function init() { // Cannot edit with a "remember me" login. if ($_SESSION["cookie_login"]) { header('Location: ' . encode_url("login.php?type=simple&url=" . urlencode("edit_interface.php?" . decode_url($QUERY_STRING)), false)); exit; } // Coming soon ??? $this->has_familysearch = file_exists('modules/FamilySearch/familySearchWrapper.php'); if ($this->has_familysearch) { require_once 'modules/FamilySearch/familySearchWrapper.php'; } // The PID can come from a URL or a form $this->pid = safe_REQUEST($_REQUEST, 'pid', PGV_REGEX_XREF); $this->person = Person::getInstance($this->pid); $this->server_list = get_server_list(); $this->gedcom_list = get_all_gedcoms(); unset($this->gedcom_list[PGV_GED_ID]); // Other input values come from the form $this->form_txtPID = safe_POST('txtPID', PGV_REGEX_XREF); $this->form_cbRelationship = safe_POST('cbRelationship'); $this->form_location = safe_POST('location'); $this->form_txtURL = safe_POST('txtURL', PGV_REGEX_URL); $this->form_txtTitle = safe_POST('txtTitle', '[^<>"%{};]+'); $this->form_txtGID = safe_POST('txtGID', $this->gedcom_list); $this->form_txtUsername = safe_POST('txtUsername', PGV_REGEX_USERNAME); $this->form_txtPassword = safe_POST('txtPassword', PGV_REGEX_PASSWORD); $this->form_cbExistingServers = safe_POST('cbExistingServers', array_keys($this->server_list)); $this->form_txtCB_Title = safe_POST('txtCB_Title', '[^<>"%{};]+'); $this->form_txtCB_GID = safe_POST('txtCB_GID', $this->gedcom_list); $this->form_txtFS_URL = safe_POST('txtFS_URL', PGV_REGEX_URL); $this->form_txtFS_Title = safe_POST('txtFS_Title', '[^<>"%{};]+'); $this->form_txtFS_GID = safe_POST('txtFS_GID', $this->gedcom_list); $this->form_txtFS_Username = safe_POST('txtFS_Username', PGV_REGEX_USERNAME); $this->form_txtFS_Password = safe_POST('txtFS_Password', PGV_REGEX_PASSWORD); if (is_null($this->form_location)) { if ($this->server_list) { $this->form_location = 'existing'; } else { $this->form_location = 'remote'; } } }
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * @package PhpGedView * @subpackage Languages * @version $Id: changelanguage.php 6879 2010-01-30 11:35:46Z fisharebest $ */ define('PGV_SCRIPT_NAME', 'changelanguage.php'); require './config.php'; loadLangFile("pgv_confighelp"); //-- make sure that they have admin status before they can use this page //-- otherwise have them login again if (!PGV_USER_IS_ADMIN) { header("Location: login.php?url=changelanguage.php"); exit; } $action = safe_REQUEST($_REQUEST, 'action', PGV_REGEX_UNSAFE); if (!isset($action) or $action == "") { $action = "editold"; } switch ($action) { case "addnew": $helpindex = "add_new_language_help"; print_header($pgv_lang["add_new_language"]); break; case "editold": default: print_header($pgv_lang["config_lang_utility"]); } print PGV_JS_START; print "var helpWin;"; print "function showchanges() {";
