/** * Sorts the Song List based on title * @method Sort * @return (SongLinkPlus_Pvm array) */ public function Sort() { function scrub($val) { return trim(preg_replace('/\\s+/', ' ', preg_replace('/\\W/', ' ', strtolower($val)))); } $tieBreaker = 0; $songsListRekeyed = array(); $titlesList = array(); $titleKey = ''; foreach ($this->SongList as $song) { $titleKey = scrub($song->Title); if (!isset($temp[$titleKey])) { $titleKey .= ' _' . $tieBreaker . '_ugs87!'; $tieBreaker++; } $titlesList[] = $titleKey; $songsListRekeyed[$titleKey] = $song; } sort($titlesList); $this->SongList = array(); foreach ($titlesList as $key) { $this->SongList[] = $songsListRekeyed[$key]; } return $this->SongList; }
/** * Sanitizes data and optionally trims strings. * * All form data or any data coming from the client should be sanitized and escaped before storage or outputting to the client. * PHP's htmlspecialchars function prevents cross-side-scripting (XSS) by converting special characters, such as the opening and * closing carats in the <script> tag, to HTML entities. * * @param mixed [$data] What you want to sanitize * @param boolean [$trim_strings] Whether or not the function should trim strings found in $data * @return mixed sanitized $data */ function scrub($data, $trim_strings = false) { // base case if (!isset($data)) { return $data; } else { if (is_string($data)) { if ($trim_strings) { $data = trim($data); } return htmlspecialchars($data); } else { if (is_array($data)) { $keys = array_keys($data); for ($i = 0, $l = count($keys); $i < $l; $i++) { $data[$keys[$i]] = scrub($data[$keys[$i]], $trim_strings); } return $data; } else { if (is_object($data)) { foreach ($data as $property => $value) { $data->{$property} = scrub($value, $trim_strings); } } } } } // other, e.g., boolean, number return $data; }
function scrub($data) { if (is_array($data) || is_object($data)) { $output = array(); foreach ($data as $key => &$value) { $outkey = utf8_encode($key); if (is_array($value) || is_object($value)) { $outval = scrub($value); } else { $enc = mb_detect_encoding($value); if ($enc != "UTF-8") { $outval = utf8_encode($value); } } $output[$outkey] = $outval; } } else { $output = $data; } return $output; }
Copyright 2008 John-Paul Gignac This file is part of Fossfactory-src. Fossfactory-src is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Fossfactory-src is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with Fossfactory-src. If not, see <http://www.gnu.org/licenses/>. */ $id = scrub($_REQUEST['id']); $submissionid = intval($_REQUEST['submissionid']); $accept = scrub($_REQUEST['accept']); if ($accept == 'true') { list($rc, $err) = ff_acceptsubmission($username, $submissionid); } elseif ($accept == 'false') { list($rc, $err) = ff_rejectsubmission($username, $submissionid, $_REQUEST["rejectreason"], 0); } elseif ($accept == 'prejudice') { list($rc, $err) = ff_rejectsubmission($username, $submissionid, '', 1); } header("Location: " . projurl($id, "tab=submissions")); ?>
list($rc, $projinfo) = ff_getprojectinfo($id); if ($rc == 0 && $projinfo['lead'] !== '' && $projinfo['lead'] === $username) { $quiet = true; } } list($rc, $postid) = ff_createpost("{$topicid}", "{$_REQUEST['subject']}", $body, $parent, $_REQUEST["anonymous"] ? '' : $username, '', $attachments, $_REQUEST["watchthread"] ? 1 : 0, projurl($id), $quiet); if ($rc == 0 && $quiet) { // Automatically accept the change proposal header("Location: handlechange.php?" . "project={$id}&post={$postid}&accept=1"); exit; } header("Location: " . projurl($id, "post={$postid}" . ($parent ? "#p{$parent}" : ""))); exit; } } elseif (substr($topicid, 0, 5) == 'spect') { $disputeid = scrub($_REQUEST['disputeid']); $id = substr($topicid, 5); if (isset($_REQUEST["subject"])) { list($rc, $postid) = ff_createpost("{$topicid}", "{$_REQUEST['subject']}", "{$_REQUEST['body']}", $parent, $_REQUEST["anonymous"] ? '' : $username, '', $attachments, $_REQUEST["watchthread"] ? 1 : 0, "dispute.php?id={$disputeid}"); header("Location: dispute.php?id={$disputeid}&post={$postid}" . ($parent ? "#p{$parent}" : "")); exit; } } elseif (substr($topicid, 0, 4) == 'proj') { $id = substr($topicid, 4); if ($username !== '' && $_REQUEST["watchproject"]) { al_createwatch('$id-news', $username); } if (isset($_REQUEST["subject"])) { list($rc, $postid) = ff_createpost("{$topicid}", "{$_REQUEST['subject']}", "{$_REQUEST['body']}", $parent, $_REQUEST["anonymous"] ? '' : $username, '', $attachments, $_REQUEST["watchthread"] ? 1 : 0, projurl($id)); header("Location: " . projurl($id, "post={$postid}" . ($parent ? "#p{$parent}" : ""))); exit;
