) return; } /** * View funcs */ load_funcs('sessions/views/_stats_view.funcs.php'); global $blog, $admin_url, $rsc_url; global $Session, $UserSettings, $DB; global $datestartinput, $datestart, $datestopinput, $datestop; global $preset_referer_type, $preset_agent_type; $tab = param('tab', 'string', 'summary', true); $tab3 = param('tab3', 'string', '', true); switch ($tab) { case 'other': $preset_results_title = T_('Direct browser hits'); $preset_referer_type = 'direct'; $preset_agent_type = 'browser'; $preset_filter_all_url = '?ctrl=stats&tab=referers&blog=' . $blog; $hide_columns = 'referer'; break; case 'referers': $preset_results_title = T_('Refered browser hits'); $preset_referer_type = 'referer'; $preset_agent_type = 'browser'; $preset_filter_all_url = '?ctrl=stats&tab=referers&blog=' . $blog; break; case 'refsearches': if ($tab3 == 'hits') { $preset_results_title = T_('Search hits'); $preset_referer_type = 'search'; $preset_agent_type = 'browser'; $preset_filter_all_url = '?ctrl=stats&tab=refsearches&tab3=hits&blog=' . $blog; } break; } if (param_date('datestartinput', T_('Invalid date'), false, NULL) !== NULL) { // We have a user provided localized date: memorize_param('datestart', 'string', NULL, trim(form_date($datestartinput))); } else { // We may have an automated param transmission date: param('datestart', 'string', '', true); } if (param_date('datestopinput', T_('Invalid date'), false, NULL) !== NULL) { // We have a user provided localized date: memorize_param('datestop', 'string', NULL, trim(form_date($datestopinput))); } else { // We may have an automated param transmission date: param('datestop', 'string', '', true); } $exclude = param('exclude', 'integer', 0, true); $sess_ID = param('sess_ID', 'integer', NULL, true); $remote_IP = param('remote_IP', 'string', NULL, true); $referer_type = isset($preset_referer_type) ? $preset_referer_type : param('referer_type', 'string', NULL, true); $agent_type = isset($preset_agent_type) ? $preset_agent_type : param('agent_type', 'string', NULL, true); $device = param('device', 'string', NULL, true); $hit_type = param('hit_type', 'string', NULL, true); $reqURI = param('reqURI', 'string', NULL, true); // Create result set: $SQL = new SQL(); $SQL->SELECT('SQL_NO_CACHE hit_ID, sess_ID, sess_device, hit_datetime, hit_type, hit_referer_type, hit_uri, hit_disp, hit_ctrl, hit_action, hit_blog_ID, hit_referer, hit_remote_addr,' . 'user_login, hit_agent_type, blog_shortname, dom_name, goal_name, hit_keyphrase, hit_serprank, hit_response_code'); $SQL->FROM('T_hitlog LEFT JOIN T_basedomains ON dom_ID = hit_referer_dom_ID' . ' LEFT JOIN T_sessions ON hit_sess_ID = sess_ID' . ' LEFT JOIN T_blogs ON hit_blog_ID = blog_ID' . ' LEFT JOIN T_users ON sess_user_ID = user_ID' . ' LEFT JOIN T_track__goalhit ON hit_ID = ghit_hit_ID' . ' LEFT JOIN T_track__goal ON ghit_goal_ID = goal_ID'); $CountSQL = new SQL(); $CountSQL->SELECT('SQL_NO_CACHE COUNT(hit_ID)'); $CountSQL->FROM('T_hitlog'); $operator = $exclude ? ' <> ' : ' = '; if (!empty($sess_ID)) { // We want to filter on the session ID: $filter = 'hit_sess_ID' . $operator . $sess_ID; $SQL->WHERE($filter); $CountSQL->WHERE($filter); } elseif (!empty($remote_IP)) { // We want to filter on the goal name: $filter = 'hit_remote_addr' . $operator . $DB->quote($remote_IP); $SQL->WHERE($filter); $CountSQL->WHERE($filter); } if (!empty($referer_type)) { $filter = 'hit_referer_type = ' . $DB->quote($referer_type); $SQL->WHERE_and($filter); $CountSQL->WHERE_and($filter); } if (!empty($agent_type)) { $filter = 'hit_agent_type = ' . $DB->quote($agent_type); $SQL->WHERE_and($filter); $CountSQL->WHERE_and($filter); } if (!empty($device)) { if ($device == 'other') { // Unknown device $device = ''; } $filter = 'sess_device = ' . $DB->quote($device); $SQL->WHERE_and($filter); $CountSQL->WHERE_and($filter); $CountSQL->FROM_add('LEFT JOIN T_sessions ON hit_sess_ID = sess_ID'); } if (!empty($hit_type)) { $filter = 'hit_type = ' . $DB->quote($hit_type); $SQL->WHERE_and($filter); $CountSQL->WHERE_and($filter); } if (!empty($reqURI)) { $filter = 'hit_uri LIKE ' . $DB->quote($reqURI); $SQL->WHERE_and($filter); $CountSQL->WHERE_and($filter); } if (!empty($datestart)) { $SQL->WHERE_and('hit_datetime >= ' . $DB->quote($datestart . ' 00:00:00')); $CountSQL->WHERE_and('hit_datetime >= ' . $DB->quote($datestart . ' 00:00:00')); } if (!empty($datestop)) { $SQL->WHERE_and('hit_datetime <= ' . $DB->quote($datestop . ' 23:59:59')); $CountSQL->WHERE_and('hit_datetime <= ' . $DB->quote($datestop . ' 23:59:59')); } if (!empty($blog)) { $filter = 'hit_blog_ID = ' . $DB->escape($blog); $SQL->WHERE_and($filter); $CountSQL->WHERE_and($filter); } $resuts_param_prefix = 'hits_'; if (!empty($preset_referer_type)) { $resuts_param_prefix = substr($preset_referer_type, 0, 8) . '_' . $resuts_param_prefix; } $Results = new Results($SQL->get(), $resuts_param_prefix, '--D', $UserSettings->get('results_per_page'), $CountSQL->get()); // Initialize Results object hits_results($Results); if (is_ajax_content()) { // init results param by template name if (!isset($params['skin_type']) || !isset($params['skin_name'])) { debug_die('Invalid ajax results request!'); } $Results->init_params_by_skin($params['skin_type'], $params['skin_name']); } // Display results: $Results->display(); if (!is_ajax_content()) { // Create this hidden div to get a function name for AJAX request echo '<div id="' . $resuts_param_prefix . 'ajax_callback" style="display:none">' . __FUNCTION__ . '</div>'; } }