// TODO use GET/POST, rather than $_REQUEST // TODO decide what validation is required on these input parameters $pid = safe_REQUEST($_REQUEST, 'pid', PGV_REGEX_XREF); $mid = safe_REQUEST($_REQUEST, 'mid', PGV_REGEX_XREF); $gid = safe_REQUEST($_REQUEST, 'gid', PGV_REGEX_XREF); $linktoid = safe_REQUEST($_REQUEST, 'linktoid', PGV_REGEX_XREF); $action = safe_REQUEST($_REQUEST, 'action', PGV_REGEX_NOSCRIPT, 'showmediaform'); $folder = safe_REQUEST($_REQUEST, 'folder', PGV_REGEX_UNSAFE); $oldFolder = safe_REQUEST($_REQUEST, 'oldFolder', PGV_REGEX_UNSAFE); $filename = safe_REQUEST($_REQUEST, 'filename', PGV_REGEX_UNSAFE); $oldFilename = safe_REQUEST($_REQUEST, 'oldFilename', PGV_REGEX_UNSAFE, $filename); $level = safe_REQUEST($_REQUEST, 'level', PGV_REGEX_UNSAFE); $text = safe_REQUEST($_REQUEST, 'text', PGV_REGEX_UNSAFE); $tag = safe_REQUEST($_REQUEST, 'tag', PGV_REGEX_UNSAFE); $islink = safe_REQUEST($_REQUEST, 'islink', PGV_REGEX_UNSAFE); $glevels = safe_REQUEST($_REQUEST, 'glevels', PGV_REGEX_UNSAFE); $update_CHAN = !safe_POST_bool('preserve_last_changed'); $filename = decrypt($filename); $oldFilename = decrypt($oldFilename); print_simple_header($pgv_lang["add_media_tool"]); $disp = true; if (empty($pid) && !empty($mid)) { $pid = $mid; } if (!empty($pid)) { if (!isset($pgv_changes[$pid . "_" . $GEDCOM])) { $gedrec = find_media_record($pid); } else { $gedrec = find_updated_record($pid); } $disp = displayDetailsById($pid, "OBJE");
loadLangFile("pgv_confighelp"); require PGV_ROOT . 'includes/functions/functions_editlang.php'; //-- make sure that they have admin status before they can use this page //-- otherwise have them login again if (!PGV_USER_IS_ADMIN) { echo "Please close this window and do a Login in the former window first..."; exit; } $lang_filename = safe_REQUEST($_REQUEST, 'lang_filename', PGV_REGEX_NOSCRIPT, ''); $file_type = safe_REQUEST($_REQUEST, 'file_type', PGV_REGEX_NOSCRIPT, ''); $language2 = safe_REQUEST($_REQUEST, 'language2', PGV_REGEX_NOSCRIPT, ''); $ls01 = safe_REQUEST($_REQUEST, 'ls01', PGV_REGEX_NOSCRIPT, ''); $ls02 = safe_REQUEST($_REQUEST, 'ls02', PGV_REGEX_NOSCRIPT, ''); $lang_filename_orig = safe_REQUEST($_REQUEST, 'lang_filename_orig', PGV_REGEX_NOSCRIPT, ''); $action = safe_REQUEST($_REQUEST, 'action', PGV_REGEX_NOSCRIPT, ''); $anchor = safe_REQUEST($_REQUEST, 'anchor', PGV_REGEX_NOSCRIPT, ''); print_simple_header($pgv_lang["editlang"]); echo PGV_JS_START, "self.focus();", PGV_JS_END; switch ($file_type) { case "facts": $lang_filename = $factsfile[$language2]; $lang_filename_orig = $factsfile["english"]; break; case "configure_help": $lang_filename = $confighelpfile[$language2]; $lang_filename_orig = $confighelpfile["english"]; break; case "help_text": $lang_filename = $helptextfile[$language2]; $lang_filename_orig = $helptextfile["english"]; break;
*/ define('PGV_SCRIPT_NAME', 'editnews.php'); require './config.php'; $useFCK = file_exists(PGV_ROOT . 'modules/FCKeditor/fckeditor.php'); if ($useFCK) { require PGV_ROOT . 'modules/FCKeditor/fckeditor.php'; } if (!PGV_USER_ID) { print_simple_header(""); print $pgv_lang["access_denied"]; print_simple_footer(); exit; } $action = safe_GET('action', array('compose', 'save', 'delete'), 'compose'); $news_id = safe_GET('news_id'); $username = safe_REQUEST($_REQUEST, 'username'); $date = safe_POST('date', PGV_REGEX_UNSAFE); $title = safe_POST('title', PGV_REGEX_UNSAFE); $text = safe_POST('text', PGV_REGEX_UNSAFE); print_simple_header($pgv_lang["edit_news"]); if (empty($username)) { $username = $GEDCOM; } if ($action == "compose") { print '<span class="subheaders">' . $pgv_lang["edit_news"] . '</span>'; ?> <script language="JavaScript" type="text/javascript"> function checkForm(frm) { if (frm.title.value=="") { alert('<?php print $pgv_lang["enter_title"];