error_log(date("Y-m-d H:i:s ") . "Successful PDT: {$info['txn_id']} {$info['txn_type']} {$err}\n{$dump}\n", 3, "{$GLOBALS['DATADIR']}/ipn-errors.log"); $custom = explode("/", $info["custom"]); if ($info["txn_type"] === 'subscr_payment') { if ($custom[4]) { header("Location: " . projurl(urlencode($custom[4]))); } else { header("Location: account.php?tab=subscription"); } exit; } list($rc, $currencies) = ff_currencies(); if ($rc) { print "Error fetching currencies: {$rc} {$currencies}"; exit; } $code = $info["mc_currency"]; $mult = $currencies[$code]["multiplier"]; $gross = round($info["mc_gross"] * $mult); $fee = round($info["mc_fee"] * $mult); if ($err !== 'Success' && $err !== 'Repeated transaction') { // It was a project creation header("Location: createdproject.php?p=" . scrub($err) . "&amt={$gross}{$code}"); exit; } if (sizeof($custom) == 1) { // The transaction was a direct reserve deposit header("Location: account.php?tab=reserve&err=deposit" . "¤cy={$code}&gross={$gross}&fee={$fee}"); exit; } header("Location: " . projurl($custom[1], "pp_err={$no_transfer}" . "¤cy={$code}&gross={$gross}&fee={$fee}")); exit;
This file is part of Fossfactory-src. Fossfactory-src is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Fossfactory-src is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with Fossfactory-src. If not, see <http://www.gnu.org/licenses/>. */ $id = scrub($id); $hostname = $_SERVER["HTTP_HOST"]; if ($hostname === "www.fossfactory.org") { $hostname = "git.fossfactory.org"; } list($rc, $submissions) = ff_getsubmissions($id); // Remove from the list any projects that have been rejected with prejudice $s = array(); foreach ($submissions as $key => $submission) { if ($submission["status"] === 'prejudice' && intval($_REQUEST["s"]) != intval($submission["id"])) { continue; } $s[$key] = $submission; } $submissions = $s; if ($rc || sizeof($submissions) == 0) {
Copyright 2008 John-Paul Gignac This file is part of Fossfactory-src. Fossfactory-src is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Fossfactory-src is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with Fossfactory-src. If not, see <http://www.gnu.org/licenses/>. */ $id = scrub($_REQUEST["id"]); $tab = scrub($_REQUEST["tab"]); if ($_GET['type'] == 'project') { $stop = intval($_REQUEST["stop"]); if ($GLOBALS["username"]) { ff_setvote($GLOBALS["username"], $id, !$stop); } } if ($_GET['type'] == 'funding' && ($_GET['vote'] == 'more' || $_GET['vote'] == 'less')) { if ($GLOBALS['username']) { ff_setfundingvote($GLOBALS['username'], $id, $_GET['vote'] == 'more'); } } header("Location: " . projurl($id, $tab ? "tab={$tab}" : ""));
but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with Fossfactory-src. If not, see <http://www.gnu.org/licenses/>. */ $searchkeyword = scrub($_REQUEST['q']); $sort = scrub($_REQUEST['sort']); if ($_REQUEST['limit'] != '') { $limit = intval($_REQUEST['limit']); } if (isset($_REQUEST['offset'])) { $offset = intval($_REQUEST['offset']); } $id = scrub("{$_REQUEST['id']}"); $amount = "{$_REQUEST['amount']}"; apply_template("Browse Projects", array(array("name" => "Projects", "href" => "browse.php")), '', array('style', 'header-style', 'footer-style', 'browse-style')); include_once "formattext.php"; ?> <h1>Browse Projects</h1> <script src="folder.js"></script> <script> function set_showpoor() { document.getElementById('browse_table').className = document.getElementById('showpoor').checked ? '' : 'hidepoor'; } </script> <style> #browse_table.hidepoor .nobounty { display: none;