require_once dirname(__FILE__) . '/_stats_view.funcs.php'; $user_ID = param('user_ID', 'integer', 0, true); // Create result set: $SQL = new SQL(); $SQL->SELECT('SQL_NO_CACHE sess_ID, user_login, TIMESTAMPDIFF( SECOND, sess_start_ts, sess_lastseen_ts ) as sess_length, sess_lastseen_ts, sess_ipaddress'); $SQL->FROM('T_sessions LEFT JOIN T_users ON sess_user_ID = user_ID'); $Count_SQL = new SQL(); $Count_SQL->SELECT('SQL_NO_CACHE COUNT(sess_ID)'); $Count_SQL->FROM('T_sessions LEFT JOIN T_users ON sess_user_ID = user_ID'); if (empty($user_ID)) { // display only this user sessions in user tab $user_ID = $edited_User->ID; } $SQL->WHERE('user_ID = ' . $user_ID); $Count_SQL->WHERE('user_ID = ' . $user_ID); memorize_param('user_tab', 'string', '', $user_tab); // Begin payload block: $this->disp_payload_begin(); // ------------------- PREV/NEXT USER LINKS ------------------- user_prevnext_links(array('user_tab' => 'sessions')); // ------------- END OF PREV/NEXT USER LINKS ------------------- $Results = new Results($SQL->get(), 'sess_', 'D', $UserSettings->get('results_per_page'), $Count_SQL->get()); // echo user edit action icons echo_user_actions($Results, $edited_User, 'edit'); echo '<span class="floatright">' . $Results->gen_global_icons() . '</span>'; $Results->global_icons = array(); // echo user tabs echo '<div>' . get_usertab_header($edited_User, $user_tab, T_('Sessions') . get_manual_link('user-sessions-tab')) . '</div>'; $Results->title = T_('Recent sessions') . get_manual_link('user-sessions-tab'); /** * Callback to add filters on top of the result set
/** * Sets a parameter with values from the request or to provided default, * except if param is already set! * * Also removes magic quotes if they are set automatically by PHP. * Also forces type. * Priority order: POST, GET, COOKIE, DEFAULT. * * @todo when bad_request_die() gets called, the GLOBAL should not be left set to the invalid value! * fp> Why? if the process dies anyway * * @param string Variable to set * @param string Force value type to one of: * - integer * - float, double * - string (strips (HTML-)Tags, trims whitespace) * - text like string but allows multiple lines * - array (it may contains arbitrary array elements) NOTE: If there is one way to avoid and use some other array type then it should not be used * - array:integer (elements of array must be integer) * - array:string (strips (HTML-)Tags, trims whitespace of array's elements) * - array:/regexp/ (elements of array must match to the given regular expression) e.g. 'array:/^[a-z]*$/' * - array:array:integer (two dimensional array and the elements must be integers) * - array:array:string (strips (HTML-)Tags, trims whitespace of the two dimensional array's elements) * - html (does nothing, for now) * - raw (does nothing) * - '' (does nothing) -- DEPRECATED, use "raw" instead * - '/^...$/' check regexp pattern match (string) * - boolean (will force type to boolean, but you can't use 'true' as a default since it has special meaning. There is no real reason to pass booleans on a URL though. Passing 0 and 1 as integers seems to be best practice). * - url (like string but dies on illegal urls) * Value type will be forced only if resulting value (probably from default then) is !== NULL * @param mixed Default value or TRUE if user input required * @param boolean Do we need to memorize this to regenerate the URL for this page? * @param boolean Override if variable already set * @param boolean Force setting of variable to default if no param is sent and var wasn't set before * @param mixed true will refuse illegal values, * false will try to convert illegal to legal values, * 'allow_empty' will refuse illegal values but will always accept empty values (This helps blocking dirty spambots or borked index bots. Saves a lot of processor time by killing invalid requests) * @return mixed Final value of Variable, or false if we don't force setting and did not set */ function param($var, $type = 'raw', $default = '', $memorize = false, $override = false, $use_default = true, $strict_typing = 'allow_empty') { global $Debuglog, $debug, $evo_charset, $io_charset; // NOTE: we use $GLOBALS[$var] instead of $$var, because otherwise it would conflict with param names which are used as function params ("var", "type", "default", ..)! /* * STEP 1 : Set the variable * * Check if already set * WARNING: when PHP register globals is ON, COOKIES get priority over GET and POST with this!!! * dh> I never understood that comment.. does it refer to "variables_order" php.ini setting? * fp> I guess */ if (!isset($GLOBALS[$var]) || $override) { if (isset($_POST[$var])) { $GLOBALS[$var] = remove_magic_quotes($_POST[$var]); // if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by POST', 'params' ); } elseif (isset($_GET[$var])) { $GLOBALS[$var] = remove_magic_quotes($_GET[$var]); // if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by GET', 'params' ); } elseif (isset($_COOKIE[$var])) { $GLOBALS[$var] = remove_magic_quotes($_COOKIE[$var]); // if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by COOKIE', 'params' ); } elseif ($default === true) { bad_request_die(sprintf(T_('Parameter «%s» is required!'), $var)); } elseif ($use_default) { // We haven't set any value yet and we really want one: use default: if (in_array($type, array('array', 'array:integer', 'array:string', 'array:array:integer', 'array:array:string')) && $default === '') { // Change default '' into array() (otherwise there would be a notice with settype() below) $default = array(); } $GLOBALS[$var] = $default; // echo '<br>param(-): '.