} if (isset($_FILES['thumbnail'])) { if (!move_uploaded_file($_FILES['thumbnail']['tmp_name'], $MEDIA_DIRECTORY . "thumbs/" . $_FILES['thumbnail']['name'])) { $error .= "\nERROR 19: " . $pgv_lang["upload_error"] . " " . file_upload_error_text($_FILES['thumbnail']['error']); } } if (!empty($error)) { addDebugLog($action . " {$error}"); print $error . "\n"; } else { addDebugLog($action . " SUCCESS"); print "SUCCESS\n"; } exit; case 'getchanges': $lastdate = new GedcomDate(safe_REQUEST($_REQUEST, 'date', '\\d\\d \\w\\w\\w \\d\\d\\d\\d')); if ($lastdate->isOK()) { if ($lastdate->MinJD() < server_jd() - 180) { addDebugLog($action . " ERROR 24: You cannot retrieve updates for more than 180 days."); print "ERROR 24: You cannot retrieve updates for more than 180 days.\n"; } else { print "SUCCESS\n"; foreach (get_recent_changes($lastdate->MinJD()) as $xref) { echo "{$xref}\n"; } } } else { addDebugLog($action . " ERROR 23: Invalid date parameter. Please use a valid date in the GEDCOM format DD MMM YYYY."); print "ERROR 23: Invalid date parameter. Please use a valid date in the GEDCOM format DD MMM YYYY.\n"; } exit;
function safe_COOKIE($var, $regex = PGV_REGEX_NOSCRIPT, $default = null) { return safe_REQUEST($_COOKIE, $var, $regex, $default); }
* along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * @package PhpGedView * @subpackage Admin * @version $Id: editlang_edit_settings.php 6946 2010-03-23 02:51:54Z canajun2eh $ */ define('PGV_SCRIPT_NAME', 'editlang_edit_settings.php'); require './config.php'; loadLangFile("pgv_confighelp"); $action = safe_REQUEST($_REQUEST, 'action', PGV_REGEX_UNSAFE); $ln = safe_REQUEST($_REQUEST, 'ln', PGV_REGEX_UNSAFE); $new_shortcut = safe_REQUEST($_REQUEST, 'new_shortcut', PGV_REGEX_UNSAFE); $v_flagsfile = safe_REQUEST($_REQUEST, 'v_flagsfile', PGV_REGEX_UNSAFE); $v_original_lang_name = safe_REQUEST($_REQUEST, 'v_original_lang_name', PGV_REGEX_UNSAFE); $v_lang_shortcut = safe_REQUEST($_REQUEST, 'v_lang_shortcut', PGV_REGEX_UNSAFE); if ($action == "" and $ln == "") { header("Location: admin.php"); exit; } if ($action == "cancel") { header("Location: changelanguage.php"); exit; } //-- make sure that they have admin status before they can use this page //-- otherwise have them login again if (!PGV_USER_IS_ADMIN) { echo "Please close this window and do a Login in the former window first..."; exit; } // Create array with configured languages in gedcoms and users
if ($ENABLE_AUTOCOMPLETE) { require PGV_ROOT . 'js/autocomplete.js.htm'; } //-- only allow logged in users to access this page if (!$ALLOW_EDIT_GEDCOM || !$USE_QUICK_UPDATE || !PGV_USER_ID) { echo $pgv_lang["access_denied"]; print_simple_footer(); exit; } if (!isset($closewin)) { $closewin = 0; } // TODO Decide whether to use GET/POST and appropriate validation $pid = safe_REQUEST($_REQUEST, 'pid', PGV_REGEX_XREF, PGV_USER_GEDCOM_ID); $action = safe_REQUEST($_REQUEST, 'action'); $closewin = safe_REQUEST($_REQUEST, 'closewin', '1', '0'); //-- only allow editors or users who are editing their own individual or their immediate relatives if (!PGV_USER_CAN_EDIT) { $famids = pgv_array_merge(find_sfamily_ids(PGV_USER_GEDCOM_ID), find_family_ids(PGV_USER_GEDCOM_ID)); $related = false; foreach ($famids as $famid) { if (!isset($pgv_changes[$famid . "_" . PGV_GEDCOM])) { $famrec = find_family_record($famid, PGV_GED_ID); } else { $famrec = find_updated_record($famid, PGV_GED_ID); } if (preg_match("/1 (HUSB|WIFE|CHIL) @{$pid}@/", $famrec)) { $related = true; break; } }