it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Fossfactory-src is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with Fossfactory-src. If not, see <http://www.gnu.org/licenses/>. */ $parentid = scrub($_REQUEST["id"]); //get subprojects of project list($rc, $subprojects) = ff_getsubprojects($parentid); if ($rc) { print "Internal error: {$rc} {$subprojects}"; exit; } foreach ($subprojects as $subproject) { $allotment = round($_REQUEST["sub{$subproject['id']}"] * 10); if (isset($_REQUEST["sub{$subproject['id']}"]) && $allotment >= 0 && $allotment <= 1000 && (!$subproject["allotted"] || $allotment != $subproject["allotment"])) { ff_setallotment($username, $parentid, $subproject['id'], $allotment); } $priority = scrub($_REQUEST["pri{$subproject['id']}"]); if ($priority !== $subproject["priority"]) { ff_setpriority($username, $parentid, $subproject['id'], $priority); } } header("Location: " . projurl($parentid, "tab=subprojects")); exit;
$basedir = str_replace('packages/sys/display', '', dirname(__FILE__)); $path = $basedir . 'managed_code/cache/'; $name = 'js_register_' . $_GET['plugin_file'] . '.php'; if (file_exists($path . $name)) { $to_del = $path . $name; $incfiles = unserialize(file_get_contents($path . $name)); foreach ($incfiles as $file_name => $params) { if ($file_name != 'onload') { $filter = '/[^A-Za-z_0-9.\\/]/'; $plugin_path = scrub($params['plugin_path']); $clean_file_name = scrub($file_name); if (isset($params['args'])) { foreach ($params['args'] as $name => $value) { $clean_name = scrub($name); if (!isset(${$clean_name})) { ${$clean_name} = scrub($value); } else { trigger_error('Ahh! namespace conflict with variable: ' . $clean_name); } } } require_once $basedir . $plugin_path . $clean_file_name . '.js.php'; } else { echo $params; } } unlink($to_del); } function scrub($data) { /* $filter = '/[^A-Za-z_0-9.\/]/';
Fossfactory-src is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Fossfactory-src is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with Fossfactory-src. If not, see <http://www.gnu.org/licenses/>. */ $p = scrub($_REQUEST["p"]); $reqmts = "{$_REQUEST['reqmts']}"; $priority = scrub($_REQUEST["priority"]); $allotment = floatval($_REQUEST["allotment"]); if (!$p) { exit; } list($rc, $parent) = ff_getprojectinfo($p); if ($rc) { print "System error: {$rc} {$parent}"; softexit(); } if (trim($reqmts)) { if ($_REQUEST["stopspam"] !== 'yes') { exit; } $tempdir = "{$GLOBALS['DATADIR']}/tempattachments/{$sid}"; $attachments = array();
?> ""> <input type="hidden" name="currency_code" value="<?php echo $GLOBALS["pref_currency"]; ?> "> <input type="hidden" name="no_note" value="1"> <input type="hidden" name="no_shipping" value="1"> <input type="hidden" name="tax" value="0"> <input type="hidden" name="bn" value="PP-SponsorshipsBF"> <input type="hidden" name="return" value="<?php echo htmlentities($GLOBALS["SITE_URL"]); ?> paypal-return.php"> <input type="hidden" name="cancel_return" value="<?php echo htmlentities($GLOBALS["SITE_URL"]) . projurl($id, "tab=" . scrub($_REQUEST["tab"])); ?> "> <input type="hidden" name="notify_url" value="<?php echo htmlentities($GLOBALS["SITE_URL"]); ?> paypal-ipn.php"> <input type="hidden" name="custom" value="<?php echo htmlentities($username); ?> /<?php echo $id; ?> "> <div> Sponsorship Amount: <?php
$item = new FeedItem(); $item->title = $e['subject']; $item->link = $GLOBALS['SITE_URL'] . $e['url']; $item->date = (int) $e['time']; $item->description = formatText($e['body']); $rss->addItem($item); } } } $rss->title = '[FF] ' . $pname; $rss->description = 'Recent events affecting FOSS Factory project \'' . $pname . '\''; $rss->link = $GLOBALS['SITE_URL'] . projurl($pid); } else { if ($_GET['src'] == 'userevents') { include_once "formattext.php"; $user = scrub($_GET['u']); list($rc, $watching) = al_getwatches($user); if ($rc == 0) { foreach ($watching as $w) { list($rc, $events) = al_getrecentevents('watch:' . $w['eventid']); if ($rc != 0) { continue; } foreach ($events as $e) { $item = new FeedItem(); $item->title = $e['subject']; $item->link = $GLOBALS['SITE_URL'] . $e['url']; $item->date = (int) $e['time']; $item->description = formatText($e['body']); $rss->addItem($item); }