$var.'='.$GLOBALS[$var].' set by default'; // if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by default', 'params' ); } else { // param not found! don't set the variable. // Won't be memorized nor type-forced! return false; } } else { // Variable was already set but we need to remove the auto quotes $GLOBALS[$var] = remove_magic_quotes($GLOBALS[$var]); // if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.' already set to ['.var_export($GLOBALS[$var], true).']!', 'params' ); } if (isset($io_charset) && !empty($evo_charset)) { $GLOBALS[$var] = convert_charset($GLOBALS[$var], $evo_charset, $io_charset); } // Check if the type is the special array or regexp if (substr($type, 0, 7) == 'array:/') { // It is an array type param which may contains elements mathcing to the given regular expression $elements_regexp = substr($type, 6); $elements_type = 'string'; $type = 'array:regexp'; } /* * STEP 2: make sure the data fits the expected type * * type will be forced even if it was set before and not overriden */ if (!empty($type) && $GLOBALS[$var] !== NULL) { // Force the type // echo "forcing type!"; switch ($type) { case 'html': // Technically does the same as "raw", but may do more in the future. // Technically does the same as "raw", but may do more in the future. case 'raw': if (!is_scalar($GLOBALS[$var])) { // This happens if someone uses "foo[]=x" where "foo" is expected as string debug_die('param(-): <strong>' . $var . '</strong> is not scalar!'); } // Clean utf8: $GLOBALS[$var] = utf8_clean($GLOBALS[$var]); // do nothing if (isset($Debuglog)) { $Debuglog->add('param(-): <strong>' . $var . '</strong> as RAW Unsecure HTML', 'params'); } break; case 'htmlspecialchars': if (!is_scalar($GLOBALS[$var])) { // This happens if someone uses "foo[]=x" where "foo" is expected as string debug_die('param(-): <strong>' . $var . '</strong> is not scalar!'); } // convert all html to special characters: $GLOBALS[$var] = utf8_trim(htmlspecialchars($GLOBALS[$var], ENT_COMPAT, $evo_charset)); // cross-platform newlines: $GLOBALS[$var] = preg_replace("~(\r\n|\r)~", "\n", $GLOBALS[$var]); $Debuglog->add('param(-): <strong>' . $var . '</strong> as text with html special chars', 'params'); break; case 'text': if (!is_scalar($GLOBALS[$var])) { // This happens if someone uses "foo[]=x" where "foo" is expected as string debug_die('param(-): <strong>' . $var . '</strong> is not scalar!'); } // strip out any html: $GLOBALS[$var] = utf8_trim(utf8_strip_tags($GLOBALS[$var])); // cross-platform newlines: $GLOBALS[$var] = preg_replace("~(\r\n|\r)~", "\n", $GLOBALS[$var]); $Debuglog->add('param(-): <strong>' . $var . '</strong> as text', 'params'); break; case 'string': if (!is_scalar($GLOBALS[$var])) { // This happens if someone uses "foo[]=x" where "foo" is expected as string debug_die('param(-): <strong>' . $var . '</strong> is not scalar!'); } // echo $var, '=', $GLOBALS[$var], '<br />'; // Make sure the string is a single line $GLOBALS[$var] = preg_replace('~\\r|\\n~', '', $GLOBALS[$var]); // strip out any html: $GLOBALS[$var] = utf8_strip_tags($GLOBALS[$var]); // echo "param $var=".$GLOBALS[$var]."<br />\n"; $GLOBALS[$var] = utf8_trim($GLOBALS[$var]); // echo "param $var=".$GLOBALS[$var]."<br />\n"; $Debuglog->add('param(-): <strong>' . $var . '</strong> as string', 'params'); break; case 'url': if (!is_scalar($GLOBALS[$var])) { // This happens if someone uses "foo[]=x" where "foo" is expected as string debug_die('param(-): <strong>' . $var . '</strong> is not scalar!'); } // Decode url: $GLOBALS[$var] = urldecode($GLOBALS[$var]); // strip out any html: $GLOBALS[$var] = utf8_trim(utf8_strip_tags($GLOBALS[$var])); // Remove new line chars and double quote from url $GLOBALS[$var] = preg_replace('~\\r|\\n|"~', '', $GLOBALS[$var]); if (!empty($GLOBALS[$var]) && !preg_match('#^(/|\\?|https?://)#i', $GLOBALS[$var])) { // We cannot accept this MISMATCH: bad_request_die(sprintf(T_('Illegal value received for parameter «%s»!'), $var)); } $Debuglog->add('param(-): <strong>' . $var . '</strong> as url', 'params'); break; case 'array:integer': case 'array:array:integer': // Set elements type to integer, and set the corresponding regular expression $elements_type = 'integer'; $elements_regexp = '/^(\\+|-)?[0-9]+$/'; case 'array': case 'array:string': case 'array:regexp': case 'array:array:string': if (!is_array($GLOBALS[$var])) { // This param must be array debug_die('param(-): <strong>' . $var . '</strong> is not array!'); } // Store current array in temp var for checking and preparing $globals_var = $GLOBALS[$var]; // Check if the given array type is one dimensional array $one_dimensional = $type == 'array' || $type == 'array:integer' || $type == 'array:string' || $type == 'array:regexp'; // Check if the given array type should contains string elements $contains_strings = $type == 'array:string' || $type == 'array:array:string'; if ($one_dimensional) { // Convert to a two dimensional array to handle one and two dimensional arrays the same way $globals_var = array($globals_var); } foreach ($globals_var as $i => $var_array) { if (!is_array($var_array)) { // This param must be array // Note: In case of one dimensional array params this will never happen debug_die('param(-): <strong>' . $var . '[' . $i . ']</strong> is not array!'); } if ($type == 'array') { // This param may contain any kind of elements we need to check and validate it recursively $globals_var[$i] = param_check_general_array($var_array); break; } foreach ($var_array as $j => $var_value) { if (!is_scalar($var_value)) { // This happens if someone uses "foo[][]=x" where "foo[]" is expected as string debug_die('param(-): element of array <strong>' . $var . '</strong> is not scalar!'); } if ($contains_strings) { // Prepare string elements of array // Make sure the string is a single line $var_value = preg_replace('~\\r|\\n~', '', $var_value); // strip out any html: $globals_var[$i][$j] = utf8_trim(utf8_strip_tags($var_value)); continue; } if (isset($elements_regexp)) { // Array contains elements which must match to the given regular expression if (preg_match($elements_regexp, $var_value)) { // OK match, set the corresponding type settype($globals_var[$i][$j], $elements_type); } else { // No match, cannot accept this MISMATCH // Note: In case of array:integer or array:regexp we always use strict typing for the array elements bad_request_die(sprintf(T_('Illegal value received for parameter «%s»!'), $var)); } } } } if ($one_dimensional) { // Extract real array from temp array $globals_var = $globals_var[0]; } // Restore current array with prepared data $GLOBALS[$var] = $globals_var; $Debuglog->add('param(-): <strong>' . $var . '</strong> as ' . $type, 'params'); if ($GLOBALS[$var] === array() && $strict_typing === false && $use_default) { // We want to consider empty values as invalid and fall back to the default value: $GLOBALS[$var] = $default; } break; default: if (utf8_substr($type, 0, 1) == '/') { // We want to match against a REGEXP: if (!is_scalar($GLOBALS[$var])) { // This happens if someone uses "foo[]=x" where "foo" is expected as string debug_die('param(-): <strong>' . $var . '</strong> is not scalar!'); } elseif (preg_match($type, $GLOBALS[$var])) { // Okay, match if (isset($Debuglog)) { $Debuglog->add('param(-): <strong>' . $var . '</strong> matched against ' . $type, 'params'); } } elseif ($strict_typing == 'allow_empty' && empty($GLOBALS[$var])) { // No match but we accept empty value: if (isset($Debuglog)) { $Debuglog->add('param(-): <strong>' . $var . '</strong> is empty: ok', 'params'); } } elseif ($strict_typing) { // We cannot accept this MISMATCH: bad_request_die(sprintf(T_('Illegal value received for parameter «%s»!'), $var)); } else { // Fall back to default: $GLOBALS[$var] = $default; if (isset($Debuglog)) { $Debuglog->add('param(-): <strong>' . $var . '</strong> DID NOT match ' . $type . ' set to default value=' . $GLOBALS[$var], 'params'); } } // From now on, consider this as a string: (we need this when memorizing) $type = 'string'; } elseif ($GLOBALS[$var] === '') { // Special handling of empty values. if ($strict_typing === false && $use_default) { // ADDED BY FP 2006-07-06 // We want to consider empty values as invalid and fall back to the default value: $GLOBALS[$var] = $default; } else { // We memorize the empty value as NULL: // fplanque> note: there might be side effects to this, but we need // this to distinguish between 0 and 'no input' // Note: we do this after regexps because we may or may not want to allow empty strings in regexps $GLOBALS[$var] = NULL; if (isset($Debuglog)) { $Debuglog->add('param(-): <strong>' . $var . '</strong> set to NULL', 'params'); } } } else { if ($strict_typing) { // We want to make sure the value is valid: $regexp = ''; switch ($type) { case 'boolean': $regexp = '/^(0|1|false|true)$/i'; break; case 'integer': $regexp = '/^(\\+|-)?[0-9]+$/'; break; case 'float': case 'double': $regexp = '/^(\\+|-)?[0-9]+(.[0-9]+)?$/'; break; default: // Note: other types are not tested and they are not allowed without testing. debug_die('Invalid parameter type!'); } if ($strict_typing == 'allow_empty' && empty($GLOBALS[$var])) { // We have an empty value and we accept it // ok.. } elseif (!empty($regexp)) { if ($type == 'boolean' && strtolower($GLOBALS[$var]) == 'false') { // 'false' string must be interpreted as boolean false value $GLOBALS[$var] = false; } elseif (!is_scalar($GLOBALS[$var]) || !preg_match($regexp, $GLOBALS[$var])) { // Value of scalar var does not match! bad_request_die(sprintf(T_('Illegal value received for parameter «%s»!'), $var)); } } } // Change the variable type: settype($GLOBALS[$var], $type); if (isset($Debuglog)) { $Debuglog->add('param(-): <strong>' . var_export($var, true) . '</strong> typed to ' . $type . ', new value=' . var_export($GLOBALS[$var], true), 'params'); } } } } /* * STEP 3: memorize the value for later url regeneration */ if ($memorize) { // Memorize this parameter memorize_param($var, $type, $default); } // echo $var, '(', gettype($GLOBALS[$var]), ')=', $GLOBALS[$var], '<br />'; return $GLOBALS[$var]; }
/** * @var current action */ global $action; /** * @var user permission, if user is only allowed to edit his profile */ global $user_profile_only; global $user_tab, $user_ID; global $current_User, $UserSettings; if (!$current_User->check_perm('users', 'edit')) { // Check permission: debug_die(T_('You have no permission to see this tab!')); } memorize_param('user_tab', 'string', '', $user_tab); memorize_param('user_ID', 'integer', 0, $user_ID); // ------------------- PREV/NEXT USER LINKS ------------------- user_prevnext_links(array('block_start' => '<table class="prevnext_user"><tr>', 'prev_start' => '<td width="33%">', 'prev_end' => '</td>', 'prev_no_user' => '<td width="33%"> </td>', 'back_start' => '<td width="33%" class="back_users_list">', 'back_end' => '</td>', 'next_start' => '<td width="33%" class="right">', 'next_end' => '</td>', 'next_no_user' => '<td width="33%"> </td>', 'block_end' => '</tr></table>', 'user_tab' => 'activity')); // ------------- END OF PREV/NEXT USER LINKS ------------------- if (!$user_profile_only) { // echo user edit action icons $Widget = new Widget(); echo_user_actions($Widget, $edited_User, 'edit'); echo '<span class="floatright">' . $Widget->gen_global_icons() . '</span>'; } echo '<div>' . get_usertab_header($edited_User, $user_tab, $current_User->ID == $edited_User->ID ? T_('My Activity') : T_('User Activity')) . '</div>'; // Display IP address from where this user was created echo '<div style="margin-top:25px;font-weight:bold;"><span>' . T_('User created from IP') . ': ' . int2ip($UserSettings->get('created_fromIPv4', $edited_User->ID)) . '</span></div>'; /**** Reports from edited user ****/ user_reports_results_block(array('edited_User' => $edited_User)); evo_flush();