global $PGV_IMAGES, $faqs; // -- print html header information print_header($pgv_lang["faq_list"]); // -- Get all of the _POST variables we're interested in $action = safe_REQUEST($_REQUEST, 'action', PGV_REGEX_UNSAFE, 'show'); $adminedit = safe_REQUEST($_REQUEST, 'adminedit', PGV_REGEX_UNSAFE, PGV_USER_GEDCOM_ADMIN); $type = safe_REQUEST($_REQUEST, 'type', PGV_REGEX_UNSAFE); $oldGEDCOM = safe_REQUEST($_REQUEST, 'oldGEDCOM', PGV_REGEX_UNSAFE); $whichGEDCOM = safe_REQUEST($_REQUEST, 'whichGEDCOM', PGV_REGEX_UNSAFE); $oldOrder = safe_REQUEST($_REQUEST, 'oldOrder', PGV_REGEX_UNSAFE); $order = safe_REQUEST($_REQUEST, 'order', PGV_REGEX_UNSAFE); $header = safe_REQUEST($_POST, 'header', PGV_REGEX_UNSAFE); $body = safe_REQUEST($_POST, 'body', PGV_REGEX_UNSAFE); $pidh = safe_REQUEST($_REQUEST, 'pidh', PGV_REGEX_UNSAFE); $pidb = safe_REQUEST($_REQUEST, 'pidb', PGV_REGEX_UNSAFE); $id = safe_REQUEST($_REQUEST, 'id', PGV_REGEX_UNSAFE); // NOTE: Commit the faq data to the DB if ($action == "commit") { if (empty($whichGEDCOM)) { $whichGEDCOM = $GEDCOM; } if (empty($oldGEDCOM)) { $oldGEDCOM = $whichGEDCOM; } if (empty($order)) { $order = 0; } switch ($type) { case 'update': $faqs = get_faq_data(); if (isset($faqs[$order]) && $order != $oldOrder) {
* * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * @package PhpGedView * @subpackage Charts * @version $Id: addremotelink.php 6879 2010-01-30 11:35:46Z fisharebest $ */ define('PGV_SCRIPT_NAME', 'addremotelink.php'); require './config.php'; require PGV_ROOT . 'includes/controllers/remotelink_ctrl.php'; $controller = new RemoteLinkController(); $controller->init(); print_simple_header($pgv_lang['title_remote_link']); $pid = safe_REQUEST($_REQUEST, 'pid', PGV_REGEX_XREF); $action = safe_POST('action', array('addlink')); //-- only allow gedcom admins to create remote links if (!$controller->canAccess()) { echo '<span class="error">', $pgv_lang['access_denied'], '<br />'; if (!PGV_USER_GEDCOM_ADMIN) { echo $pgv_lang['user_cannot_edit']; } else { if (!$ALLOW_EDIT_GEDCOM) { echo $pgv_lang['gedcom_editing_disabled']; } else { echo $pgv_lang['privacy_prevented_editing']; if ($pid) { echo '<br />', $pgv_lang['privacy_not_granted'], ' ', $pid; } }
$linenum = safe_REQUEST($_REQUEST, 'linenum', PGV_REGEX_UNSAFE); $pid = safe_REQUEST($_REQUEST, 'pid', PGV_REGEX_XREF); $famid = safe_REQUEST($_REQUEST, 'famid', PGV_REGEX_XREF); $text = safe_REQUEST($_REQUEST, 'text', PGV_REGEX_UNSAFE); $tag = safe_REQUEST($_REQUEST, 'tag', PGV_REGEX_UNSAFE); $famtag = safe_REQUEST($_REQUEST, 'famtag', PGV_REGEX_UNSAFE); $glevels = safe_REQUEST($_REQUEST, 'glevels', PGV_REGEX_UNSAFE); $islink = safe_REQUEST($_REQUEST, 'islink', PGV_REGEX_UNSAFE); $type = safe_REQUEST($_REQUEST, 