This file is part of Fossfactory-src. Fossfactory-src is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Fossfactory-src is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with Fossfactory-src. If not, see <http://www.gnu.org/licenses/>. */ $id = scrub($_REQUEST['id']); if ($GLOBALS['username'] == '') { print "sorry, must login first"; softexit(); } include_once 'formattext.php'; // Get the project info list($rc, $projinfo) = ff_getprojectinfo($id); if ($rc == 2) { print "No such project: {$id}"; softexit(); } $iserror = false; $filenames = ''; if (isset($_REQUEST['submit'])) { foreach ($_FILES["thefile"]["error"] as $key => $error) {
<?php /* Copyright 2008 John-Paul Gignac This file is part of Fossfactory-src. Fossfactory-src is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Fossfactory-src is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with Fossfactory-src. If not, see <http://www.gnu.org/licenses/>. */ $memberid = scrub($_REQUEST['u']); header("HTTP/1.1 301 Moved Permanently"); header("Location: rss.php?src=duties&u={$memberid}");
print "Modifying a non-existent subscription."; exit; } $details = webscr_parse_file($subscr_file); $details["currency"] = $_REQUEST["currency_code"]; $details["amount"] = $_REQUEST["a3"]; $IPN = $PDT = array("txn_type" => "subscr_modify", "recurring" => "1", "mc_currency" => $_REQUEST["currency_code"], "custom" => $_REQUEST["custom"], "charset" => "windows-1252", "notify_version" => 2.4, "period3" => "1 M", "mc_amount3" => $_REQUEST["a3"]); } else { if (file_exists($subscr_file)) { print "Subscription already exists: {$subscr_file}"; exit; } $now = time(); $details = array("currency" => $_REQUEST["currency_code"], "amount" => $_REQUEST["a3"], "custom" => $_REQUEST["custom"], "business" => $_REQUEST["business"], "txn_id" => $txn_id, "payer_email" => "*****@*****.**", "period3" => "1 M", "first_name" => "Richard", "last_name" => "Mann", "item_name" => $_REQUEST["item_name"], "item_number" => $_REQUEST["item_number"], "subscr_date" => date("H:i:s M d, Y T", $now), "delay" => isset($_REQUEST["delay"]) ? 'yes' : 'no', "due" => $now); $PDT = array("txn_type" => "subscr_payment", "payment_date" => date("H:i:s M d, Y T", $now), "subscr_id" => "S-" . scrub(microtime()), "last_name" => "Mann", "residence_county" => "CA", "item_name" => $_REQUEST["item_name"], "payment_gross" => '', "mc_currency" => $_REQUEST["currency_code"], "business" => $_REQUEST["business"], "payer_email" => "*****@*****.**", "txn_id" => $txn_id, "receiver_email" => $_REQUEST["business"], "first_name" => "Richard", "payment_status" => "Cleared", "mc_gross" => $_REQUEST["a3"], "mc_fee" => format_for_entryfield(max(100, round($_REQUEST["a3"] * 0.05 * $currency["multiplier"])), $currency["code"]), "custom" => $_REQUEST["custom"], "charset" => "windows-1252", "notify_version" => 2.4); $IPN = array("txn_type" => "subscr_signup", "subscr_id" => "S-" . scrub(microtime()), "last_name" => "Mann", "residence_county" => "CA", "mc_currency" => $_REQUEST["currency_code"], "item_name" => $_REQUEST["item_name"], "business" => $_REQUEST["business"], "recurring" => "1", "payer_email" => "*****@*****.**", "first_name" => "Richard", "receiver_email" => $_REQUEST["business"], "item_number" => $_REQUEST["item_number"], "subscr_date" => date("H:i:s M d, Y T", $now), "custom" => $_REQUEST["custom"], "charset" => "windows-1252", "notify_version" => 2.4, "period3" => "1 M", "mc_amount3" => $_REQUEST["a3"]); } // Write the subscription details webscr_write_array($subscr_file, $details); } else { if ($_REQUEST["cmd"] === "_subscr-find") { $subscr_file = "{$GLOBALS['DATADIR']}/fake-paypal/subscriptions/" . urlencode($GLOBALS["username"]); if (!file_exists($subscr_file)) { print "Trying to cancel a non-existent subscription."; exit; } $details = webscr_parse_file($subscr_file); unlink($subscr_file); // This is for cancelling a subscription. $IPN = array("txn_type" => "subscr_cancel", "last_name" => $details["last_name"], "residence_county" => "CA", "mc_currency" => "CAD", "item_name" => $details["item_name"], "business" => $_REQUEST["alias"], "recurring" => "1", "payer_email" => $details["payer_email"], "first_name" => $details["first_name"], "receiver_email" => $_REQUEST["alias"], "item_number" => $details["item_number"], "custom" => $details["custom"], "charset" => "windows-1252", "notify_version" => "2.4", "period3" => $details["period3"], "mc_amount3" => $details["amount"]); } else {