/** * Sets a parameter with values from the request or to provided default, * except if param is already set! * * Also removes magic quotes if they are set automatically by PHP. * Also forces type. * Priority order: POST, GET, COOKIE, DEFAULT. * * @param string Variable to set * @param string Force value type to one of: * - integer * - float, double * - string (strips (HTML-)Tags, trims whitespace) * - array (TODO: array/integer , array/array/string ) * - html (does nothing) * - '' (does nothing) * - '/^...$/' check regexp pattern match (string) * - boolean (will force type to boolean, but you can't use 'true' as a default since it has special meaning. There is no real reason to pass booleans on a URL though. Passing 0 and 1 as integers seems to be best practice). * Value type will be forced only if resulting value (probably from default then) is !== NULL * @param mixed Default value or TRUE if user input required * @param boolean Do we need to memorize this to regenerate the URL for this page? * @param boolean Override if variable already set * @param boolean Force setting of variable to default if no param is sent and var wasn't set before * @param mixed true will refuse illegal values, * false will try to convert illegal to legal values, * 'allow_empty' will refuse illegal values but will always accept empty values (This helps blocking dirty spambots or borked index bots. Saves a lot of processor time by killing invalid requests) * @return mixed Final value of Variable, or false if we don't force setting and did not set */ function param($var, $type = '', $default = '', $memorize = false, $override = false, $use_default = true, $strict_typing = 'allow_empty') { global $Debuglog, $debug, $evo_charset, $io_charset; // NOTE: we use $GLOBALS[$var] instead of $$var, because otherwise it would conflict with param names which are used as function params ("var", "type", "default", ..)! /* * STEP 1 : Set the variable * * Check if already set * WARNING: when PHP register globals is ON, COOKIES get priority over GET and POST with this!!! * dh> I never understood that comment.. does it refer to "variables_order" php.ini setting? * fp> I guess */ if (!isset($GLOBALS[$var]) || $override) { if (isset($_POST[$var])) { $GLOBALS[$var] = remove_magic_quotes($_POST[$var]); // if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by POST', 'params' ); } elseif (isset($_GET[$var])) { $GLOBALS[$var] = remove_magic_quotes($_GET[$var]); // if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by GET', 'params' ); } elseif (isset($_COOKIE[$var])) { $GLOBALS[$var] = remove_magic_quotes($_COOKIE[$var]); // if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by COOKIE', 'params' ); } elseif ($default === true) { bad_request_die(sprintf(T_('Parameter «%s» is required!'), $var)); } elseif ($use_default) { // We haven't set any value yet and we really want one: use default: $GLOBALS[$var] = $default; // echo '<br>param(-): '.$var.'='.$GLOBALS[$var].' set by default'; // if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by default', 'params' ); } else { // param not found! don't set the variable. // Won't be memorized nor type-forced! return false; } } else { // Variable was already set but we need to remove the auto quotes $GLOBALS[$var] = remove_magic_quotes($GLOBALS[$var]); // if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.' already set to ['.var_export($GLOBALS[$var], true).']!', 'params' ); } if (isset($io_charset) && !empty($evo_charset)) { $GLOBALS[$var] = convert_charset($GLOBALS[$var], $evo_charset, $io_charset); } /* * STEP 2: make sure the data fits the expected type * * type will be forced even if it was set before and not overriden */ if (!empty($type) && $GLOBALS[$var] !== NULL) { // Force the type // echo "forcing type!"; switch ($type) { case 'html': // do nothing if (isset($Debuglog)) { $Debuglog->add('param(-): <strong>' . $var . '</strong> as RAW Unsecure HTML', 'params'); } break; case 'string': // strip out any html: // echo $var, '=', $GLOBALS[$var], '<br />'; if (!is_scalar($GLOBALS[$var])) { // This happens if someone uses "foo[]=x" where "foo" is expected as string // TODO: dh> debug_die() instead? $GLOBALS[$var] = ''; $Debuglog->add('param(-): <strong>' . $var . '</strong> is not scalar!', 'params'); } else { $GLOBALS[$var] = trim(strip_tags($GLOBALS[$var])); // Make sure the string is a single line $GLOBALS[$var] = preg_replace('¤\\r|\\n¤', '', $GLOBALS[$var]); } $Debuglog->add('param(-): <strong>' . $var . '</strong> as string', 'params'); break; default: if (substr($type, 0, 1) == '/') { // We want to match against a REGEXP: if (preg_match($type, $GLOBALS[$var])) { // Okay, match if (isset($Debuglog)) { $Debuglog->add('param(-): <strong>' . $var . '</strong> matched against ' . $type, 