'type', PGV_REGEX_UNSAFE); $fact = safe_REQUEST($_REQUEST, 'fact', PGV_REGEX_UNSAFE); $option = safe_REQUEST($_REQUEST, 'option', PGV_REGEX_UNSAFE); $assist = safe_REQUEST($_REQUEST, 'assist', PGV_REGEX_UNSAFE); $noteid = safe_REQUEST($_REQUEST, 'noteid', PGV_REGEX_UNSAFE); $pid_array = safe_REQUEST($_REQUEST, 'pid_array', PGV_REGEX_XREF); $pids_array_add = safe_REQUEST($_REQUEST, 'pids_array_add', PGV_REGEX_XREF); $pids_array_edit = safe_REQUEST($_REQUEST, 'pids_array_edit', PGV_REGEX_XREF); $update_CHAN = !safe_POST_bool('preserve_last_changed'); $uploaded_files = array(); // items for ASSO RELA selector : $assokeys = array('attendant', 'attending', 'best_man', 'bridesmaid', 'buyer', 'circumciser', 'civil_registrar', 'employee', 'employer', 'foster_child', 'foster_father', 'foster_mother', 'friend', 'godfather', 'godmother', 'godparent', 'godson', 'goddaughter', 'godchild', 'guardian', 'informant', 'lodger', 'nanny', 'nurse', 'owner', 'priest', 'rabbi', 'registry_officer', 'seller', 'servant', 'slave', 'twin', 'twin_brother', 'twin_sister', 'ward', 'witness', ''); $assorela = array(); foreach ($assokeys as $indexval => $key) { if (isset($pgv_lang["{$key}"])) { $assorela["{$key}"] = $pgv_lang["{$key}"]; } else { $assorela["{$key}"] = "? {$key}"; } } uasort($assorela, "stringsort"); print_simple_header('Edit Interface'); if ($ENABLE_AUTOCOMPLETE) {
// TODO work out whether to use GET/POST for these // TODO decide what (if any) validation is required on these parameters $action = safe_REQUEST($_REQUEST, 'action', PGV_REGEX_UNSAFE); $linenum = safe_REQUEST($_REQUEST, 'linenum', PGV_REGEX_UNSAFE); $pid = safe_REQUEST($_REQUEST, 'pid', PGV_REGEX_XREF); $famid = safe_REQUEST($_REQUEST, 'famid', PGV_REGEX_XREF); $text = safe_REQUEST($_REQUEST, 'text', PGV_REGEX_UNSAFE); $tag = safe_REQUEST($_REQUEST, 'tag', PGV_REGEX_UNSAFE); $famtag = safe_REQUEST($_REQUEST, 'famtag', PGV_REGEX_UNSAFE); $glevels = safe_REQUEST($_REQUEST, 'glevels', PGV_REGEX_UNSAFE); $islink = safe_REQUEST($_REQUEST, 'islink', PGV_REGEX_UNSAFE); $type = safe_REQUEST($_REQUEST, 'type', PGV_REGEX_UNSAFE); $fact = safe_REQUEST($_REQUEST, 'fact', PGV_REGEX_UNSAFE); $option = safe_REQUEST($_REQUEST, 'option', PGV_REGEX_UNSAFE); $assist = safe_REQUEST($_REQUEST, 'assist', PGV_REGEX_UNSAFE); $noteid = safe_REQUEST($_REQUEST, 'noteid', PGV_REGEX_UNSAFE); $update_CHAN = !safe_POST_bool('preserve_last_changed'); $uploaded_files = array(); // items for ASSO RELA selector : $assokeys = array('attendant', 'attending', 'best_man', 'bridesmaid', 'buyer', 'circumciser', 'civil_registrar', 'employee', 'employer', 'foster_child', 'foster_father', 'foster_mother', 'friend', 'godfather', 'godmother', 'godparent', 'godson', 'goddaughter', 'godchild', 'guardian', 'informant', 'lodger', 'nanny', 'nurse', 'owner', 'priest', 'rabbi', 'registry_officer', 'seller', 'servant', 'slave', 'twin', 'twin_brother', 'twin_sister', 'ward', 'witness', ''); $assorela = array(); foreach ($assokeys as $indexval => $key) { if (isset($pgv_lang["{$key}"])) { $assorela["{$key}"] = $pgv_lang["{$key}"]; } else { $assorela["{$key}"] = "? {$key}"; } } uasort($assorela, "stringsort"); print_simple_header('Edit Interface'); if ($ENABLE_AUTOCOMPLETE) {