<?php if (isset($_POST['LinkedInName']) && isset($_POST['LinkedInHeadline']) && isset($_POST['LinkedInProfile']) && isset($_POST['vacancyTitle'])) { $to = '*****@*****.**'; $subject = 'Send Profile LinkedIn'; $message = ' <html> <head> <title>' . $subject . '</title> </head> <body> <p><strong>Vacancy: </strong>' . $_POST['vacancyTitle'] . '</p> <p><strong>Name: </strong>' . $_POST['LinkedInName'] . '</p> <p><strong>Position: </strong>' . $_POST['LinkedInHeadline'] . '</p> <p><strong>Profile link: </strong><a href="' . $_POST['LinkedInProfile'] . '">' . $_POST['LinkedInProfile'] . '</a></p> </body> </html>'; $headers = "Content-type: text/html; charset=utf-8 \r\n"; mail($to, $subject, $message, $headers); } function scrub($text) { return htmlspecialchars(trim($text)); } if (isset($_POST['Message']) && isset($_POST['Name']) && isset($_POST['Email'])) { echo mail('*****@*****.**', 'CoreValue website contact form message', scrub($_POST['Message']), 'From: ' . scrub($_POST['Name']) . ' <' . scrub($_POST['Email']) . '>' . PHP_EOL); }
if ($auth !== 'admin' && $auth !== 'arbiter') { print "Not Authorized."; exit; } if ($_REQUEST["accept"]) { $dispute = scrub($_REQUEST["id"]); list($rc, $err) = ff_assigndispute($dispute, $username); if ($rc) { print "Error: {$rc} {$err}"; exit; } header("Location: arbitration.php"); exit; } if ($_REQUEST["relinquish"]) { $dispute = scrub($_REQUEST["id"]); list($rc, $err) = ff_unassigndispute($dispute); if ($rc) { print "Error: {$rc} {$err}"; exit; } header("Location: arbitration.php"); exit; } apply_template("Arbitration", array(array("name" => "Arbitration", "href" => "arbitration.php"))); list($rc, $disputes) = ff_getactivedisputes(); if ($rc) { print "Error: {$rc} {$disputes}"; softexit(); } if (sizeof($disputes) == 0) {
} return $ipaddress; } $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); $cwd = "/var/www/html/"; $ret = ""; $stdout = ""; $stderr = ""; if (isset($_POST['nslookup']) && $_POST['nslookup'] != "") { $f = fopen("logs", 'a'); fwrite($f, getClientIp() . " -- " . $_POST['nslookup'] . "\n"); if (!preg_match('/^(?!\\-)(?:[a-zA-Z\\d\\-]{0,62}[a-zA-Z\\d]\\.){1,126}(?!\\d+)[a-zA-Z\\d]{1,63}/', $_POST['nslookup'])) { $stdout = "That wasn't a real domain..."; } else { $_POST['nslookup'] = str_replace(">", " ", $_POST['nslookup']); $_POST['nslookup'] = scrub($_POST['nslookup']); //$ret = exec('ping -c 1 \'' . $_POST['ping'] . "'", $pingResults); $ret = proc_open('nslookup \'' . $_POST['nslookup'] . "'", $descriptorspec, $pipes, $cwd); //parse stdout so formatting is preserved $stdout = stream_get_contents($pipes[1]); $stdout = htmlentities($stdout); //prevent xss fclose($pipes[1]); $stdout = str_replace("\n", "<br>", $stdout); } } ?> <form action="index.php" method="POST" onsubmit="return validate();"> <div> <h1 style="margin-bottom: 5px;">Make DNS queries with nslookup!</h1>
function paypal_handle_info($info) { list($rc, $currencies) = ff_currencies(); if ($rc) { return array(1, $currencies); } // Make sure the currency is supported. if (!isset($currencies[$info["mc_currency"]])) { return array(4, "Unsupported currency: {$info['mc_currency']}"); } $currency = $currencies[$info["mc_currency"]]; $custom = explode("/", $info["custom"]); $username = scrub("{$custom['0']}"); $subscr_distribution = "{$custom['3']}"; if ($username !== '') { list($rc, $memberinfo) = ff_getmemberinfo($username); if ($rc) { return array($rc, $memberinfo); } } if ($info["txn_type"] === 'subscr_payment' || $info["txn_type"] === 'subscr_signup' || $info["txn_type"] === 'subscr_modify') { // The person is setting up a subscription. // Make sure that everything is as we expect. if ($info["txn_type"] !== 'subscr_payment' && ($info["recurring"] !== '1' || $info["period3"] !== '1 M' || $info["period1"] || $info["period2"])) { return array(4, "Invalid subscription settings."); } $gross = $info["txn_type"] === 'subscr_payment' ? $info["mc_gross"] : $info["mc_amount3"]; $amount = round($gross * $currency["multiplier"]) . $currency["code"]; if ($amount !