'params'); } } elseif ($strict_typing == 'allow_empty' && empty($GLOBALS[$var])) { // No match but we accept empty value: if (isset($Debuglog)) { $Debuglog->add('param(-): <strong>' . $var . '</strong> is empty: ok', 'params'); } } elseif ($strict_typing) { // We cannot accept this MISMATCH: bad_request_die(sprintf(T_('Illegal value received for parameter «%s»!'), $var)); } else { // Fall back to default: $GLOBALS[$var] = $default; if (isset($Debuglog)) { $Debuglog->add('param(-): <strong>' . $var . '</strong> DID NOT match ' . $type . ' set to default value=' . $GLOBALS[$var], 'params'); } } // From now on, consider this as a string: (we need this when memorizing) $type = 'string'; } elseif ($GLOBALS[$var] === '') { // Special handling of empty values. if ($strict_typing === false && $use_default) { // ADDED BY FP 2006-07-06 // We want to consider empty values as invalid and fall back to the default value: $GLOBALS[$var] = $default; } else { // We memorize the empty value as NULL: // fplanque> note: there might be side effects to this, but we need // this to distinguish between 0 and 'no input' // Note: we do this after regexps because we may or may not want to allow empty strings in regexps $GLOBALS[$var] = NULL; if (isset($Debuglog)) { $Debuglog->add('param(-): <strong>' . $var . '</strong> set to NULL', 'params'); } } } elseif ($GLOBALS[$var] === array()) { if ($strict_typing === false && $use_default) { // ADDED BY FP 2006-09-07 // We want to consider empty values as invalid and fall back to the default value: $GLOBALS[$var] = $default; } } else { if ($strict_typing) { // We want to make sure the value is valid: $regexp = ''; switch ($type) { case 'boolean': $regexp = '/^(0|1|false|true)$/i'; break; case 'integer': $regexp = '/^(\\+|-)?[0-9]+$/'; break; case 'float': case 'double': $regexp = '/^(\\+|-)?[0-9]+(.[0-9]+)?$/'; break; // Note: other types are not tested here. } if ($strict_typing == 'allow_empty' && empty($GLOBALS[$var])) { // We have an empty value and we accept it // ok.. } elseif (!empty($regexp) && (!is_scalar($GLOBALS[$var]) || !preg_match($regexp, $GLOBALS[$var]))) { // Value does not match! bad_request_die(sprintf(T_('Illegal value received for parameter «%s»!'), $var)); } } // Change the variable type: settype($GLOBALS[$var], $type); if (isset($Debuglog)) { $Debuglog->add('param(-): <strong>' . $var . '</strong> typed to ' . $type . ', new value=' . $GLOBALS[$var], 'params'); } } } } /* * STEP 3: memorize the value for later url regeneration */ if ($memorize) { // Memorize this parameter memorize_param($var, $type, $default); } // echo $var, '(', gettype($GLOBALS[$var]), ')=', $GLOBALS[$var], '<br />'; return $GLOBALS[$var]; }
} $action = param_action(); if ($tab3 == 'quick') { require_css('quick_upload.css'); //require_js( 'multiupload/sendfile.js' ); //require_js( 'multiupload/quick_upload.js' ); require_js('multiupload/fileuploader.js'); require_css('fileuploader.css'); } // INIT params: if (param('root_and_path', 'string', '', false) && strpos($root_and_path, '::')) { // root and path together: decode and override (used by "radio-click-dirtree") list($root, $path) = explode('::', $root_and_path, 2); // Memorize new root: memorize_param('root', 'string', NULL); memorize_param('path', 'string', NULL); } else { param('root', 'string', NULL, true); // the root directory from the dropdown box (user_X or blog_X; X is ID - 'user' for current user (default)) param('path', 'string', '', true); // the path relative to the root dir if (param('new_root', 'string', '') && $new_root != $root) { // We have changed root in the select list $root = $new_root; $path = ''; } } // Get root: $ads_list_path = false; // false by default, gets set if we have a valid root /**
* @copyright (c)2003-2013 by Francois Planque - {@link http://fplanque.com/}. * Parts of this file are copyright (c)2005 by Daniel HAHLER - {@link http://thequod.de/contact}. * * @license http://b2evolution.net/about/license.html GNU General Public License (GPL) * * @package admin * * {@internal Below is a list of authors who have contributed to design/coding of this file: }} * @author efy-asimo: Attila Simo. * * @version $Id: _broken_slugs.view.php 3328 2013-03-26 11:44:11Z yura $ */ if (!defined('EVO_MAIN_INIT')) { die('Please, do not access this page directly.'); } memorize_param('action', 'string', '', 'find_broken_slugs'); $SQL = new SQL(); $SQL->SELECT('slug_ID, slug_title, slug_itm_ID'); $SQL->FROM('T_slug'); $SQL->WHERE('slug_type = "item" AND slug_itm_ID NOT IN (SELECT post_ID FROM T_items__item )'); $Results = new Results($SQL->get(), 'broken_slugs_'); $Results->title = T_('Broken item slugs with no matching item'); $Results->global_icon(T_('Cancel!'), 'close', regenerate_url('action')); $Results->cols[] = array('th' => T_('Slug ID'), 'th_class' => 'shrinkwrap', 'td_class' => 'small center', 'order' => 'slug_ID', 'td' => '$slug_ID$'); $Results->cols[] = array('th' => T_('Title'), 'th_class' => 'nowrap', 'td_class' => 'small', 'order' => 'slug_title', 'td' => '$slug_title$'); $Results->cols[] = array('th' => T_('Item ID'), 'th_class' => 'shrinkwrap', 'td_class' => 'small center', 'order' => 'slug_itm_ID', 'td' => '$slug_itm_ID$'); $Results->display(array('page_url' => regenerate_url('blog,ctrl,action,results_' . $Results->param_prefix . 'page', 'action=' . param_action() . '&' . url_crumb('tools')))); if ($current_User->check_perm('options', 'edit', true) && $Results->get_num_rows()) { // display Delete link $redirect_to = regenerate_url('action', 'action=del_broken_slugs&' . url_crumb('tools')); echo '<p>[<a href="' . $redirect_to . '">' . T_('Delete these slugs') . '</a>]</p>';
