function downfiles($field, $value, $fieldinfo) { extract(string2array($fieldinfo['setting'])); $list_str = ''; if ($value) { $value = string2array(new_html_entity_decode($value)); if (is_array($value)) { foreach ($value as $_k => $_v) { $list_str .= "<div id='multifile{$_k}'><input type='text' name='{$field}_fileurl[]' value='{$_v[fileurl]}' style='width:310px;' class='input-text'> <input type='text' name='{$field}_filename[]' value='{$_v[filename]}' style='width:160px;' class='input-text'> <a href=\"javascript:remove_div('multifile{$_k}')\">" . L('remove_out') . "</a></div>"; } } } $string = '<input name="info[' . $field . ']" type="hidden" value="1"> <fieldset class="blue pad-10"> <legend>' . L('file_list') . '</legend>'; $string .= $list_str; $string .= '<ul id="' . $field . '" class="picList"></ul> </fieldset> <div class="bk10"></div> '; if (!defined('IMAGES_INIT')) { $str = '<script type="text/javascript" src="' . JS_PATH . 'swfupload/swf2ckeditor.js"></script>'; define('IMAGES_INIT', 1); } $authkey = upload_key("{$upload_number},{$upload_allowext},{$isselectimage}"); $string .= $str . "<input type=\"button\" class=\"button\" value=\"" . L('multiple_file_list') . "\" onclick=\"javascript:flashupload('{$field}_multifile', '" . L('attachment_upload') . "','{$field}',change_multifile,'{$upload_number},{$upload_allowext},{$isselectimage}','content','{$this->catid}','{$authkey}')\"/> <input type=\"button\" class=\"button\" value=\"" . L('add_remote_url') . "\" onclick=\"add_multifile('{$field}')\">"; return $string; }
function images($field, $value, $fieldinfo) { extract($fieldinfo); $list_str = ''; if ($value) { $value = string2array(new_html_entity_decode($value)); if (is_array($value)) { foreach ($value as $_k => $_v) { $list_str .= "<li id='image{$_k}' style='padding:1px'><input type='text' name='{$field}_url[]' value='{$_v[url]}' style='width:310px;' ondblclick='image_priview(this.value);' class='input-text'> <input type='text' name='{$field}_alt[]' value='{$_v[alt]}' style='width:160px;' class='input-text'> <a href=\"javascript:remove_div('image{$_k}')\">" . L('remove') . "</a></li>"; } } } else { //$list_str .= "<input type='hidden' name='{$field}_url[]' value='0'>"; $list_str .= "<center><div class='onShow' id='nameTip'>" . L('max_upload_num') . " <font color='red'>{$upload_number}</font> " . L('zhang') . "</div></center>"; } $string = '<input name="info[' . $field . ']" type="hidden" value="1"> <fieldset class="blue pad-10"> <legend>' . L('picutre_list') . '</legend>'; $string .= $list_str; $string .= '<ul id="' . $field . '" class="picList"></ul> </fieldset> <div class="bk10"></div> '; if (!defined('IMAGES_INIT')) { $str = '<script type="text/javascript" src="statics/js/swfupload/swf2ckeditor.js"></script>'; define('IMAGES_INIT', 1); } else { $str = ''; } $authkey = upload_key("{$upload_number},{$upload_allowext},{$isselectimage}"); $string .= $str . "<div class='picBut cu'><a herf='javascript:void(0);' onclick=\"javascript:flashupload('{$field}_images', '" . L('attachment_upload') . "','{$field}',change_images,'{$upload_number},{$upload_allowext},{$isselectimage}','member','','{$authkey}')\"/> " . L('select_picture') . " </a></div>"; return $string; }
function html_clean($str, $charset = 'UTF-8') { $str = preg_replace('/\\0+/', '', $str); $str = preg_replace('/(\\\\0)+/', '', $str); $str = preg_replace('#(&\\#*\\w+)[\\x00-\\x20]+;#u', "\\1;", $str); $str = preg_replace('#(&\\#x*)([0-9A-F]+);*#iu', "\\1\\2;", $str); $str = preg_replace("/%u0([a-z0-9]{3})/i", "&#x\\1;", $str); $str = preg_replace("/%([a-z0-9]{2})/i", "&#x\\1;", $str); if (preg_match_all("/<(.+?)>/si", $str, $matches)) { for ($i = 0; $i < count($matches['0']); $i++) { $str = str_replace($matches['1'][$i], new_html_entity_decode($matches['1'][$i], $charset), $str); } } $str = preg_replace("#\t+#", " ", $str); $str = str_replace(array('<?php', '<?PHP', '<?', '?>'), array('<?php', '<?PHP', '<?', '?>'), $str); $words = array('javascript', 'vbscript', 'script', 'applet', 'alert', 'document', 'write', 'cookie', 'window'); foreach ($words as $word) { $temp = ''; for ($i = 0; $i < strlen($word); $i++) { $temp .= substr($word, $i, 1) . "\\s*"; } $temp = substr($temp, 0, -3); $str = preg_replace('#' . $temp . '#s', $word, $str); $str = preg_replace('#' . ucfirst($temp) . '#s', ucfirst($word), $str); } $str = preg_replace("#<a.+?href=.*?(alert\\(|alert&\\#40;|javascript\\:|window\\.|document\\.|\\.cookie|<script|<xss).*?\\>.*?</a>#si", "", $str); $str = preg_replace("#<img.+?src=.*?(alert\\(|alert&\\#40;|javascript\\:|window\\.|document\\.|\\.cookie|<script|<xss).*?\\>#si", "", $str); $str = preg_replace("#<(script|xss).*?\\>#si", "", $str); $str = preg_replace('/<(.*?)>/ie', "'<' . preg_replace(array('/javascript:[^\"\\']*/i', '/(onblur|onchange|onclick|onfocus|onload|onmouseover|onmouseup|onmousedown|onselect|onsubmit|onunload|onkeypress|onkeydown|onkeyup|onresize)[ \\t\\n]*=[ \\t\\n]*[\"\\'][^\"\\']*[\"\\']/i', '/\\s+/'), array('', '', ' '), stripslashes('\\1')) . '>'", $str); //$str = preg_replace('#(<[^>]+.*?)(onblur|onchange|onclick|onfocus|onload|onmouseover|onmouseup|onmousedown|onselect|onsubmit|onunload|onkeypress|onkeydown|onkeyup|onresize)[^>]*>#iU',"\\1>",$str); $str = preg_replace('#<(/*\\s*)(alert|applet|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|layer|link|meta|object|plaintext|style|script|textarea|title|xml|xss)([^>]*)>#is', "<\\1\\2\\3>", $str); $str = preg_replace('#(alert|cmd|passthru|eval|exec|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\\s*)\\((.*?)\\)#si', "\\1\\2(\\3)", $str); $bad = array('document.cookie' => '', 'document.write' => '', 'window.location' => '', "javascript\\s*:" => '', "Redirect\\s+302" => '', '<!--' => '<!--', '-->' => '-->'); foreach ($bad as $key => $val) { $str = preg_replace("#" . $key . "#i", $val, $str); } return $str; }