== $memberinfo["subscription_fee"]) { // This is the first we've heard of this. // Note that we might get two messages at the same time. So // we have to be careful to make sure that nothing bad happens // in that case. // It's very important that we only do this part on the // *very first* time that this payment amount arrives. // Otherwise, if the user ever rearranges his sponsorships, // the values will be overridden the next time a payment arrives. $sponsorships = false; if ($subscr_distribution !== '') { $subscr_distribution = explode("&", $subscr_distribution); $sponsorships = array(); foreach ($subscr_distribution as $key_value) { if (!ereg("^([^=]*)=([^=]*)\$", $key_value, $parts)) { continue; } $key = $parts[1]; if ($key === '') { // Some other process took care of it for us. $sponsorships = false; break; } $sponsorships[$key] = $parts[2] . $currency["code"]; } } $rc = ff_setsubscription($username, $amount, "monthly", $sponsorships); if ($rc[0]) { return $rc; } } if ($info["txn_type"] !== 'subscr_payment') { return array(0, "Success"); } } if ($info["txn_type"] === 'subscr_cancel') { if ($memberinfo["subscription_amount"]) { return ff_cancelsubscription($username); } return array(0, "Subscription already cancelled."); } if ($info["txn_type"] === 'subscr_failed' || $info["txn_type"] === 'subscr_eot') { // Ignore IPNs we don't know what to do with. return array(0, "Huh?"); } // We must reject pending payments because they don't necessarily // include the transaction fee. if ($info["payment_status"] === 'Pending') { return array(4, "Payment not complete"); } // The message is a verified transfer of funds. Now let's make sure // it's a valid sponsorship. // Make sure the payment is directed to us if ($info["receiver_email"] !== conf("paypal_business")) { return array(4, "Wrong recipient: {$info['receiver_email']}"); } // Make sure it's not old. This is because old sponsorship records may be // moved out of the database and archived, so they can't be compared // against to see if the current transaction is a repeat. if (strtotime($info["payment_date"]) < time() - 3 * 3600 * 24 * 7) { return array(7, "IPN too old, probably a repeat: {$info['payment_date']}"); } $multiplier = intval("1" . str_repeat("0", $currency["decimal_places"])); $amount = intval(round(floatval($info["mc_gross"]) * $multiplier)); if ($amount >= 2000000000) { return array(4, "Amount too large to handle: {$info['mc_gross']}"); } $fee = intval(round(floatval($info["mc_fee"]) * $multiplier)); if ($fee >= $amount) { return array(4, "Fee too big: {$info['mc_fee']} >= {$info['mc_gross']}"); } if ($amount < 0 || $fee < 0) { return array(4, "Negative money: {$info['mc_fee']} {$info['mc_gross']}"); } // Compute the net amount after deducting the transaction fee. $netamount = $amount - $fee; $projectid = "{$custom['1']}"; if ($username !== '') { list($rc, $err) = ff_receivefunds($username, "{$netamount}{$currency['code']}", "paypal-{$info['txn_id']}", "{$fee}{$currency['code']}", $info["txn_type"] === 'subscr_payment', "{$info['first_name']} {$info['last_name']}", $info["payer_email"], $info["residence_country"], $info["address_zip"]); if ($rc == 7) { return array(0, "Repeated transaction"); } if ($rc) { return array(1, $err); } } $retval = "Success"; if ($projectid !== '') { if (ereg("[1-9]", "{$netamount}")) { // Direct the sponsorship to the specified project. list($rc, $err) = ff_setsponsorship($projectid, $username, "{$netamount}{$currency['code']}", true); if ($rc) { return array(8, $err); } } } return array(0, $retval); }
<?php /* Copyright 2008 John-Paul Gignac This file is part of Fossfactory-src. Fossfactory-src is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Fossfactory-src is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with Fossfactory-src. If not, see <http://www.gnu.org/licenses/>. */ $id = scrub($_REQUEST["id"]); if ($username !== '') { ff_resignlead($id, $username); } header("Location: " . projurl($id));