*/ if (!defined('EVO_MAIN_INIT')) { die('Please, do not access this page directly.'); } global $blog, $admin_url, $UserSettings; global $datestartinput, $datestart, $datestopinput, $datestop, $email; if (param_date('datestartinput', T_('Invalid date'), false, NULL) !== NULL) { // We have a user provided localized date: memorize_param('datestart', 'string', NULL, trim(form_date($datestartinput))); } else { // We may have an automated param transmission date: param('datestart', 'string', '', true); } if (param_date('datestopinput', T_('Invalid date'), false, NULL) !== NULL) { // We have a user provided localized date: memorize_param('datestop', 'string', NULL, trim(form_date($datestopinput))); } else { // We may have an automated param transmission date: param('datestop', 'string', '', true); } param('email', 'string', '', true); // Create result set: $SQL = new SQL(); $SQL->SELECT('SQL_NO_CACHE emlog_ID, emlog_timestamp, emlog_user_ID, emlog_to, emlog_result, emlog_subject'); $SQL->FROM('T_email__log'); $CountSQL = new SQL(); $CountSQL->SELECT('SQL_NO_CACHE COUNT(emlog_ID)'); $CountSQL->FROM('T_email__log'); if (!empty($datestart)) { // Filter by start date $SQL->WHERE_and('emlog_timestamp >= ' . $DB->quote($datestart . ' 00:00:00'));
/** * Set/Activate filterset * * This will also set back the GLOBALS !!! needed for regenerate_url(). * * @param array * @param boolean */ function set_filters($filters, $memorize = true) { if (!empty($filters)) { // Activate the filterset (fallback to default filter when a value is not set): $this->filters = array_merge($this->default_filters, $filters); } // Activate preset filters if necessary: $this->activate_preset_filters(); // Funky oldstyle params: $this->limit = $this->filters['posts']; // for compatibility with parent class $this->page = $this->filters['page']; if ($memorize) { // set back the GLOBALS !!! needed for regenerate_url() : /* * Selected filter preset: */ memorize_param($this->param_prefix . 'filter_preset', 'string', $this->default_filters['filter_preset'], $this->filters['filter_preset']); // List of authors to restrict to /* * Blog & Chapters/categories restrictions: */ // Get chapters/categories (and compile those values right away) memorize_param('cat', '/^[*\\-]?([0-9]+(,[0-9]+)*)?$/', $this->default_filters['cat_modifier'], $this->filters['cat_modifier']); // List of authors to restrict to memorize_param('catsel', 'array', $this->default_filters['cat_array'], $this->filters['cat_array']); memorize_param($this->param_prefix . 'cat_focus', 'string', $this->default_filters['cat_focus'], $this->filters['cat_focus']); // Categories to search on // TEMP until we get this straight: // fp> this would only be used for the categories widget and setting it here overwtrites the interesting values when a post list widget is tirggered // fp> if we need it here we want to use a $set_globals params to this function // global $cat_array, $cat_modifier; // $cat_array = $this->default_filters['cat_array']; // $cat_modifier = $this->default_filters['cat_modifier']; /* * Restrict to selected tags: */ memorize_param($this->param_prefix . 'tags', 'string', $this->default_filters['tags'], $this->filters['tags']); /* * Restrict to selected authors: */ memorize_param($this->param_prefix . 'author', 'string', $this->default_filters['authors'], $this->filters['authors']); // List of authors to restrict to /* * Restrict to selected assignees: */ memorize_param($this->param_prefix . 'assgn', 'string', $this->default_filters['assignees'], $this->filters['assignees']); // List of assignees to restrict to /* * Restrict to selected author OR assignee: */ memorize_param($this->param_prefix . 'author_assignee', 'string', $this->default_filters['author_assignee'], $this->filters['author_assignee']); /* * Restrict to selected locale: */ memorize_param($this->param_prefix . 'lc', 'string', $this->default_filters['lc'], $this->filters['lc']); // Locale to restrict to /* * Restrict to selected statuses: */ memorize_param($this->param_prefix . 'status', 'string', $this->default_filters['statuses'], $this->filters['statuses']); // List of statuses to restrict to /* * Restrict to selected item type: */ memorize_param($this->param_prefix . 'types', 'integer', $this->default_filters['types'], $this->filters['types']); // List of item types to restrict to /* * Restrict by keywords */ memorize_param($this->param_prefix . 's', 'string', $this->default_filters['keywords'], $this->filters['keywords']); // Search string memorize_param($this->param_prefix . 'sentence', 'string', $this->default_filters['phrase'], $this->filters['phrase']); // Search for sentence or for words memorize_param($this->param_prefix . 'exact', 'integer', $this->default_filters['exact'], $this->filters['exact']); // Require exact match of title or contents /* * Specific Item selection? */ memorize_param($this->param_prefix . 'm', 'integer', $this->default_filters['ymdhms'], $this->filters['ymdhms']); // YearMonth(Day) to display memorize_param($this->param_prefix . 'w', 'integer', $this->default_filters['week'], $this->filters['week']); // Week number memorize_param($this->param_prefix . 'dstart', 'integer', $this->default_filters['ymdhms_min'], $this->filters['ymdhms_min']); // YearMonth(Day) to start at memorize_param($this->param_prefix . 