function textFilter($source, $opts = array('substr' => 25000)){
if(!$source) return '';
$source = stripslashes($source);
$find = array('/data:/i', '/about:/i', '/vbscript:/i', '/onclick/i', '/onload/i', '/onunload/i', '/onabort/i', '/onerror/i', '/onblur/i', '/onchange/i', '/onfocus/i', '/onreset/i', '/onsubmit/i', '/ondblclick/i', '/onkeydown/i', '/onkeypress/i', '/onkeyup/i', '/onmousedown/i', '/onmouseup/i', '/onmouseover/i', '/onmouseout/i', '/onselect/i', '/javascript/i');
$replace = array("data:", "about:", "vbscript<b></b>:", "onclick", "onload", "onunload", "onabort", "onerror", "onblur", "onchange", "onfocus", "onreset", "onsubmit", "ondblclick", "onkeydown", "onkeypress", "onkeyup", "onmousedown", "onmouseup", "onmouseover", "onmouseout", "onselect", "javascript");
$source = preg_replace("#<iframe#i", "<iframe", $source);
$source = preg_replace("#<script#i", "<script", $source);
$source = myBr(htmlspecialchars(substr(trim($source), 0, $opts['substr'])));
$source = str_replace("{", "{", $source);
$source = str_replace("`", "`", $source);
$source = preg_replace($find, $replace, $source);
return mysql_escape_string($source);
}
function textFilter($source, $substr_num = false, $strip_tags = false)
{
global $db;
if (function_exists("get_magic_quotes_gpc") and get_magic_quotes_gpc()) {
$source = stripslashes($source);
}
$find = array('/data:/i', '/about:/i', '/vbscript:/i', '/onclick/i', '/onload/i', '/onunload/i', '/onabort/i', '/onerror/i', '/onblur/i', '/onchange/i', '/onfocus/i', '/onreset/i', '/onsubmit/i', '/ondblclick/i', '/onkeydown/i', '/onkeypress/i', '/onkeyup/i', '/onmousedown/i', '/onmouseup/i', '/onmouseover/i', '/onmouseout/i', '/onselect/i', '/javascript/i');
$replace = array("data:", "about:", "vbscript<b></b>:", "onclick", "onload", "onunload", "onabort", "onerror", "onblur", "onchange", "onfocus", "onreset", "onsubmit", "ondblclick", "onkeydown", "onkeypress", "onkeyup", "onmousedown", "onmouseup", "onmouseover", "onmouseout", "onselect", "javascript");
$source = preg_replace("#<iframe#i", "<iframe", $source);
$source = preg_replace("#<script#i", "<script", $source);
if (!$substr_num) {
$substr_num = 25000;
}
$source = $db->safesql(myBr(htmlspecialchars(substr(trim($source), 0, $substr_num))));
$source = str_ireplace("{", "{", $source);
$source = str_ireplace("`", "`", $source);
$source = str_ireplace("{theme}", "{theme}", $source);
$source = preg_replace($find, $replace, $source);
if ($strip_tags) {
$source = strip_tags($source);
}
return $source;
}
}
die;
break;
//################### Сохранение описания к фотографии ###################//
//################### Сохранение описания к фотографии ###################//
case "save_descr":
NoAjaxQuery();
$id = intval($_POST['id']);
$user_id = $user_info['user_id'];
$descr = ajax_utf8(textFilter($_POST['descr']));
//Выводим фотку из БД, если она есть
$row = $db->super_query("SELECT id FROM `" . PREFIX . "_photos` WHERE id = '{$id}' AND user_id = '{$user_id}'");
if ($row) {
$db->query("UPDATE `" . PREFIX . "_photos` SET descr = '{$descr}' WHERE id = '{$id}' AND user_id = '{$user_id}'");
//Ответ скрипта
echo stripslashes(myBr(htmlspecialchars(ajax_utf8(trim($_POST['descr'])))));
}
die;
break;
//################### Страница редактирование фотографии ###################//
//################### Страница редактирование фотографии ###################//
case "editphoto":
NoAjaxQuery();
$id = intval($_GET['id']);
$user_id = $user_info['user_id'];
$row = $db->super_query("SELECT descr FROM `" . PREFIX . "_photos` WHERE id = '{$id}' AND user_id = '{$user_id}'");
if ($row) {
echo stripslashes(myBrRn($row['descr']));
}
die;
break;