(at your option) any later version. Fossfactory-src is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with Fossfactory-src. If not, see <http://www.gnu.org/licenses/>. */ if ($username === '') { $msg = "To create a new project, you need to be logged in."; include "login.php"; softexit(); } $draftid = scrub($_REQUEST["draft"]); if (isset($_REQUEST["name"])) { $name = "{$_REQUEST['name']}"; $reqmts = "{$_REQUEST['reqmts']}"; // Assume English numbers: 1,000,000.01 OR 1 000 000.01 -> 1000000.01 $fundgoal = (double) str_replace(array(' ', ','), '', $_REQUEST['fundgoal']); } else { if ($draftid) { list($rc, $drafts) = ff_getprojectdrafts($username); if ($rc) { exit; } $name = $drafts[$draftid]["name"]; $reqmts = $drafts[$draftid]["reqmts"]; $fundgoal = (double) $drafts[$draftid]["funding_goal"] / 100.0; }
echo date("M j, Y g:ia", $submission["date"]); ?> by <?php echo htmlentities($submission["username"]); ?> </a> <?php } } else { if ($disputeinfo["type"] === 'badchange') { list($rc, $reqmtshistory) = ff_getreqmtshistory($projectinfo["id"]); if (!$rc) { include_once "diff.php"; foreach ($reqmtshistory as $reqmtschange) { if ($reqmtschange["postid"] == intval($disputeinfo["object"])) { $post = scrub(ereg_replace(":.\$", "", $disputeinfo["object"])); $patch = ereg_replace("^[^:]*:", "", $disputeinfo["object"]); ?> <br><a href="<?php echo projurl($projectinfo["id"], "post={$post}"); ?> "><?php echo date("M j, Y g:ia", $reqmtschange["time"]); ?> - <?php echo htmlentities($reqmtschange["subject"]); ?> </a> </td></tr> <tr><td valign=top width="0%"><b>Disputed Change:</b></td><td width="100%" colspan=2> <div style="border:1px solid #808080;padding:1em"><?php
} } return $ipaddress; } $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); $cwd = "/var/www/html/"; $ret = ""; $stdout = ""; $stderr = ""; if (isset($_POST['ping']) && $_POST['ping'] != "") { //write entry to log file $f = fopen("logs", 'a'); fwrite($f, getClientIp() . " -- " . $_POST['ping'] . "\n"); //do some sanitization $_POST['ping'] = str_replace(">", " ", $_POST['ping']); $_POST['ping'] = scrub($_POST['ping']); //$ret = exec('ping -c 1 \'' . $_POST['ping'] . "'", $pingResults); $ret = proc_open('ping -c 1 \'' . $_POST['ping'] . "'", $descriptorspec, $pipes, $cwd); //parse stdout so formatting is preserve $stdout = stream_get_contents($pipes[1]); $stdout = htmlentities($stdout); //prevent xss fclose($pipes[1]); $stdout = str_replace("\n", "<br>", $stdout); //parse stderr the same $stderr = stream_get_contents($pipes[2]); $stderr = htmlentities($stderr); //prevent xss fclose($pipes[2]); $stderr = str_replace("\n", "<br>", $stderr); }
Fossfactory-src is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Fossfactory-src is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with Fossfactory-src. If not, see <http://www.gnu.org/licenses/>. */ $project = scrub($_REQUEST["project"]); $post = scrub($_REQUEST["post"]); $accept = intval($_REQUEST["accept"]); function error($rc, $err) { header("Location: " . projurl($GLOBALS["project"], "err=" . urlencode("{$rc} {$err}"))); exit; } // Get the post info list($rc, $postinfo) = ff_getpostinfo($post); if ($rc) { error($rc, $postinfo); } $subject = $postinfo["subject"]; // Get the project info list($rc, $projinfo) = ff_getprojectinfo($project); if ($rc) {
but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with Fossfactory-src. If not, see <http://www.gnu.org/licenses/>. */ ?> <html> <body> <script> <?php include_once "forum.php"; $postid = scrub($_REQUEST["postid"]); $topid = scrub($_REQUEST["topid"]); $topicid = scrub($_REQUEST['topicid']); if (!$topid) { $topid = $postid; } ob_start(); list($rc, $top) = ff_getpostinfo($topid); list($rc, $post) = ff_getpostinfo($postid); $ancestors = $post["ancestors"]; $ancestors[] = $postid; // Make sure we have all of the children of each post in the ancestry. // Also, populate $openids with the list of ancestors to be opened. $openids = array(); $foundtop = 0; $curpost = false; foreach ($ancestors as $ancestor) { if ($ancestor == $topid) {