'dstop', 'integer', $this->default_filters['ymdhms_max'], $this->filters['ymdhms_max']); // YearMonth(Day) to start at // TODO: show_past/future should probably be wired on dstart/dstop instead on timestamps -> get timestamps out of filter perimeter if (is_null($this->default_filters['ts_min']) && is_null($this->default_filters['ts_max'])) { // We have not set a strict default -> we allow overridding: memorize_param($this->param_prefix . 'show_past', 'integer', 0, $this->filters['ts_min'] == 'now' ? 0 : 1); memorize_param($this->param_prefix . 'show_future', 'integer', 0, $this->filters['ts_max'] == 'now' ? 0 : 1); } /* * Restrict to the statuses we want to show: */ // Note: oftentimes, $show_statuses will have been preset to a more restrictive set of values memorize_param($this->param_prefix . 'show_statuses', 'array', $this->default_filters['visibility_array'], $this->filters['visibility_array']); // Array of sharings to restrict to /* * OLD STYLE orders: */ memorize_param($this->param_prefix . 'order', 'string', $this->default_filters['order'], $this->filters['order']); // ASC or DESC memorize_param($this->param_prefix . 'orderby', 'string', $this->default_filters['orderby'], $this->filters['orderby']); // list of fields to order by (TODO: change that crap) /* * Paging limits: */ memorize_param($this->param_prefix . 'unit', 'string', $this->default_filters['unit'], $this->filters['unit']); // list unit: 'posts' or 'days' memorize_param($this->param_prefix . 'posts', 'integer', $this->default_filters['posts'], $this->filters['posts']); // # of units to display on the page // 'paged' memorize_param($this->page_param, 'integer', 1, $this->filters['page']); // List page number in paged display } }
return; } // Comments counter $c_number = @generic_ctp_number($Item->ID, 'comments'); $t_number = @generic_ctp_number($Item->ID, 'trackbacks'); $p_number = @generic_ctp_number($Item->ID, 'pingbacks'); global $disp; if ($disp == 'page') { $title_links = $Skin->T_('Related Links'); } else { $title_links = $Skin->T_('Related Posts'); } echo '<div class="tabbed-content post-tabs clearfix" id="post-tabs"><div class="tabs-wrap clearfix"><ul class="tabs"><li class="related-posts"><a href="#section-relatedPosts"><span>' . $title_links . '</span></a></li>'; if ($Item->can_see_comments()) { // Set redir=no in order to open comment pages memorize_param('redir', 'string', '', 'no'); if (empty($c)) { // Comments not requested $params['disp_comments'] = false; // DO NOT Display the comments if not requested $params['disp_comment_form'] = false; // DO NOT Display the comments form if not requested } if (empty($tb) || !$Blog->get('allowtrackbacks')) { // Trackback not requested or not allowed $params['disp_trackbacks'] = false; // DO NOT Display the trackbacks if not requested $params['disp_trackback_url'] = false; // DO NOT Display the trackback URL if not requested } if (!empty($t_number)) {
} /** * @var Blog */ $edited_Blog =& $Blog; } else { // We could not find a blog we have edit perms on... // Note: we may still have permission to edit categories!! // redirect to blog list: header_redirect('?ctrl=collections'); // EXITED: $Messages->add(T_('Sorry, you have no permission to edit blog properties.'), 'error'); $action = 'nil'; $tab = ''; } memorize_param('blog', 'integer', -1); // Needed when generating static page for example if (($tab == 'perm' || $tab == 'permgroup') && (empty($blog) || !$Blog->advanced_perms)) { // We're trying to access advanced perms but they're disabled! $tab = 'features'; // the screen where you can enable advanced perms if ($action == 'update') { // make sure we don't update anything here $action = 'edit'; } } /** * Perform action: */ switch ($action) { case 'edit':
// Send an info message to users who reported this deleted user: user_send_report_message($report_user_IDs, $deleted_user_login); } if ($increase_spam_score) { // Increase spam fighter score for the users who reported the deleted account: user_increase_spam_score($report_user_IDs); } } $action = 'list'; // Redirect so that a reload doesn't write to the DB twice: header_redirect('?ctrl=users', 303); // Will EXIT // We have EXITed already at this point!! } else { // not confirmed, Check for restrictions: memorize_param('user_ID', 'integer', true); if (!empty($fullname)) { $msg = sprintf(T_('Cannot delete User «%s» [%s]'), $fullname, $edited_User->dget('login')); } else { $msg = sprintf(T_('Cannot delete User «%s»'), $edited_User->dget('login')); } if (!$edited_User->check_delete($msg)) { // There are restrictions: $action = 'view'; } } break; case 'del_settings_set': // Delete a set of an array type setting: param('plugin_ID', 'integer', true); param('set_path');
case 'simple': $AdminUI->disp_view('items/views/_item_simple.form.php'); break; case 'expert': default: $AdminUI->disp_view('items/views/_item_expert.form.php'); break; } // End payload block: $AdminUI->disp_payload_end(); break; case 'view': case 'delete': // View a single post: // Memorize 'p' in case we reload while changing some display settings memorize_param('p', 'integer', NULL); // Begin payload block: $AdminUI->disp_payload_begin(); // We use the "full" view for displaying single posts: $AdminUI->disp_view('items/views/_item_list_full.view.php'); // End payload block: $AdminUI->disp_payload_end(); break; case 'list': default: // Begin payload block: $AdminUI->disp_payload_begin(); // fplanque> Note: this is depressing, but I have to put a table back here // just because IE supports standards really badly! :'( echo '<table class="browse" cellspacing="0" cellpadding="0" border="0"><tr>'; echo '<td class="browse_left_col">';