function getduties($username) { $username = scrub($username); list($rc, $duties) = ff_getduties($username); if ($rc) { return array($rc, $duties); } $result = array(); foreach ($duties as $key => $duty) { list($rc, $projectinfo) = ff_getprojectinfo($duty["projectid"]); if ($rc) { return array($rc, $projectinfo); } $deadline = $duty["deadline"]; $tag = $deadline ? "newduty2" : "newduty"; if ($duty["type"] == 'dispute-plaintiff') { list($rc, $disputeinfo) = ff_getdisputeinfo($duty["id"]); if ($rc) { return array($rc, $disputeinfo); } $link = "dispute.php?id={$duty['id']}&requser={$username}"; $macros = array("subject" => $disputeinfo["subject"], "projectname" => $projectinfo["name"]); $textid = "plaintiff"; } else { if ($duty["type"] == 'dispute-defendant') { list($rc, $disputeinfo) = ff_getdisputeinfo($duty["id"]); if ($rc) { return array($rc, $disputeinfo); } $link = "dispute.php?id={$duty['id']}&requser={$username}"; $macros = array("subject" => $disputeinfo["subject"], "username" => $disputeinfo["plaintiff"], "projectname" => $projectinfo["name"], "deadline" => date("D F j, H:i:s T", $deadline)); if (sizeof($disputeinfo["arguments"] == 1)) { $textid = "{$tag}-newdispute"; } else { $textid = "{$tag}-dispute"; } } else { if ($duty["type"] == 'new-subproject') { list($rc, $pinfo) = ff_getprojectinfo($duty["id"]); if ($rc) { return array($rc, $pinfo); } $link = projurl($duty["projectid"], "tab=subprojects&requser={$username}"); $macros = array("projectname" => $pinfo["name"], "parentname" => $projectinfo["name"], "deadline" => date("D F j, H:i:s T", $deadline)); $textid = "{$tag}-newsubproject"; } else { if ($duty["type"] == 'code submission') { // Hide code submission duties on accepted projects if ($projectinfo["status"] == 'accept') { continue; } list($rc, $sinfo) = ff_getsubmissioninfo($duty["id"]); if ($rc) { return array($rc, $sinfo); } $link = projurl($duty["projectid"], "tab=submissions&requser={$username}#submission{$duty['id']}"); $macros = array("projectname" => $projectinfo["name"], "submitter" => $sinfo["username"], "deadline" => date("D F j, H:i:s T", $deadline)); $textid = "{$tag}-submission"; } else { if ($duty["type"] == 'change proposal') { list($rc, $postinfo) = ff_getpostinfo($duty["id"]); if ($rc) { return array($rc, $postinfo); } $link = projurl($duty["projectid"], "requser={$username}&post={$duty['id']}"); $macros = array("projectname" => $projectinfo["name"], "submitter" => $postinfo["owner"], "deadline" => date("D F j, H:i:s T", $deadline)); $textid = "{$tag}-changeproposal"; } } } } } list($rc, $subject) = ff_gettext("{$textid}-subject", $macros); if ($rc) { return array($rc, $subject); } list($rc, $body) = ff_gettext("{$textid}-body", $macros); if ($rc) { return array($rc, $body); } $duty["link"] = $link; $duty["subject"] = $subject; $duty["body"] = $body; $result[$key] = $duty; } return array(0, $result); }
This file is part of Fossfactory-src. Fossfactory-src is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Fossfactory-src is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with Fossfactory-src. If not, see <http://www.gnu.org/licenses/>. */ $p = scrub($_REQUEST["p"]); $amt = "{$_REQUEST['amt']}"; apply_template("Project Created", array(array("name" => "Project Created", "href" => "createdproject.php?p={$p}&amt=" . urlencode($amt)))); ?> <div class=results> Thank you for creating a new FOSS Factory project. Your payment of <?php echo format_money($amt); ?> has been received. A receipt has been emailed to you. You may log into your account at <a href="http://www.paypal.com/">www.paypal.com</a> to view details of the transaction. <p> <a href="<?php
/* Copyright 2008 John-Paul Gignac This file is part of Fossfactory-src. Fossfactory-src is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Fossfactory-src is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with Fossfactory-src. If not, see <http://www.gnu.org/licenses/>. */ $memberid = scrub($_REQUEST['memberid']); $projectid = scrub($_REQUEST['p']); if ($projectid) { header("HTTP/1.1 301 Moved Permanently"); header('Location: rss.php?src=projectevents&p=' . $projectid); exit; } if ($memberid) { header("HTTP/1.1 301 Moved Permanently"); header('Location: rss.php?src=memberevents&p=' . $memberid); exit; }